Data Security

What is the biggest challenge in getting a job as a first-time CIO? Is it out-competing others who look similar on paper?

I think there is a tremendous amount of competition. Most of the CIO positions out there are usually going through some type of an executive recruiting network. The recruiters I talked to don't usually pull up a set of criteria in a database online. One recruiter I talked to doesn't even recommend candidates putting information into an executive recruiting online database, because most executive recruiters aren't going to use it. They're going to look to the contacts and network of sitting CIOs or deputy CIOs to ask if there is someone on their staff or someone they know.
You became CIO of the World Wildlife Fund at age 37. What helped you most to get that job?

I was recruited for it. I did not approach an executive recruiter for that position; they approached me, at the recommendation of another sitting CIO. I had established my credentials in the private and for-profit sector. I had gotten experience with a variety of technologies at some pretty tier-one organizations: it was Sallie Mae on the financial services side, and PricewaterhouseCoopers on the consulting side. I had gotten all my tickets punched. I got my technical MBA at Johns Hopkins University. I actually took it a step farther. A year after I obtained by graduate degree I started teaching as an adjunct faculty at Johns Hopkins -- intentionally.
As a way to increase your network?

Increase my network, increase my exposure. As an adjunct faculty I was giving back to the IT community and the educational community, but at the same time I was greasing the skids for easier access to publications. When someone was looking at my bio and saw I was a director of this, a tech MBA and teach at a graduate level, when I submitted articles I believe they had a little more merit behind them.
What's the biggest mistake you made in plotting your career?

I'm not sure that I made any.
None?

I really don't think that I have. I've gotten consulting experience, I've gotten for-profit experience, I've gotten Big Five experience, I got my tech MBA, I've got publishing experience, I've got my graduate adjunct faculty. The only thing that I would -- I don't know if this is really a mistake. I was about to say, started my graduate work earlier. But Hopkins wouldn't really let me enroll in the program until I had a specific number of years of business experience.
Fifty percent of your experience is in consulting, and you strongly recommend that aspiring CIOs work as consultants. Why?

You've got to get both sides of the fence if you want to be a viable CIO. You have to understand the consulting proposition. You have to know also how to manage consultants and vendors.

Being a consultant makes you a little bit humble. There are many instances where you have to sidestep and put the brakes on what you may know technically or business wise. You may have to deal with a client or a customer that is not that smart or that doesn't know as much as you do, and you've got to figure out creative and diplomatic ways to get that customer on board or eliminate any roadblocks that the customer may be putting up. In the organizations that use consultants regularly, some of the internal employees are a little bit jaded. They're thinking, 'Why did we have to go to the outside, when we could have probably done this on the inside.' Serving in a consulting role gives you far more experience than flat-out IT experience.
Define for us what you call in your book "the IT glasshouse."

I define the glasshouse as the central IT management infrastructure of the past where all decisions, all the systems and all the policies were pretty much made within the IT shop. If you had to classify it as a government, it would be an IT monarchy. Today, I don't believe that works. I am not a fan of 100% decentralized IT, where managers and staff are completely decentralized and put into business units. I am not saying do a 180-degree from the old model. But I do think that today's CIOs need to work more with the business units and customers of their organizations and form better relations to share the risks, responsibilities and project sponsorship, as opposed to assuming the responsibility in IT or forcing a system on a business unit.
There is a lot of talk about letting your business units take responsibility for the technology they use. But how do you do that? Do you get it in writing?

I do. But I don't let them take responsibility for the technology. I let them take responsibility for the business process that drives the solution. So when we are looking at doing a requirement analysis for trying to solve some problem or drive some goal, whether it is increasing revenue or something else, when we put budgeted dollars toward the project, we use an organizational structure that integrates with the project manager in the business unit itself. I bolt on an IT lead and have at least one business VP take accountability as co-executive sponsors. At the end of the day if I don't get signature from a business unit sponsor for a business unit application, I will not press forward. I make the calls for infrastructure, for security, all those good things. That is my job. But if we are looking for a CRM system, for example, to help drive donor management, the CIO should not own that system. IT should be owned by the business unit that is responsible for the revenue.

