What are the best strategies for new technology leaders to propose & implement change at their organizations?
Global CIO & CISO in Manufacturing, 201 - 500 employees
Even though my role is IT and security, security is obviously the biggest hotbed right now for a lot of companies. Last year when the “new concept” was everybody on shift-left and InfoSec first, I said, “Where the hell have you been for the last 5-10 years?” I put the onus on the developers all the way through. As for the security component, I said, "I’ll give you an example of a top security company that was infiltrated from the backend, the code was checked in, it was compiled and it was delivered to the clients. And, the orchestration took a long time and it was a nation state effort, but guess what? That was SolarWinds." If you're going to tell me that endpoint protection, VPN, etc., are not critical path items then I'll be giving my notice. You have to take into account every endpoint, every piece. A lot of that, in the security realm, is not assuming anything. It's culture.
VP, Customer and Technical Operations in Software, 501 - 1,000 employees
My previous role was at a 13-year-old startup as far as I was concerned, so it was a mad rush to get all the basic security stuff in place. I really took my time to really understand and make connections before I started making any changes because things had been the way they were for a while. It was also helpful for me to educate people who didn't understand how things evolved. They’d start out saying, “We've always done it this way.” But then I’d get people to admit, “Well, actually this wasn't my process. I inherited it and it's just what I do and maybe it's time to rethink it.”VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees
One of the CISOs I used to work with many years ago had a concept that security is the enabler of a frictionless ecosystem. So if you manage it correctly, you can pivot the conversation around the fight for change because you become the lead-in and can actually help support driving revenue if it's designed correctly. We're sort of at that point right now, because the more breaches that occur, especially in my line of business, I actually have to go in prior to the sales rep to explain how we'll secure this stuff. It's an interesting dynamic.Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees
Obtain buy-in by demonstrating end user experience enhancement. oftentimes we think from technology perspective but how will it affect users downrange that is the real question. If you involve them early enough and have their input into your proposed changes they will be much better accepted and executed vs. top down decision making or decision making where end recipients of said services have 0 involvement in their selection.Content you might like
Too many active projects at once44%
Poor communication50%
Too many customizations47%
Misalignment with business priorities36%
Skills gaps29%
Lack of resources22%
Other (please list in the comments)1%
320 PARTICIPANTS
Production45%
Backup65%
Replication33%
Non-production DBs (Dev, Training, QA, etc.)30%
216 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
That's why I haven't engaged with any vendors yet. In my last role there were a lot of things I implemented from an authentication standpoint—security alerts, monitoring, endpoint—all of the wonderful things you get at major corporations where you had InfoSec and you fought for the budget. I'm now at a startup. I have an arsenal of vendors that I can plug and play, but I want to hear everything first. I tell folks, “I'm a CTO, but not what you think: I'm a Chaos To Order guy. Bring it to me, I'll clean it up.” I thrive in the chaos.