Cyber security has soared from the back office to the boardroom. Nobody wants to see the incident response team have to prove their work. I guarantee nobody wants to see their names in the media for a breach. Doesn’t it seem like we (good IT peeps) are usually just playing catchup and reacting to the bad guys? I’m looking forward to the next big advancement in intrusion protection. Instead of specific signatures that block only the knowns, can’t someone use AI or predictive analysis and just throw up confirmation requests like Windows does to allow elevated access to make changes? Better yet, block it inline without the user knowing it was ever a problem. Yeah, I know we have things that do this now. BUT, is there an option that doesn’t make the CFO snarl?
"Person to person payments are a pretty hot topic right now"
Security above All
The financial industry is just as capable of innovation as the other top tier industries. The principal difference, aside from maybe healthcare and defense, is we have to put security above all the other items on the wish list. In my office, the automated sifting and processes like log correlation and SIEM are the difference makers. If a desktop tech or network admin is still spending countless hours on repetitive tasks like failed login attempts, they can’t be very productive outside of the huddle. If we can be more efficient in one simple process, we can add value to another. Man, that last thought sounds like I just got out of a 10 hour long Six Sigma!
Patience and Control
Many of us in IT wear so many hats that it’s hard to pinpoint a single point of stress. For me personally, it’s the need to communicate above and below. I’m a huge proponent of face to face time. I like sharing family stories with peers, I prefer doing it at happy hour after an uneventful day, but generally shooting the breeze is a good relationship builder. Most IT people are content with the value added part, like turning the screw or debugging a new release. It’s the status updates, budgeting process, or the HR meetings that tend to hack us off. I know how important it is to notify employees and customers during an incident, but sometimes it’s just all going wrong and we need to be left alone to get to the solution. Patience my friends, patience.
What keeps me awake at night? Where do I start? Let me say that I think the power grid and ISP backbones are what worry me the most. Maybe it’s because I don’t have any control over them. Driving down into what I can control, I guess RTO’s are still a problem for me. We haven’t prescribed to load balancing VM clustering across the board yet. We’re into it on our critical core systems, but I can’t justify it on single departmental servers. Maybe it’s time for me to look at the costs again and put it all in one basket. Until then I’ll make sure everyone knows it might take me a few hours to recover the server that only gets used at the end of the month. But hey, isn’t one of the responsibilities of being a CIO overseeing the operation and integrating major initiatives with business objectives. Maybe I can convince the revenue generators (loan officers for us) that a total overhaul of all our servers would give them an advantage over the guys and gals across the street.
Technology Trends in Financial Industry
The financial industry is right in the middle of all of these things. IoT is scary from a security standpoint. Big data is scary because we can’t fathom what the bad guys have been compiling piece by piece. Social media isn’t living up to its promises, but we have to play in the arena to stay relevant. Cloud, yeah, well we’ve been using “cloud” for 25 years over private networks. Just because someone made a nice front-end for a storage appliance or application doesn’t make it something new. Mobile, now this is a new trend. There are more mobile devices than people. Mobile is probably the current focal point for us. We’ve got to offer our services to younger generations at their fingertips. Person to person payments are a pretty hot topic right now. Our customers can send anyone money without coming in. I think a lot of bankers saw that as a good idea years ago, but they had no idea how it would happen. Well, let me say the smartphone and wireless data have made a lot of things possible.
Role as a CIO
My job’s number one objective is overseeing IT. I still have to understand our business to oversee IT. I still have to review vendors. I still have to understand and manage risks. What’s new? Educating everyone around me is fairly new. I’m not talking about showing someone how to clear their printer or how to use the new CRM. I’m talking about cyber security. Threats used to be pretty simple to understand and easy to spot. Today the threats are more dynamic and targeted. Educating employees and customers is a task everyone in IT should tackle. It’s like running a campaign against a cancer. We all have to get on board to share the burden of enlightening our clan.
Using Best “Ombudsman”
The CIO is the buffer between the smart guys and the smarter guys. (Notice I didn’t say who was who.) There always seems to be a little tension between the executive level employee and the boots on the ground. I’m happier in a cold server room at midnight than I am in a board room at 9 AM. But it takes someone who can do both to lead groups into what’s best for the business. In a shorter answer, I still think there is a lot of reasoning to leave the IT folks to their world and using the best “ombudsman” in your outfit to give the jargon translation to the suits. No, I wouldn’t leave the CSO unattended. His job is to play super cop. Sometimes you have to run a yellow light to accomplish a task, the CSO will handcuff you for just thinking about running that yellow light. No offense to the CSOs. In all fairness they are playing the most important role in any organization today. We need them in the room, it’s just tough to do business with them at the helm.
My advice to the up and comers is for them to stay in touch with reality. Rejoice in simple accomplishments and don’t dwell on the big failures. Make sure you learn something from your successes and failures. Every little thing has the potential to make you a better leader. Try real hard to enjoy your career, it changes drastically!