Experience & Leadership in IT Transformation

Experience & Leadership in IT Transformation

The Importance of Finding Experienced Leaders for IT Change and Transformation in the growing Age of Generative AI

In today’s fast-paced business landscape, companies are under increasing pressure to innovate and stay competitive.

The emergence of Generative AI is reshaping industries, enabling unprecedented opportunities for automation, personalisation, and insight generation. As organisations pivot to incorporate these technologies, the need for skilled leaders who can manage complex portfolios and lead large-scale IT transformation initiatives is more critical than ever. Finding an experienced professional capable of navigating these intricate changes is paramount to success.

Navigating Complex IT Portfolios in the AI Era

Managing a portfolio of IT transformation programmes is no small feat. These initiatives often involve significant investments in new technologies, changes to business processes, and the integration of cutting-edge solutions like Generative AI. Leaders who have experience with large-scale IT change know that it’s not just about implementing technology—it’s about aligning technology with business strategy. A skilled transformation leader understands the need to manage risk, balance resources, and ensure that each initiative within the portfolio delivers measurable business value.

“I’ve learned that successful programme management of large-scale transformation is not just about managing the present in front of you but anticipating the curveballs of the future.” comments Craig Ashmole, a long-term IT Programme Leader at London based Straightalking Ltd.

The ever-growing subject of Generative AI brings an added layer of complexity to this already challenging environment. Not only does it require organisations to rethink their approach to automation and decision-making, but it also demands that leaders understand how to harness its potential without falling into common pitfalls such as data bias, ethical concerns, and over-reliance on AI outputs. An experienced leader in this space needs to balance this and should guide an organisation through these challenges, ensuring that AI-driven solutions are aligned with business goals but can scale sustainably.

The Strategic Value of Experience in Change Leadership

While technical expertise is important, it’s the strategic leadership skills that truly set an exceptional programme manager apart. A seasoned leader brings the ability to see the bigger picture, drawing on years of experience to anticipate challenges, overcome resistance to change, and drive cross-functional collaboration. This is particularly crucial when managing large portfolios of IT programmes that span multiple departments and geographies, often with competing priorities. Experienced leaders have a deep understanding of both the human and technological factors involved in change, enabling them to steer the organisation through potential roadblocks and ensure long-term success.

Craig goes on to say, “Leading large programmes of IT change means seeing first-hand how crucial it is to balance delivery objectives with agile execution. The ability to predict, plan for, and then mitigate challenges before they derail a project is gained from experience not just learned in a classroom.”

Furthermore, as companies seek to transform their businesses with Generative AI, the role of the change leader becomes even more vital. It’s not enough to simply deploy AI tools; organisations need to adapt their entire culture and operating model to be more agile and responsive to rapidly evolving market demands. Programme or Portfolio leaders who have managed IT change at scale understand the importance of embedding a mindset of continuous improvement and innovation within their teams.

The Competitive Advantage of Finding the Right Leader

Ultimately, the success of an organisation’s transformation efforts in the world of Generative AI hinges on its ability to find and empower the right programme leader. Companies that invest in finding an experienced professional with a proven track record in managing large portfolios of IT change will position themselves to not only survive but thrive in this new technological era. These leaders bring the skills needed to ensure that transformation efforts are strategically aligned, well-executed, and capable of delivering lasting value.

“Whether it’s managing evolving stakeholder expectations, identifying resource constraints, or foreseeing technical integration issues, in my experience this enables me to act proactively rather than reactively”, he explains. Craig has found that, “By staying adaptable, leveraging insights or lessons learned from past transformations, and maintaining a clear strategic focus”, he is able to navigate the most complex portfolios with confidence.

In a world where technology is reshaping every aspect of business, having a seasoned leader at the helm of IT transformation efforts is a competitive advantage. Added to this as Generative AI continues to evolve, companies must ensure they have the right leadership in place to guide their journey through this era of profound change with confidence.

By Craig Ashmole, Managing Director Straightalking Ltd

Having spent the majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address the burning need to change the way we all work post the COVID Pandemic.

