About Me

My photo
Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.

Monday, October 31, 2011

Pressure Cooker - Fall Cooking?

IT professionals at all levels are facing unprecedented stress in their jobs these days. Ever ask yourself why? How are you dealing with your stress? 

Stress has a negative impact on your health, not to mention your family and inner circle.  The impact of stress on our health is well documented. Among the problems created by chronic stress: It makes us more susceptible to getting sick because it attacks our immune system; it causes high blood pressure and arteriosclerosis (hardening of the arteries)—both of which increase our risk of heart attack; and it can also leads to ulcers. According to the American Institute of Stress, 90 percent of all illnesses are stress-related.

So where is all the stress coming from?  Where do you want to start?  Economic, job security, over worked, out of alignment expectations, constant communications, and the list goes on.  Technology is making difficult for you to leave work, always working, always online, checking email, sending emails, and so forth.  Ever feel like you could explode?

I talked with a now retired CIO who went to Florida for sun and golf, and no iPhone, no technology.  He said the stress, tension and uneasy left when he unplugged.  Took him awhile, but he said looking back, his mistake was not taking time that was rightfully his.  He should have punched out and turn the electronics off to have dinner with the family, the soccer games he missed, the baseball games.  He is now in his late 60's and it is to late for him to do those things with his kids, they have grown to fast and he never had time.  Just one more upgrade, one more late night meeting, one more trip, one more ERP system, and 40 years later - he never made that game, that dinner or play.  His advice to anyone coming up in IT is to keep it in check.  If you are working over 45 hours every week, you better evaluate your priorities and push back or move on.  Jobs come and go, but family is forever, and you only get one trip on this earth.

I propose to you  that a good leader knows what his staff is working, and will help ensure there is work/life balance.  In tune with your staff is to make sure they make those life events, to ensure they have personal time, and that there is a culture that has expections to demands.  There are staff shortages in IT, and the demands are ever increasing.  Communication with your manager, or staff are essential, and upstream as well as downstream communications. 

Make sure you have a hobby, or punch out and take a walk, play Wii with the kids - do something that is not work related.  Have some downtime, good for your health, and good for your employer.  If you are healthy, you are a happy productive employee. 

One more comment if I may, I find it concerning that there is quickly becoming a negative tone towards IT in the business community.  IT says they need more staff, more time, more money - but just push down on them, work them harder with less, we need to save money.  Technology will make your company successful, and your IT staff is essential to that goal. If IT doesn't like it, just go to the cloud.  Be careful with that attitude and direction, you have unqualified business people making  techology decisions.  40% of companies go out of business after a significant disaster - you cooking one up? 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Friday, October 28, 2011

Pinched Again

I got an email from a colleague the other day and thought I would share. This CIO is concerned they are always behind, always playing catch up, and taken by surprise when new technology comes out. How do we keep ahead of the game? What can they do to ensure they are not finding themselves 3 releases behind on Microsoft products, out of date on applications, and unaware of new mobile technology. The business always comes to them to push for updated software, infrastructure – technology. They would like to get to the place where they are going to the business with up and coming technology capabilities.

So this is an interesting discussion, because there are several issues here. In back and forth emails with this CIO there are some clear places to start. There is a clear resource constraint in this IT organization and the business has no desire to add staff. So they really need to complete an application and technology inventory. Get a complete picture of everything your IT organization is supporting. Then determine what is core to the business and what can be pushed out as a service. Things like firewall support, monitoring, maybe even email are all target items that could be given to a service provider. That will free up some staff to dedicate to other functions. Keep the lights on activity (KTLO) on older technology or infrastructure can eat up a great deal of resource, both staff and financial.

My other recommendation was to get an Enterprise Architecture team established. Take your senior members from the operations side of the house and give them a career path to a EA team. This Enterprise Architecture team brings the 2-3 year vision to the organization for technology, application, information, and data architecture. This will not only align IT to the business, but will get this team in alignment to the industry, no more playing catch up. Let operations do operations and EA do architecture and strategy.

What will this EA team deliver to the business? There are several objectives or goals of a great EA team, such as provide innovation, establish standards, practices, patterns by which IT will deliver/deploy solutions, and reduce cost(s). Provide capability roadmaps, and technology strategy to support business goals or capabilities. Plus, the introduction of new technology that can deliver perhaps a competitive advantage to the business.

My other feedback to my colleague was automation. Get some automation in place to deliver applications to the desktops, provision servers, and provision storage. These automation tools will not only expedite delivery of technology solutions to the business, but free staff time up for other tasks or projects. It is like the car mechanic story, they are so busy fixing customer cars that they never take the time to maintain the tow truck, till it breaks down. Now they are dead in the water and have to take the time to fix their own vehicle. So time to fix your own IT house and get in a better position to serve the business. This may mean some temporary staff augmentation and vendor services to get back on top of these things and get in a better position. I think a sit down with the CEO and CFO should paint the appropriate picture and provide a roadmap and solutions on how to correct this.

