by Terena Bell

How many tech execs does your board really need?

Apr 26, 2018
CareersCIOIT Leadership

The rising importance of security, data and digital has many organizations broadening their C-suites. C-suite execs comment on the number of chief-level tech officers a board needs.

board ceo executives table
Credit: Thinkstock

How many techies need to be part of your company’s leadership team? From CIO to CSO to CTO, there’s no shortage of tech titles to choose from. But does your company really need all these roles? CJ Das with Simple Tire says no: Tech needs representation in the C-suite, yes, but not a lot of people. His title is chief information officer (CIO) and that’s the only upper management position he says his company needs.

His current company, that is. The business where Das worked before — ArroHealth — had a vice president of security, a vice president of application development, a vice president of technology; his current employer has different needs. ArroHealth is a risk adjustment firm. SimpleTire supplies tires to stores like Walmart and Central Tractor: different business models, different technical requirements, and very different data.

“The normal perception is that the CIO is not the security guy, we need a CSO,” Das says, but “it’s not a person who needs a seat at the table. The topic needs a seat at the table. … [As CIO] I’m really the most aware person from the CEO’s perspective.”

Organizational structure is all about communication

Michael Garcia, vice president of command center at Capital One, disagrees. So does Rich Licato, chief information security officer (CISO) for Airlines Recording Corp. (ARC), a platform airlines use to distribute tickets. They say security needs its own C-level rep. Licato also favors having a chief risk officer (CRO). But the two do agree with Das on one thing: Whether you have a single technical leader or twenty, businesses should choose the structure that helps the company communicate.

“Your organizational technology and processes are gonna follow the communication structure of your company,” says Garcia, who was formerly vice president of development services at mortgage lender Fannie Mae. He recommends starting with learning how well your current model does — or does not — work: “You have to look at how are your feedback loops, how good is your communication going?” Limited representation can silo communication, he claims: “A lot of times when people are complaining about not getting what they want, they don’t have, one, the visibility into the workflow or, two, the feedback loops.”

Communication between development, security, and other teams means that at some point, all these business functions have to connect. “There’s a way to solve that through your systems and system thinking as opposed to organization structure,” Garcia adds — like “developing … squads where they work together in an interdisciplinary way.”

But at conventional companies, this requires mindset change. Corporate culture is often set up so everyone works under someone else, with vital information passing from employee to manager to supervisor to CEO. Even Garcia reports to a CIO. When the number of C-reps on the board is limited, information gets lost in transition.

When ARC shifted risk oversight to security and eliminated the company’s chief risk officer position, Licato says work became confusing. “It was much better when we had a chief risk officer,” he explains. Mitigating risk isn’t less important than before, but when there was a CRO, he says risk “had the focus of the company.”

Licato says when security is a sub-department, “everybody sees it as ‘just an IT problem,’ and that’s the struggle that most organizations have.” Stereotypically, security personnel often feel overlooked — like they constantly have to fight to be taken seriously. But Das says limiting technical leadership to the CIO position gives security — and other tech functions — a voice. IT and security “are one and the same,” he explains, and when departments are supervised by a single manager, this person can give the C-suite wide-picture updates.

Plus, if security gets its own C-level position, where do the titles stop? Take data, for example, Das says: “There are data officers and I oppose that. Data is part of IT, so [as CIO] I’m the ‘chief data officer’ of the firm,” he explains. “Data is my business; IT is my business. Security as well is my business. Quality is my business.”

Single point of contact, single point of failure

But if everything tech falls under the CIO, Garcia counters, what happens if she quits? “We make the mistake of paying somebody a lot of money to come in and make all the decisions and then all of a sudden they leave and then there’s a gap,” he says. Of course, if you’re agile, Garcia adds, you don’t necessarily need a loaded C-Suite to prevent this problem: “[Try] system level thinking, not structure. Focus on how you can partner with [multiple team] communication channels.”

A single point of contact may stifle that feedback, though. Personality conflicts could keep staff from speaking up or from contradicting a CIO. Licato says, “Individuals are different. The way they communicate is different.” Managerial style may keep employees from passing info up the chain that C-suite needs to hear. As an example, he talks about a South Korean plane that crashed into a mountain because “the co-pilot didn’t feel like he could contradict the captain.”

“There has to be a risk acceptance process that takes into account the way in which people make decisions,” Garcia says. Maybe there’s a personality conflict between a developer and the CIO, but if that employee feels comfortable connecting with the chief development officer instead, information still gets through.

To counter, Das says if your CIO isn’t approachable, you’ve “hired the wrong people.” In his experience, “CEOs always prefer and want one point of contact” anyway.

No matter how much technical leadership is on your board, Garcia reminds us to make sure organizational structure is the solution before making changes: “Look at the systems you have in place. Look at the decision making.” As Das says, the end goal isn’t more people — it’s for management to have a complete look at the company’s complete tech picture. SimpleTire may not have separate execs for every function, but that doesn’t mean the company’s structure doesn’t allow for well-managed development, networking and data teams. Yes, Das is the only voice reporting to the CEO, but within his department, he’s established sub-teams led by what he calls “signatories” — individuals who form a mini-board reporting to Das.

“Any structure can work,” Licato says. “It goes back to communication.”