Craig Ashmole

Managing Director, Straightalking Consulting

Homeworking In The Contact Centre

Homeworking In The Contact Centre

Homeworking In The Contact Centre Industry During COVID-19

Challenges of homeworking in the contact centre industry and why balance will be key in future flexibility

COVID-19 has even more businesses talking about and having to engage with homeworking. Some advocate that they are ‘business as usual’ whereas others are having to deal with the very real challenge of isolation and no face-to-face contact with their teams, customers and suppliers. This article looks past the current lockdown period at the questions faced by the contact centre industry around homeworking.

The root question has not been if home working is possible and effective, but why should it be utilised? The many talented and dedicated contact centre professionals will adapt to the COVID-19 pandemic, finding ways to provide great customer experiences despite unfamiliar working environments and under increased pressure; but what will they do after the lockdown passes and offices and contact centres are reopened?

According to research from the Office of National Statistics published prior to the COVID-19 pandemic, 50% of UK employees were already set to work remotely in 2020. Remote working is a subject bound to divide opinion across small to large organisations in every sector. With governments across the world asking or even enforcing, that people work from home during the current COVID-19 pandemic, debates about this practice are becoming more important.

For organisations across many industries, a work-from-home policy may seem easily deployed – workers can simply take their laptops to any location, connect to a WiFi network, and get going. However, for others, the concept of remote working instigates a multitude of worries. Take the contact centre industry. The current situation around COVID-19 means many contact centre operators have been faced with a difficult reality, and many are being pushed to make a decision. Is it better or worse for agent productivity and happiness? Does it increase customer engagement and satisfaction? Will it drive revenue or is it a drain on resources? Can employees be trusted to do a good job while working unsupervised? Will it isolate agents if they are receiving negative or abusive calls when remote from their colleagues?

Balance is key

These concerns are perfectly understandable – the contact centre has always been a very physical workplace, with call agents hooked up to a legacy phone system, answering calls on multiple lines, in-sight of employers. The key to making homeworking successful in practice for any business – particularly those operating a contact centre – is to identify exactly what is trying to be achieved with it, and how it meets with what is best for the business overall. Right now, permitting homeworking may simply be a case of survival as a business. In future, businesses must answer the purpose of homeworking. As an example, it could offer flexibility to employees and be used as an aid to work-life balance. This would not only deliver something for the reward strategy of a contact centre, but increased satisfaction and happiness at work may also lead to improved performance.

However, this must be coupled with businesses considering the potential challenges. One of the key concerns we hear around working from home in the contact centre is trust; can agents work as effectively, and at the same level of quality, without direct supervision? Many employers worry that if they cannot physically see their employees working, they aren’t working at all. Furthermore, the inability to see employees may leave employers anxious for their safety. What if an agent working from home receives a threatening or distressing message? Without a network of support from colleagues and supervisors, it could be difficult for agents to deal with complaints and negative situations. Businesses considering homeworking must have a plan to address these very real concerns.

The silver lining of cloud

One way to enable contact centres to provide the flexibility of homeworking for call agents, while keeping operations running smoothly, is embracing the latest technology available to the sector. A cloud-based contact-centre-as-a-service (CCaaS) platform gives contact centres this flexibility: it can be deployed in days and is ready-to-use wherever the agents and IT team are. Due to its browser-based nature, all an agent or supervisor needs to carry on is an internet-enabled device, such as a laptop, and a headset.

A vital component for this setup to work is continuous communication and monitoring between call agent and supervisor. Screen recording, for example, enables both supervisors to keep an eye on their agents in real-time, and agents to feel supported in their work while away from their desk. It can provide exactly the same insights to supervisors as when agents are in the contact centre itself. This ensures that supervisors know that the same excellent standards of customer experience are being delivered, even when they are not in the same location as agents. It also frees homeworking agents from the suspicion that they are not working as effectively at home as they are in the contact centre, which can be an undermining experience. The chance to demonstrate their own skill and efficiency accurately can be great for happiness and ‘engagement’. These concepts have been well linked to reducing leaver rates. Granting supervisors the ability to see agents working also enables them to provide real-time support to their team. For example, if an agent has had a disgruntled customer on the phone, supervisors may be able to step in and offer support and consolation when needed.

Technology for the modern-day workforce

Since cloud contact centres are browser-based and agents can access the system wherever they are, whenever they want, the ability to homework gives employees more flexibility and control over their working hours. This can make it easier to fit their career around busy schedules in a way that benefits both themselves and the organisation. Their working schedule can fit in more easily around family and home life as they have the opportunity to log in while the children are at school, for example. Introducing intelligent automation and smart scheduling makes flexibility profitable by ensuring that resources are optimised. Artificially intelligent Workforce Optimisation (WFO) systems run automatic checks to ensure that schedules are always kept at peak efficiency, whilst also giving agents maximum control over the hours they want to work.

