Shane Snider, Senior Writer, InformationWeekApril 14, 20254 Min ReadIvan Marc Sanchez via Alamy Stock President Donald Trump’s trade policies -- particularly with major tech exporter China -- stand to have a big impact on IT department budgets. While the saga of back-and-forth tariffs seems far from over, experts say there are ways CIOs can manage budgets to brace for outcomes.CIOs are under tremendous pressure with digital transformation needs rising with demand for GenAI at a fever pitch. With a volatile geopolitical and economic landscape, IT leaders face a real headache when it comes to planning.The ongoing trade saga has many economists warning of a coming recession. Last week, JP Morgan increased their prediction on the likelihood of recession from 40% to 60%, while S&P Global pegged recession probability at 35%.The Trump administration tariff saga began in February, starting with new tariffs on goods from Mexico, Canada and China -- those tariffs were paused for 30 days and reinstated with some exemptions. Earlier this month, the administration announced a new package of “reciprocal” tariffs on dozens of nations, which tariffs on China’s goods rocketing to 34%. After a severe US stock market rout, Trump paused the new tariffs (except) for those on China, sending stocks soaring back.The back-and-forth saw China retaliate, with Trump raising the total import levy for China’s goods to 145%; China shot back with 125% retaliatory tariffs on US imports. Late last week, Trump announced that certain electronics, semiconductors, phones, computers and flat screens would be exempted. However, on Sunday he wavered on semiconductor exemptions, and said that semiconductor tariffs would come soon. It’s unclear how long any exemptions would apply.Related:The trade war seems far from over, as China has so far refused direct negotiations with US leaders.Tech leaders are forced to try to keep up with a fluid situation with budgets that were already tight.The Cost of Trade Chaos“IT infrastructure will likely see significant price increases as major manufacturing nations face high tariff rates, especially in the US,” says Mark Moccia, vice president and research director for Forrester’s CIO practice. “The rising costs could balloon budgets and force CIOs to delay or prioritize the most important projects.”But with uncertainty about where the tariffs will land, IT leaders face a difficult task in adapting for increased costs. “Nobody has a clue where this is going to go,” Moccia tells InformationWeek in a live chat. “And it will change day-to-day. It’s really hard for CIOs to have to adjust in real time like that.”Related:According to Deloitte, IT budgets for companies average 5.49% of revenue. With new AI projects taking a bite out of that spend, increasing hardware costs could be a significant drain on tight budgets. In March, China’s exports jumped 12.4% from a year earlier as businesses stockpile tech and other goods to get ahead of tariff increases, according to Reuters.Large businesses with more cash on hand were in a better position to stock up, Moccia says.What Can CIOs Do?Jim DuBois, consultant, author and former Microsoft CIO, thinks there may be a silver lining.“The willingness to pause tariffs seems to indicate that the tariffs are more a negotiating tactic than something planned to continue,” he tells InformationWeek in an email interview. “CIOs should be opportunistic about needed purchases in the current uncertainty, thoughtful about how they can influence their own company’s pricing, and double down on using AI to drive efficiency and cost savings.”Forrester’s Moccia, co-author of the firm’s report, “Technology Leaders: How to Thrive Through Volatility,” cautions against knee-jerk cuts that could impact the company’s prospects.“CIOs and other tech leaders will need to proactively analyze costs, diversify sourcing, optimize inventory and prioritize the projects that don’t sacrifice critical AI ambitions,” Moccia says, adding that staff reduction should be the last resort. “We urge CIOs to lean more heavily into other methods of spend optimization before drastically reducing labor expenses. Minimizing cuts to IT staff will allow for existing personnel to buy down more technical debt [and] improve data management capabilities to set up AI deployments for success.”Related:Moccia says IT leaders can use lessons learned during the COVID-19 pandemic.“We were in kind of a similar situation where we just didn’t really know where it was going -- with economic chaos in the markets and supply chain constraints,” he says. “And those persisted for a while. So, you did see some similar behaviors where organizations that were thinking ahead and had the capital went out and bought a ton immediately and brought it in-house. They had what they needed to execute. And others just sort of paused, or maybe they didn’t have the capital to take advantage. It’s a similar scenario.”About the AuthorShane SniderSenior Writer, InformationWeekShane Snider is a veteran journalist with more than 20 years of industry experience. He started his career as a general assignment reporter and has covered government, business, education, technology and much more. He was a reporter for the Triangle Business Journal, Raleigh News and Observer and most recently a tech reporter for CRN. He was also a top wedding photographer for many years, traveling across the country and around the world. He lives in Raleigh with his wife and two children.See more from Shane SniderWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Murali Swaminathan, Chief Technology Officer, Freshworks April 14, 20254 Min ReadBonaventura via Alamy StockAs tech pros, the question isn’t just whether AI will disrupt our industries -- it’s how we can leverage its power in a responsible, sustainable way. At SXSW 2025, I had the privilege of serving on the “Innovation Unbridled: Balancing the Promise and Peril of AI” panel. The session provided a thought-provoking exploration of AI’s transformative potential, and the challenges tech leaders face when integrating AI into their operations. What made this panel particularly engaging was the diverse audience -- attendees from all walks of life, asking tough questions that forced us to consider AI from ethical, practical, and social perspectives. Here are six key takeaways to guide your AI journey: 1. AI should solve problems, not create them AI must address real business challenges, not introduce new ones. Too often, organizations rush to adopt the latest tools and technologies without fully understanding their impact on existing processes. The result? More complexity, confusion, and inefficiency. It’s crucial to ensure that any AI implementation directly addresses specific pain points within your organization. Whether it’s automating tasks, improving customer personalization, or enhancing decision-making, AI should add measurable value. When deploying AI, start by asking: How will this improve our business outcomes? What specific problem does it solve? Related:Actionable insight: Prioritize AI tools that seamlessly integrate with existing systems and processes. Use AI as a strategic asset to enhance productivity and deliver tangible results. 2. AI should upskill people, not replace them It’s no secret that many fear AI will lead to widespread job displacement. While this concern is valid, the reality is that AI is designed to augment human abilities, not replace them. It can handle repetitive tasks, analyze vast amounts of data, and provide real-time insights, allowing employees to focus on higher-value activities that require creativity, empathy, and complex problem-solving. The key is understanding that AI’s real value lies in enabling your team to work smarter, not harder. AI can help streamline operations and improve efficiency, but it should never be seen as a substitute for human ingenuity. Actionable insight: Invest in upskilling and reskilling your workforce to ensure employees are ready for a future where AI complements their work. Offer training programs or collaborate with educational institutions for continuous learning opportunities. 3. Balancing open-sourcing AI with ethics Related:While open-sourcing AI has the potential to democratize access and drive innovation, it also raises important ethical concerns. How can we ensure that AI tools are used responsibly and safely? What measures need to be put in place to prevent misuse or unintended harm? It’s vital to ensure that any AI system deployed in your organization follows strict ethical guidelines. Whether you’re using open-source models or proprietary tools, transparency, accountability, and safety should always be top priorities. Actionable insight: Establish a robust AI governance framework within your organization, including security protocols, ethical guidelines, and regular audits. Collaborate with legal and compliance teams to create policies that protect both your business and customers. 4. AI’s role in reshaping industries AI is transforming industries, from precision healthcare to environmental sustainability, by driving value, personalization, and innovation. To fully leverage AI’s potential, businesses must adapt their operating models and become more agile. The challenge lies not only in adopting AI but also in fostering an environment where innovation thrives. This requires rethinking organizational structures, embracing cross-functional collaboration, and cultivating a culture of continuous improvement. Related:Actionable insight: Build an agile organization that adapts quickly to AI advancements. Encourage cross-functional collaboration, experimentation, and view AI as an enabler of ongoing business transformation, not a one-off project. 5. Fostering a culture of support and growth Workforce burnout is an increasing concern as businesses push employees to adopt new technologies and work longer hours to stay competitive. While AI can alleviate some repetitive tasks, leaders must prioritize creating an environment that nurtures employee growth and well-being. Actionable insight: As you implement AI to boost efficiency, foster a culture of support and growth. Encourage flexibility, invest in employee development, and set realistic productivity expectations. Innovation should empower your team, driving both business and personal growth without compromising employee satisfaction. 6. AI regulation -- balancing innovation with responsibility AI is evolving rapidly, and the need for regulation is becoming more pressing. Strong guardrails are essential to ensure AI is developed responsibly and ethically. As tech pros, it’s our responsibility to stay ahead of the regulatory curve, ensuring that your AI initiatives align with emerging ethical standards. While regulation may evolve over time, embedding ethical considerations into your AI strategy now will help future-proof your business. Actionable insight: Stay informed about AI regulation and collaborate with industry bodies to help shape the future of AI governance. This proactive approach will protect your organization from legal challenges and demonstrate your commitment to responsible innovation. Closing Thoughts AI must be used thoughtfully, serving both business goals and societal well-being. As tech pros, it is our responsibility to harness AI in ways that solve real problems, empower employees, and drive ethical innovation. By embracing these takeaways, you can position your organization to thrive in the AI era while staying true to your values and responsibilities. About the AuthorMurali SwaminathanChief Technology Officer, Freshworks Murali Swaminathan serves as chief technology officer at Freshworks, responsible for the company’s technology roadmap and strategy, and leading global engineering and architecture teams. With 30+ years of experience, he has held leadership roles at ServiceNow, Recommind (now OpenText), and CA Technologies (now Broadcom), delivering scalable, secure solutions that drive digital transformation. Murali holds a master’s in software engineering management from Carnegie Mellon University and a bachelor’s in electronics and instrumentation from Annamalai University in India.See more from Murali SwaminathanWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorApril 14, 20255 Min ReadScience Photo Library via Alamy Stock PhotoNeuromorphic computing is the term applied to computer elements that emulate the way the human brain and nervous system function. Proponents believe that the approach will take artificial intelligence to new heights while reducing computing platform energy requirements. "Unlike traditional computing, which incorporates separate memory and processors, neuromorphic systems rely on parallel networks of artificial neurons and synapses, similar to biological neural networks," observes Nigel Gibbons, director and senior advisor at consulting firm NCC Group in an online interview. Potential Applications The current neuromorphic computing application landscape is largely research-based, says Doug Saylors, a partner and cybersecurity co-lead with technology research and advisory firm ISG. "It's being used in multiple areas for pattern and anomaly detection, including cybersecurity, healthcare, edge AI, and defense applications," he explains via email. Potential applications will generally fall into the same areas as artificial intelligence or robotics, says Derek Gobin, a researcher in the AI division of Carnegie Mellon University's Software Engineering Institute. "The ideal is you could apply neuromorphic intelligence systems anywhere you would need or want a human brain," he notes in an online interview. Related:"Most current research is focused on edge-computing applications in places where traditional AI systems would be difficult to deploy, Gobin observes. Many neuromorphic techniques also intrinsically incorporate temporal aspects, similar to how the human brain operates in continuous time, as opposed to the discrete input-output cycles that artificial neural networks utilize." He believes that this attribute could eventually lead to the development of time-series-focused applications, such as audio processing and computer vision-based control systems. Current Development As with quantum computing research, there are multiple approaches to both neuromorphic hardware and algorithm development, Saylors says. The best-known platforms, he states, are