One last thing, I sense this CIO is dealing with staff burn out or stress. The fire and desire of the staff is gone, it is in a mode of “so what…”. You can’t run your shop 100mph 6 days a week and not realize it will break at some point. So the EA team creation could bring new life to your senior staff, be sure to give them some monetary benefit for the new role. I would also share your vision and roadmap with your staff, show them how things will get better. This will let them know you are aware and sensitive to their situation. I would also at the conclusion of this new vision and direction for the department hand out some hand written thank you notes with some gift cards enclosed. The money you will spend is an investment into a new energy, new vision and the road to recovery. Celebrate the accomplishments, say thank you, and mean it. The new road to recovery can’t be paved with slavery, so plan some additional staff, reasonable timelines, and let staff have a work/life balance. You need them engaged to be successful, and they need to feel good about the job, the company, and you as a leader. One more thing, there will be some late nights for cutovers or downtime – be there with them. Bring in dinner, help rack/stack or field phone calls. Nothing wrong with the IT Leader being in the trenches from time to time with the staff and understand their challenges. Don’t do their job for them, but be there to support them.

I think you have some good places to start, and map out your vision and plan to bring this IT organization back and communicate it, up and down the organization. Good luck!

Keep it positive!



Scott Arnett
scott.arnett@charter.net

Thursday, October 27, 2011

Cloudy Cloud Services

Everywhere you read, or conference you attend, the topic is Cloud Service. It appears to me that we are not all on the same page on the definition of what is a cloud. I was in a conversation the other day with some colleagues, and one made the statement, “ We have a private cloud, we have our own data center….”

This colleague’s definition was we have our own data center and host our own applications, we have virtualization on servers, we are good to go. Really? I asked, do you have any automation to provide for self-service? Do you have defined resources to be allocated to the user’s request? What can the business user manage of their own environment in your private cloud? The answer was that only IT would setup the servers, there is no access to our data center for the business. So, really you have is a traditional data center, with no self-service, no automation, and traditional IT structure. That is not Cloud Services.

Cloud Services is focused on services. The reason Cloud Service has become successful is the fact that the business user can go get what they need, manage it themselves, and configure their environment as they want. It provides self-service, service level agreements, quick response, and agility to an ever changing business environment. Under the covers, yes there is a data center, server/storage virtualization, automation tools, resource pools, and some methodology(s) to ensure a positive experience. Such as performance monitoring, capacity planning, change management, and so forth.

So let’s talk for a few minutes about Cloud Services, such as SaaS, IaaS, PaaS, and so forth. It is my observation that corporations are going full speed ahead with many cloud offerings without engaging the IT organization. This will create problems down the road, and even some panic in the business. There are significant efforts that need to take place from a data integration point, security, DR, BCP, and in some cases governance. That single SaaS offering the business just purchased is not aware of any other applications, no one mapped out any integration points or data flow, single sign on or even how the data is protected. When I say protected, I am talking security, disaster recovery and business continuity. This is not to mention contractual challenges, and data ownership. Read the contract close, careful and ensure all the details are spelled out. If that SaaS provider goes out of business, and you are left to argue with the 3rd trustee on getting your data back and off the equipment before it goes to a recovery company, good luck. Your contract may not have survived the liquidation of the SaaS provider.

Don't let your business run out of control into the Clouds...... help them understand, manage and architect the right solution. Team work!

Keep ITIL methodology in mind, it still applies to Cloud Services, regardless if it is a private, public or hybrid.

Keep it positive!



Scott Arnett
scott.arnett@charter.net

Wednesday, October 26, 2011

War of IOIOIOIO

Interesting discussions recently with colleagues in Information Technology. I am in the midst of writing a book, and have been interviewing past and recent colleagues on several topics. One big topic that comes up as a side discussion is the war of knowledge. Knowledge is power, in the minds of IT folks, so if I am the only one that knows it, they have to keep me. I am guaranteed a job here for as long as I wish to stay. Really? Economic pressure driving that cut throat approach to team work?

As a CIO/CTO or VP of IT, I am looking for team members that have some key behaviors, like build talent, make decisions, win consistently, and communication. You can’t be successful if team members are self developing islands, unable to communicate and unable to work together. I love working with smart people, and they drive me to learn more, and there is nothing wrong with that. As an organization, you want to provide training and development to your staff, develop those technology champions. These champions need to be champions of their area of expertise and their team.

I am concerned as IT is moving towards a services centric model that these knowledge wars, and drive to know everything is only going to hurt the IT organization as a hole. One of the many drivers to Cloud Services is the business view that IT is difficult to work with. If they can call a service provider and have their servers and storage up in a few hours versus weeks, that is a good deal for the business leaders. Time to tear down the walls, remove the silos and really become a service based organization. Establish a mobility center of excellence, or collaboration, communication, and the list goes on. To be successful in this space, you need a cohesive team, a unified team and everyone going in the same direction. You still need experts in the technology, don’t get me wrong, but a little wider depth of that knowledge. You may need network expertise on several of these service teams, not just a “network” silo anymore.