Cloud-based CCaaS can also alleviate any concerns over the additional costs of training needed for agents to work at home. Quality Assurance capabilities mean that agents and employers alike can benefit from increased flexibility without losing any of the quality of work or impacting the customer experience. Analysing recordings of key interactions between call agents and customers allows trainers to identify best practice and gaps in knowledge.

It is clear that homeworking has great benefits, while also posing the potential for significant drawbacks. Flexibility and agility are key in achieving the right balance to make working from home a viable option in the contact centre. A true cloud solution is one sure-fire means of ensuring that the location of the agent does not matter and can develop alongside, and meet with a business’ and individuals’ growing demands.

The effects of COVID-19 on businesses, and society as a whole, are expected to change working practices across industries, including contact centres. Many will continue a homeworking policy even after everything has returned to normal. They would do well to have a clear strategy, harnessing the benefits of homeworking and ensuring the correct tools are in place for their agents to thrive in a new world. Although, overall, homeworking is not without its challenges, if implemented at the right pace and with the right technology, it has the power to unlock fantastic benefits for contact centres.

 

Written by Andi Janes, Chief People Officer at Content Guru

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.
Craig Ashmole

Founding Director CCServe

Hiring the old guy

Hiring the old guy

Do you or don’t you, hire ‘the old guy’!

Perhaps I am just getting a bit older, but the IT industry seems to be more of a game for younger people these days. Although, to be fair, Police Officers are looking younger all the time too.

“As time goes by attending the various IT related annual corporate events, all the people sitting on the stalls marketing their company values to everyone and anyone that dares to glance their way for too long, are definitely much younger and seem to even dress less formally than when I did for many years.” states Craig Ashmole, founding partner at London based Interim Consulting CCServe Ltd.

I came across a piece of material by Nick Hughes, who is a Senior Programme, Project and PMO manager and all the same thoughts and views came rushing back to me and I quote him below.

Within IT especially there does seem to be more focus on younger, fresher talent. This was brought into sharp focus recently when I met with a manager at a consulting company. They were thinking of putting me into a bank, but the manager was concerned that my extensive and long experience might be a little intimidating for that client manager.

The manager also seemed a little nervous and said that I had a lot more experience than he did himself and that he hoped he did not ask any unproductive questions. This got me to thinking. Is there a perception for younger managers that hiring an older/more experienced contractor might jeopardise their own position? Or could older contractors probably be seen as ‘not as innovative as their younger counterparts’?

Is this ageist? Possibly, but for the hiring manager it could be a very real concern. From their perspective, they are possibly new to the position and want to prove their worth. Many managers want to be seen as the go-to person, that they are irreplaceable and key to the organisations success. Hiring in someone who may not only know more than you, but also may have experience doing your exact job, could lead to the manager being seen as superfluous. The deeper concern would be “Is he going to try and take my job?”

For contractors who have experience in roles more senior than the role being looked at, there can also be concerns for the manager around the contractor jumping ship as soon as the next best, or higher paying, opportunity comes along.

This presents a dilemma for the hiring manager and an issue for the contractor.

To be clear, I am not saying this happens all the time, or even a majority of times, but it does happen. When we are honest with ourselves, we all have those feelings of doubt, so it is perfectly understandable to have these thoughts, we would not be human if we did not.

So what is the answer? Does the manager “not hire the old guy”? Does he or she only hire people younger or less experienced than themselves?

If they do, then yes, they could avoid an embarrassing situation where the person reporting to them knows more than they do. But that will only be a temporary protection for your career and, to be honest, if you are so worried about your position that you feel the need to protect yourself, you will probably find it difficult to progress anyway.

But why hire the guy (I use the term ‘guy’, but it applies to both men and women) with more experience than you and who has potentially had a more senior position?

From my perspective, and with the experience I have gained I don’t actually want that manager’s job and I don’t want to settle down into a perm role. If I am applying for a contractor position, I don’t want the politics, the employee assessments, the HR hoops that I would have to jump through when you manage a team and also having to deal with any personnel issues. I am at a point in my life where I have realised I work to live, not live to work.