BrainScaleS and SpiNNaker. Other players include GrAI Matter labs and BrainChip. Neuromorphic strategies are a very active area of research, Gobin says. "There are a lot of exciting findings happening every day, and you can see them starting to take shape in various public and commercial projects." He reports that both Intel and IBM are developing neuromorphic hardware for deploying neural models with extreme efficiency. "There are also quite a few startups and government proposals looking at bringing neuromorphic capabilities to the forefront, particularly for extreme environments, such as space, and places where current machine learning techniques have fallen short of expectations, such as autonomous driving." Related:Next Steps Over the short term, neuromorphic computing will likely be focused on adding AI capabilities to specialty edge devices in healthcare and defense applications, Saylors says. "AI-enabled chips for sensory use cases are a leading research area for brain/spinal trauma, remote sensors, and AI enabled platforms in aerospace and defense," he notes. An important next step for neuromorphic computing will be maturing a technology that has already proven successful in academic settings, particularly when it comes to scaling, Gobin says. "As we're beginning to see a plateau in performance from GPUs, there's interest in neuromorphic hardware that can better run artificial intelligence models -- some companies have already begun developing and prototyping chips for this purpose." Another promising use case is event-based camera technology, which shows promise as a practical and effective medium for satellite and other computer vision applications, Gobin says. "However, we have yet to see any of these technologies get wide-scale deployment," he observes. "While research is still very active with exciting developments, the next step for the neuromorphic community is really proving that this tech can live up to the hype and be a real competitor to the traditional hardware and generative AI models that are currently dominating the market." Related:Looking Ahead Given the technology's cost and complexity, coupled with the lack of skilled resources, it's likely to take another seven to 10 years before widespread usage of complex neuromorphic computing occurs, Saylors says. "However, recent research in combining neuromorphic computing with GenAI and emerging quantum computing capabilities could accelerate this by a year or two in biomedical and defense applications." Mainstream adoption hinges on hardware maturity, cost reduction, and robust software, Gibbons says. "We may see initial regular usage within the next five to 10 years in specialized low-power applications," he predicts. "Some of this will be dictated by the maturation of quantum computing." Gibbons believes that neuromorphic computing's next phase will focus on scaling integrated chips, refining and spiking neural network algorithms, and commercializing low-power systems for applications in robotics, edge AI, and real-time decision-making. Gibbons notes that neuromorphic computing may soon play an important role in advancing cybersecurity. The technology promises to offer improved anomaly detection and secure authentication, thanks to event-driven intelligence, he explains. Yet novel hardware vulnerabilities, unknown exploit vectors, and data confidentiality remain critical concerns that may hamper widespread adoption. About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Lisa Morgan, Freelance WriterApril 14, 20259 Min ReadBrain light via Alamy StockFICO Chief Analytics Officer Scott Zoldi has spent the last 25 years at HNC and FICO (which merged) leading analytics and AI at HNC FICO is well known in the consumer sector for credit scoring, while the FICO Platform helps businesses understand their customers better so they can provide hyper-personalized customer experiences.  “From a FICO perspective, it’s making sure that we continue to develop AI in a responsible way,” says Zoldi. “There’s a lot of [hype] about generative AI now and our focus has been around operationalizing it effectively so we can realize this concept of ‘the golden age of AI’ in terms of deploying technologies that actually work and solve business problems.” While today’s AI platforms make model governance and efficient deployment easier, and provide greater model development control, organizations still need to select an AI technique that best fits the use case. A lot of the model hallucinations and unethical behavior are based on the data on which the models are built, Zoldi says. “I see companies, including FICO, building their own data sets for specific domain problems that we want to address with generative AI. We’re also building our own foundational models, which is fully within the grasp of almost all organizations now,” he says.  Related:He says their biggest challenge is that you can never totally get rid of hallucinations. “What we need to do is basically have a risk-based approach for who’s allowed to use the outputs, when they’re allowed to use the outputs, and then maybe a secondary score, such as a AI risk score or AI trust score, that basically says this answer is consistent with the data on which it was built and the AI is likely not hallucinating.” Some reasons for building one’s own models include full control of how the model is built, and reducing the probability of bias and hallucinations based on the data quality.   “If you build a model and it produces an output, it could be hallucination or not. You won’t know unless you know the answer, and that’s really the problem. We produce AI trust scores at the same time as we produce the language models because they’re built on the same data,” says Zoldi. “[The trust score algorithms] understand what the large language models are supposed to do. They understand the knowledge anchors -- the knowledge base that the model has been trained on -- so when a user asks a question, it will look at the prompts, what the response was, and provide a trust score that indicates how well aligned the model’s response is aligned with the knowledge anchors on which the model was built. It’s basically a risk-based approach.” Related:FICO has spent considerable time focused on how to best incorporate small or focused language models as opposed to simply connecting to a generic GenAI model via an API. These “smaller” models may have eight to 10 billion parameters versus 20 billion or more than 100 billion, for example. He adds that you can take a small language model and achieve the same performance of a much larger model, because you can allow that small language model to spend more time reasoning out an answer. “And it’s powerful because it means that organizations that can only afford a smaller set of hardware can build a smaller model and deploy it in such a way that it’s less costly to use and just as performant as a large language model for a lot less cost, both in model development and in the inference costs of actually using it in a production sense.” Scott ZoldiThe company has also been using agentic AI. “Agentic AI is not new, but we now have frameworks that assign decision authority to independent AI operators. I’m okay with agentic AI, because you decompose problems into much simpler problems, and those simpler problems [require] much simpler models,” says Zoldi. “The next area is a combination of agentic AI and large language models, though building small language models and solving problems in a safe way is probably top of mind for most of our customers.” Related:For now, FICO’s primary use case for agentic AI is generating synthetic data to help counter and stay ahead of threat actors’ evolving methods. Meanwhile, FICO has been building focused language models that address financial fraud and scams, credit risks, originations, collections, behavior scoring and how to enable customer journeys. In fact, Zoldi recently created a focused model in only 31 days using a very small GPU. “I think we’ve all seen the headlines about how these humongous models with billions of parameters and thousands of GPUs, but you can go pretty far with a single GPU,” says Zoldi.  Challenges Zoldi Sees in 2025 One of the biggest challenges CIOs faces is anticipating the shifting nature of the US regulatory environment. However, Zoldi believes regulation and innovation go hand in hand. “I firmly believe that regulation and innovation inspire each other, but others are wondering how to develop their AI applications appropriately when [they’re not prescriptive],” says Zoldi. “If they don't tell you how to meet the regulation, then you're guessing how the regulations might change and how to meet them.”  Many organizations consider regulation a barrier to innovation rather than an inspiration for it.  “The innovation is basically a challenge statement like, ‘What does that innovation need to look like?’ so that I can meet my business objective, get a prediction, and have an interpretable model while also having ethical AI. That means better models,” says Zoldi. “Some people believe there shouldn’t be any constraints, but if you don’t have them, people will continue to ask for more data and ignore copyrights. You can also go down a deep learning path where models are uninterpretable, unexplainable, and often unethical.” What Innovation at FICO Looks Like At FICO, innovation and operationalization are synonymous. “We just built our first focused model last year. We’ve been demonstrating how small models on task specific domain problems perform just as well as large language models you can get commercially, and then we operationalize it,” says Zoldi. “That means I’m coming up with the most efficient way to embed AI in my software. We’re looking at unique software designs within our FICO Platform to enable the execution of these technologies efficiently.” Some time ago, Zoldi and his team wanted to add audit capabilities to the FICO Platform. To do it, they used AI blockchains. “An AI blockchain codifies how the model was developed, what needs to be monitored, and when you pull the model. Those are really important concepts to incorporate from an innovation perspective when we operationalize, so a big part of innovation is around operationalization. It’s around the sensible use of generative AI to solve very specific problems in the pockets of our business that would benefit most. We’re certainly playing with things like agentic AI and other concepts to see whether that would be the attractive direction for us in the future.” The audit capabilities FICO built can track every decision made on the platform, what decisions or configurations have changed, why they changed, when they changed and who changed them. “This is about software and the components, how strategies change, and how that model works. One of the main things is ensuring that there is auditing of all the steps that occur when an AI or machine learning model gets deployed in a platform, and how it’s being operated so you can understand things like who’s changing the model or strategy, who made that decision, whether it was tested prior to deployment and what the data is to support the solution. For us, that validation would belong in a blockchain so there is the immutable record of those configurations.” FICO uses AI blockchains when it develops and executes models, and to memorialize every decision made.  “Observability is a huge concept in AI platforms today. When we develop models, we have a blockchain that explains how we develop it so we can meet governance and regulatory requirements. On the same blockchain, are exactly what you need for real-time monitoring of AI models, and that wouldn't be possible if observability was not such a core concept in today's software,” says Zoldi. “Innovation in operationalization really comes from the fact that the software on which organizations build and deploy their decision solutions are changing as software and cloud computing advance, so the way we would have done it 25, 20, or 10 years ago is not the way that we do it most efficiently today. And that changes the way that we must operationalize. It changes the way we deploy and the way we even look at basic things like data.” Why Zoldi Has His Own Software Development Team Most software development organizations fall under a CIO or CTO, which is also true at FICO, though Zoldi also has his own software development team and works in partnership with FICO’s CTO.  “If a FICO innovation has to be operationalized, there must be a near term view to how it can be deployed. Our software development team makes sure that we come up with the right software architectures to deploy because we need the right throughput and latency,” says Zoldi. “Our CTO, Bill Waid, and I both focus a lot of our time on what are those new software designs so that we can make sure that all that value can be operationalized.” A specialized software team has been reporting to Zoldi for nearly 17 years, and one benefit is that it allows Zoldi to explore how he wants to operationalize, so he can make recommendations to the CTO and platform teams and ensure that new ideas can be operationalized responsibly. “If I want to take one of these focus language models and understand the most efficient way to deploy it and do inferencing, I'm not dependent on another team. It allows me to innovate rapidly, because everything that we develop in my team needs to be operationalized and be able to be deployed.  That way, I don't come with just an interesting algorithm and a business case. I come with an interesting algorithm, a business case and a piece of software so I can say these are the operating parameters of it. It allows me to make sure that I essentially have my own ability to prioritize where I need software talent focused from my types of problems for my AI solutions. And that's important because, I may be looking three years, four, or five years ahead, and need to know what we will need.” The other benefit is that the CTO and the larger software organization don’t have to be AI experts. “I think most high performing AI machine learning research teams like the one that I run, really need to have that software component so they have some control, and they're not in some sort of prioritization queue for getting some software attention,” says Zoldi. “Unless those people are specialized in AI, machine learning and MLOps, it’s going to be a poor experience. That’s why FICO is taking this approach and why we have the division of concerns.” About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emerging technology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.What Top 3 Principles Define Your Role as a CIO and a CTO?What Top 3 Principles Define Your Role as a CIO and a CTO?The CIO of IBM and the CIO of NMI discuss some foundational elements that help them navigate the shifting demands of providing leadership on tech.Joao-Pierre S. Ruth, Senior EditorApril 14, 2025The duties of C-suite tech leadership at enterprises are changing rapidly of late. AI shook up strategies at many companies and can lead to new demands on CIOs, CTOs, and others responsible for technology plans and use.The core principles that guide CIOs and CTOs can be essential for navigating such times, especially when organizations look to them for direction.In this episode, Matt Lyteson, CIO of IBM, and Phillip Goericke, CTO of NMI, share some key principles that define their respective roles at their organizations. They also discuss where they picked up some of the lessons that shaped those principles, how their jobs have changed since they got their starts, and whom they look to for inspiration as leaders -- as well as what they wish they knew when they got started. Listen to the full episode here.About the AuthorJoao-Pierre S. RuthSenior EditorJoao-Pierre S. Ruth covers tech policy, including ethics, privacy, legislation, and risk; fintech; code strategy; and cloud & edge computing for InformationWeek. He has been a journalist for more than 25 years, reporting on business and technology first in New Jersey, then covering the New York tech startup community, and later as a freelancer for such outlets as TheStreet, Investopedia, and Street Fight.See more from Joao-Pierre S. RuthWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

