Brennan blog: A CIO’s work is never done

Tackling the technology to-do list: a CIO’s view

John O'Connor Chief Information Officer Linkedin Profile

Tackling the technology to-do list: a CIO’s view

With increasingly complex demands and stubbornly long to-do lists, how do CIOs begin to thread ambition through the needle of reality?

Under pressure to nurse finite budgets, defend increasingly complex cyber threats, unify (and simplify) technology sprawl, place (and defend) technology bets, and so much more, a CIO’s to-do list shows no signs of shortening any time soon.

Just how do they balance competing needs, support organisational goals, and build resilience? We spoke with John O’Connor, Brennan’s Chief Information Officer – and our own internal customer – for answers.

As a CIO, it helps to have a thick skin. You’re charged with ensuring operations run smoothly, that everything is alive, and that the baseline expectations are consistently met. Those are the table stakes before you can even consider playing in the innovation space.

And on those measures, a CIO is scored at the lowest possible level. If our architecture team host a webinar and the poll functionality fails, they’ll call me. If a laptop falls over at an Executive Leadership Team meeting, that’s on me. It means my marker of success is no holes, no noise. These are a few of the considerations I use to help me get there.

Awake to the meta challenges

How does a CIO sleep, the old joke goes. They don’t. They Cry It Out. What keeps me up at night (and I’m guessing many other CIOs) falls into two key categories.

The first is cybersecurity. With cyber threats having the very real potential to disrupt every company in Australia, CIO’s keenly feel the onus on ensuring cybersecurity is a boardroom priority.

A critical starting point is aligning to industry best practice. Different industries, regulated by different bodies, apply different frameworks. Given MSPs are responsible for servicing and safeguarding clients across multiple verticals, the standards sit higher (and rightfully so).

Brennan are ISO 27001 compliant and have been for a long time. But we’re also alive to fresher frameworks, including the Essential Eight, the National Institute of Standards and Technology, and the five Governance Principles laid out by the Australian Institute of Company Directors, using them to hold ourselves to account – all of which our Board get visibility on, too.

Keeping one eye on the risks without over-policing is a tough balancing act. The natural inclination is to lock as much down as possible. But the downsides of imposing draconian limits are to crimp innovation.

The second concern is balancing tech debt and innovation. A CIO could spend forever and a day upgrading systems, but very few would ever see the benefits. Negotiating that balance is hard, but necessary.

Listening to lead

As CIO, it’s my firm belief I spend my time reaching out, rather than looking in. A key function is to actively hunt down our business leads’ pain points, and let their needs build my to-do list.

It needs to work as two-way street, too. Leads need to view their CIO as a business partner. With the shift to SaaS, it’s become easy for leads to fill their boots, simply by swiping the company credit card. Without CIO oversight, shadow IT can pull against an organisation’s overarching goals, or even expose companies and individuals to security breaches, reputational damage, or financial loss.

You can’t discount old-fashioned charm and a strong, personable leadership team as tools to develop trust. Those soft-skills are just as important as the data-led decisions. Our teams’ goal is to forge strong relationships with all of the key stakeholders and practice leads. It means that when we do need to make those tough calls, we make them in lockstep.

Strong foundations weather change

Humans crave stability, certainty, surety. But technology and business are predicated on change. Reconciling the tension between those two is crucial for CIOs.

For Brennan, the Plan-Build-Run framework is invaluable in helping us navigate the internal operational, maintenance-oriented tasks and the external strategic, customer-facing, development-oriented goals.

Looking inwards, we’re one of our largest customers. We have to put rigorous SLAs on ourselves. When users submit a request, do we resolve them well? Are we backing data up correctly? Do we have robust disaster recovery protocols? Asking probing questions helps ensure the fundamentals are watertight.

Looking outwards, it pays to have one eye on the future, with a vision driving you there. We regularly run sessions to interrogate what our future digital core might look like. Do we need more people in data? More skills on our service desks? Can we move away from some of our legacy artefacts or processes?

Those sessions inform the decisions we take and shape their implementation. It could be new ways of working with DevOps, integration, continuous deployment, or a move to new platforms that allow us to do those more fluently.

The more you see, the more you see

As many CIOs can testify, keeping spiralling budgets within a spend envelope is always challenging. It’s easy to blow the budget, only to arrive at a place with little to show. But there are a few tricks that can aid fiscal focus.

Tracking every asset used within the company. Running audits on credit card spend. Shining a spotlight on shadow IT spend. Those are just three illuminating exercises. Add to those FinOps, which is a more modern approach to tracking cloud and SaaS spend, and you’re armed with a richer, more detailed picture.

Companies need to have a bottom-up view of their entire spend. If you don’t, you’re missing a trick. Pulling it all out into the light becomes the basis for your budget.

Place your bets, deliberately

Part fortune-teller, part scientist, CIOs are under constant pressure to make or defend technology choices. Placing technology bets in an inherently unpredictable world is more of an art than a science. Ultimately, it’s a balancing act between the tactical and the strategic.

If you have a long-term vision of where you want to get to and view your investments as the vehicle pushing you there, it’s helpful to accept it will never take you on a linear journey. There will always be forks, detours, and dead ends. But every decision should edge you closer to your goal.

Three guiding mantras

CIOs are often tasked with wearing multiple hats – strategic, tactical, and practical – often at the same time. These are the approaches I consider for each.

Strategically: Have a strategy. It may sound glib, but strategic thinking is often overlooked or undercooked. For us, it starts by meeting with the key stakeholders, and ensuring the strategic development and delivery is all-encompassing. Although technology plays a pivotal role, it has to be aligned with business outcomes. Any technology strategy has to cater for the whole of the company improving, and it has to consider cyber security.

Practically: CIOs don’t get to dictate the strategy. Any initiative of any lasting value I’ve helped deliver has been developed collaboratively. We’ve interviewed everybody in the company, built the vision of where we want to be, and written the roadmap of how we get there collectively. We’ve had to socialise it with the Executive Leadership Team, and our board of Directors before it’s greenlit. Technology is a team sport.

Tactically: You can’t always wait. Some of the initiatives we’ve developed strategically, I’ve had to implement tactically, ahead of approval. Most are for hygiene factors and ensuring we cover our bases, particularly from a cyber perspective. Even without prior approval, don’t be afraid to make the important calls early.

Join us on social

Get in touch

Tell us what you need help with, and we’ll send the right expert your way.

Blogs