CIO Strategy: Cloud-First Leadership for Crisis Response

What leadership lessons should a CIO adopt to manage business operations during a crisis? Jay Ferro, a well-known transformational CIO, discusses risk management, threats to an organization, and creating a cloud-first strategy.

Apr 10, 2020

What leadership lessons should a CIO adopt to manage business operations during a crisis? Jay Ferro, a well-known transformational CIO, discusses risk management, threats to an organization, creating a cloud-first strategy, and the importance of a disaster recovery plan.

Jay Ferro is the Chief Information Officer for Quikrete, the largest manufacturer of packaged concrete in the United States. Previously, he served as CIO for a number of other companies including Earthlink, the American Cancer Society, and AIG.


This transcript has been lightly edited.


Michael Krigsman: During this time of Coronavirus, COVID-19, how should a CIO manage the response? Jay Ferro, he's the CIO of Quikrete. Jay, tell us about Quikrete and tell us about your role.

Jay Ferro: Like you said, I'm then CIO for the Quikrete Company. We're the largest manufacturer and packager of concrete products in North America. We do a lot of other things too. It's a great family-run organization with a terrific heritage. It's been a fun journey here. Prior to here, I've been CIO at the American Cancer Society, AIG, head of product and IT at Earthlink, and a number of other companies, so a bit of a serial CIO, I guess.

Michael Krigsman: How is this situation different from all of those others from an IT standpoint?

Jay Ferro: It's an entirely new game. It entirely changes the course of everything. I don't know that most CIOs have thought their way through something that would be this widespread with the impact that it's having in all aspects of commerce, their organization, their employees, their customers. It's certainly the largest impact incident that I've dealt with in my career.

Obviously, we've had tragedies like 9-11 and we've had weather-related incidents. We have had other pandemics but nothing quite to this scale. It really has changed the rules on everything.

Continuity Planning at Scale

Michael Krigsman: You said it's a game-changer. Why and what does that mean for you?

Jay Ferro: When it dawned on us that this was happening and CIOs began to prepare, all of your best-laid plans—I mean you think you look at your roadmap for 2020 and beyond and all the strategic projects and operational initiatives that we had on our plate—and you cast them all to the wind. Right? Because now it's all about the response, not only protecting your employees and enabling them but protecting your customers and keeping some semblance of normalcy.

It's brought a tremendous amount of visibility to IT, not that we weren't visible before but certainly, in a situation like this, all eyes are on technology. Remote work: How do we access our information; how do we conduct business? All of your priorities are out the window and this is the number one priority now, right?

Michael Krigsman: Your priorities are out the window. How do you develop a strategy or a plan for reprioritizing, basically turning on a dime in this way?

Jay Ferro: For me, it's all about looking at the business first and how do we continue in the safest possible way. I'm hearing CIOs all over the place with the same recurring theme: How do we keep the business running? How do we enable our employees? How do we keep things going as smoothly as possible? How do we continue to service our customers as smoothly as possible, leveraging technology, a lot of the things that we already put in place and then, otherwise, fast-tracking things that maybe weren't done yet or we haven't thought of?

I think, if anything, an event like this, Michael, is going to accelerate digital transformation because it certainly is going to reveal a lot of flat spots in different organizations.

Michael Krigsman: Why will this transform or accelerate, as you said, digital transformation? What's the mechanism for that?

Jay Ferro: When you have a workforce that's suddenly all over the place, remote, they're sheltered in place, they're at home, it obviously reveals processes that are dependent on physical presence. It reveals opportunities to streamline how decisions are being made, how data is being used in the organization, where your systems are. Certainly, if they're on-prem and you're in a data center that you can't get to anymore because of an incident or because there's an exposure to COVID, you have a bigger degree of challenge.

Certainly, the public cloud has protected a lot of us during this situation because it has allowed us to continue, at least. Most people I've talked to, it's allowed a lot of business continuity to happen a little more smoothly, so it's revealed some flat sports.