What I do want is to make the manager I am hired to engage with look good. I want to use my experience and knowledge to make a success of this project. I want to pass on my knowledge of short cuts that bring the project to a successful conclusion, or the ability to see through vendor marketing hype to accept only what is really needed in the business. Or to ensure we hit budgets & deliver on time.

From a interim consulting perspective it is simple. First, we get the satisfaction of a job well done. Second, we get the opportunity to pass on well-earned knowledge and subject matter experience to those younger people. But most importantly, we leave with the hope that the manager will recognise the contribution made and engage on the next project.

After all, as a contractor, one is always looking for the next contract. I have seen some contractors make themselves indispensable to an organisation, to the point where the perception is that they can’t be let go.

Experience on projects are usually quite simple. Define the scope and lock it down, establish a change control process to manage the inevitable scope creep, establish a governance process for decision making, plan the critical path and dependencies, identify the risks, establish a RAID log to manage them, set up reporting, then execute and monitor.

Once that is done the tough bit, the really tough bit, is managing the people. Getting the sponsor to truly understand their role. Ensuring other teams, who you have a dependency on, deliver in time for your critical path. Providing clarity around the impact to the stakeholders requesting a change. All the while you are doing this, trying to be as diplomatic as you can be but understanding why you were hired in the first place.

Us old guys (men and women) have seen this before and have dealt with it successfully. So, my suggestion to those managers who worry about “hiring the old guy” is to not worry so much but be happy to benefit from paying to get a programme delivered with SME skills that can be transferred to the perm staff. Don’t get me wrong, there are younger people who may well have the ability to be able to navigate the shark infested waters of the project world, but the old guy may well have been bitten before and survived, so has the practical knowledge of what works and what doesn’t.

So, it is up to you, hiring managers. Do you want to benefit from 30+ years of experience and dodging bullets? Do you want to have that edge to making your project successful? Having that experience that you can call on when it does go wrong – and some really do go wrong! If you do then you really should be hiring the Old Guy.

 

Thanks to Nick for sharing his thoughts

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Changing Data Centres

Changing Data Centres

Traditional data centre’s are undergoing many revolutionary changes as we head to the 2020’s

Hybrid cloud infrastructures, hosted servers, virtualized servers, and new methods to save energy and reduce costs in the data centre create an ever-challenging array of decisions for today’s data centre managers

It’s no secret that traditional, on-premise data centres still rule enterprise IT. According to a recent TechRepublic CIO Jury, 100% of tech leaders still run on-premise data centres but, cloud is catching up in a big way.

According to Mary Meeker’s 2017 Internet Trends report, cloud spending continues to grow and it’s on track to catch up to traditional data centres spending. Citing IDC data, Meeker noted that cloud investments had grown over the past few years as traditional data centres spending shrank. If the trend continues, the two markets could eventually match one another in spending.

Spending increased in both private and public cloud, the report noted. In the public cloud market, the major players continued to dominate — Amazon Web Services (AWS) led the pack, followed by Microsoft Azure, Google Cloud, and IBM, in that order.

 

Cloud is leading to new innovation in infrastructure and the way enterprise IT gets work done. New software delivery models mean products are being delivered through the cloud, often with a subscription model. Experiences are becoming more personalized and products are becoming more intelligent as well, the report said.

Software as a Service (SaaS), especially, will see a big boost, with many organizations turning to the model. According to another report from BetterCloud, some 73% of organizations said more than 80% of their business services and applications will be SaaS by 2020.

The growth of the cloud at this rate creates new opportunities for business, Meeker’s report said, but it also creates new concerns. While data security is still the top concern, questions about compliance and lock-in fears are increasing dramatically, the report said.

However, the question about lock-in is a complex one. While enterprises desire the unique proprietary tools that the major vendors are building out, that same R&D could be making lock-in even worse, as TechRepublic writer Matt Asay has argued.

Still, cloud availability continues to go up, while the major vendors continues to drop their prices, making the cloud an even more attractive option for big business.

