All posts by Eric Januszko

CIO Roundtable Recap

I was honored to be a panelist for this week’s CIO Roundtable, organized by the San Diego chapters of itSMF and HDI.

The other distinguished panelists were:

  • Norm Fjeldheim: CIO of Qualcomm
  • Brian Andrews: VP of IT, Stone Brewing
  • Scott Henderson: Deputy CIO at SPAWAR

CIO_Roundtable

Thanks to Kathleen Glass  for the photo.

Ian Clayton of G2G3 did a fantastic job moderating the event keeping it focussed and engaging the audience, who posed excellent questions for the panel.

What great insights and discussion from the panelists.  I certainly picked up some new tips and ideas.  Some of the key points mentioned…

Norm, who was the rockstar of the event, explained how he has changed the focus of his group from meeting SLAs to achieving high Customer Satisfaction marks in order to align IT with the business.  He also said he was a “big fan” of shadow IT and tries to find ways to embrace and incorporate the point solutions developed by the business.

Brian, who has the job everyone wants, discussed how he is updating and transforming Stone’s IT infrastructure with cloud and IOT technologies for collecting data and tracking  their product through the entire distribution chain.

Scott, who has the herculean task of consolidating SPAWAR’s data centers and IT services,  addressed the challenges of implementing Consumerization of IT (CoIT) and BYOD capabilities within the requirements and regulations of a DOD security environment.

I spoke to the need for IT  professionals to develop more business acumen in order to engage with the business on their terms — the technology solution will follow once the business needs are identified.  I also suggested that IT stop being the “Department of No” by changing the response to requests from the business from “no, that won’t work because…” to something more like “OK, here’s what it would take to solve the issue.”  Again, engaging with the business on their terms.

Here’s the twitter feed from the event if you want to check out some comments from the attendees… twitter.com/CIORoundTbl

Thanks to all who attended.

CIO Roundtable

I’m very excited to be participating in the itSMF CIO Roundtable this Wednesday, April 23rd.  We’ll be discussing issues CIOs need to address in order to stay current, relevant, and  competitive.

The topics we’ll be discussing at the event include:

  • The Digital Consumer: Consumerization of IT, BYOD, BYOCloud, service experience
  • Security – specifically cyber threats
  • Infrastructure Strategy: The Internet of Things, ‘Big Data’, Cloud, automation (self service kiosk)
  • Workforce Culture and Skills: The workforce internal culture, missing and emerging required skills, transform IT, DevOps
  • Time Travel: Emerging trends (service broker, IT as a Service), continuous engagement strategies, gamification?

The event is being held at the Qualcomm Campus:

Qualcomm Auditorium / Theater 
10185 McKellar Court
San Diego, California  92121

Here are the event details:

AGENDA

11:30 AM – 12:00 PM  Lunch, Networking & CIO Introductions
12:00 PM – 1:00 PM  Rountable Discussion
1:00 PM – 1:30 PM  Concluding Remarks & Networking

ABSTRACT 

Join us for a very special San Diego IT community event co-marketed with HDI and ISACA!

Interested in learning how leading IT organizations are positioning to meet today’s challenges and tomorrow’s opportunities? Come hear directly from a panel of distinguished industry CIOs and get the “insider” scoop!

How are IT organizations staying current with the technological advances, security threats, and computing culture changes for their organizations in the post-recession environment? Are they catching up, have they been able to stay current, or are they on the bleeding edge? Come hear CIOs from various industries tell us what they’re focusing on delivering to contribute to their company’s success!

This event will be moderated by industry luminary Ian Clayton, SVP Operations at G2G3.


CIO PANEL

The following Panel participants are confirmed:

– Norm Fjeldheim: CIO of Qualcomm (Industry – Mobile Technology)

– Brian Andrews: VP of IT Stone Brewing (Industry – Manufacturing)

– Colin Black: CIO of Kratos Defense (Industry – Defense)

– Eric Januszko: Principal at JSI consulting,  former CTO of Profitline,  CIO of Brahma Holdings,  and CIO of Advanced Marketing Services (Industry – Retail)

– Scott Henderson: Deputy CIO at SPAWAR (Industry – Defense)

You can register for the event by clicking here.

Hope to see you there!

Heartbleed and Passwords

Now that the freak-out from Heartbleed has somewhat subsided and the key sites have [hopefully] been patched, the issue I’ve been thinking about more is how this changes my approach to passwords.

In short, I can never use the same password for more than one site.  My hard-core security colleagues will beat me about the head and shoulders for doing this in the first place but hey, once I established a strong password it was easy to use it, or variations of it, at multiple sites.  Can’t be lazy and do that anymore.

I’ve also been thinking about how this extends to the enterprise.

While most enterprises have long standing and good password policies… such as a minimum of 8 characters and a mix of upper and lower case letters with at least one number, which change every 90 days or so… what happens when an employee decides to use their compliant and strong enterprise password at a consumer or other site that was impacted by Heartbleed?

Assuming the other site has been compromised, now there’s a chance the enterprise can be accessed with the hacked user’s legitimate credentials.  Yes, I know this may be a stretch but it’s still a possibility.

More importantly, this presents an opportunity for IT leaders to inform and educate users on managing their passwords more effectively as well as update the enterprise password policy, if needed.

As such, I’ve been recommending to my clients that they implement an immediate password change and user education project.  Just in case.

  • First, communicate, communicate, communicate. Explain the situation to the users and why the password change is needed.
  • Determine if the enterprise password policy needs to be updated. i.e. require the passwords to be more complex, or have them change more often.
  • Implement the password change in phases or by group over a few days, unless you feel your IT organization can handle the support load and then have everyone change it at the same time.
  • Provide further information and resources on good password policies for employees and recommend they use strong and unique passwords for sites used outside of work.
  • Communicate, communicate, communicate.

Never miss a chance to leverage a crisis…