Every CIO is beginning to make plans for 2022. While there is always an overwhelming list of things to achieve, strategic CIOs can focus on these three key areas to guide their organization forward in the coming year:
1. Cybersecurity
Many CIOs indicate that cybersecurity is a top focus for 2022. Attacks are becoming more frequent, more sophisticated, and more expensive to remediate. While end-user training is still important, implementing depth-of-defense is the only feasible approach in this environment.
After reviewing your organization’s strategic initiatives (does it include acquisition? expansion? new regions or countries?), develop your 2022 cybersecurity roadmap. This involves implementing security technologies, but it should also include a strong focus on fundamentals.
Make sure your systems have current patches, a strong endpoint security solution in place, and make and test (inviolable) backups. Develop an incident response plan and practice it frequently – and learn from your mistakes.
[ Are you an advisor and partner at your organization? Read CIO role: How to move from gatekeeper to advisor. ]
Check your overall readiness against the ISACA Capabilities Maturity Model Integration (CMMI, pictured below) and create a plan to incrementally address and improve all areas of security bit-by-bit. Aim to get all capabilities to Level 3 before trying to achieve higher levels of competency in any area.
Data Source – ISACA CMMI: https://cmmiinstitute.com
As tempting as it may be to focus on new technologies, your plans must include shoring up fundamental security capabilities so systems are not vulnerable to basic attacks. Advanced capabilities such as machine learning or AI vulnerability/threat analysis are great, but they are a waste of money if you lack basic security controls and processes.
2. Strategic alignment
The past two years have prompted CIOs to focus on managing and responding to changes brought on by the COVID pandemic. IT teams have been shifting rapidly over the past two years to address emerging demands, including remote work and virtual business. This has met the operational needs of the organization, but now it’s time to resume a focus on strategic alignment.
As the business begins to refocus and reformulate business strategies, CIOs will need to reformulate IT strategies. The direction your business heads may be very different from where it was headed pre-2020, so it’s critical to remain well-informed about business objectives.
Running the business versus changing the business
While looking at strategic alignment, be sure to evaluate which IT initiatives are meant to run the business and which are intended to improve the business. If you don’t address basic IT operations, other efforts will be wasted. If you focus solely on IT operations, you’ll be seen as a utility and not an innovative business partner.
Running the IT business means delivering business value. This includes improving cost, speed, and capabilities as well as reducing technical debt by decommissioning technology and deselecting projects.
Shaping the business involves investments in innovation and enabling the business to respond quickly to new opportunities using IT. These efforts are future-facing. Any IT department that is not actively moving forward is actively falling behind.
3. Staffing
We’ve all read about the great exodus from the workforce. Much of the data suggests that many mid-career people are leaving their jobs. This is a potential problem in IT where skills and expertise are honed over years and decades and where a single training class won’t bridge the gap.
Skills assessment
Once you’ve developed your strategic plan, perform a skills assessment. Identify who needs to be trained on existing or emerging technology. Create a training plan to get the team where it needs to be. Consider creating on-site or virtual brown bag sessions to discuss technical topics.
This both develops emerging leaders (those who can present or moderate these sessions) and enhances individual knowledge uptake. Finally, ensure managers are monitoring training progress and holding staff accountable for commitments made.
Managed services
The second phase is to identify areas in which you are not likely to be able to grow your own talent in time (or at all). For these areas, consider managed services. Leverage services that expand and augment your team, such as 24 x 7 security monitoring. The demand for cybersecurity professionals has far outstripped supply, so while growing internal candidates is a great idea, it takes years to yield results.
In the meantime, leveraging managed services could get you the skills, expertise, and coverage you need. This on-demand approach is often expensive but is less expensive than the alternative – no security monitoring or inexperienced staff trying to manage an incident, for example.
There are other services that may also be worth looking into, such as Help Desk or desktop/printer management. You’ll need to assess your team, your local labor pool, and your strategic objectives to determine the right mix for your organization.
Management of mixed teams
Finally, get ready to be flexible and hire completely remote staff to augment your on-site staff. Ensure your management team has the skills to effectively manage local and remote staff as a team. You’ll need to set clear expectations around how to manage and flex on-site with remote workers.
Remember to assess and address management training needs as well. Managing remote staff and building effective virtual teams are now critical management skills that need to be learned and supported through management and leadership training.
CIOs who are able to address these three elements as they look ahead will be key drivers of success for themselves and their organizations in 2022.
[ Where is your team's digital transformation work stalling? Get the eBook: What's slowing down your Digital Transformation? 8 questions to ask. ]