I've talked to a number of CIOs that have said, "Look, we wanted a burning platform to put in more automation. We wanted a burning platform to put in faster and more remote access to data, maybe more decision-making at the edge, things like that. We now have our burning platform, right? Looking at this, whether it's a pandemic, a weather-related incident, or another God-forbid attack, the fundamentals are very similar.

Role of Cloud in Disaster Recovery

Michael Krigsman: Cloud has been kind of the foundation of your ability to respond and be agile to this event, this situation.

Jay Ferro: I don't think it's very different for other CIOs. I talk to them and, whether it's a 365 implementation, Azure, AWS, or anything that they're doing, certainly, it has allowed you a greater degree of flexibility because your compute is no longer on-prem and you're not bound by physically accessing a data center or potentially exposing employees and having them have to leave the house in order to do certain tasks. It also is an enabler for remote work when you have a large, distributed workforce.

I've talked to companies much larger than ours. They have nearly 100% of their employees working remotely. They are grateful that they have access to that information in a platform-agnostic way, whether it's on their laptop or their mobile device, that they're able to continue to do business.

Michael Krigsman: You had to have put this kind of infrastructure in place ahead of time. If you're operating significantly on-premise, you don't just drop that and transfer it all over to cloud smoothly at the drop of a hat.

Jay Ferro: It's not lift-and-shift. I heard it was so easy.

Michael Krigsman: I've heard that too. Well, certainly, look; if you talk to the cloud vendors then it definitely seems like it'd be.

Jay Ferro: It's auto-magical. It's auto-magical. Of course, it is, right? It's just, press a button and all your workloads are now in the cloud.

Michael Krigsman: I guess there's not much else for us to talk about then.

Jay Ferro: I know. Let's just wrap it up, Michael.

Michael Krigsman: [Laughter]

Jay Ferro: Thank you. There's an easy button and, boy, it's in the cloud. You know for me, I think, this is a time where good IT fundamentals really shine. I know it's not the sexiest thing in the world but, look, I've done a lot of IT transformation at different companies.

When I think about transformation, I think about certain enablers. Yes, we always can talk about the sexy new technologies, new business avenues, and all of that other stuff. To enable that, you've still got to kind of get the trains running on time.

Part of that is that moving to the cloud is if people can do it better, faster, cheaper, more securely, and it's not always a cost play. It's certainly about a capability-play more than anything with me, but also things like software rationalization or app rationalization, simplification of business processes, paying off technical debt where you have legacy applications that aren't nearly as flexible perhaps as newer, more modernly designed applications.

When you're doing those in peacetime and you're doing those when there's not a pandemic, you're actually putting in fundamental building blocks toward digital transformation and freeing up capacity and enabling your business. But when something like this does hit, you're much more prepared, right? Fewer applications mean a smaller attack service. A better network architecture means better security, better usability, things like that.

A lot of the CIOs that I have talked to that have a continuous improvement mindset are in much better positions than others who have really left legacy thinking fester. Does that make sense? I'm not going to sit here and say that I or any other CIO said, "You know I think there's a pandemic coming."

To me, good IT management is getting rid of duplicative capabilities. It's simplification, standardization, security, efficiency, and effectiveness. If I'm always focusing on those five things as a CIO, obviously with an overarching layer of CX, of customer experience, I'm better prepared for things like this. I wish I could say I was … (indiscernible, 00:08:53) and I knew, but no. I'm not that good, I guess.

Shifting CIO and Information Technology Priorities

Michael Krigsman: Michael Berry asks, "What pre-COVID technology investments and plans might decelerate as a result of today's pandemic?" In other words, he says, what projects are the CIOs pivoting and reranking to address in the next 6 to 12 months? I think it's an extension of that prioritization question I asked earlier.

Jay Ferro: It's tough to tell right now which projects will kind of fall off the plate. I think where we are or where I see a lot of companies are, right now, we're obviously reacting, right? We're reacting. We're enabling. We're doing everything we can to keep things as normal as possible.

I think about projects that, prior to this, we thought it was maybe a good idea but, post-pandemic, saying, "Now we're going to go ahead and deprioritize those." Certainly, any other investments in legacy technology, I think any investments in technical debt, I would be very cautious about throwing dollars at systems that hamstrung you during this situation. I would, in fact, use it as an impetus to accelerate getting off of these types of things.