As AI continues to evolve, the question becomes whether companies can transform their businesses while adapting their workforce strategies at the same pace. An executive mindset shift -- or mindshift -- is needed to not only reimagine businesses forward, but to also prepare workers for roles that don’t yet exist. Seismic shifts lie ahead: artificial intelligence will reshape 86% of businesses by 2030, according to a new World Economic Forum (WEF) report. That same report also predicts that AI and automation will create 170 million jobs, while displacing 92 million roles as companies adapt to technological change; 39% of existing skill sets will become outdated between 2025-2030.  Business, Not Digital, Transformation Is the Way Forward  Companies now face a new chapter in the evolution of digital transformation, one that challenges organizations to think beyond the digitization of legacy processes and workflows they prioritized over the past decade. In reality, BCG research uncovered that 70% of digital transformations still fall short of their objectives.  Before the dawn of ChatGPT, it could be argued that most digital transformation efforts focused on the digitization and optimization of legacy processes. The pursuit of efficiency, scale, and cost-cutting limited or impaired the prospect of any meaningful transformation desired business outcomes. The same may already be happening in an era of AI. Companies are prioritizing the automation of the processes and workflows digitized over the past decade, which is important, but without exploring the potential for new opportunities in an era of AI, automation may not be enough to evolve.  Related:If digital transformation was the defining strategy in the 2000s, AI-native business transformation represents a potentially better, and more adaptable way forward. Unlike digital transformation, AI represents an opportunity for business transformation. It’s an inflection point to reimagine organizations and work in a world where AI becomes inherently attached to almost every technology, action, and outcome.  The Next Chapter of AI-Native Businesses 2025 is set to be the year that not just AI, but AI agents, start to reshape the enterprise. While organizations are just beginning to recognize the possibilities of AI, they are not yet exploring the implications of businesses that accelerate AI-first transformation. Now is the time for organizations to embrace AI beyond tools and as a core component of their strategic mindset and operational framework. Related:But what does it mean to be an AI-first enterprise?  To help, let’s substitute AI-first with AI-native: AI as being native to the core of the business itself, strategy, operations, culture, and value creation. It’s also more than the implementation of AI tools across the enterprise. It's about redefining roles, work, and operations, fostering innovation, and creating a culture that embraces change.  An AI-native enterprise is characterized by the strategic integration of artificial intelligence at the core of its operations and decision-making.  An AI-native approach will fundamentally redefine how businesses operate, innovate, and engage with customers, employees, and their ecosystem. AI becomes not just a tool, but the central driver of decision-making, operational efficiency, and customer interaction. Lead in the AI Revolution or Be Left Behind AI-first is not just about using AI, it’s about making AI native to business architecture, foundationally. Make AI core to decision-making: AI is not just a tool for efficiency; it plays a central role in strategic decision-making, forecasting, and autonomous execution. Use AI to drive exponential thinking, not incremental optimization: Instead of improving traditional business processes, AI-native companies reimagine workflows, value chains, and customer experiences from scratch. Automate adaptability: AI-first companies build systems that can sense, analyze, and act autonomously in real-time across supply chains, operations, and customer engagement. Integrate AI to spur network effects and self-learning models: Continuously improve via feedback loops, fine-tune AI models, and leverage collective intelligence rather than relying solely on human input. Make data and compute as a core asset: Unlike traditional companies that prioritize physical assets or human capital, AI-first organizations treat data, compute power, and algorithmic capabilities as their primary competitive advantage. Drive workflow transformation with AI agents: AI agents are the next major evolution in AI-native businesses. They don’t just enhance workflows; they autonomously execute tasks, make decisions, and optimize operations at a scale and speed impossible for human-led organizations. You need to make sure you are designing and enhancing workflows of the future, not the past. Why? AI-native businesses will rely on agentic systems to manage core functions, drive efficiency, and create new competitive advantages. Redefine leadership for an AI-native era: C-Suites are not immune. Train executives and managers to think strategically about AI adoption, guiding their teams in AI-first decision-making and workflow transformation. Invest in reskilling programs for emerging roles: As AI automates repetitive tasks, new roles will emerge that require human creativity, problem-solving, and oversight. Companies must proactively explore and identify future job needs and provide pathways for employees to transition into high-value roles. This includes preparing for an agentic enterprise and beyond. Related:The shift from digital transformation to AI-native business transformation is not just an evolution -- it is a foundational reinvention of how organizations operate, compete, and create value. AI-native enterprises are architecting their businesses around it, making AI the backbone of strategy, decision-making, and execution. It’s about designing businesses where AI is intrinsic to every function, continuously learning, adapting, and driving innovation. AI-native leaders are also preparing for workforce evolution for the agentic enterprise, imagining new roles, and upskilling and reskilling in preparation, especially as the agentic enterprise takes shape. As AI agents become more capable, businesses must simultaneously prepare for the inevitable rise of an Agentic Enterprise. AI-native pacesetters will prepare their architecture for embedding AI agents into workflows across the enterprise to augment decision-making, operations, and customer engagement. The future won’t favor companies that use AI; it will reward those that architected for it and AI’s evolution. 

John Edwards, Technology Journalist & AuthorApril 11, 20255 Min ReadMikhail Reshetnikov via Alamy Stock PhotoEvery IT team seems to have one -- the member who's highly dedicated and talented, yet also something of a free spirit. Knowing how to tolerate and cater to this individual's unique needs without alienating other team members isn't a task generally covered in Management 101 courses for CIOs and IT leaders, yet it's essential in order to keep your team happy and productive. Instead of trying to fit a quirky team member into a rigid mold, work to understand what makes them tick and leverage that unique perspective, suggests Anbang Xu, founder of JoggAI, an AI-powered video platform, and a former senior product manager at Apple and senior software engineer at Google. It’s important to give these individuals space to thrive in their own way, while maintaining clear communication and setting expectations, he observes in an email interview. "By focusing on their strengths, I’ve found that they can bring innovative solutions and fresh ideas that would otherwise be overlooked." Embracing Uniqueness Embrace uniqueness while setting clear expectations, recommends Chetan Honnenahalli, engineering lead at software firm Hubspot and a former team leader at Meta, Zoom, and American Express. "Focus on their strengths and the value they bring to the team but establish boundaries to ensure their behavior doesn’t disrupt team dynamics or project goals," he says in an online interview. "Frequent one-on-one check-ins can help address potential concerns while reinforcing their contributions." Related:Balance respect for individuality with the needs of the team and organization. By valuing their quirks as part of their creative process, you'll foster a sense of belonging and loyalty, Honnenahalli says. "Clear boundaries and open communication will prevent potential misunderstandings, ensuring harmony within the team." Tolerance should depend on the impact of their behavior on team dynamics and project outcomes, Honnenahalli says. "Quirks that enhance creativity or problem-solving should be celebrated, but behaviors that cause disruptions, undermine morale, or create inefficiencies should be addressed promptly." Toleration Techniques Quirky behavior can become an issue if it interferes with the employee's ability to perform their work or if it disrupts fellow team members, says Matt Erhard, managing partner with professional search firm Summit Search Group, via email. "In these cases, the best approach is to have a one-on-one conversation with that employee," he advises. "Address the specific behaviors of concern and establish some expectations and boundaries about what is and isn't acceptable within the workplace." Related:Give the quirky team member strategies and guidelines to adapt their behavior within the workplace setting, Erhard recommends. "It should be made clear that you aren't criticizing or trying to change their personality but rather establishing rules about how they're expected to interact with their colleagues or customers when they're at work." As long as a maverick's behavior doesn't impede team collaboration, project deadlines, or morale, there’s room for individuality, Xu says. "The level of quirkiness you’re willing to tolerate is really a matter of balance," he states. "If their personality adds value without disrupting the team's harmony or performance, then it’s worth embracing." Team Impact Set team norms that allow for individuality while ensuring mutual respect and collaboration, Honnenahalli recommends. Address issues directly and constructively, ensuring open dialogue and fair resolutions. "Highlight how the individual’s quirks contribute positively to the team’s success, encouraging a culture of acceptance." Open communication is vital, Erhard says. "Talk to other team members about the issues they're having and why it's a concern for them." Facilitating a dialogue between the individuals can help both parties see each other’s perspectives. Related:When to Clamp Down Leaders should aim to channel quirkiness constructively rather than working to eliminate it. For instance, if a quirky habit is distracting or counterproductive, the team leader can guide the individual toward alternatives that achieve similar results without causing friction, Honnenahalli says. Avoid suppressing individuality unless it directly conflicts with professional responsibilities or team cohesion. Help the unconventional team member channel their quirks productively rather than trying to reduce them, Xu suggests. "This means offering support and guidance in ways that allow them to thrive within the structure of the team." Remember that quirks can often be a unique asset in problem-solving and innovation. Diverse Perspectives In IT, where innovation thrives on diverse perspectives, quirky team members often deliver creative solutions and unconventional thinking, Honnenahalli says. "Leaders who manage such individuals effectively can cultivate a culture of innovation and inclusivity, boosting morale and productivity." Every team needs a mix of personalities to excel, Xu observes. "The most innovative teams I’ve worked with had a variety of thinkers -- some more conventional, others quirky in their approach." It's the diversity in thinking that drives creativity and breakthroughs. "As leaders, it’s our responsibility to cultivate an environment where these differences are not only accepted but celebrated."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Government cybersecurity teams face an overwhelming challenge of perpetually having too many priorities but too few resources to address them all. Instead of focusing on strategic threat mitigation, cybersecurity teams are spending their time deconflicting alerts, chasing false positives, and struggling with visibility gaps. This can lead to higher costs, inefficiencies, alert fatigue, and a dangerous lack of visibility into potential risks. Artificial intelligence has the power to help government cybersecurity teams overcome these challenges. AI can make cybersecurity processes more efficient across the entire agency, from providing remediation recommendations to automating compliance.  A great example of the benefits of AI for cybersecurity operations is user behavioral analytics (UBA), where the technology can help evaluate user traffic patterns to create a baseline of known behaviors and flag unexpected or suspicious behavior that may indicate compromise for the security team to investigate. In the area of identity and access management, automated entitlement reviews ensure users have the appropriate level of access based on their role, while AI-driven role mining strengthens security principles such as least privilege and separation of duties.  Related:Government cybersecurity teams must lean on AI to stay ahead of sophisticated adversaries and the ever-expanding attack surface. To successfully integrate AI into their workflow, these teams must understand how to best use the technology before, during, and after an incident.    Pre-Incident: Predicting and Preventing Attacks Government cybersecurity teams can leverage AI before an incident occurs to help accomplish one of their biggest goals -- becoming more predictive. While agencies have access to a lot of these tools now, AI can augment existing capabilities by providing the ideal level of unified visibility across the enterprise.  AI-enabled risk analysis should be used to identify which systems are potentially most vulnerable and where sensitive data is located. Automated penetration testing that uses AI and machine learning capabilities can then help teams identify vulnerabilities.  AI can also help cybersecurity teams determine the likelihood of a potential threat by correlating data, including real-world attack data, deep web chatter, and government alerts. AI can then provide teams with real-time risk scoring. Additionally, AI can right size the risk scoring for the organization by automating the recognition of mitigating factors and compensating controls.  Related:Once risks are established, these tools can offer prioritized recommendations and develop comprehensive response plans that consider factors humans often overlook, such as application interoperability and even personnel familiarity with tools and processes. This allows the AI to make prioritized recommendations for remediation while minimizing the potential for negative impact to the organization. Incident Response: Speed and Accuracy with AI When an incident does occur, AI should be used to support overwhelmed cybersecurity teams by creating more meaningful and accurate alerts. Once the alert goes out, automating actions like incident triage and system quarantine as much as possible can help decrease the mean time to resolution. This can occur before or after human review, depending on agencies’ operational requirements.   Cybersecurity teams can then leverage AI to tweak response plans based on environmental context and the specific threat. The machine learning solutions used to create these plans should be trained by humans to include simplified steps for faster containment, eradication, and recovery, as well as provide recommendations to lower the risk of re-occurrence.  Related:One of the biggest challenges government cybersecurity teams face during incident response is the high volume of data associated with each event. AI should be used to identify and correlate the most useful events across larger data sets, reducing the time cyber professionals need to start remediation. Generative AI simplifies investigations even further by translating analysis and answering questions in natural language, cross-correlating activity, and generating hypotheses to support informed decision-making.  To maximize AI for incident response, the technology must have access to all the data related to the event. This ensures the tools can successfully correlate threat activity that may not be apparent to the human eye -- such as events that took place days apart or on disparate parts of the network. However, this can create a challenge with existing security information and event management (SIEM) tools, which often require teams to cultivate data before ingesting to minimize false positives and reduce the cost associated with higher data volume. Cybersecurity teams should keep this in mind when developing their AI strategies for incident response.  Post-Incident: Learning and Adapting With AI Once an attack has been addressed, AI’s role doesn’t end. Post-event investigations are critical in understanding what happened during an attack and training the AI to better detect threats and prepare for the future.  AI should be used to generate an after-action report during the triage and remediation process to help inform agency leadership on next steps, including how to notify the public of the incident if needed, and better understand the cause of the event. Automated reports also help capture a more accurate representation of the event and save analysts’ time, allowing them to focus on more important tasks.  To preserve forensic evidence for potential legal investigations and avoid human error, cybersecurity teams should automate tasks such as data recovery and creation of hash calculations on information to show forensic proof of any digital evidence tampering. Cybersecurity teams should also use AI to help law enforcement identify and analyze digital evidence that can help identify the malicious actor(s). As cyber adversaries become more sophisticated in their attacks, AI is no longer just an advantage -- its potential capabilities are a necessity. The future of government cybersecurity relies on AI and human expertise working in tandem to stay ahead of threats and protect mission-critical systems.  

Tension between innovation and security is a tale as old as time. Innovators and CIOs want to blaze trails with new technology. CISOs and other security leaders want to take a more measured approach that mitigates risk. With the rise of AI in recent years regularly being characterized as an arms race, there is a real sense of urgency. But that risk that the security-minded worry about is still there.  Data leakage. Shadow AI. Hallucinations. Bias. Model poisoning. Prompt injection, direct and indirect. These are known risks associated with the use of AI, but that doesn’t mean business leaders are aware of all the ways they could manifest within their organizations and specific use cases. And now agentic AI is getting thrown into the mix. “Organizations are moving very, very quickly down the agentic path,” Oliver Friedrichs, founder and CEO of Pangea, a company that provides security guardrails for AI applications, tells InformationWeek. “It's eerily similar to the internet in the 1990s when it was somewhat like the Wild West and networks were wide open. Agentic applications really in most cases aren't taking security seriously because there aren't really a well-established set of security guardrails in place or available.” What are some of the security issues that enterprises might overlook as they rush to grasp the power of AI solutions? Related:Visibility  How many AI models are deployed in your organization? The answer to that question may not be as easy to answer as you think.  “I don't think people understand how pervasively AI is already deployed within large enterprises,” says Ian Swanson, CEO and founder of Protect AI, an AI and machine learning security company. “AI is not just new in the last two years. Generative AI and this influx of large language models that we’ve seen created a lot of tailwinds, but we also need to take stock an account of what we've had deployed.” Not only do you need to know what models are in use, you also need visibility into how those models arrive at decisions.  “If they're denying, let's say an insurance claim on a life insurance policy, there needs to be some history for compliance reasons and also the ability to diagnose if something goes wrong,” says Friedrichs.  If enterprise leaders do not know what AI models are in use and how those models are behaving, they can’t even begin to analyze and mitigate the associated security risks.  Auditability Swanson gave testimony before Congress during a hearing on AI security. He offers a simple metaphor: AI as cake. Would you eat a slice of cake if you didn’t know the recipe, the ingredients, the baker? As tempting as that delicious dessert might be, most people would say no.  Related:“AI is something that you can't, and you shouldn't just consume. You should understand how it's built. You should understand and make sure that it doesn't include things that are malicious,” says Swanson.  Has an AI model been secured throughout the development process? Do security teams have the ability to conduct continuous monitoring?  “It's clear that security isn't a onetime check. This is an ongoing process, and these are new muscles a lot of organizations are currently building,” Swanson adds.  Third Parties and Data Usage Third party risk is a perennial concern for security teams, and that risk balloons along with AI. AI models often have third-party components, and each additional party is another potential exposure point for enterprise data.  “The work is really on us to go through and understand then what are those third parties doing with our data for our organization,” says Harman Kaur, vice president of AI at Tanium, a cybersecurity and systems management company. Do third parties have access to your enterprise data? Are they moving that data to regions you don’t want? Are they using that data to train AI models? Enterprise teams need to dig into the terms of any agreement they make to use an AI model to answer these questions and decide how to move forward, depending on risk tolerance.   Related:Legal Risk  The legal landscape for AI is still very nascent. Regulations are still being contemplated, but that doesn’t negate the presence of legal risk. Already there are plenty of examples of lawsuits and class actions filed in response to AI use.  “When something bad happens, everybody's going to get sued. And they'll point the fingers at each other,” says Robert W. Taylor, of counsel at Carstens, Allen & Gourley, a technology and IP law firm. Developers of AI models and their customers could find themselves liable for outcomes that cause harm.  And many enterprises are exposed to that kind of risk. “When companies contemplate building or deploying these AI solutions, they don't do a holistic legal risk assessment,” Taylor observes.  Now, predicting how the legality around AI will ultimately settle, and when that will even happen, is no easy task. There is no roadmap, but that doesn’t mean enterprise teams should throw up their collective hands and plow ahead with no thought for the legal implications. “It's all about making sure you understand at a deep level where all the risk lies in whatever technologies you're using and then doing all you can [by] following reasonable practice best practices on how you mitigate those harms and documenting everything,” says Taylor.  Responsible AI Many frameworks for responsible AI use are available today, but the devil is in the details.  “One of the things that I think a lot of companies struggle with, my own clients included, is basically taking these principles of responsible AI and applying them to specific use cases,” Taylor shares.  Enterprise teams have to do the legwork to determine the risks specific to their use cases and how they can apply principles of responsible AI to mitigate them.  Security vs. Innovation  Embracing security and innovation can feel like balancing on the edge of knife. Slip one way and you feel the cut of falling behind in the AI race. Slip the other way and you might be facing the sting of overlooking security pitfalls. But doing nothing ensures you will fall behind. “We've seen it paralyzes some organizations. They have no idea how to create a framework to say is this a risk that we're willing to accept,” says Kaur.  Adopting AI with a security mindset is not to say that risk is completely avoidable. Of course it isn’t. “The reality is this is such a fast-moving space that it's like drinking from a firehose,” says Friedrichs.  Enterprise teams can take some intentional steps to better understand the risks of AI specific to their organizations while moving toward realizing the value of this technology.  Looking at all of the AI tools available in the market today is akin to being in a cakeshop, to use Swanson’s metaphor. Each one looks more delicious than the next. But enterprises can narrow the decision process down by starting with vendors that they already know and trust. It’s easier to know where that cake comes from and the risks of ingesting it.  “Who do I already trust and already exists in my organization? What can I leverage from those vendors to make me more productive today?” says Kaur. “And generally, what we've seen is with those organizations, our legal team, our security teams have already done extensive reviews. So, there's just an incremental piece that we need to do.” Leverage risk frameworks that are available, such as the AI Risk Management Framework from the National Institute of Standards and Technology (NIST). “Start figuring out what pieces are more important to you and what's really critical to you and start putting all of these tools that are coming in through that filter,” says Kaur.  Taking that approach requires a multidisciplinary effort. AI is being used across entire enterprises. Different teams will define and understand risk in different ways.  “Pull in your security teams, pull in your development teams, pull in your business teams, and have a line of sight [on] a process that wants to be improved and work backwards from that,” Swanson recommends.  AI represents staggering opportunities for enterprise, and we have just begun to work through the learning curve. But security risks, whether or not you see them, will always have to be a part of the conversation.  “There should be no AI in the enterprise without security of AI. AI has to be safe, trusted, and secure in order for it to deliver on its value,” says Swanson.

John Edwards, Technology Journalist & AuthorApril 10, 20254 Min ReadRebecca Fox, NCC GroupRebecca Fox is group chief information officer at cybersecurity consulting firm NCC Group. Responsible for technology and application strategy and delivery, she has over 15 years of experience leading technology functions, sales, and commercial teams. During her career, Fox has led digital transformations, system implementations, organization design, and complex and diverse technical and development teams on a global scale. Fox has a technical development background, yet her experiences include large-scale project/program/portfolio management, data management and strategy, and service operations. In an online interview, Fox relates her experience trying to successfully assemble a high-stakes puzzle that was critical to her enterprise's long-term success. She notes that the project, while immensely challenging, would ultimately benefit both the organization as well as her personal expertise and confidence. What's the biggest challenge you ever faced during your tenure? A post-M&A integration -- specifically, trying to consolidate CRM platforms across multiple businesses with different cultures, processes, and emotional states. I was tasked with delivering one system, fast. On paper, it looked like a straightforward strategic priority. In reality, it pushed me and my leadership to the edge. Related:What caused the problem? I tried to move faster than the business could absorb. I had the solution, I had the plan, but I hadn’t built enough of the runway. I underestimated the emotional impact of M&A and overestimated the readiness for change. I hadn’t done the people work first. It’s like giving a child bitter medicine -- it may be the right thing, but if you don’t wrap it in understanding, empathy, and communication, they're going to spit it out. How did you resolve the problem? I had to hit pause and reframe the whole project. I focused on outcomes, not process. I also became a lot clearer on the outcome and why. But above all I prioritized relationships, because without trust, there’s no traction. What would have happened if the problem wasn't swiftly resolved? We would have launched a platform no one used. Worse, I would have burned out the team, damaged relationships, and lost momentum at a time when unity was non-negotiable. Change would have stalled, and cynicism would have grown. How long did it take to resolve the problem? The platform landed within months and was received better because of the tension and disagreement that forced us to get aligned. But the leadership lessons? That evolution has taken a career. That M&A moment was just one chapter -- a pivotal one -- but part of a much longer journey in learning how to lead through people, not just through plans. Related:Who supported you during this challenge? My team, even when I didn’t get it right the first time, and a few brave peers who gave me the kind of feedback that stings in the moment but sticks because it's true. Did anyone let you down? Yes -- me. I let myself down by pushing too hard, too fast. I let my team down by not giving them the space to speak up sooner. I’ve had to own that, grow from it, and lead differently since. What advice do you have for other leaders who may face a similar challenge? Build the relationships before you need them. The role of CIO today isn't just about technology, it’s about influence, resilience, and focus. You are the negotiator, the connector, the cheerleader, and you must anchor everything to the big three: grow revenue, increase margins, and reduce risk. That clarity makes it easier for everyone to understand the ‘why’ behind the ‘what.’ Is there anything else you would like to add? It took me too long to realize that relentless focus on the customer is what cuts through the noise. We’re not here to launch platforms. We’re here to make the business better, and that starts by aligning every decision to the outcomes that matter. Progress is messy, tension is necessary, and leadership is about showing up -- especially when it’s hard. Related:About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorApril 9, 20255 Min ReadMatej Kastelic via Alamy Stock PhotoIT leaders typically begin their careers by working on a team. Exhibiting their knowledge and skill, they rise through the ranks to become managers and executives. Yet for many leaders, that urge to do some hands-on work never really disappears. Unfortunately, that's rarely a good idea. As a technology and business leader, it's crucial to maintain oversight of strategic and operational priorities, says Rebecca Fox, group CIO at cybersecurity consulting firm NCC Group. Actively contributing to day-to-day project delivery or operations limits the leader's ability to focus on the broader direction, she observes in an email interview. "While occasional involvement in details may be necessary for decision support or critical interventions, the leader's primary role is to delegate, inspire, and drive execution." For leaders transitioning from a subject matter expert role, mastering this shift is critical for personal success as well as the organization’s growth, Fox advises. "The larger the organization, the more essential it becomes to prioritize leadership over operational tasks." Danger Zone There are three key dangers lurking for senior leaders who become too involved as active project participants, Fox says. "Perhaps most important, the project team's autonomy is undermined, leading to constant reliance on the leader for decision-making instead of driving outcomes independently." Another risk is that critical responsibilities outside the project may be neglected, jeopardizing broader business success and operational excellence. "Finally, the leader’s role as a strategic business partner is diminished, as they become seen as part of the project rather than a leader with enterprise-wide oversight." Related:If you dive too deeply into specific projects, you risk losing sight of the overall direction your team needs to follow, warns Bill Bragg, CIO at AI technology developer SymphonyAI. "While your expertise is certainly valuable, your real strength lies in crafting strategy and growing your team and colleagues' capabilities," he says in an online interview. "Your goal is to remove obstacles and steer the ship toward success, growing the people and business together." Staying Both Above and Involved Regular governance and trust in the delivery team is essential, Fox says. "Unless you're a subject matter expert, active involvement should focus on two areas: ensuring that the right people are involved and validating that the project’s objectives remain relevant." Effective governance should show when leadership intervention is necessary, such as resolving personnel issues or realigning objectives. "While cost pressures may tempt leaders to take on a contributory role without backfilling, it's crucial to prioritize long-term project success by maintaining proper resources." Related:There will be times when your expertise is crucial, or the team is short-staffed, Bragg says. "Recognizing these moments is vital to prevent burnout or mistakes within your team," he advises. "Be sure to have an exit plan and know when to step back once the gaps are addressed." Participation should be as brief as possible, but as long as necessary, Fox explains. Projects and programs require clear organizational structures, and leadership involvement should last until they are established. "Leaders must also be willing to make tough decisions, such as pausing a project until the right resources are available or reallocating resources to meet business needs." An IT leader may not be involved in the daily activities of a project, but they should always demonstrate interest and support to their teams and peers, Fox advises. She believes that engagement comes from regular communication, visible support, and showing genuine interest in the team’s challenges and successes. "Leadership isn't passive; it requires consistent effort to connect and inspire." Related:Trust and Success Leadership is primarily about creating the conditions for success, empowering teams, and ensuring alignment with strategic objectives, Fox says. "IT leaders must balance trust in their teams with timely interventions, focusing on outcomes over activity." She feels that prioritizing leadership over direct contribution enables sustainable growth and operational excellence. Maintain open communication and regularly meet with your team and other departments, Bragg recommends. "This builds trust and transparency, helping everyone understand how their work aligns with the company's goals." By sharing insights into strategies and priorities, the leader steadily builds a cohesive framework that highlights the value of team contributions. "Creating a cadence is important, as the group and staff events themselves become anchors for operationalizing the strategy and envisioning the future." A Final Thought As an IT leader, your primary role is to steer the business technology strategy that empowers the organization’s goals, Bragg explains. "It's crucial to foster strong relationships and open communication with leaders from every department to ensure that functional and product strategies move in the same direction," he says. "With a bird’s-eye view of the company's priorities, you’re in a unique position to drive alignment and facilitate the change that builds the strength to grow together." About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Lisa Morgan, Freelance WriterApril 9, 20255 Min ReadRobert Kneschke via Alamy StockThe accelerating pace of technology innovation and business, coupled with an ever more complex tech stack requires chief information officers to stay current, so they understand what’s best for the business and why at any given moment. The CIO’s schedule also tends to be very tight, leaving little time for learning, yet continuous learning is a given if one wants to best serve their career and company. “In 2025, successful CIOs won’t just be technology leaders -- they will be business enablers, transformation and growth drivers and architects of future-ready enterprises. What it takes to lead today is very different than even a year ago,” says Bill Pappas, EVP head of technology and operations at insurance company MetLife. “The pace of change is unlike anything we’ve seen before, and that’s why the ability to learn, unlearn, and relearn new skills at scale is absolutely critical.”  Savvy employers support CIO development by investing in continuous learning opportunities, encouraging participation in industry forums and cross-functional leadership programs.  “In the digital age, no one person or company has all the answers,” Pappas says. “There’s no single playbook, which means it’s increasingly important for technology leaders to come together to share insights, solve challenges and learn from one another to drive innovation and stay ahead in an ever-evolving landscape.” Related:Bill Pappas, MetLifeCIOs want to know how to align IT and business strategy, build a culture of trust and communication, and drive value from new technologies.  “You must stay current. It’s very difficult to be a successful CIO and not be current on what is happening, both from a technology and business perspective,” says Steve Agnoli, lead instructor at Carnegie Mellon University's Heinz College CIO Program. “I think a learning culture or learning approach must be part of the CIO job. Otherwise, you fall behind pretty quickly.” Choosing Educational Resources CIOs have a lot of options when it comes to upskilling: traditional colleges and universities, online training sites, and communing with other CIOs. The choice depends on their career goals, the amount of time they have for learning, what their companies will fund and personal bias. “One of the things that we try and focus on is ensuring that you understand the archetype of the organization that you’re in, because that can help you understand how you can be effective,” says CMU’s Agnoli. “I think that also applies to the training side, knowing what would make best sense to make you most effective and then look for programs or content, that aligns with that.” Related:He also stresses the importance of learning about both technology and business, since today’s CIO is a business leader.  “It's really important to focus on both the technical side when you're looking at training as well as the business skills side,” says Agnoli. “Things are changing quickly on the technology side, so you need to be fluent in in all that stuff -- AI, cloud, cyber security, analytics and data, governance and all that kind of stuff. And it’s important that CIOs can lead their businesses and their functions as a business leader. So, the skills that other folks in the C-suite have are the same skills that CIOs need to have. It’s not just knowing the latest and greatest tech; it’s knowing the things that matter from a business perspective and making those happen.” Irina Mylona, learning designer at Cambridge Advance Online also says in 2025, the CIO role is evolving at an unprecedented pace. “CIOs are no longer solely responsible for IT infrastructure. They are increasingly expected to drive digital transformation, align technology with business strategy, and foster innovation,” says Mylona. “The question is, are CIOs doing enough to stay ahead, and what training is essential for them to remain effective in the face of accelerating technological and business changes?” Related:Steve Agnoli, Carnegie Mellon University's Heinz CollegeThe rapid advancement of many technologies, ranging AI and cloud computing to cybersecurity threats and data-driven decision-making, demands that CIOs continuously update their skill sets. The pressure to balance operational efficiency with innovation is immense, and failing to keep pace can have serious consequences for business competitiveness.  “The reality is that while many CIOs recognize the need for ongoing education, the fast-moving nature of their roles often leaves little time for structured learning. Approximately 27% of students taking Cambridge Advance Online courses are CIOs and senior roles, whether they’re taking technology courses or not,” says Mylona. “In order to design our courses, we are in constant communication with both our learners and the market demands, listening to the needs of CIOs and technology roles. And what we have observed is that these professionals seek education not only to refresh their technical knowledge but also to bridge the gap between IT and executive leadership, ensuring they remain at the forefront of industry advancements.” Online learning, like in-person learning, can provide access to world-class expertise.  “From what we have observed from the market, our learners and their training needs, the CIO role in 2025 will demand a balance of technical expertise, strategic vision, and leadership skills,” says Mylona. “As technology continues to evolve, ongoing education is not just beneficial -- it is essential. Whether it’s refreshing their knowledge, staying close to executive teams, or learning about the latest innovations in AI and data-driven business strategies, CIOs must embrace continuous learning to drive success in the digital era.” About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emerging technology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

[Virtual Event] Generative AI: You're already behind

Ben Cole, Senior Executive Editor, InformationWeekApril 8, 20257 Min ReadArtur Marciniec via Alamy StockArtificial intelligence promises to accelerate many of the tasks and functions that drive today’s business. Few organizations have realized its potential, however, mostly because AI capabilities are still relatively new and legacy architecture limits AI project scalability.Despite these limitations, chief information officers are under enormous pressure to deliver measurable, concrete return on AI investments, says executive recruiter Charley Betzig, managing director at Heller Search Associates, Inc. In this Q&A with InformationWeek, Betzig discusses the CIO job market and how AI is influencing the CIO’s role.This interview has been edited for clarity and length.What do CIOs need to know about the job and the CIO job market? How is the CIO’s day-to-day role evolving?It’s all about AI -- and it’s not just AI, in of itself, but it’s AI value creation. That affects every search, every CIO role. There are always different starting points, and every CIO role is a little bit different. But baseline, we are looking for CIOs who have created value using AI.Someone has to understand the business that they are walking into, understand the starting point, and then know how to build from that starting point to take the business where they want to go to achieve that value creation. Every business is starting on a different part of the spectrum. Some, to get value from AI, they are starting from a very primitive place in terms of data. You need to build a foundational data strategy to make sure data is clean and available so AI can be used to create that value.Related:Charley BetzigOther organizations are further along, and you can start building those AI use cases more quickly. But it is really business acumen, to know the environment that you are walking into and how to move the organization forward from there. There is the cross-functional leadership -- the IT function has evolved a lot over time. Early days, IT was more of a back-office function; it was a follower. Then you had this whole concept of IT as a leader -- a CIO had to own all of technology in an organization. If the business owned any of it, it was bad, it was shadow IT. I think that is kind of going away too, especially with AI.There is kind of this notion of the CIO is sort of the sherpa, and the business is the one climbing the mountain. But the CIO is there guiding the way, putting the right guardrails in place, making sure everyone is moving in the right direction when pushing AI. But you need the business to be the ones who are out there driving these use cases because they know what they want.Related:What are companies looking for in a modern CIO? Is an MBA important or are there certain certifications that are proving more valuable?It’s always nice to have an MBA, but what I’m focused on is making sure CIOs have that right blend of technical chops and business acumen. Technical chops are the easiest thing to look for -- we always look for CIOs that have a foundation in computer science or something like an information systems degree -- those things point to that technical knowledge.If they have an MBA, then that is a plus for sure. But I more look to the education to make sure they have that technical foundation.Everything right now revolves around AI, but you still as CIO have to have that grounding in all of the traditional disciplines of IT. Whether that is systems, whether that’s infrastructure, whether that’s cybersecurity, you have to have that well-rounded background. Even as these AI technologies become more prolific, you must consider your past infrastructure spend, your cloud spend, that went into these technologies. How do you manage that? If you don’t have grounding in managing those costs, and being able to balance those costs with the innovation you are trying to create, that’s a recipe for failure on the cyber side. And AI is creating even more vulnerabilities from a cyber standpoint. Someone has to have that sort of foundation as well. You still have those classic disciplines you can’t forget about even as you’re searching for that shiny object.Related:Are there certain CIO-specific skills that companies have a hard time hiring for?It goes back to that AI value creation -- every company is trying to do that, and the hard part is it’s really a new thing. It’s not a ‘we can go out and we can recruit someone from Silicon Valley who is an AI pioneer and knows all about the sexiest different technologies that can be applied.’ Is that the best person to come into a manufacturing company in the Midwest and work with those employees on AI use cases to create value? It’s not. When we’re looking for skill sets, we’re looking for people who have actually taken those AI technologies and applied them within their organizations to create real business value -- whether that is cost savings or top-line revenue creation, whatever those are.It’s hard to find those candidates, because there are a lot of those people who can talk the talk around AI, but when you really drill down there is not much in terms of results to show. It’s new, especially in applying the technology to certain settings. Take manufacturing: there’s not that many CIOs out there who have great examples of applying AI to create value within organizations. It’s certainly accelerating, and you’re going to see it accelerating more as we go into the future. It’s just so new that those examples are few and far between. There are certainly people out there who have done it, they are just not all over the place.What are CIOs looking for in both the organization and its employees when they are considering taking on a job?Every one of these searches that we do, there is some change they are trying to achieve. It’s change, it’s value creation through technology. A huge part of that is making sure that business leadership and the employee base is receptive to that change.There are varying degrees of that. One skill we always look for is change leadership, because you have to come in and guide the organization in that direction. But if you’re a CIO that is coming into an organization that is asking for that, you want to make sure that you have the backing of leadership, the leadership you are working for, that the business is hungry for that. If the desire is not there, then it is hard to make it happen.Culture is one of the biggest parts of it, in finding that mesh. An organization can have a wish list of five things they want to achieve with a technology transformation, but if the culture isn’t ready for that, or if the CIO doesn’t match up with that culture, it’s going to be like an organ rejection. Culture is a big deal.Once a new CIO is in their role, what roles and skills do they have a hard time hiring for?In manufacturing, and cybersecurity ties into this too, the supply chain has had this convergence of operational technology. Tech you would see on the plant floor and information technology are coming together, and that has been happening for years.From a cyber standpoint, the supply chain is one of the most vulnerable areas out there nowadays because so much of that operational technology is older and so it’s big target for hackers. Having cybersecurity talent that can deal with that too and knows the ins and outs of that is a hard-to-find skill.What advice would you give to aspiring CIOs?I’d say learn and be well-rounded. In everything that you do, partner with the business to try to drive those real results. Don’t just focus on the technology, focus on the real results and solutions that you’re driving for the business.About the AuthorBen ColeSenior Executive Editor, InformationWeekBen Cole is a senior executive editor for InformationWeek. He has more than 25 years of editorial experience, and guided award-winning technology coverage as editor for TechTarget sites covering CIO strategy, regulatory compliance, data science, security, data management, business intelligence and AI. Earlier in his career, Ben worked in healthcare media and as a reporter with Massachusetts-based daily newspapers.See more from Ben ColeWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Layoffs are brutal exercises of endurance. It’s not only that applying for jobs is frustrating and exhausting, but also the ungodly amount of time it takes -- often over a year -- to actually get hired. So much in your personal life can be lost in the meantime.  “A hard truth is that bills do not stop when paychecks do. Joblessness doesn't care about your bills or cost of living. You still have to spend money on your family, health, roof, and food,” says Christian Hed, chief marketing officer at Dstny, a provider of unified communications platform.  Here are several creative ways to use AI to survive until you land a new job. 1. Use AI to repair the hole in your self-esteem You’ll have a harder time surviving between the layoff and the new job if you don’t take steps to bolster your self-esteem first. It’s hard to land a job when you’re feeling like a beggar instead of the accomplished person that you are. Don’t toss self-care to the side. Make your wellbeing a priority.  You can use AI to help you recover yourself and your wits. You also need ongoing support so that the struggle doesn’t wear you down. “As months pass, a person can start questioning their self-worth and professional identity, wearing down even the most resilient candidates. Financial issues can add to the pressure, as people may start isolating themselves to save money, contributing to daunting feelings of depression and anxiety,” says Michelle Beaupre, a licensed therapist and clinical director at Villa Oasis. Related:“One of the ways to help cope with negative thoughts and lost hope during these months of job searching is to use AI as an online therapist or an encouraging online friend. Of course, professional help could be much more effective, but not everyone has the willpower to find a therapist, so AI chat can become a quick first aid.” Beaupre says. 2. Use AI to cut subscription costs Everything from software and home alarm systems to food delivery and video streaming services require a monthly subscription fee these days. That and automatic subscription renewals can be a big drain on the few funds you have on hand. It’s very easy to lose track of how many subscriptions you are paying for now.  Use AI-driven apps such as Cleo, Truebill (Rocket Money), and YNAB (You Need a Budget) to help you manage subscriptions and track and reduce bills. But you can also use chatbots like ChatGPT, Claude, and Gemini to recommend the best mix of streaming services to get the best deals according to the video viewing criteria you set, like total monthly cost and your preferred viewing fare such as favorite shows, sports, most current or old movies, etc.  Related:3. Use AI to renegotiate your bills AI can analyze your expenses objectively and offer suggestions on what expenses to cut and which to renegotiate.  “I recommend using ChatGPT to analyze bank statements and create personalized budget plans for expense management. One client saved $600 monthly after using AI to identify subscription overlaps and negotiate better rates with service providers,” says Kevin Shahnazari, founder and CEO of FinlyWealth, a credit card and banking fintech company. But AI can go beyond snipping subscription costs to tackling bigger expenses. “AI can draft professional hardship letters and payment plan proposals regarding creditor negotiations. Success rates have improved by 40% when using AI-refined communication strategies with lenders,” Shahnazari says. 4. Use AI to cut interest rates and protect your credit score Not sure what you can do to keep your credit score at a decent level?  “Some AI-enabled financial tools can even simulate different repayment scenarios to help individuals find the best way to protect their credit score while repaying debts,” says Lucas Botzen, HR expert and the CEO of Rivermate, a recruitment firm. Related: Want to lower the interest rate on credit cards and keep the cards open, too? “Tala and Credit Karma’s AI Debt Manager simulates repayment plans and draft negotiation scripts. An example prompt is: ‘Write a letter to my creditor requesting a payment plan due to layoffs, citing [specific hardship].’ I reduced credit card APR from 24% to 12% using AI-generated appeals,” says Naomi Clarke, head of HR at Flingster, an adult chat site. 5. Use AI to find government assistance programs But what can you do if there still isn’t enough money to avoid repossessions and evictions, let alone worry about your credit score? “AI chatbots and virtual assistants can guide users through the process of gaining access to government assistance programs, including eligibility for unemployment benefits, food assistance, or emergency rental assistance,” Botzen says. Don’t forget that AI tools can help you understand and complete government application forms and requirements, too. 6. Use AI to feed your family more frugally Food is a big expense for most families trying to survive a sudden loss of income. The problem of affording food becomes more dire as other factors come into play like inflation and bird flu. But you and your family still have to eat.  “One of my colleagues used an AI grocery optimizer to plan meals based on store discounts. That single change cut their food bill by 20%. Given a chance, AI can help stretch every dollar,” says Dstny’s Hed. AI can help you put food on the table in several ways. “AI can be surprisingly practical, if you can use it right. Tools like SuperCook let you enter what you already have in your fridge and suggest recipes based on those ingredients. Some AI tools can also suggest cheaper ingredient swaps to keep meals affordable,” Hed adds. 7. Use AI to earn money while you try to find a job You’ve submitted many job applications and done several interviews. What now? Just wait? “Biggest mistake by most after a layoff? Waiting. Waiting for recruiters to respond, waiting for a hiring manager to approve an offer, waiting for a company to decide if they’re worthy of a paycheck again. Waiting is the fastest way to go broke,” says Peter Murphy Lewis, chief marketing officer at Strategic Pete, a marketing services provider.  “I had a business that closed down all of a sudden, saw my income get slashed to nothing, and realized nobody was going to save me. That was the point where I stopped waiting and started building. AI tears down the barriers to putting money back into your pocket,” Lewis adds.  Use AI to make or aid a side gig or side hustle while you are conducting your job search. Not sure what you can do as a freelancer or solopreneur? Brainstorm ideas with AI. Want to start a business based on your skills and experience? Besides brainstorming for ideas, use AI to identify what kind of company would disrupt the company that just laid you off. Maybe your new start-up will be the next Uber or Instacart.  

John Edwards, Technology Journalist & AuthorApril 8, 20255 Min ReadPanther Media GmbH via Alamy Stock PhotoIT development teams are known for their iconoclasts, free spirits, and non-conformists. It's embedded in their DNA. That's what makes developers so good at their jobs. Yet when a team suddenly deviates wildly from its assigned mission, it's time to intervene and issue a course-correction that will get them back on track without bruising egos or killing morale. There's rarely a single goal for any IT development team, says Liz James, managing security consultant at cybersecurity firm NCC Group. "Where there are a few goals, there's a tendency for them to become overly broad and not effectively measurable," she explains in an online interview. Warning Signs When a team starts solving problems nobody asked them to solve, you've got an issue, observes Peter Murphy Lewis, founder of Strategic Pete, a marketing advisory company. "Maybe they're over-engineering, chasing the 'perfect' solution, or adding features no one needs," he says via email. The first sign that an IT team is drifting is when task progress appears strained, says Alex Osmichenko, CEO of website development firm IT Monks. The team is working hard, implementing various changes with good intentions, but these small victories don't add up to the big picture, he notes in an online interview. "It feels like your people are moving, but your company isn't," Osmichenko explains. "If you find yourself going off-topic in meetings and spending most of your time discussing features that weren't originally defined, your team may be struggling to understand what the goal is and how to get there." Related:When an IT team veers off course, the damage isn't just confined to a delayed timeline or blown budget -- there's also a ripple effect, Lewis says. "Stakeholders lose confidence, your users get a half-baked product, and the team itself starts feeling like they’re running on a hamster wheel." Worse yet, if the IT leader lets this behavior slide, it can become accepted culture. "Teams start to believe that wandering is acceptable -- and that’s a disaster waiting to happen." If team drift isn't caught early, deadlines might be missed and products left unfinished. "It can also affect team morale, as people see that their hard work isn't reflected in the big changes," Osmichenko says. "This can lead to burnout and decreased efficiency." Preventative Steps IT teams are often under pressure to innovate and move fast, and that can lead to scope creep or distractions, Lewis says. "Studies show that over half of IT projects fail to meet their objectives, and this is one of the reasons why."  Related:"Divergence from goals and objectives will happen just by meeting with real world constraints and challenges," James adds. The first step toward corralling a runaway team is establishing an open dialog. "As a leader, you should show the team that you're not blaming them for anything -- you're encouraging cooperation, not punishment," Osmichenko says. Give everyone a chance to contribute, and don't reject new ideas that may not be immediately pressing. "Encouraging the team to adjust course together keeps morale high and makes them feel like a part of the solution." "Plan your project clearly," Osmichenko advises. "Break it down into smaller checkpoints so that deviations from the goal are easier to spot," he says. Hold regular meetings for coordination, not just in critical situations. "Your team must understand the importance of feedback and be honest when discussing new challenges." Balance is important, especially in IT where it's very easy to burn out and get lost in an avalanche of large and small tasks. "This doesn't mean that challenges are insurmountable," Osmichenko notes. "In fact, they can make your team stronger." Getting Back on Track Goal diversions happen for a reason, James says. "The first step is understanding what that reason is and being able to understand if it was a missed requirement or goal from the outset, or if it truly is a diversion that doesn't contribute to the final objective." Related:Keep it real and don't place blame. "Most teams want to succeed -- they just need to be pointed in the right direction," Lewis says. "Make sure to note the good things they've accomplished, even if it's off course." It's important to set clear goals and guardrails from day one, Lewis advises. "Make sure everyone knows what success looks like and why it matters." He recommends establishing regular check-ins to catch team drift early. "Create space where the team feels safe to speak up if they see misalignment," Lewis suggests. "A little course correction early beats a full-on rescue mission later." A Final Thought On the bright side, a runaway team is usually a passionate team, Lewis says. "Channel that energy," he advises. "If they're bursting with ideas, carve out some time for structured innovation where they can explore without derailing the main project."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Jay Litkey, Governing Board Member, FinOps Foundation and SVP of Cloud & FinOps, FlexeraApril 7, 20254 Min ReadArtemisDiana via Alamy StockOver the last few years, FinOps has become synonymous with cloud financial management, helping organizations optimize cloud spending and usage. As cloud adoption stabilized, the operational framework and cultural practice of FinOps matured.Teams -- representing collaborative efforts between business, finance, engineering, and other groups -- established robust practices, creating a healthy and maturing market.That era established a strong foundation in optimizing the costs associated with public cloud computing. Today, the scope of FinOps has expanded in important ways, going beyond cloud to deliver comprehensive insights into IT spending across SaaS and data centers. Three main trends will continue to move FinOps forward in 2025.FinOps Expands: SaaS and Data CentersBy applying FinOps principles to areas of IT spending in addition to cloud computing, the practice of FinOps is growing. These principles include collaboration; a focus on the business value of technology investments and considering a unit economics perspective; accountability for the costs associated with tech usage; prioritizing centralized initiatives; making FinOps data available in a timely manner; and understanding how variable costs can help deliver value.Related:The operational framework of FinOps now includes two new scopes, to which FinOps practitioners apply FinOps practices. As established by the FinOps Foundation, the new scopes apply specifically to SaaS and data centers.This expansion provides valuable guardrails to keep spending in-check in important ways.SaaS integration: The rise of software-as-a-service (SaaS) brought new challenges, notably subscription sprawl and underutilized licenses. Similar to the challenges of cloud spend, SaaS spend is often exacerbated by decentralized IT purchasing. Companies are applying FinOps principles to manage SaaS spending and optimize its value, extending beyond cloud platforms. This approach can help manage the complexities of varied pricing and licensing approaches.Data center inclusion: As organizations transition to hybrid environments, the need for comprehensive financial management across all domains increases. License portability, bring your own license (BYOL) policies, and the need to manage entitlements across cloud and on-premises systems have become critical. FinOps principles, capabilities and best practices now serve as the data backbone for managing costs and usage across these domains, offering a comprehensive evaluation, rather than letting these areas remain siloed, as has often been the case. By applying the framework of FinOps to include data centers, organizations can move beyond a focus on hardware to a more comprehensive approach suited to the role of data centers as part of hybrid environments.Related:FinOps Meets Innovation: Artificial IntelligenceSpending on artificial intelligence, including generative AI, is the new cloud challenge: opaque, sprawling, and often unmanaged. Fortunately, FinOps provides an effective approach for managing AI-specific resources, such as SaaS-based AI tools (including ChatGPT and Microsoft Copilot), private large language models (LLMs), and on-premises resources, such as graphics processing units (GPUs). With ChatGPT, gaining market share and moving into the ranks of a top software vendor based on spend, the urgency to gain insight and control of AI is growing rapidly.Whether it's for skunkworks projects or mainstream enterprise initiatives, FinOps programs now include AI as a core use case, helping address the question of who is responsible for managing AI spend. FinOps practitioners can forecast and estimate the expenses related to AI implementations and workloads across an organization. This can help illustrate the full picture of how AI and GenAI are being used enterprise wide. Its also an important step for minimizing the risks associated with shadow AI, when staff install and use AI products, without informing the wider business.Related:Market Validation: Collaboration Across ITAM, SaaS, and CloudThe market is making it clear: multiple domains require effective collaboration in order to optimize IT environments. FinOps has become that go-to framework for solving the problems that span cloud, SaaS, and on-premises environments.The Flexera 2024 State of ITAM Report, drawing on a survey of more than 500 technical professionals, showed that collaboration between FinOps and IT asset management (ITAM) teams is growing, with 32% of ITAM teams engaging with FinOps in 2024, up from 25% in 2023. As collaboration matures between FinOps and ITAM teams, efficiencies will grow, illustrating (and shoring up) the significant visibility gaps into sprawling IT.This plays an important role for SaaS, including for SaaS-based AI. Cloud optimization maturity is also on the rise, with heavy optimization for SaaS services increasing to 11%, while basic optimization holds at 43%.Collaboration across all of these teams is essential for ensuring that your business is getting value from its technology investments, while actively managing the associated expenses. Evaluating your organizational approach is crucial. Disparate approaches are no longer the answer.Todays business leaders need comprehensive insights into spending, driving an operational imperative for clarity across all IT spending categories. The expanded scope of FinOps reflects the realities of hybrid IT, making FinOps a central player in the financial and operational governance of modern technology ecosystems.About the AuthorJay LitkeyGoverning Board Member, FinOps Foundation and SVP of Cloud & FinOps, FlexeraJay Litkey is a governing board member of the FinOps Foundation and serves as SVP of Cloud & FinOps at Flexera. He joined Flexera through the acquisition of Snow Software, where he played a pivotal role following Snows acquisition of Embotics, a company he founded. He has over 25 years of executive leadership experience (CEO, president, EVP) in enterprise software, SaaS, FinOps, and Internet companies.See more from Jay LitkeyWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

John Edwards, Technology Journalist & AuthorApril 7, 20255 Min Readphotoschmidt via Alamy Stock PhotoArtificial intelligence, for all its cognitive power, can sometimes arrive at some really stupid, even dangerous, conclusions. When this happens, it's up to humans to correct the mistakes. But how, when, and by whom should an AI decision be overruled?Humans should almost always possess the ability to overrule AI decisions, says Nimrod Partush, vice president of data science at cybersecurity technology firm CYE. "AI systems can make errors or produce flawed conclusions, sometimes referred to as hallucinations," he notes. "Allowing human oversight fosters trust," he explains in an email interview.Overruling AI only becomes completely unwarranted in certain extreme environments in which human performance is known to be less reliable -- such as when controlling an airplane traveling at Mach 5. "In those rare edge cases, we may defer to AI in real-time and then thoroughly review decisions after the fact," Partush says.Heather Bassett, chief medical officer with Xsolis, an AI-driven healthcare technology company, advocates for human-in-the-loop systems, particularly when working with Generative AI. "While humans must retain the ability to overrule AI decisions, they should follow structured workflows that capture the rationale behind the override," she says in an online interview. Ad hoc decisions risk undermining the consistency and efficiency AI is meant to provide. "With clear processes, organizations can leverage AI's strengths while preserving human judgment for nuanced or high-stakes scenarios."Related:Decision DetectionDetecting a bad AI decision requires a strong monitoring system to ensure that the model aligns with expected performance metrics. "This includes implementing performance evaluation pipelines to detect anomalies, such as model drift or degradation in key metrics, such as accuracy, precision, or recall," Bassett says. "For example, a defined change in performance thresholds should trigger alerts and mitigation protocols." Proactive monitoring can ensure that any deviations are identified and addressed before they are able to degrade output quality or impact end users. "This approach safeguards system reliability and maintains alignment with operational goals."Experts and AI designers are typically well-equipped to spot technical errors, but everyday users can help, too. "If many users express concern or confusion -- even in cases where the AI is technically correct -- it flags a disconnect between the systems output and its presentation," Partush says. "This feedback is critical for improving not just the model, but also how AI results are communicated."Related:Decision MakersIt's always appropriate for humans to overrule AI decisions, observes Melissa Ruzzi, director of artificial intelligence at SaaS security company AppOmni, via email. "The key is that the human should have enough knowledge of the topic to be able to know why the decision has to be overruled."Partush concurs. The end user is best positioned to make the final judgment call, he states. "In most circumstances, you don't want to remove human authority -- doing so can undermine trust in the system." Better yet, Partush says, is combining user insights with feedback from experts and AI designers, which can be extremely valuable, particularly in high-stakes scenarios.The decision to override an AI output depends on the type of output, the model's performance metrics, and the risk associated with the decision. "For highly accurate models -- say, over 98% -- you might require supervisor approval before an override," Bassett says. Additionally, in high-stakes areas like healthcare, where a wrong decision could result in harm or death, it's essential to create an environment that allows users to raise concerns or override the AI without fear of repercussions, she advises. "Prioritizing safety fosters a culture of trust and accountability."Related:Once a decision has been overruled, it's important to document the incident, investigate it, and then feed the findings back to the AI during retraining, Partush says. "If the AI repeatedly demonstrates poor judgment, it may be necessary to suspend its use and initiate a deep redesign or reengineering process."Depending on a topic's complexity, it may be necessary to run the answer through other AIs, so-called "AI judges," Ruzzi says. When data is involved, there are also other approaches, such as a data check in the prompt. Ultimately, experts can be called upon to review the answer and then use techniques, such as prompt engineering or reinforcement learning, to adjust the model.Building TrustBuilding AI trust requires transparency and continuous feedback loops. "An AI that's regularly challenged and improved upon in collaboration with humans will ultimately be more reliable, trustworthy, and effective," Partush says. "Keeping humans in control -- and informed -- creates the best path forward for both innovation and safety."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Attackers aren't just spending more time targeting the cloud they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.