The bottom line in these discussions with my colleagues is that it really is the culture of the organization that will drive the team work or the war. The culture reflects that of senior management, so if it is a positive, rewarding, team work environment, then that is the direction IT will proceed.

Keep it positive!



Scott Arnett
scott.arnett@charter.net

Thursday, October 13, 2011

Fireside Chat w/Auditors

The other day I was asked to join some of my IT audit colleagues for dinner.  They get together on a regular basis to compare notes, but this particular dinner they wanted some outside blood.  So agreed to join them and talk "IT"......

This group challenge is really how fast technology is changing and how to effectively audit this changing environment.  Paperless operations, large SharePoint environments, mobile devices and the list goes on.  How can they really look under the covers and find gaps, threats, or potential risk.  It started some real good discussions, because it is a challenge to keep up with the environment and to ensure safeguards are in place and risk is appropriately addressed. 

It comes back to comments I have made in the past, and that is security and risk management is everyone's responsibility in IT.  If you are installing a server, desktop, firewall or website - doing so in a safe, secure way is your responsibility.  There has to be internal controls and check points to verify your environment on a regular basis to look for vulnerability.  Providing detailed documents, process, procedures, and check points to the auditor is a great place to start.  The auditor is there to ensure we are following best practice, we follow our own policy - and that we are not taking shortcuts.  It is in everyone's best interest to have a secure enterprise. 

My advice to my auditor friends is to be aware of the technology changes, and have some skills, but really to look for behavior, policy, procedure, and culture of the organization.  If you go to audit an organization and you have the feeling they are in a fire fight mode, running to just keep alive, chances are, they are taking shortcuts.  In addition, management will clearly set the tone for the audit, the environment, and how the organization operates.  Be observant, more than just looking at technology - look at operational excellence. 

I also recommend to organizations to have a regular penetration test done, have vulnerability management, and don't be afraid to have some services out sourced to experts.  You can't be an expert in security these days, most organizations can not afford the talent needed to keep the enterprise secure.  Look outside the organization for the expertise you need. 

We all have a role in keeping our IT Environments secure, and have the ability to respond to critical incidents.  Take it serious. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Saturday, October 8, 2011

Tools, More Tools

How many IT tools do you have in your enterprise?  Tools for performance, capacity, and hardware failure?  That is a very small list of monitoring tools, but there are also configuration and management tools.  Most IT organizations have tools for individual teams, but no one is really taking a look from an enterprise level or taking a tool inventory. 

Tools are great and help IT deliver top notch service, but come with a cost.  Buying the tool, maintaining support, license, training and the list goes on.  I would recommend a tool czar that can take a step back, look at all the tools in the environment and see how you can leverage the tools for multiple teams and perhaps multiple functions.  This needs to be a role high enough in the organization to rise above the politics, and individual team influences.  Much like the Security Leader - needs to report directly to the CIO - have that cross boundary ability and Security has a role in every IT function. 

There are some really good open source tools out there.  One that I really like is InfraManage.  Check this site out: http://www.inframanage.net/ You can monitor complex networks, but you can also build some information around your infrastructure.  This will give you the capability to deploy and manage statistical graphs; TFTP configs from networking gear; and have a centralized way to manage URLs of devices on the network. Gives you a good interface and just a well rounded tool.  The price is right, and the tool is always improving.  Great option! 

A holistic enterprise level approach to tools will not only save money, but will ensure you have an organized approach to managing your environment.  Identify gaps, and will even build some team work in the organization.  Nothing wrong with that!

Keep it positive!

Scott Arnett
scott.arnett@charter.net

Monday, October 3, 2011

Data - The New Gold?

Hello fellow IT professionals -

I had an interesting conversation the other day with a colleague, on how IT has transformed over the years.  Years ago we lived for the newest server technology, data center technology and network gear.  It was exciting stuff!  Today, all that glitters is not infrastructure anymore.  Has it really become a utility as predicted?  We just need bandwidth and reliable at that. 

The real IT glitter of today is around data.  Analytics, Information Lifecycle and business intelligence.  Some of the top things that IT can deliver to the business, and in a quick, efficient manner.  Having that real time reliable business information to make sound business decisions is key to an agile and quick moving organizations.  Customer demands are ever changing, economic climate, and regulations.  You can no longer take months and hundreds of spreadsheets to figure out your course of action, it has to be now - management dashboards. 

With all this data, and ever growing amount of data, don't forget the security.  Encrypt your data in transit, in rest, and monitor the movement of that data.  Don't be so quick to send your data out of your organization to vendors, or partners without safeguards in place.  I know some CIO's that are quick to discount Data Leak Prevention, but with iPhone, iPods, USB, Flash and other portable memory devices, your data could be leaving your company.  Email is not always the only means of transport.  You need to have a handle on protecting your vital company assets - including your data. 

The problem with data - no blinking lights!  No cool factor - so don't worry hardware guys - there are still some cool gadgets on the horizon. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net