I've talked to CIOs and many of them who are just struggling because they have an ancient ERP or they have just a lot of manual processes. They're struggling with how to keep business going without exposing employees, that type of thing.

I feel like when you take a look at your portfolio after this, we're going to have to take a really hard look as IT leaders and say, "Okay, is this a good, judicious use of our limited resources?" In other words, am I throwing dollars at something that I know I should be getting rid of, that I should be deprecating, or that I should be sunsetting at some point? I feel like those are the ones that are going to fall off, but it's a terrific question.

Workforce Development and Remote Teams

Michael Krigsman: Sherryanne Meyer says that you made the point about the workforce of today that tomorrow is too late. She's asking, can you elaborate on that?

Jay Ferro: I've always been a big fan of platform-agnostic, data-driven technologies where, potentially, knowledge workers could do their work anywhere that they need to do them. To me, that's a fundamental tenant of technologies that I've always wanted to put in at different companies that I've been in.

I think what we're seeing now, and I've talked to a number of CIOs that work for companies that really did not have a progressive work-from-home strategy where they just didn't think it through. It was just maybe counter to culture. Now they're being forced to.

The world, quite frankly, is continuing on. We're going to get through this and they're realizing, they're coming to the realization that people, by and large, are continuing to produce, in some cases at a higher level remotely than they were in the office.

I feel like there's a huge paradigm shift, so I think it's incumbent upon IT leaders to always be thinking about that. To me, it's this next generation of workers. It's a normal thing for them.

My kids, I have three sons, as you know, Michael. I have two in college and one in high school. They're all doing remote learning and they don't miss a beat. To them, it's normal. Whether it's on their phone, their tablet, or their computer, to them it's normal. I think we're laying the groundwork for that next generation to come in and be able to kind of do your job anywhere, any time.

We're seeing it with the uptake obviously with Zoom, Teams, and other technologies too. Are we, as CIOs, thinking clearly about the investments we're making in technology that these are mobile-enabled, anytime, anywhere, secure technologies?

Michael Krigsman: When you talk about the workforce issues, workforce training, workforce readiness for remote work from home, frankly, what does the CIO have to do with that? Isn't that the province of HR?

Jay Ferro: HR, operations, that type of thing. This is where a CIO is one of the many times—as my good friend Tim Crawford would say. He and I are in lockstep—is that good CIOs or transformational CIOs are business leaders first. We're reaching across the aisle. We're partnering with our colleagues across the organization.

This is a time where you reach out to operations. You reach out to HR. You collaborate. To me, it's not, "Well, you know what? We provided the technology, head of HR. It's up to you to train them and tell them how to do it. The business process, that's all you, workforce."

To me, there's got to be no daylight between you and your peers. Pull together and come up with a new way of doing it. I think a lot of IT leaders still, for whatever reason, don't want to take the initiative and do that.

As an example, at many companies, IT has proactively put together communications, training, partnered with HR and says, "Here you go. Here's everything you need to get these folks up to speed on these remote technologies. Weave it into whatever communications you want. It's really fostered that dialog but I think it's incumbent on the CIO to take that first step, reach out, and say, "This is what I can and can't do."

We're pretty good at business process CIOs. I mean we see it all in the company. We've got to leverage that and make sure that people know that we have an opinion on it too.

Transformation CIO vs. Infrastructure CIO

Michael Krigsman: What is the intersection between being a transformational CIO as opposed to a traditional infrastructure CIO and the response and the strategy to this type of situation that we're in today?

Jay Ferro: The way I look at it, and I know we get hung up on – not we, but people talk about the traditional CIO being really infrastructure, ping-power-pipe, boxes and wires focused and then this transformational CIO who is forward-thinking, who is innovative, who is business-leading. I think the world-class CIO is both, right? At the end of the day, it's not either/or. The transformational CIO is good at both.

