About a year ago I wrote a post in which I discussed how technically savvy CIOs need to be to do their jobs well. I cited a CIO.com article in which most of the IT pros interviewed said that while their bosses should have enough tech knowledge to properly allocate resources and to come up with reality-based timetables for project completion, they didn't necessarily need to be able to perform technical tasks themselves. In a more recent post, I mentioned the strong business focus of the CIOs I've interviewed and concluded "gearhead" CIOs may be a vanishing species.
With the desire for business-oriented CIOs, this seems like a great thing. Problems can arise, however, if CIOs lack a necessary understanding of technology, writes Mark Samuels in a silicon.com.piece titled "Is the CTO the new CIO?"
One of the folks interviewed by Samuels is David Smith, who fills both roles for Fujitsu in the UK and Ireland. Smith expects to see more technology chiefs with dual responsibilities. In fact, he believes CIOs also will increasingly be asked to devote more attention to security and risk management. He said:
We are starting to see titles like chief information and technology officer, or chief information security officer. The CTO is not the new CIO; the CIO is arguably the new CITSO, which admittedly is not the snappiest of role titles.
That's a lot for one person to handle, especially for an executive who may already be feeling pretty overwhelmed.
A growing number of companies are appointing security executives, according to a 2009 PricewaterhouseCoopers survey. As IT Business Edge contributor Ralph DeFrangesco noted, many companies in the past employed directors of IT Security or VPs of Security who reported to the CIO. He said:
The new spin here is that now the majority of CISOs hired are reporting into the CEO or the board of directors. Organizations are saying that security is a corporate concern and they are willing to give these security execs the authority and funding to be successful.