CIOs and CISOs shouldn't look at IT like a box of Legos

CIOs and CISOs shouldn't look at IT like a box of Legos

143 readers like this


August 08, 2014
Shadow IT CIO

With the term 'innovation' seemingly on the tip of every corporate executive's tongue it's difficult to identify those efforts that really can lead to some kind of positive change for the enterprise. Whether suggestions come from the C-suite, staff members, or vendors, the proposals need to be properly evaluated. Rick Doten, Chief Information Security Officer of DMI thinks the right way to bring innovation to life in the enterprise is to lead rather than follow.

"Innovation is unfortunately more rare in the enterprise than we’d like. The reason is the industry has productized the process, and IT and Security management are being led by the product vendors to identify what is needed and how to use it. What should happen is for IT and Security leaders understand their IT and security goals based on the “business” requirements, not technical requirements.

"These are unique to each organization. They then must ask questions to understand “what technology do I need to have to allow my organization to perform their business requirements?” Then “What questions do I need to know to understand if these systems, networks, and applications are secure?” At that point you go research and find technology and develop processes to answer those questions.

"Doing it that way, you will discover there might be a gap in a technology, which you will need to develop a capability to meet your needs. Or you might search to find a unique little company that isn’t widely known, who developed a capability that solves that requirement. As a CISO, many of my technologies are from small firms, who I then can assist in their product roadmap that will both improve their product, and align with my requirements.

"I view innovation starting at the top, with a leader who wants to do what’s best, not just what’s available, then he or she pushes that approach down to technical staff to research, develop or acquire, test, implement, and manage it. But like I said, most folks look at IT and Security like getting a box of Legos and following the directions to put them together. Instead of thinking first what they want to make, and considering all building media options to be able to create it."

Comments 0
Scott Koegler practiced IT as a CIO for 15 years. He also has more than 20 years experience as a technology journalist covering topics ranging from software and services through business strategy. He has written white papers and directed and published video interviews.

Harvard Business Review: IT Talent Crisis: Proven Advice from CIOs and HR Leaders

CIOs: We welcome you to join the conversation

Related Topics

Submitted By John Landy
August 17, 2018

Sovos CTO John Landy has to get - and keep - employee attention in the work of tax compliance. He says you must  respect individual motivators.

Submitted By Kevin Casey
August 16, 2018

Are you building a DevSecOps culture – one that bakes security into development from the start? Learn from your peers about the obstacles and routes to success

Submitted By Don Anderson
August 15, 2018

CIO Don Anderson shares how he's leading a change in the way people perceive security.


Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.