I have a simple phrase: IT drives technology decisions. The business units drive application business technology.
I thought it was refreshing to read in your book that a CIO should have a solid grounding in technology, because so much of what you hear now is that this position is being taken over by businesspeople.

I just met one the other day. A new CIO from the business unit, and I think he's scared. Think about it. I take the inverse view that businesspeople can do the job. I think it is way off, and I am not shy in stating that. Look, this is a profession that in my case includes 20 years of work experience at some of the best companies in America. I have gotten a top-tier education. If you combine all that together, I am somewhere in the 28-year range of progressive IT skills and experience, managing technology and applying it to business. Now, would you hire someone who came up that track, who had all that experience in IT, to head up your financial organization? I wouldn't.
The flip side is why is it hard for technical people to speak in business terms?

Given the amount of time they work on the technology side versus the amount of time they spend in the business unit side, it is so easy to lapse back into all of the different acronyms and the lingo the technology people use. I'll be honest. I have to force myself to be conscious of the fact that when I am speaking to a nontechnical audience to not be too technical. I have to force myself, today, and I am a sitting CIO with a new book out giving guidance to others on how to follow in my footsteps. It's hard.
Does it have anything to do with the notion that the kind of people attracted to technology are very concrete in their thinking; they simply think in a different way from businesspeople?

Working in the technology area takes an analytical, top-down, logical, process-oriented person. That said, I think at some point in their career they have to force themselves to branch off and submerse themselves in an environment, like an MBA, which makes them recognize the other side of the fence and to think like a business person. The technology field attracts far more the introvert than the extrovert. I probably started out as a pretty strong-typed introvert and became a forced extrovert as a result of going up the ladder.
When did you turn outward?

When I realized that it was absolutely one of the most important skills needed for an IT executive to have excellent communication skills.
How long did it take you to hone your presentation skills?

Oh gosh. I'll give you the answer in the form of advice given to me from one of my mentors. I asked how long it would be before I was completely comfortable giving presentations to an audience I had never met before. The answer was, once you've done your first 100 or so, you'll get the hang of it.
Your book's title is Straight to the Top, and top for you is CIO. Do you ever think there is somewhere else to go once you're a CIO?

Absolutely. I think it is the next-generation track to chief operating officer, and potentially a CEO of a technology company. I can tell that my career aspirations include one or two of these tracks.
You devoted an entire chapter to golf. I found that a bit shocking.

It wasn't the whole chapter. Half of it was about the vendor management function. I talk about the importance of relying on vendors, having a vendor management strategy, in my case reducing the overall number of vendors, and distinguishing between commodity-based vendors and strategic vendors. I consider Dell a commodity-based vendor. I buy stuff from them and put it in. A strategic vendor will actually help me go from Point A to Point B. It might be a CRM vendor. It might be a consulting vendor. And I talk about that whole process of how do you manage and scorecard your vendor and different approaches for doing that. And I ask other CIOs how they do it. So you'll see stuff about outsourcing.

Then, halfway through Chapter 8 is when I start talking about integrating sports to build your relationships and to grow your network and build stronger relationships with your vendors.
But why go out with them at all, especially given the sensitivity about conflict of interest these days?

Well, let me ask you, define conflict of interest.
There are some companies that say don't even go out for a cup of coffee with your vendors, because you don't need to be friends with them or beholden.

That would be the federal government. And you know what? I understand why they do it. But I don't think that a cup of coffee is going to materially make a difference in the decision to purchase goods or services. I think the federal government has just decided to take that track. But I take the issue beyond the level of the CIO. How many CEOs do you know who go out and have dinner with some of their partners and vendors and colleagues? And how many CEOs and presidents do you see on the golf course? I can tell you I played golf in a tournament and John Thompson was there. He is not a CIO. He is the CEO for Symantec.