The 3 big takeaways for cloud services, as we see it:

 

  1. Data centres are still the norm in enterprise IT, but cloud spend could soon catch up, according to Mary Meeker’s 2017 Internet Trends report.
  2. Public and private cloud spending both increased, but concerns are shifting from security to compliance and lock-in, the report said.
  3. Cloud growth is also enabling innovations in edge computing, elastic databases, containers, and microservices, which are changing the way IT thinks about infrastructure.
By Conner Forrest (TechRepublic)

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Data Centre Managed Services

Data Centre Managed Services

Five network security market trends that matter for Managed Services

It’s no secret that organisations of all sizes are changing the way they run their businesses.

The move toward a digital economy, combined with the need to be “always on,” means that anything that can save time and simplify workflows is in high demand. Now, more than ever, seamless delivery — whether it’s music, email or network security — is where opportunity lies. For channel partners, this opportunity translates into managed services. If you haven’t yet shifted your network security business to the revolution that is managed services, here are five trends that demonstrate why now is the time to make your move:-

1. Rise of the Virtual Data Centre

Traditional customer premises equipment (CPE) will come under increasing pressure as software transformation greatly reduces, and in some cases, eliminates the need for devices on site. In 2015, we saw the rise of the virtual data centre; in 2016 we are seeing its operationalisation in the enterprise come to fruition. Channel partners who set up their businesses to capitalise on this shift as part of their managed services strategy will see demand heat up. Whether you partner to make your virtual data centre happen, or invest in establishing one yourself, put it on your agenda for immediate consideration.

2. Avoid Lock-In

Make no mistake, technology “lock-ins” are stumbling blocks to your managed services success. Because change is constant, your customers are demanding flexibility, and they’re looking to you to help them remain agile to prepare for future industry shifts. The bottom line is that your customers want more openness and customisability, which means channel partners need to be even more selective with their partnerships, only aligning with vendors who enable them to offer best-in-class solutions and managed services that address the dynamic requirements of their clients.
In 2016 and beyond, channel partners who follow this trend, catering to customers with open solutions and services that are seamless, scalable and flexible to customers’ business needs, will hold the competitive edge.

3. Customisation Is Key

What we’re seeing in 2016 is that professional services and DevOps are taking a front seat for channel partners as customers look for turnkey solutions and the ability to customise their environments. Vendor innovation will always be key, but channel partners can also benefit from placing a high priority on innovation.
This is especially true as the channel competes with the technology giants of the world who already have a huge and growing stake in managed services. As a channel partner, your agility and the insight you possess from your customer relationships can empower you to deliver on-point, customised network security services—something that the larger players, who more commonly compete on commoditisation, simply cannot manage.
In 2016, your managed services offerings can and should be differentiated by the value add you deliver. Often, customisation is the value you can bring to the table to gain a foothold against larger players.

4. Be Automation Aware

Customers are looking to automation as the next cost reduction lever to eliminate legacy IT. As your clients’ most trusted advisor, the onus is on you to assess the automation capabilities that your vendors bring to the table—and the automation expertise that your in-house experts have to offer.
Make a checklist of how you can move automation to the forefront for your customers, delivering it as a powerful managed service that supports their goals. As you hold strategic quarterly or monthly client meetings, discuss how you can help your customers meet their software transformation milestones. Discovering ways to save time and costs should be a never-ending conversation.

5. Vertical Market Transformation

In 2015, we saw the adoption of SDN (software defined networking) and NFV (network function virtualization) grow in small- and medium-size enterprises. In 2016, the channel will continue its move to open, integrated and seamless stack solutions, making SDN and NFV solutions more accessible than ever before through pre-designed and tested solutions, purpose-made for vertical markets.

Don’t fall behind the adoption curve. Now is your opportunity to ride the wave and adapt your managed services playbook to these top network security market trends.

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Microsoft Azure Hybrid Cloud

Microsoft Azure Hybrid Cloud

Microsoft Azure launches 3 new tools to speed migration to hybrid cloud and optimize deployment

In a Microsoft blog post, the company detailed three new tools to aid in cloud adoption: Cloud Migration Assessment, Azure Hybrid Use Benefit, and Azure Site Recovery

Microsoft launched three new resources for the enterprise focused on getting companies to the cloud faster, and saving them money once they get there, the company announced in a blog post on Wednesday.

Most of the companies Microsoft executives work with are considering a hybrid cloud approach to their infrastructure, according to the post, written by Microsoft’s general manager of cloud platform marketing Mike Schutz. In order to best assist companies in understanding the size of their environment and how they can plan financially for a move to the cloud, Microsoft released three new tools focused on cloud migration and economics.

