When things go wrong, I seem to be bad.
But I’m just a soul whose intentions are good:
Oh Lord! Please don’t let me be misunderstood.
In a recent article Ian Cox quite properly asserted that CIOs needed to know many things to be successful, but how to code wasn’t necessarily one of them. A reasonable perspective given the broad range of topics your typical CIO needs to understand. But in what, if anything, should a CIO be an expert?
Sure, it’s useful to know about coding and possibly recognise the good from the bad – but how much detail do you need to know? As Edmund Blackadder once said during his time as a butler, when asked by the Prince Regent about a machine called The Ravelling Nancy…
PR: What does it do?
EB: It ravels cotton, sir.
PR: What for?
EB: That I cannot say, sir. I am one of these people who are quite happy to wear cotton, but have no idea how it works.
Most CIOs have the breadth of knowledge and experience and have members of their teams who understand various levels of detail – few are expert at all levels of their operations.
Which might be fine until we have a week like this one when in the wake of the Talk Talk cyber attack, CEO Dido Harding visibly struggled under some very precise BBC questioning over the exact nature of the attack and the levels of data protection offered by her company. Should she have known her ‘SQL Injection’ from her ‘IRC-Worm’? More importantly, perhaps – would you? And does the fact that she didn’t make her any less effective as a CEO. A straw poll of CIOs suggested that most would have been equally flummoxed by the detail of the questions and would have reached for their trusty Security Architect or CISO.
What becomes very apparent is that in this fast moving digital world there are even faster moving digital dangers that everyone needs to understand. In a previous post I suggested that the days of C-Suite executives wearing their lack of IT knowledge as a badge of honour were over and the last week’s incidents only serve to amplify that fact.
I’m not saying you need to know every detail but there should be a minimum level of competence. If the BBC reporter was asking about the company’s financial performance, it would be inconceivable that a CEO wouldn’t understand their balance sheet sufficiently to handle the questions – so why not technology or indeed data security? Customers will rightly expect organisations to protect their information and it therefore behoves executives to have a certain level of security savvy and vocabulary.
Equally, I’m not saying they should know how to build or maintain a Ravelling Nancy but at least they should know that they own one, that it ravels the cotton and it’s responsible for the shirt on their back.