April 15

Creating a Connected and Engaged Organization

Presented by: Dan Pontefract, Chief Envisioner, Telus

An organization’s operating culture is constructed through conversation and circumstance, supported by relationships and trusted networks. It can be augmented with collaboration technologies that encourage people to surface experiences and ideas across locations, internal systems, and topics. Information and insights scale through integrated platforms, systemic leadership traits and iterative approaches. It's time for both leaders and employees to become collaborative, both in terms of the technology and the behaviour. It’s time for new and open leadership that uses technology not because it’s cool, but because it fosters a cultural competitive advantage.

Key Take-Aways:

Do you know the cost of disengagement and its impact to your bottom line? Satisfied employees translates into satisfied customers.  Culture can self-propel or self destruct.  Culture is your competitive edge!  CIOs can aid and abet engagement.   Telus has leveraged collaboration technologies to raise employee engagement score from 53% to 83%.

Help Me Obi Wan – You’re My only Hope: Four Cyber Security Innovations to Give You Courage

Presented by: Rick Howard, CSO, Palo Alto Networks

With all of the negative press about how weak the collective good-guy cyber defenses are, there is reason to hope. Today I discuss four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some of our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical signature defenses into the more modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat indicator information between peers. Finally, they are adopting next generation firewall technology to replace the very old last generation technology.

Key Take-Aways:

Rick Howard began with a review of security measures commonly used to counteract  ever- evolving threats to data.  Perimeter firewalls and signature scan methodologies are too restrictive to meet today’s demands of BYOD and social media.  New strategy has four pillars: 1) intelligence response team 2) Kill-chain methodology 3) Information Sharing and 4) Next generation capability in firewalls. These are designed to address vulnerable points that could invite attack.   Howard suggested a comprehensive plan of multi-layer security planning attack analysis. First comes the understanding that an attack has to go through several stages before it can be successful in achieving its goals. 
These stages typically involve:
information gathering
preparation of the appropriate weapon
delivering the weapon to a soft point, 
exploiting command and control functions, and finally 
taking action against the operator. 
A kill chain approach would detect the pattern of attacks in any of these points and track them. In the next stage the attack group signature is shared with other vendors of security software. Defense improves when all security vendors collaborate. 

Facing the CIO's Dilemma: Relevance

Presented by: Scott Greenlay, National Director Technology Consulting, MNP

Today, more than ever before, technology IS everywhere. In the past, the CIO was charged with looking after a fairly well-defined "stable" of technology. Today, primarily as a result of massive consumerization, all that has changed. Today's typical high school and university graduate comes to the workplace with more computing power and tools at their fingertips than the mainframe of 20 years ago. The Cloud has opened-up free – or near free – available on-demand applications at a rate never before seen. As a result, today’s CIO is faced with a dilemma: How does the IT department stay relevant?

This light-hearted session will strive to discuss and share ideas on how to address the challenge to increase IT's value to the organizations we serve. Through insights and stories, some humorous, Scott will share observations and ideas gained through working with some Canada's largest firms as a consultant as well as his own personal journey as a CIO. This session will touch on themes ranging from disruption, customer service, innovation, technology governance and the unique challenges of technology human resources. The goal for the session will be to help stimulate your own thoughts about how to increase the value of your own team to your organization. 

Key Take-Aways:

Core competencies identification is very important in every company. It becomes even more important when a company is taking the decision as to which services to outsource to the cloud. A few analytical matrices were discussed for strategic analysis. In the PPT (people, process, technology) model, people and processes are becoming more important than technology. SFIA framework reference was made that categorizes ninety six different IT professions into six broad categories. This framework helps in identifying which skill sets are required for each profession for talent services. The ADKAR change management model was also discussed. 

"Click on anything!” – Micro-virtualization Enables Endpoints to Protect Themselves by Design

Presented by: Simon Crosby, CTO & Co-Founder, Bromium Inc.