SEE: Build your own VM in the cloud with Microsoft Azure (Tech Pro Research)

Here’s a breakdown of the three new tools and what they can offer businesses.

  1. Free cloud migration assessment

This assessment will help customers more easily find and better understand their current server setups, to help them determine the cost and value of moving to the cloud, the post stated. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Additionally, data center administrators can export the results of the assessment into a customized report, the post said. For those looking to gain some extra funding for a cloud project, the report could provide some valuable data and statistics for your conversation with the CFO.

  1. Azure Hybrid Use Benefit

This tool is intended to save users money on their cloud deployments. According to the post, customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal, which could save them up to 40% on their Windows server licenses, by optimizing what resources you’re using. The post noted that it is available on Windows Server virtual machines in Azure, to all customers.

“Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure,” the tool’s web page said. “By using your existing licenses, you pay the base compute rate and save up to 40 percent.”

  1. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself,” the post said. “This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more.

By Conner Forrest a Senior Editor for TechRepublic
Picture from Microsoft

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

CISO moves to the top

CISO moves to the top

The CISO moves from the basement to the boardroom

A growing threat landscape has changed the role of the chief information security officer in the past decade. Here’s why this position and its evolution are vital in the modern enterprise.

“With the recent ransom virus affecting so many global businesses the executive boardroom stakeholders now have their attention”, stated Craig Ashmole, Founding Partner for London based Interim consulting firm CCServe. “Talking with a Security consultant colleague on the train the other day, he said that the insurance firm he’s engaged with did not feel the need for a CIO or CISO role until the resent infamous Ransom virus. That’s now all changed”

The rapidly expanding cybersecurity threat landscape has driven the chief information security officer (CISO) out of the basement and into the boardroom in many enterprises. While these tech professionals were traditionally seen as security enforcers, they have now clearly got the attention of the executive stakeholders and are taking a seat at the table as strategists helping the enterprise avoid cybercrime.

“The CISO’s role has changed from a pure technologist to understanding what the business is trying to do, and to make sure security is part of the business strategy, not an afterthought,” said Steve Martino, CISO and vice president of information security at Cisco. A 2016 Cisco study found that business leaders today believe that cybersecurity is a prime growth enabler, reinforcing the need for those in charge of security to increasingly think in business terms.

Cyber threats have changed dramatically in the past decade in terms of sophistication and volume, Martino said. That change has been driven by two factors: Organizations becoming more connected through the Internet of Things (IoT), and cybercriminals shifting from making political statements to cybercrime as a business.

This changing landscape and added responsibility means CISOs need to develop a new set of soft skills, including learning how to talk with a line of business leaders about risk, privacy, user experience, and balancing the trade-off of security with features.

“Five to ten years ago, the C-suite really didn’t have a relationship or a dialogue with the information security team or leader,” Martino said. “Today, we do. In order to be effective, you have to have this business context, and be able to have a business dialogue with many different functional leaders.”

That means understanding what the different parts of the business—finance, sales, marketing, etc.—prioritize, and be able to translate risk issues to their language.

“CISOs need to have that business knowledge and multi-lingual capability to be able to translate what you’re trying to get across in terms of risk to the business owner,” Martino said. “Both are required to be effective at the speed of business, and earn the respect and trust required.”

Developing new skills

Training is helpful for CISOs who have been called to report to the C-suite for the first time, said Gary Hayslip, an ISACA expert on cybersecurity, the former CISO for the City of San Diego, and the current CISO at Webroot. “It’s a different view of risk, and on the use of resources and costs,” he said. “You have to start really getting into the strategy of where the organization is going.”

Hayslip recommends finding another C-suite member who has reported to the board before, and partnering with them to learn how the board meetings typically proceed, and what the individual board members are like, what they look for as a group, and how they process information.

“If you’re a CISO dealing with the C-suite and it’s relatively new for you, don’t be scared—ask a mentor so you can start learning about what they look for, so you make sure when you do report to a board, the information you’re presenting is relevant to the discussion,” Hayslip said.

It’s key to remember that the CISO does not own the risk—the business does, said Forrester analyst Jeff Pollard. “CISOs are now transferring ownership of risks back to business units,” Pollard said. “Instead of the CISO possessing the power to stop the business in its tracks, they are advising and coaching business unit leaders on the risks and security ramifications of decisions but the business owns the risk and makes the decisions.”