Now, there are aspects of it that maybe go away when you become a transformational CIO of the old way of thinking but never ever forget that what IT is to your average employee, your average frontline AP clerk or office manager at a remote site, what is IT to them? IT is their machine, their browser, the applications they come in and use every day and, are you there when they either call the helpdesk, chat with the helpdesk, send an email ticket? Can you do that with a smile, make them feel like they're not bothering you, and solve their problem on that first call? You're constantly thinking about better ways for them to do their job.

They don't care about IoT. They might but most don't care about all the stuff that we talk about on a day-to-day basis. They're consumers of it, eventually. I never forget that. That's why I spend so much time on the frontline.

I think a world-class transformational CIO is doing both. She or he is always business-focused first. But I have to be clear when I say that because I don't want pureplay technologists, comp sci majors, or anything like that to think that I'm minimizing the role of technology. We are still technology practitioners but we're doing it with a business focus first.

How do we marry technology capabilities to our business? Servicing customers, driving revenue, reducing cost, operations, security: all of those things, it's incumbent on us to understand that as business leaders and then marry that to technology.

Transformational CIO Leadership Lessons

Michael Krigsman: The issue is one of eliminating the concept that IT and the CIO are somehow apart from the business. Unfortunately, the common language says that they are distinct from the business because we often hear that IT and the CIO must have a different kind of relationship with the business, which implies that they're not the same. What do we do about that and how serious is that an issue?

Jay Ferro: I think, unfortunately, it still lingers. I hate to see it. I hate to see it. I think CIOs are our own worst enemies, though. I think we wallow in misery from time-to-time when we go to CIO summits and everything. You still hear, "Seat at the table. Seat at the table; I don't have one. They don't invite me."

Then you sit down. I do a lot of mentoring and coaching. I say, "Well, tell me what you said. Show me the email. Show me the memo. Show me the presentation."

More often than not, none of it is business-related. Literally, the "What's in it for me? What's in it for the company?" you're not speaking their language. You're literally not taking the time to learn how your organization makes money, how they produce product, how they service their customers, and then marrying your solution to that so that these folks who don't do what we do for a living understand that you understand their world.

We don't lead with, "Well, it's faster. It's got more lights. It's got more cores. It's the edge. Come on! You've read about it. It's the cloud." No. No, the answer is that we visit the frontlines. We reach across the aisle. We visit our remote locations and understand business process. Then we go back, noodle, and go, "All right, I've got some ideas."

You know me, Michael. I'm a big fan of prototyping and proofs of concept where I tend not to ask for permission. I tend to go ahead and build a proof of concept. More often than not, almost 100% of the time, we bring it back and go, "This is what you're doing today. What about this?" People are going, "I didn't know A) you understood our business process like that, and B) we want that."

Michael Krigsman: Yep.

Jay Ferro: I think about mobile apps we've built. I think about BI capabilities we've built. I think about other things that I've done throughout my career where had we waited to be knighted by the business, we never would have done it. We never would have done it.

What made it happen was IT, not just Jay Ferro or the CIO – IT, everybody in IT spending time learning and then ideating and coming back with ideas. Not everyone is going to be a winner, but what position and what group is better positioned to understand than us? None.

The Strategic CIO and IT

Michael Krigsman: Arsalan Khan asks, "Pre-pandemic, there were trust issues with IT budgets from CFOs, people working from home, et cetera. Now it seems those trust issues were a façade. Post pandemic, hopefully, IT has more budget and a direct line to the CEO and even the board." I think this gets directly to the point, Jay, that you were just talking about, which is, how do we forge that gap and elevate IT so that, quite frankly, IT is not seen as a poor cousin to "the business"?

Jay Ferro: I totally agree and I think he makes a great point. I hope it sticks. I really do. I hope it sticks because what we're seeing now and I'm on call every day with other CIOs or leaning on our colleagues in the industry, "What are you doing? What are you doing?" I'm hearing that same thing where there was this reticent to do it, this apprehension and, all of a sudden, now that you've been able to provide it and the world hasn't ended and the technology is working, there is a significant amount of buy-in.

What I hope is that most companies see this and are more open to a new way of working. That doesn't necessarily mean that a company today is going to go to all remote work or anything like that but maybe it's the beginning of a culture shift.

