by Christopher C. Barron

The CIO identity crisis

Oct 09, 2017
CIOIT LeadershipStaff Management

The lack of a concrete definition for the CIO is making it hard for companies to find the right talent to manage critical cyber assets and investments.

board ceo executives table
Credit: Thinkstock

When it comes to hiring C-level positions, almost no company has a problem defining the skills and characteristics needed for the CEO, CFO, or COO.  Why, then is it so difficult to select the right talent to fill the top IT role?  In just this year, as this article illustrates it has been harder than ever to find and hire top notch CIO talent.

The problem is at least partially related to the amount of change that each work type has undergone over the past 30 years.  Running the overall company works much the same today as it did in the nineteen eighties.  The world of international finance has come a long way, but the ins and outs of accounting have not varied greatly since the beginning of the information era.  Business operations have made great strides in many areas including supply chain heuristics and efficiency, but an operations executive from the turn of the century would not be out of place today.  In the world of technology, however, the requirements for leadership have changed significantly about every five years.

Dilemmas in IT are not repetitive

Just eighteen years ago the dominant concern in technology was “Y2K”.  Businesses worldwide were terrified that the switch to calendar years starting with 2XXX would cause core business systems to crash or otherwise become non-functional.  A common job description for a CIO position would have read something like this summary:

CIO Wanted.  Must have deep experience in business continuity and/or disaster recovery.  Exposure to client server systems, data center design/maintenance, and MRP systems a plus.  Experience with Windows NT4.0 desktops beneficial as well as demonstrated success managing Visual Basic and C++ development teams.  Additional consideration given to any individual with a background in IP networks and technology

Fast forward to the technology landscape today and everything has changed.  Almost every type of software and hardware elements are different, team structures have evolved or become obsolete, and priorities are focused in new directions.  In some cases, the duties of the CIO position have become so complex that new roles such as CTO, CISO, and CDO (chief digital officer) have emerged.  If a “standard” job description could be written today it might read:

CIO wanted. Must be well versed in DevOps, Agile & Scrum methodologies, and the use of Docker in a distributed development environment. Solid understanding of cloud technologies and virtualization (server/endpoint) is required. Looking for a transformational change agent who can advise executive/board management while also leading from the front. In-depth knowledge and experience of next-gen security systems and methodologies is required.

Unlike any other executive position, the requirements for the CIO are almost unrecognizable when compared to 1999. 

In hiring for the CIO role companies face a tremendous challenge to even understand what qualifications need focus.  Criteria used just five years ago for the recruitment and selection of a CIO cannot be recycled.  As the tenure for the CFO continues to increase, in just this year (2017) CIO longevity has shrunk by a full year.

Given the continual changes in skill set requirements what can companies do to “get it right”?

Focus on the material and not the pattern

The most common mistake made in CIO searches is a too-rigid focus on specific skill sets and tool knowledge.  Each company has a unique technology footprint and the top IT leader must certainly understand how to run the operation.  However, the ephemeral nature of information technologies means that the current architecture will soon be replaced.  While domain skills are certainly important for CIO candidates to possess, focusing too much on them will narrow the perspective of hiring managers. 

The top IT leader must have expertise in both technical and functional areas but first and foremost the individual, if truly CIO-caliber, must be a strategic thinker.  Technology changes so quickly that a CIO has to be able to accurately see the future.  This vision is the critical component for successfully maneuvering the organization to embrace what is not yet visible but will surely come.

It is not widely known but the level of strategic capability within an individual can be measured. Building upon the pioneering work of Elliot Jacques (the scientist who coined the phrase “midlife crisis”), firms such as U.S.-based Peoplefit have developed a way to assess the strategic capability of an individual.  By assigning a numerical level to a person and then matching that against the value of a role, a company can actually see whether a candidate has the strategic ability to execute the duties required of the CIO.  In general a person is assessed to have a strategic capability, or “level of work” somewhere on a spectrum from 1-7.  What do these numbers mean?  A whole lot when overlaid on a definition of common supervisory roles that exist in modern businesses.

Example Role

Strategic Capability

Level 1 – Work defined by procedure, Admin, Beginning Programmer

1 day to 3 months

Level 2 – First level manager, Programmer Analyst

3 months to 1 year

Level 3 – Department Head, Sr. Programmer

1 year to 2 years

Level 4 – Director, GM, VP

2 years to 5 years

Level 5 – Head of a Single Business Unit or corporate staff, SrVP, C-Level

5 years to 10 years

Level 6 – Head of a Number of Business Units, Group VP, Executive VP

10 years to 20 years

Level 7 – Lead Corporation consisting of a number of groups of businesses

20 years to 50 years

All too often candidates are selected based on interview skills, technical prowess, or the pedigree they have gained from working at a well-respected west coast tech firm.  Those qualifications by themselves are not negative.  But when a candidate with capabilities at level two or three is chosen to be a CIO, nothing will make up for the lack of strategic thinking or visionary qualities that only begins to emerge at the fourth level.

Determining a person’s level of work is not something that can be pinpointed by someone unfamiliar and untrained with the assessment techniques.  No matter how skilled the interviewers, they will not be able to holistically compile the profile on a candidate unless external help is included.  Since most companies are unaware of the concept for levels of work and why it is so important, it is not surprising that this data is mostly unused in CIO selections.

Hire CIOs as if your business depends on them          

There has been a lot of discussion this year about the pitfalls that can occur when CIO leadership does not measure up.  When Equifax learned that they had lost the data on over 145 million customers this year during an information security breach, they quickly “retired” the CIO and CISO.  Richard Smith, the CEO and board chair, attempted to stay on but was ousted a few weeks later.  Ultimately the cause of the breach will be listed as an Apache Struts vulnerability but it was really a failure in vision.  A level 4-plus leader, whether technical or not, would have seen the positioning of Equifax and how its massive treasure trove of valuable data presented an irresistible target for financial hackers around the globe.  During the first quarter of 2017, Equifax was already using A.I. and machine learning in its credit scoring systems.  Would a future thinking CIO have already made the correlation for the value of machine learning in cybersecurity? With trillions of records to manage and protect the likely answer is “Yes.”

Searching for a CIO should be an exercise in strategic leadership assessment, not technical prowess.  With the stakes getting higher and higher, companies should assess, train, and reward the CIO role in the same way as other C-Level positions.  The future of business may just depend on it.