Don’t be the barrier factor

Rather than becoming a barrier, this new model allows CISOs to work with, instead of against their colleagues, Pollard said. However, the CISO does need to be flexible, and understand that the security system in place must be resilient. “You’re going to take breaches,” Hayslip said. “There is no totally secure network. If you factor that in, you can start looking at where your risks are, how your teams are trained, and what policies are in place.”

If the CISO is overwhelmed with projects, it can be helpful to determine which departments you are serving, who the stakeholders are, and what is critical to them, Hayslip said. That will help you create a more narrow list of issues to tackle. It’s often wise to start with cyber hygiene, he added: If you have basic security policies and patch management, antivirus, and firewalls in place, updated, and managed, it builds a strong foundation for your organization’s cyber health.

CISOs also have an opportunity to redefine their role as a business strategist during the digital transformation, Pollard said. To prove their value, they should spend time mapping the firm’s technology touchpoints, foster security champions across the company, and get involved with customer-facing activities like product design and development, he added.

“We’re in this transition as an industry from being a technologist and a protector to being a business enabler,” Martino said. “In order to cross that chasm, the CISO has to earn a place at the table, by bringing business relevancy, and helping the business get to their goals faster.”

By Alison DeNisco  (TechRepublic)

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Website Hacking on the increase

Website Hacking on the increase

Here are the top 6 ways websites get hacked, according to Google

Google recently noted that it had seen a 32% rise in hacked website over 2016. Here are the most common tactics it found.

In 2016, the number of hacked websites rose by 32%, according to a blog from Google. And, unfortunately, the search giant said it believes that number will continue to rise as hackers become more sophisticated.

While 84% of webmasters who “apply for reconsideration” were able to clean up their sites, the post said, 61% were never alerted by Google that they had been hacked. The primary reason for this disconnect for more than half of hacked webmasters is that their sites weren’t verified in Google’s Search Console, which the company uses to communicate information about websites.

In a post by Google Security Team, Google outlined some of the common hacks that are affecting websites today, such as the Gibberish Hack, the Japanese Keywords Hack, and the Cloaked Keywords Hack. Citing the old adage “a chain is only as strong as its weakest link,” Google said that prevention is key in keeping these hacks at bay.

To improve prevention, it is important to know how these attacks are being carried out. Google outlined the following six ways that websites get hacked by spammers:

1. Compromised passwords

Whether an attacker is using guessing techniques to obtain a password, or simply trying out common variations of passwords, compromised account credentials are a serious issue. It’s important to create a strong password, not use the same password across multiple web properties, and use additional security tools like two-factor authentication, the post said.

2. Missing security updates

Old software that hasn’t been updated may be missing an essential patch to account for a serious vulnerability, the post said. Make sure your web server software, CMS, plugins, and other essential software are all set to update automatically. If that isn’t an option, set up a cadence by which you’ll manually check for updates.

3. Insecure themes and plugins

In addition to making sure your plugins and themes are patched, be sure to “remove themes or plugins that are no longer maintained by their developers,” the post said. Also, be careful when using free plugins, or ones that may only be available through an unfamiliar website.
“It’s a common tactic for attackers to add malicious code to free versions of paid plugins or themes,” the post said. “When removing a plugin, make sure to remove all its files from your server rather than simply disabling it.”

4. Social engineering

Social engineering attacks, like phishing, try to trick the user into thinking they are providing needed information to an actual webmaster or account manager, for example. Check to make sure the email address matches perfectly to a person you know, and never give out personal information to someone you aren’t familiar with.

5. Security policy holes

Bad security policies, such as allowing users to create weak passwords, giving admin access too freely, and not enabling HTTPS on your site can have negative consequences, the post said. To better protect your site, Google recommends making sure you have the highest security controls configured, that user access and privileges are properly managed, that logs are checked, and that encryption is used.

6. Data leaks

When data is mishandled, or improperly uploaded, it can become available as part of a leak. One method, “dorking,” can utilize common search engines to find the compromised data. Make sure only trusted employees have access to the data they need, and use URL removal tools to make sure that sensitive URLs don’t display in Google search results, the post said.

Sourced from TechRepublic
By Conner Forrest

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe