CIO Spotlight: James Rutt, Dana Foundation

As CIO at the Dana Foundation, Mr. Rutt’s responsibilities include providing strategic planning for information and technology management and overseeing all back-office technology operations necessary to support the Foundation. He frequently speaks on the topics of corporate cybersecurity strategy and risk management, and also advises early stage technology companies on their sales strategy to the financial and healthcare sector. He is a board director of Technology Affinity Group (TAG), a founding advisory board member of BWG Strategy LLC, a Work-Bench Venture Capital Mentor/Advisor and is a member of Society for Information Management, Cloud Security Alliance, and CIO4Good, among other leadership organizations. Here he shares his advice for future tech leaders, pioneering cloud adoption and the importance of finding good security team members.

What was your first job? I started out as an inside sales rep at a small import company called Emerem Trading in Edgewater, N.J. I made the move into IT after 6 years there, taking the Microsoft Certified Systems Engineer (MCSE) course nights and weekends until I passed all the exams. My first job in IT was as a help desk analyst at a reseller called Alphanet Solutions in Cedar Knolls, N.J.

Did you always want to work in IT? No, I originally wanted to be an actuary. What really precipitated my move into IT was the release of Windows 95 along with the mainstream use of the internet. I came to the realization that technology would become embraced, rather than relegated to the basement, with newer tools such as these.

Tell us about your career path. After 6 years in marketing and sales, I took courses to attain the MCSE certification from Microsoft in 1997. Starting as a help desk analyst that same year, I took a succession of positions from system engineer to assistant director to director to assistant vice president and finally to my current role as CIO at Dana Foundation.

What business or technology initiatives will be most significant in driving IT investments in your organization in the coming year? Cybersecurity, particularly when trying to enforce governance and risk management in software development lifecycles, in order to protect our investments in every part of the software value chain. Our shift from waterfall-based development to a more agile, DevOps-based value chain was greatly enabled by the adoption of security tools such as CYBRIC. Other initiatives we are focusing on include practical uses of AI [artificial intelligence], along with various data initiatives.

What are the CEO’s top priorities for you in the coming year? How do you plan to support the business with IT? Maintaining our risk profile in order to protect Dana Foundation and its brand is our top priority. Our secondary priorities revolve around exploring other opportunities to leverage technology to maximize efficiencies. Examples of technologies I’m looking at include conversational AI, cognitive agents, blockchain-based technologies and possible edge computing. All of these technologies have the impact in improving all aspects of our organization from programs to communications to outreach and grantmaking.

Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include? I feel the conventional CIO role is fairly well sized and oriented and I think this is attributed to good communication by the CIO community as to the value proposition the role offers. The recent trends seem to push the CIO as more of a business partner on par with line-level executives in order to justify the title and level of responsibility, which is fine, but additional disciplines, like risk, governance, process automation, and compliance which have been emphasized recently are best served by the CIO.

Are you leading a digital transformation? If so, does it emphasize customer experience and revenue growth or operational efficiency? If both, how do you balance the two? Our digital transformation has emphasized operational efficiency from the beginning, as the downstream effect will accrue positively to all aspects of our vision and mission. Our operational transformation in our software development practice, from waterfall to DevOPS, and using the CYBRIC solution, now to DevSecOps, was the key catalyst in this transformation.

Describe the maturity of your digital business. For example, do you have KPIs to quantify the value of IT? Most of our digital business today revolves around the use of our website as well as leveraging social media, and the use of the cloud internally. We are in the process of determining specific KPIs by utilizing user stories with our leadership to ensure we are tracking the most relevant performance metrics.

What does good culture fit look like in your organization? How do you cultivate it? Culture flows from the top down and is really dictated by the head of the Dana Foundation organization. Our culture has been formed largely by our ability to find folks with a specific affinity for the work that we do, namely the support of research in neuroscience.

What roles or skills are you finding (or anticipate to be) the most difficult to fill? It will always be difficult to find GOOD security folks. And I emphasize good. What makes finding good security folks difficult is that not only do they need to have the proper technical nuts-and-bolts skills, in order to be truly effective, they need to show ownership of the organizational environment. The greater the stake they have in protecting their environment, the more innovative and effective they will be in tackling difficult incidents that may have a tremendous impact.

What’s the best career advice you ever received? Focus on what’s best for the organization first, as a result your personal goals for your career will get added momentum.

Do you have a succession plan? If so, discuss the importance of and challenges with training up high-performing staff. We are in the throes of succession planning as we speak. Right now, our focus is on training staff in the principles of leadership as well as giving them opportunities to hone their interpersonal skills in anticipation of their own individual career development. The biggest challenge here is that you are asking your staff to step out of their comfort zone (i.e., technical acumen) and have them face up to some of the gaps they may have in critical soft skill development.

What advice would you give to aspiring IT leaders? Focus on people and leadership skills and less on being a walking tech dictionary. In order to gain credibility as a leader, as well as achieve true alignment with your business partners, you need to cultivate the same people and leadership skills that your peers usually possess, as well as speak the same language.

What has been your greatest career achievement? Full cloud transformation at Dana Foundation, which we completed 5 years ago, long before it came in vogue in the enterprise.

Looking back with 20:20 hindsight, what would you have done differently? The way everything worked out, probably nothing!

This interview is part of CIO’s regular Spotlight series, which focuses on the career paths of IT leaders. If you know someone (or are someone) with a story worth telling, please contact kate_hoy@idg.com.