The other point that I think leaders are kind of born in trial by fire, this is a time for CIOs to step up. This is the time for leaders to show that they understand not just DR, business continuity, but they understand how their company works day-to-day and they have a grasp of the company's operations to close that gap you just mentioned, Michael, because that's a problem. That is a problem.

I'm hoping a lot of lights go on in those CFOs' heads and those heads of operation where they're going, "Man, you actually have a pretty good grasp of what we do. Maybe we ought to get you involved in some of these meetings." It's never going to be binary where today I'm not involved, tomorrow I'm involved, but I think it's going to open some eyes for the CIO that takes advantage of the opportunity.

Michael Krigsman: In this crisis environment, are there specific opportunities that may exist for the CIO to prove her worth or his worth?

Jay Ferro: It all comes down to execution. Everybody loves a winner, right? When your sports team is not doing well, everybody is on Twitter and everybody is complaining about the team, "Fire the coach." But, suddenly, that team is a playoff team and it's a totally different conversation.

I think it's very similar with a CIO. It's execution and delivery, communication and transparency, and leading from the front. Our job during a crisis is to lead from the front as CIOs in these tough times.

I want to deflect heat and all of those things away from my team so that they can focus on serving our customers and serving our staff who are doing the hard work of keeping a company going. During the good times, the leaders lead from behind.

I feel like there are opportunities right now to show yourself as not only a great technologist because you're able to pivot, react, and enable your workforce with the solutions that, "Hey, we have great VPN. We have great VDI capabilities. People can do their job on a dime on a laptop or on a mobile device. Look at everything. See, we're starting to pay off."

If you execute those, that's one thing. But I think it's also the way you communicate, the way that you show no fear in this situation, and the way that you bring options and alternatives to the heads of your company saying, "This is what we can do. We have options," and you're always thinking about how to improve. Yeah, but the opportunity is action and execution, to me.

Michael Krigsman: Ideas are pretty cheap, right? Ideas are obviously the motivator but, ultimately, the execution of those ideas is what creates opportunity and what creates the outcomes that enable opportunity.

Jay Ferro: You're so right. I wish more IT leaders remember that, Michael. It's such good advice, the thing that you just said. We love to hear ourselves talk and I'm sure you've been on calls where we opine and wax poetic on all sorts of technologies and powerful forces, and all of these things are going to fundamentally change the world. But we can't execute out of a paper bag.

I'm like, "But how much of it have you actually done?" I agree, I think it's both. It's not either/or. Idea without execution is imagination.

Planning for Remote Workers

Michael Krigsman: Cedric Wells says, "What do you say to the leaders who do not think their workforce can be as productive remotely? How can organizations set themselves up to be better prepared for the future of work?"

Jay Ferro: Metrics, measurement of what they're doing, looking at productivity. Ideally, there are some metrics that you have, whether it's a service desk associate or an engineer that normally handled X number of tickets and now they're working remotely. They were able to do that same amount if not more.

I can tell you that I'm hearing all over the place that we've got engineers and service desk and developers that are at least as productive if not more. To me, data is where you're going to prove your case.

If you continue to execute as an IT organization and go back and go, "Oh, by the way, that delivery that we just did of the eight people that were on the project, seven worked remotely."

And have them look at you like, "Really?!"

"Yeah. Yeah, in fact, we get more work when they're working from home and they're just as productive."

Michael, you know what my personal opinion, Jay Ferro, is on work from home. When you're doing it, it's six words: Do your job, be available, communicate. If you're doing those things. Do your job, be available, communicate.

Ideally, you can show them something empirical where, "Look, we usually do this many tickets and now it's this and it's the same. There was no drop-off. This many lines of code. This many releases. This many change tickets." Whatever those metrics are for you, I think there's an opportunity to show that working remotely can be as, if not more, productive.

Michael Krigsman: That communication part is extremely important and I would imagine even more so today. Quite frankly, I think it's an area that some CIOs, especially those who have grown up as technologists rather than businesspeople, can sometimes use help with.