It doesn't have to be about who pays for what, as I clarified in my book. My guidance to people is, check what your policies are. If there is a no-pay policy, fine, pay for yourself. There are some clear benefits of getting out of the office and spending some time with people, getting to know them. And at the end of the day, because I have a better relationship both professionally and through sports, I have several vendors who I can pick up the phone and say, 'Listen Tom, I need this done, you need to help me out with this.' Now granted, they should be able to do that regardless, as a vendor. But it doesn't work that way. And if you look at the quotes from the vendors in the book, people tend to reciprocate, form partnerships and get more stuff done, cut through the [bull], when they have a better relationship. And I have found that a 30-minute meeting in my office doesn't get me a better relationship with a strategic vendor.
Another piece of advice you give is that a CIO has to think like a chief financial officer. Why?

If you don't start thinking like a CFO, you're going to be reporting to one.
What is so bad about reporting to the CFO?

Because historically, CIOs who report to CFOs are doing so because the CFO is not comfortable with their financial management skills, or the CIOs need to be reined in on their cost controls. The other research that I found is that CIOs who reported in to the CFO spent overall less percent of the company's revenue than those that didn't. A CFO's job is internal controls, audit, cost containment, financial management and reporting. I don't think that is the best creative place to put a potential innovator and catalyst, such as the CIO, who interfaces with just about everybody. There is no other executive that touches every other point of the organization.

Let us know what you think about the story; email: Linda Tucci, Senior News Writer

Gregory Smith, author of "Straight to the Top: Becoming a World-Class CIO" and CIO of the World Wildlife Fund, talks about his carefully plotted route to the executive ranks and offers some tips for aspiring CIOs.

Vice president of Eco-Responsibility is a rather new job title in the industry. What prepared you for this job?

My interest in this whole space got started early in my career building supercomputers in Cambridge [Douglas received his bachelor of science and master of science degrees in computer science and electrical engineering at MIT]. We built some of the first air-cooled supercomputers back then. Then at Sun, I was really involved in getting into low-end server business, which was a similar process -- how to take these big mainframe servers and put them in people's offices and have low-power and low-noise solutions. It's something I've been hitting over and over and it became a theme for me in my career. On the personal side, I've been looking at my kids and the world where I'm raising them and thinking about things we enjoy doing as family. I've been thinking about how we make sure our kids have a great place to live in future.
Is the VP of eco-responsibility an evangelist, a manager or an engineer?

All of them. Some people who will be reporting to me will be running specific projects. But there is certainly a lot of evangelism both inside and outside the company trying to raise awareness. At Sun, I'll help get a lot of the various businesses moving in same direction.
Eco-responsibility is a broad concept. Where do you think you will be focusing most of your attention this year?

There are two broad areas. Some of it being set by outside players, like the [Environmental Protection Agency (EPA)], and the regulatory stuff happening in Europe. They kind of have a time frame of their own. Another big priority is internally working on our short-term and long-term road map. And there are tons and tons of other things to do, like "Bike to JavaOne." [During its annual Java developers' conference JavaOne on May 16 in San Francisco, Sun will encourage local attendees to ride bicycles to the conference. A local biking coalition will offer free bicycle valet service.]
Environmentalists see virtue in an eco-friendly computing initiative, but why is it good business for Sun and for your customers?

I think it's a really similar situation to why people are buying hybrid cars today. There is money savings to be had by paying attention to energy consumption. And doing more eco-friendly things, there is a class of people to whom it's personally important to do that. Toyota is seeing customers demand eco-friendly products, and we're seeing the same thing with Sun, demanding our CoolThread processors. People are saying, "You've really hit something important for me going forward."
When and how did you realize that eco-friendly computing was going to be an important issue?

It is kind of something that has sunk in over the last four or five years, just thinking about the energy that's consumed in the data center. And then on the flip side, watching our customers use our technology to try to solve eco-friendly problems, such as designing better cars, tightening up the supply chain. It's a yin-yang situation, [IT is] part of problem but it's also part of solution.
Where is Sun strongest in its commitment to eco-responsibility?

There are a lot of programs under way. With just three days on the job, what jumps out at me is the product leadership right now with the new processors and servers and our work with AMD on x86 compatible servers.
Where is it weakest?

