Whether it’s your first time stepping up into a C-Suite role or a lateral move to a new organization, starting out as a new CIO is a considerable challenge. After all, it’s now your job to steer the ship. But for most new CIOs, the real difficulty lies with the fact that the ship is already en route and the crew is engaged in many tasks to just trying to keep it from taking on water. We all want to come in and make a significant impact, but, by necessity, you need to balance that impact with minimal disruptions to the day-to-day operations of the business. The short version: don’t fix what isn’t broken.
When you come into a new CIO position, you need to have clear, achievable goals that will implement your vision and get your organization started on the path to improvement. The most helpful way to organize these objectives is by establishing a timeline. It’s pretty simple. Some things are going to take longer to implement, and some are going to be more quickly achievable. Being honest and reasonable about the schedule is the best way for you to be able to manage expectations for both your organization and yourself.
In this post, we want to focus on things that you can do in the first 30 days as CIO to make an impact, even if they’re just the stepping stones to getting started on a larger project. Having a list of objectives to immediately get moving on will help you come to your new role with the energy, drive, and approach that is sure to be successful.
1. Get a Clear Picture of the State of Tech
When entering this new CIO position, your first step should be to get a clear picture of the state of technology use in your organization. The simplest way to make that happen is to do some face-to-face interviews with stakeholders across your organization and on your team. You want to give people a chance to put a face to a new-hire email, and also expose yourself to as many different viewpoints as possible. Here are some questions to ask:
What technology do you rely on?
Where are you running into trouble with technology?
What can’t you do that you wish you could?
What information do you track, and how do you track it?
How do you collaborate with other departments and third-party vendors?
What is your experience interfacing with my department?
What business goals do you have, and how does my team help you achieve them?
The good thing about being new, or being new to your leadership position, is that people will feel more ready to open up to you and get you on their side. You represent a possibility for change. At the same time, you need to weigh these options against what is feasible.
A final step to consider when conducting these interviews is to make sure you pay special attention to where there’s a possibility for “shadow IT” to creep in. With the ubiquity of cloud apps, there’s a lot of technology that people use to do their job that they don’t necessarily think of as falling under the purvey of IT. In more siloed environments you’ll often find that one department uses DropBox, another uses Office 365, and yet another uses Google Drive. This disjointedness can create a security nightmare, as there are three times as many vectors for a potential hack. Luckily, it can usually be solved if IT leads the charge with a solution that works for everyone’s needs.
2. Audit Your Organization’s Security Procedures
Regardless of the size of your organization, a key area of IT that is probably in need of a fresh set of eyes, is your security procedures. 2017 saw data breaches dominating the headlines and your organization needs to recognize that getting hacked is a genuine and very real threat.
Rule number one is to think about what you have, proprietary or otherwise, that might be worth taking. It’s easy to believe that there’s safety in numbers, especially if you are a small business, but in actuality, half of all cyber attacks target small businesses.
Payroll information, user IDs and logins, and even access that you have to other companies’ networks are all useful for a diligent hacker looking to turn a quick profit. This information is easy to use for bank fraud, identity theft, or to help find an opening that lets an attacker “climb the ladder” to a bigger, juicier target.
When you’re looking at your company’s security practices, here are some good questions to ask:
What do you do when someone leaves your company?
How often do you require users to change their password?
How do you backup your data in case something catastrophic happens?
3. Target an Easy Win
When you’re coming into a C-Suite position, in a large organization, it’s easy to become focused on making a big splash. You want to make an impression as a visionary leader charging forward in a bold and innovative direction. This isn’t a bad impulse, and there’s certainly a place for that, but you also can’t underrate the importance of momentum.
Your team needs to feel like it’s moving forward and getting something done. This is the only way that you’ll be able to muster the motivation and drive that you need to get to those big goals and make the significant changes that you want to implement. A simple way to kickstart this process is to identify a change that you know is easily obtainable, point to it publicly as an essential goal, and then achieve it.
While you might be quick to write off an easy win as something not all that important, realize you’re actually accomplishing a lot more than just making a basic change. By demonstrating follow through and by giving your team a taste of success, you’re starting a process that keeps people motivated and makes buy-in contagious.
What You Can Do Right Now
Getting started as a new CIO can be daunting, but setting some clear and actionable goals to hit in the first 30 days is a great way to roll up your sleeves and get working instead of worrying about how you’re going to live up to your new title. Keep your objectives simple and clear, and you’ll set a tone that will prove invaluable in the weeks, months, and year to come.
Meet face-to-face with stakeholders across your organization to get a clear picture of how they’re using technology, and how it could be improved.
Take a fresh look at your security procedures, and think about what you need to protect.
Target an easy win, and make sure your team gets to share in that success.