Jay Ferro: I agree. I agree and my challenge to them is, get out of your comfort zone. You don't have to be a master communicator overnight. You don't have to get on stage tomorrow and do all those things but start to take bite-sized pieces out of it. Make a phone call. Get up out of your seat and go visit someone. Obviously, when all this has passed. Maintain distance.

[Laughter] Have that conversation. Initiate the lunch. Initiate the WebEx, the conference call, or the Zoom meeting and say, "Look, I'd just like to pick your brain."

I know a number of CIOs, like you said, that were native technologists and that's uncomfortable to them. That's not their default position. My challenge is you don't have to do it all in one day. Just start to chip away at it and the muscle memory will begin to form.

Also, during calmer times, have a communication plan. Obviously, during crisis, you want a communication plan too but, when things are calmer, have a communication plan. How are we reaching the executive team, internal to IT, the entire company, outside of IT? What is the cadence of our communication?

What are the vehicles of our communication? Hey, we're going to do a quarterly newsletter. Hey, we're going to do a lunch and learn – that type of thing. I think, when you begin to do those things and hold yourself accountable to those deliverables, it gets easier.

Michael Krigsman: You spoke about execution. Let's shift our focus there for a moment. In this pandemic situation, at some point, you realized that we have a major problem and we're going to have to do things differently. At what point did you realize that and what did you do? What was your response?

Jay Ferro: I don't recall the actual day. I think it was in early March where it became very apparent that this was going to get more serious. We started mapping out scenarios and if it got bad because, at the time, we didn't know. Depending on who you were listening to online, it either was or wasn't going to be the catastrophic event that it's turned out to be or to have the impact that it's had.

We started doing scenarios. Okay, if X amount of the workforce has to work remotely, are we ready? Do we have machines ready? Is the VPN ready? Are all these technologies ready? Do we have enough licenses for everything?

You begin to map out worst-case scenario, mid-case scenario, best case scenario. "What would we do if—?" those types of things. Again, this is where good IT always pays its benefit.

I've talked to a lot of CIOs who made a lot of good progress in just the fundamentals over the last 18, 24, 36 months into their tenure and they're reaping the benefit of it now. One CIO that I talked to said, "If this had happened a year ago, we would have been in big trouble because we wouldn't have been ready. Our infrastructure couldn't have handled it," et cetera. For us it was, we don't know how bad this is going to be but we're going to be prepared for the worst.

Cloud Strategy in the Event of a Crisis

Michael Krigsman: I have also spoken with a number of CIOs who have told me that their ability to respond connects directly to the fact that they have been migrating systems to the cloud over the course of the last year or two.

Jay Ferro: Oh, yeah. I think that's spot on. I think that's spot on. We'll take credit for it now and go, "Yeah, of course, we did it on purpose because we knew this was going to happen." [Laughter] No but, to me, we're reaping the benefit. We're reaping the benefit now. Some CIOs are not that far along in their journey and they're having to pivot a good bit and come up with alternatives to that.

Michael Krigsman: We have another excellent question from Arsalan Khan. Here's what Arsalan says. He agrees that we need to understand business processes both inside and outside of IT. Here's the kicker. He is not aware of any company that has a complete grasp on them since some of these processes are ad hoc and not even documented. Right?

You were speaking earlier, just a moment ago, about the need to understand those processes from an execution standpoint in order to then be able to adapt in a situation like this. Therefore, the question is, "What do you do? You don't even know all the processes. What do you do?"

Jay Ferro: Yeah, it's tough. He's spot-on – in every company. Every company I've ever been in has that challenge. Every company I've been in has that challenge where it's muscle memory. It's institutional knowledge. It's just kind of ingrained in what they do but there's no playbook they handle.

This is what we do today. Go digitize this or go transform this. This is where, quite frankly, I think IT can shine because of our analytical capability and our business process capability.

What I've done personally, my teams, at multiple companies, Michael, is we've done ride-alongs. We've sat with our frontline staff and asked all these questions. We put our consultant hat on and said, "Walk me through a day in the life. When an invoice comes in, when a ship ticket comes in, when you get a phone call at the American Cancer Society and it's somebody who needs something, where does it go from there?"