Mobility, the consumerization of devices and networks, adoption of cloud based services, and ready access to the web lead inexorably toward a stark reality: IT is out of control. As a result, sophisticated attackers penetrate enterprise infrastructure with alarming ease. Security budgets are growing, but protection seems elusive, and locking down users makes them less productive and frustrated, leading to “shadow IT”.

Something is profoundly wrong. Even enterprises that use the most sophisticated security products cannot prevent compromises. Security vendors offer a seemingly endless succession of fancily named technologies that aspire to greater protection, but they gloss over a fatal flaw, namely the undeniable fact that the “detect to protect” paradigm has passed its sell-by date.

Luckily there is a silver lining to this cloud: Thanks to the relentless progress of Moore’s Law, every PC/Mac and mobile device already has CPU features that can enable it to protect itself by design, on untrusted networks and in the hands of unreliable users.

Micro-virtualization – an evolution of CPU-based hardware virtualization - is a new approach that uses hardware to enforce protection, without relying on detection. Each browser tab, document, attachment or file from detachable storage is automatically hardware isolated on the CPU, with no change to the user workflow. The PC automatically defeats each attack, staying gold. It automatically self-remediates by discarding the contents of each hardware-isolated task, and can safely run unpatched 3rd party applications – such as legacy Java.

In addition, the hardware-backed protection of micro-virtualization permits the device to automatically track the execution of malware, eliminating false alarms and delivering false-alarm free, real-time forensic insights – the needle instead of the haystack.

This talk will present a brief tour through the use of virtualization technologies to simplify management and delivery of secure end-user computing. It will cover in depth the concept of micro-virtualization, highlighting key differences from traditional VM based approaches. It will use live demos of attacks to show how introspection transforms forensics and eliminates remediation.

Key Take-Aways:

Over 70% of cypher attacks are unique to your organization.  Ultimately, the end point has to defend itself.  Micro-virtualization hardware isolates every application task using cpu features for virtualization.  It provides much better protection than conventional anti-virus software, HIPS, EMET, Rootlet detection and SMEP.  

What do Directors Expect from CIOs? What Should CIOs expect from Directors: Building better boards and better IT governance

Presented by: Dr. Michael Parent, Simon Fraser University 

For many companies, information technologies (IT) remain their single-largest capital investment – often exceeding investments in property, plant and equipment – combined!  As a result, IT tends to span the organization, cross functions, and fundamentally affect the way the enterprise operates. But you already know this…

One of the main challenges facing today’s CIO is Board and Director engagement. How can you ensure your projects and priorities receive enough attention from the Board, and in turn, how can the Board have comfort with its oversight of IT-related issues. After all, most IT investment decisions that go to the Board for approval have an enterprise-wide impact, and concomitant risk. How do you ensure your Directors appreciate this risk-benefit trade-off?

After all, no one likes surprises…especially bad ones.

This interactive session will focus on the role of the Board with respect to IT-led business transformation decisions; the role and responsibilities of Directors as they pertain to making such decisions; to protecting them once they have been implemented; and to how CIOs can successfully create and manage constructive relationships with their Boards.

Specifically, we will seek to answer three key questions:

  1. How can tomorrow’s CIO build and sustain a successful, constructive relationship with the Board and Lead Director(s)?
  2. What do Directors, in turn, expect from CIOs.
  3. What should you, the CIOs expect from your Boards?

Constructive understanding of how information technologies should be overseen; the questions Directors and CIOs should ask of each other; the answers they should expect to receive; and how the CIO can educate the Board on an ongoing basis with respect to IT-led enterprise risks and opportunities.

Key Take-Aways:

Michael Parent, Professor, Management and Director, Governance and Security at SFU, urged CIOs to be explicit, incisive and consistent in communicating all elements of “LTSCDA” to their boards on each and every IT initiative. LTSCDA is Long-Term Sustainable Competitively Differentiated Advantage. Tying IT investments to business value and risk is critical. 

Leading Transformational Change & High Performing Teams

Presented by: Adam McCormac, Executive Programs, Gartner; Jeff Wyton, Executive Partner, Gartner

Many organizations are looking at ways in which it can transform itself in the new digital economy. Furthermore, the leaders within the enterprise need to be  visionary, Leader and head coach of a well tuned, High Performing Team in an area of great fluidity. This workshop will focus on the role of the CIO and the key components required to deliver results at scale and at speed.