I think it's a Sun problem and also a bigger industry problem. There's amazingly little data available that decision makers who want to factor power into their decision-making process can really turn to. We are not doing a good job at this at Sun. Nor is anyone else. One priority is to keep pushing to work with the EPA to get visible metrics out there so we can be up front and honest about what people can do. Data and transparency drive a lot of things in this country and the world overall just getting the facts out on the table can do a lot of good.
What can you tell us about the formal metric for measuring the miles-per-gallon equivalent for servers? Why is this metric important?

It's a process that started up with leadership from Sun, the EPA and others. The goal is to give people an up-front, visible way to make tradeoffs and understand what the long-term costs are going to be for various technology choices. Today you go in and talk to people setting up data centers, there are a lot of back envelope things and an overdesigning of things for cooling just in case. This is just a way to say this company is doing better than that company (with energy consumption). [People might say] 'This technology might get me where I'm going at a lower cost for power and cooling and that stuff.' If you give people facts they can make better decisions.
What is Sun doing to make its technology run cooler and more efficiently?

A lot of it starts down at the chip and processor level, very low-level engineering. You focus on how you do computing with less power. There's no magic. It's just been the focus for awhile. Sun took a particular leadership position with the multi-threaded and multi-core space. It re-thought processor design from ground up. We're doing a similar thing with AMD, who we use in our x86 systems.
Will you be Sun's point man on the Green Grid consortium?

Yes, I will certainly be very active and we've got other folks in company involved already. I think that's going be a nice piece of technology, particularly around interacting with broader population.

Why come back to Sun? A couple of reasons. There are still a lot great people here who I knew from last time here. And I'm very upbeat on the long-term business. And third, what I really want do -- what I felt like I wanted do in the eco-responsibility space, Sun already has some momentum. It has the engineering capability to really go and tackle these kinds of problems. If you look at Dell, for example, they have got to go get processors from someone else. We design our own processors. It's a big enough company and it's got a lot of horsepower to go and do some fundamental things.
CIOs dealing with out-of-control energy costs in the data center have been talking about eco-friendly computing for some time. But this week, Sun Microsystems Inc. has taken that idea one step closer to reality with the newly created position of vice president of eco-responsibility, naming industry veteran David Douglas to the post. Douglas will head Sun's environmental initiatives across the company, including advancements in energy efficiency and cooling technology, product recycling, clean manufacturing and improvements in Sun's day-to-day operations.

Douglas, who is returning to Sun after 5 1/2 years, co-founded in 2001 ConnecTerra Inc., a Cambridge, Mass.-based startup radio frequency identification middleware company, where he served as vice president of products and strategy. In 2005 Douglas became BEA Systems Inc.'s chief architect for WebLogic after San Jose, Calif.-based BEA acquired ConnecTerra. In his first interview as VP of eco-responsibility, Douglas talks to SearchCIO.com about how serious Sun is about eco-friendly computing and when CIOs can expect energy solutions from Sun.

You tried a little junior college before deciding to skip higher education and go to work. Do you have any formal training in computer science?

I did take a course in COBOL, which was extremely useful, mainly because I saw that not everybody could do something that came pretty naturally to me. I discovered that everybody is good at something. You just have to figure out what it is.
You started out as a computer operator, at 18, at Computer Sciences Corp.

I got in trouble real bad. Because I could sit there and just operate the thing, I started logging on and trying to snoop around. But instead of being fired, I got promoted and I got a wonderful opportunity to work in another division, which was working on something they called DNS but was actually the very early stages of client server technology. I was developing database applications. I was exposed to a variety of customers.
Like who?

St. Jude's Children's Hospital came to us and said we'd like to use your computer and could you help us build an application that would help us keep track of all of our donors. I was behind the scenes developing this application according to spec. When it came time to turn it over, I was brought in and went to train people on it. Bless their hearts, there are these two little old ladies who were afraid of the computer.