You're putting on your private investigator hat and you're going to go be a business analyst at some point and document it yourself. Sometimes you need external help. Then you begin to challenge, why do we have nine handoffs? Why does it hit six systems? Why does it need to see so many people?

You're going to ruffle feathers. I promise you. Every company I've ever been in, I've had people some of whom are now CIOs like my good friend Shaun Hunt who is CIO at McKenney's here in Atlanta. I would sick him on people back when he worked for me when he was a lowly IT manager and he would ruffle feathers because he asked challenging questions.

He'd be up in front of the whiteboard and he'd say, "So, you're okay with nine steps and it going back and forth when it could be done in two."

Instantly, I'd get a phone call. "That Shaun, he's really," blah-blah-blah-blah-blah.

"Is he right?"

"Well, yeah, he's right, but…"

I think there's an opportunity for the CIO to show that they can improve business processes, not just ingest business processes. Yeah, but it's a challenge. Arsalan is absolutely right. You're not being handed a playbook of, "This is everything we do. Go learn it."

Cloud Infrastructure and Business Agility

Michael Krigsman: What I find particularly interesting is, we hear about IT and the CIO needing to be agile and responsive to changing business needs. In this case, it was the prior investment in certain types of infrastructure and systems, specifically cloud, that has enabled. A technology, in this case, has directly enabled responsive changes to workforce composition, working from home, workforce relationships. It seems like a uniquely clear example of infrastructure driving business agility.

Jay Ferro: I love it. I love it. I have heard so many business executives, non-IT folks who have gone from anti-cloud or cloud just cloud ambivalent, we'll call it, to "Why don't we have everything in the cloud?" because they're seeing the benefit and the flexibility that, when done right, that the cloud can afford.

Now, again, it's not a silver bullet. People get bitten by cost overruns. They get bitten by poorly architected applications.

Like you said at the beginning, or we laughed about, you know, they think it's lift and shift. But when done correctly, it affords a lot of flexibility to an organization.

Michael Krigsman: Can you tell us what's next? Just from where you sit now, what do you hear other CIOs talking about? What's your thinking about where we go next in this uncharted and—we hear this term, appropriately used term—unprecedented?

Jay Ferro: I think it's going to be a gamechanger. I talked earlier about accelerating digital transformation. I think it's exposed a lot of areas in many companies where they can improve.

First and foremost, it's all about keeping your customers and your employees safe and getting through this period and then figuring out a way to return to normal business in the safest possible way. After that, there is going to be time to reflect. Not much, but some time to reflect and figure out, what could we have done better? But, more importantly, how are we going to learn from this?

Unfortunately, like many CIOs or many companies—I don't want to pin it just on the CIO—we tend to have short-term memory, Michael. You know that. We fly after airlines crash. We do things, not that we shouldn't, but we have to have short-term memories because bad things happen and we want to get back to a new sense of normal. But we can't rest on that.

I think there's an opportunity for us to learn from this as IT leaders and as leaders, period, and have it frame our decision-making going forward. Informed, rather, our decision-making going forward. I hope we don't lose that.

I don't want the conversation just to be, "Well, if there's another pandemic, we're going to be ready." It's even beyond what the incident is. It's, "How are we framing a new way to work, a new way to communicate, a new way to collaborate? Were we thinking about this the wrong way?" so that we're better prepared.

By the way, even when there's not a pandemic, when there's not an incident, our business as usual, our standard operating procedures are vastly improved because we're taking advantage of that same technology and that same thinking. I hope we do that. I hope we just don't fall back into our own patterns. I suspect most CIOs and leaders will learn from it but some, unfortunately, probably won't and they'll forget about it and be bitten next time.

Advice for Chief Information Officers

Michael Krigsman: What advice do you have for CIOs today who may be feeling overwhelmed who haven't prepared as fully as they might have? They're scared for their health, the safety of their employees. They're scared for their own job. They're behind the eight-ball. What should they be doing now?

Jay Ferro: First of all, take care of yourself. Take care of your family. Do everything that you can do. There's no sense in beating yourself up.

Woulda, coulda, shoulda: can't do anything about that. You are where you are. Do everything you can during that day and come back the next day and live to fight another day.