Key Take-Aways:

CIOs need to identify and develop strategies to meet the challenges of leading transformational change. (some bits deleted here). Resistance to change can come from many (factors) sources, and the resistance may be rational, personal, or emotional. Adam and Jeff introduce tactics such as identifying your personal brand and completing the Johari Window exercise with teams to build trust. Other important factors include being seen, producing results, being consistent, and having clear communication.

Digital Business Transformation, What it Means for the CIO

Presented by: Brian Baker, Advisor, CIO, Forrester

This session will synthesize crucial digital business and technology trends and highlight the most likely social, government, and market outcomes. Including what the CIO's role is in digital disruption.

Key Take-Aways:

Brian Baker of Forrester explained that no industry is immune from digital disruption, and all need much more than bolt-on technology to address it. It requires organizational transformation. Why start your digital strategy now? Because if you don’t do it, somebody else will! Drivers for CIOs are no longer about reducing cost, (with a few exceptions) but about growing revenues and helping to grow the customer base. Baker cited examples of change drivers from the retail industry, where customers now have easy access to online comparison data, and their loyalties can switch rapidly based on such things as delivery and return policies. Other industry examples cited were from fashion and high-tech aircraft. Recommendations: Start building your digital strategy with a SWOT analysis; map your digital capabilities and industry maturity; lay out specific steps for amelioration. 

What CEO’s want

Presented by Caroline Jellinck, Senior Client Partner, Korn Ferry

CEO’s are becoming increasingly aware that technology needs to be an executive partner in advancing the business agenda.  However, as the technical expert, not all CIO’s understand how to position themselves and their teams to meet these business expectations.  Learn what CEO’s expect of their CIO’s and technology teams and how to position yourself and your people for success at the table.

Key Take-Aways:

How can CIOs bridge the gap between the technical and business sides to deliver value to the organization?  From a CEO perspective the following measures are key: Stock price, EBIDA, Performance/Growth, Access to capital, effective decision making, engaged productive employee.  IT solutions are interwoven with all of these and CIO influence is critical.  The CIO growth path has three phases: Functional Expert, Transformational Leader and Emerging Business Leader.  Jellinck gave good advice on how to move toward the Emerging Business Leader Role – and noted that not everyone will be able or willing to make this transition.  The skill sets that CIOs need to exhibit are relationship management, innovation, business and communication skills. The presentation ended on a more practical note – with tips and advice on interviewing and resume preparation.   

The Wolf in CIO's Clothing

Presented by: Tina Nunno, Vice President & Gartner Fellow, Gartner

Are you predator or prey? This session, based on the recently released book of the same title, is based on the premise that CIOs are often in extreme situations, where normal management techniques simply will not work. IT is increasingly under pressure to drive business value and help the enterprise create competitive advantage, while dealing with increasing digital risks and challenges. Such an environment can drive enterprises to the “dark side”. By becoming a “Machiavellian Wolf” CIOs can shift from service provider to partner and leader, and to bring the enterprises back into the light. Attendees are encouraged to take the Wolf Quiz before the session at Gartner.com/wolfcio and find out their Extreme Animal Profile.

Key Take-Aways:

Here’s a scenario where “wolf” tactics may apply….You: "We don't have the resources or the budget right now, so we should wait" Them: "Make it happen." This is a situation many of us are all too familiar with - it’s about power, influence and politics.   What should you do when faced with a situation where traditional management techniques do not work? Tina walks through the difference between the "light" and "dark" side of leadership traits and how good leaders have to be ready to go to the extremes. She argues that choosing the middle ground often leaves leaders more vulnerable and that people do not like working for someone who is perceived to have no power since they cannot be protected. She then walks through the different Extreme Animal profiles and how their approach to power, manipulation, and warfare can help CIOs lead their teams to success by allowing them to adjust their leadership styles in extreme situations .