I always hark back to that. Here I was behind the scenes having a blast designing this database, thinking about how to make it more efficient and all this other stuff, but I realized none of that made any sense to these ladies and they didn't care. In my career I have seen the habitual problem that IT has of not understanding the business value, and very early on in my career I had an opportunity to see that problem.
What was your worst job?

I was working at a major financial institution with a 700-person IT shop. You got lost. It was tough to accomplish anything. It was around that time I realized I really am a doer. I can get bored. I remember the day when I came in and cracked open a newspaper like everybody else did and ended up reading it cover to cover I said, 'I can't do this. This isn't me.'
How did you get into the entertainment business?

I had left CSC and was working at the financial institution and various other things and came back to Computer Sciences. Then one day I got approached by a headhunter about a job at MGM United Artists. I started off as a manager over the financial systems and became a director of applications and development. When I took that, it rejuvenated me about what I was doing.
Is there any entertainment experience in your background?

In junior college, I worked in theater arts behind the scenes. I did publicity, lights, sound, stage managing. I am a musician. I have a studio in my own house. I have a Christian rock band. We play in boy's prisons. We even played a Christian biker festival.
Getting back to your career, what's the best career advice you've gotten?

Don't argue with a fool because somebody walking into the middle of the conversation won't be able to tell you apart. IT is a strange business. People, for example, don't call you up and thank you when however many thousands of users are on your network are able to log in today successfully. They only call you when they can't.
So the enabler rarely gets to bask in the success.

We become the go-to source, and that has a good and a bad side to it. They're always running to us and complaining, but I started to realize that they're running to us because we are the geeks, or whatever you want to call us, within the organization that people are looking to and trust will be able to solve their problems. Inherent in that is the thank you.
Tell me about a good CIO decision you've made recently.

When our data warehouse went live, the first people that were going to receive the reports were our store personnel, not the executives. The week that store system went live, our store managers ran with that ball. We have graphs that show all the key performance indicators in each store. And the store managers are excited. If that system has a minor hiccup we hear about it immediately. They're out there tracking the horse race [sales] every day.
Can one store see what the other stores do?

I've worked in other environments where they are so protective of data. But in our case, we let any store see what the other store's performance is, down to department, down to a SKU, down to a 15-minute increment.
How do you do data management?

We use the Microsoft SQL Server for our data warehouse. I brought together a user team to go out and evaluate business intelligence technologies and ultimately pick. We came down to a bake-off between Hyperion Essbase [TK] and Microsoft's SQL Server. Behind the scenes I had been doing my homework and realized the way SQL Server was priced and the tools that came with it blew others away. One day the team asked me what I was voting for and I refused to answer them. They laughed, and said, 'We knew you would do that.' They made the choice.
So music is an avocation. What's your favorite guilty pleasure?

Golf.
Your handicap?

My entire game. But I play anyway.
What technology do you wish you lived without?

I wish I did live without mobile e-mail.
Are you worried about BlackBerry service being shut down?

I chose not to go with BlackBerry as a standard for our organization. We're using the various Windows Mobile-based or Palm devices. We ourselves at Virgin certainly have been approached about patent infringement, which we've tended to walk away from it pretty unscathed. But I understand the right of the guy who truly created the technology to come back and ask for his just due. It would seem foolish to me that would cause the service to come to a halt.
Robert Fort was in kindergarten when his mother, an applications developer, started taking him to work to help sort punch cards. At 8, he dressed up as a computer for Halloween. After graduating high school a year early, he skipped college and took a job at Computer Sciences Corp. Self-taught and self-assured, the 46-year-old Californian got his big break when he went to work at Metro-Goldwyn-Mayer Inc. Now, as director of IT at Los-Angeles based Virgin Entertainment Group Inc., the North American subsidiary for the U.K. conglomerate, Fort keeps IT rocking at the $200 million company, recently bringing the sales data for every store online to managers throughout the 17-store Megastore chain. We spoke by phone about his vocation and avocations.

hardware configuration and security. Review your existing virtualization licenses to ensure they comply with license terms of their specific vendors...

IAM) a job for seven full-time security professionals?

"In the senior living industry, at certain levels, there is quite a bit of turnover. In some jobs we have more...