Don't get wrapped around the axel at the enormity of it. What's the old saying? You eat an elephant one bite at a time. You've just got to take the biggest bite you can every day and move forward. Be the leader that your organization needs.

Your employees and your staff, your peers are looking at you. Now is not a time to wilt or feel sorry for yourself. Now is the time to rise up and show them that you're the leader that they can depend on through crisis. That's not a guarantee that something bad won't happen but it's certainly more likely that something good will happen and something positive will come out for you as a future leader.

Also, stay vigilant with security because the bad guys, of course, they never let a crisis go to waste. Continue to stay vigilant. We know there is a lot more activity out there, so I'd be failing miserably if I didn't mention security.

Michael Krigsman: On the CXOTalk website, we pay for an external firewall. I'm looking at the logs. I see that there are people who are really making considered attempts to hack our website. The firewall is blocking some of it. Some of it is not. They haven't gotten through, as far as I know, but I'm seeing these repeated attempts. Some of these are very sophisticated because I can see the queries that they're trying to post, looking for various vulnerabilities.

I am but a humble—well, my wife would say I'm not so humble—industry analyst. What can I do to protect myself?

Jay Ferro: Well, certainly, you can get some external help just to review everything that you're doing to make sure you're being as vigilant as you can. You're already doing a lot even by looking at the logs, so I would certainly lean on your vast network, Michael, of folks and maybe get a little external help to tighten things up and just make sure that there aren't windows or doors open that you're not aware of. I would absolutely do that, whether it's pen testing or vulnerability assessments, those types of things.

The other thing is, you're going to see a lot more activity. Every organization is seeing it, whether it's things that are just brute-forced or blunt kind of, you know, really bad phishing attempts all the way to more sophisticated attacks.

Why is that? Well, our attention is diverted, right? Our attention is diverted to remote work. People are learning new skills. They're flexing new muscles. What better time to attack them than when there's uncertainly in the system?

We remind our employees to stay vigilant. I know other CIOs are, "Question everything. When you get an email, don't click on things unless you're 100% sure. Triple-check everything and just assume negative intent at this point if there's anything about it that smells fishy."

Michael Krigsman: Why would sophisticated people? I mean I'm telling you the queries that I'm seeing on our site are very sophisticated. These attacks are coming from very, very, very knowledgeable people. Why would anybody bother with the CXOTalk website? There's no database. There are no credit cards. There's nothing there.

Jay Ferro: They want everything. The thing is a lot of it is so automated that they don't even know what they're doing. When they get a hit, then they're going to come back and maybe investigate further. Really, what they're doing is you're seeing a lot of bulk attacks, spray and pray kind of attacks, looking for vulnerabilities.

I remember at the American Cancer Society, now clearly you and I doing what we do for a living, you would say, "Well, an organization as big as that was or is, as global as it is, and the way that they take in money, donations, et cetera, you're dealing with patients, you're dealing with volunteers, you've got some data there."

I remember a number of business leaders in the organization who have long since retired, they have said, "Well, we're the good guys. They wouldn't come after us." I can't even with a statement like that. They're bad guys. [Laughter] They don't care who they're going after. They're going to go after you. It's that kind of attitude that gets people in trouble.

Stay vigilant and lean on third parties, a little bit of third-party help if you need to. Don't take it personally. I don't think they're after Michael Krigsman. [Laughter] Yeah, I think that's what it is at this point.

Michael Krigsman: All right. Jay Ferro, CIO of Quikrete. Thank you for being with us and talking with us today on CXOTalk, Jay.

Jay Ferro: It's my pleasure, Michael. Great to see you. Stay safe.

Michael Krigsman: Everybody, thank you for watching and especially to those people on both LinkedIn and Twitter who commented today. Please, subscribe to our YouTube channel and subscribe to our newsletter. Hit the subscribe button at the top of our website. We'll see you soon. Go to Great shows, really great shows coming up.

I hope you have a great day and stay safe wherever it is that you are today. Bye-bye, everybody. Have a good one.

Published Date: Apr 10, 2020

Author: Michael Krigsman

Episode ID: 649