Is it time to consider a new IT specialty like automation engineering?Jobs site Indeed defines an automation engineer as someone who will search for ways to simplify activities for employees, consumers and companies by automating specific systems and manufacturing processes, like store checkouts or assembly lines. These individuals work alongside IT and department managers to develop automation plans and then implement automation into business processes.They use programming languages like Java, C# and Python, and they know how to work with machine actuators and sensors. Most importantly, they possess expertise in the application areas they are asked to automate. In other words, a retail automation expert might have skills in how to automate grocery checkout lines in stores, but they might not know much about how to automate a manufacturing company's assembly line.In the area of robotics, many of the skills needed for automation engineers carry over for robotics engineers. A primary difference is that a robotics engineer is working on a robot. The goal is to program the robot with the necessary instructions for it to fit into an existing business process.Examples of how working robots are used include programming a robot so it can enter a nuclear facility to perform maintenance, or activating a warehouse robot that can store, pick, and deliver parts from bins throughout the warehouse while successfully navigating around obstacles on the floor.Related:Robotics engineers use languages like C and C# and they commonly work on Linux platforms and must be familiar with the technologies of the particular robotics vendors they are using.Automation and robotics engineers are in high demand in business, although it costs considerably more to recruit an automation engineer (mid-100,000s salary range) than it is to hire a robotics engineer (the mid-point salary is around $80,000/year).Where Do These Engineers Report?Robotics and automation engineers must have the ability to cross-communicate with different departments when they implement solutions. They also need a thorough understanding of the different enterprise systems where the automation or robotics technologies will be deployed. Its not much of a stretch to see that many of the system knowledge and cross-communicational requirements are exactly what one would find resident with an IT business analyst. The difference is that an automation or robotics engineer would have greater skills in programming, and in working with various mechanical and electronic interfaces.Related:As a CIO, I once had a project that required automation between our engineering CAD design database and the parts inventory, bill of material and work order systems on the manufacturing floor. There were too may disconnects between engineering and manufacturing. We wanted to eliminate this by integrating and automating information flows between the CAD system and the manufacturing systems.Engineering was running a standalone CAD system on an entirely different platform from what manufacturing was using to run its bills of material, inventory, and work orders.The initial decision was for IT to take the lead in this integration-automation project because IT touched all systems (except for engineerings standalone CAD system). However, we found out quickly that engineering didnt want to relinquish any control of its CAD systems for the automation project.We solved this by teaming an engineer from engineering with a programmer-analyst from IT and a manufacturing engineer from, and we got the project done. It wasnt the easiest project that we ever did.Can IT Avoid Getting Involved?That project with engineering, manufacturing and IT came early in my CIO career, and I learned quickly that automation projects have many different pieces, engage many different departments, and can quickly become as politically charged as they are technically challenging.Related:Ive talked to several other CIOs about how to get past politics. Some are more than happy to just have the departments that want to automate retain their own consultants or hire in the people -- and do the work themselves -- but Ive seldom seen this work. Why? Because invariably, the consultant or the engineer that a department brings in has a question about how to integrate with other enterprise systems that IT manages.One way or another, IT will be involved.Is There a Best Approach?From personal experience and from conversations Ive had with other managers, an optimal approach to automation and robotics when IT works with engineering-oriented departments such as manufacturing, is to place the automation or robotics engineer in the engineering or manufacturing areas. Then the engineers can be savvy on the departments business processes as well as on the automation and robotics technologies that are needed. In this scenario, IT would be assisting primarily in system integration.However, if the company is in finance, healthcare, retail, or other non-engineering-oriented businesses, its likely that IT might be the best destination for a robotics or automation engineer, because the user departments wont have the necessary skillset.In all cases, automation and robotics projects require strong collaboration and cooperation between departments and IT. In this way, everyone can be assured that they are moving into each project with a complete and comprehensive knowledge base of the business, the systems, and what they want to automate.

John Edwards, Technology Journalist & AuthorApril 4, 20255 Min ReadIngram Publishing via Alamy Stock PhotoInnovations arrive at a rapid pace. To stay on top of the latest promising breakthroughs -- and weed out the flops -- IT leaders must create and staff innovation projects. Yet when working with limited resources (and which IT leader isn't?), it's important to find a way to prioritize initiatives.Start by mapping each project to a specific business goal or customer need -- this ensures real impact, advises Rohan Sharma, a former innovation team leader at scientific instrumentation firm Thermo Fisher Scientific and now an independent author and lecturer. "Next, weigh key factors such as ROI, resource availability, and risk tolerance," he recommends in an email interview. "Finally, create a transparent scoring or ranking system so everyone understands why certain projects come first."Sharma says this approach forces discipline. "Instead of running with the coolest idea, youre aligning with strategy and measurable outcomes," he explains. "It also demystifies decision-making for your team, reinforcing trust and focus."Risks and RewardsA reliable way to prioritize innovation projects is to weigh each initiative's risks and rewards, suggests Nick Esposito, founder of NYCServers, which specializes in hosting services for fintech and trading platforms. "It's about looking at the potential impact, how doable the project is, and whether it fits with the companys long-term goals," he says in an online interview.Related:Esposito notes that projects with a potentially high financial or competitive reward are generally worth prioritizing -- just as long as the risks remain manageable. Don't forget to consider the project's time-sensitivity and whether it can be completed on schedule, he adds. "By focusing on projects that offer the biggest benefits with reasonable risks, organizations can get the most out of their innovation efforts."Innovative ApproachesPrateek Shrivastava, advanced analytics manager at engine and power-generation manufacturer Cummins, says his team relies on what he calls "The WIZGIF Method," an abbreviation of "What Is the Goal in Focus?" "This approach ensures that every project is evaluated based on its alignment with the overarching business goal," he explains in an online interview. "By breaking down priorities into clear, actionable criteria -- such as business impact, strategic alignment, feasibility, and required resources -- it creates a structured framework for decision-making."Shrivastava believes that his WIZGIF method is effective, since it forces clarity and alignment from the outset. "By keeping the business goal in sharp focus, it minimizes distractions and ensures that all efforts are contributing to the organizations strategic objectives," he states. "This approach fosters collaboration and transparency while keeping teams agile in responding to evolving needs."Related:Benjamin Atkinson, innovation director at CNA Insurance, takes an alternate position. He feels that project prioritization should be generally avoided. "When we talk of innovation, we're usually talking about problem-solving in a complex adaptive system," he says via email. "We simply can't know in advance which ideas will succeed -- picking winning ideas is a loser's game."If leaders want successful ideas, they must provide their teams with a clear direction, a clearly defined problem space, and known constraints, Atkinson says. "If leaders take the time to do this, they will have created a magnet for good ideas."Seeking SupportSharma says cross-functional peers in areas such as finance, operations, and product teams, are the best innovation allies. "They offer diverse viewpoints on feasibility, budget, and timing," he explains. "Tapping into an executive sponsor can also help keep priorities aligned with the bigger organizational picture."Related:Working closely with cross-functional teams, including business analysts, finance departments, and product managers, can provide a clear understanding of a projects feasibility and potential value, Esposito says. External consultants and other industry experts can also offer valuable insights, especially when exploring new or unfamiliar technologies. "Collaborating with these resources ensures a comprehensive view of market trends, technological advancements, and business needs to inform decisions."Sharma says the biggest mistake project leaders make is spreading resources too thinly or chasing "shiny objects" without any clear business alignment. Meanwhile, trying to focus on everything at once guarantees mediocre results across the board, he adds.Parting ThoughtsDon't consider any new project without first establishing a solid prioritization framework. "A strong prioritization framework is a living process, not a one-off exercise," Sharma says. "Keep refining it based on feedback and results," he advises. "Additionally, by embracing ongoing learning, you'll cultivate a culture that values both innovative thinking and practical execution."Prioritization is not a one-time activity -- it's a continuous process that requires alignment, evaluation, and adaptability, Shrivastava says. "Methods like WIZGIF are valuable because they provide a consistent framework to revisit priorities, make dynamic adjustments, and ensure that resources are always directed toward maximum value creation."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Carrie Pallardy, Contributing ReporterApril 3, 20256 Min ReadIngram Publishing via Alamy Stock PhotoThe potential impact of the breach of Oracle Healths Cerner Legacy servers has CISOs and CIOs from the health care arena planning how to respond.The health IT company has not publicly acknowledged the breach but it has been communicating with impacted customers, BleepingComputer reports. The company is also dealing with another incident involving its cloud servers.With patient data at risk, what should health care CIOs and CISOs think about these breaches and the ever-present cloud of third-party risk?Legacy System BreachesOracle did not respond to InformationWeeks request for comment on the Oracle Health breach. Thus far, the company is remaining tight-lipped about both breaches. This lack of transparency is engendering significant criticism.Hackers gained access to legacy Cerner servers with data that had not yet been moved to Oracles cloud storage, Reuters reports. Some health care customers were notified in January.The scope of the breach is not yet clear. As of April 3, the breach impacting Oracles health care customers has not been posted on the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) breach portal.Oracle acquired the electronic health records company Cerner back in 2022. As of January 2024, Oracle Cerner had a 21.7% share of the inpatient hospital EHR market, second only to Epic, according to Definitive Healthcare.Related:That's a significant amount of potentially impacted clients, says Scott Mattila, CISO and COO of Intraprise Health, a health care compliance and cybersecurity company.Already, there are reports of hospitals being extorted by a threat actor using the name Andrew, according to BleepingComputer. The actor is threatening to leak data if hospitals do not cough up millions in cryptocurrency.Scott MattilaThe second incident, involving Oracle Clouds federated SSO login servers, involves the alleged theft of 6 million records, BleepingComputer reports. The company initially denied the breach despite analysis from security researchers. It has since acknowledged the breach, informing some of its customers that old client credentials had been stolen from a legacy environment, Bloomberg reports.Legacy system risk is not new in the health care industry. It is typical for data migration, like the moving of data from old Cerner servers to Oracles cloud, to be a slow process, according to Mattila.We anticipate that with any type of data migration. You've got some clients that are obviously really small, and they're going to be easy because it's very linear, Mattila says. But then you're going to have these more complex organizations that are not going to be moving off of that on-prem infrastructure, and it's taking them time.Related:Those legacy systems represent a juicy target for threat actors looking for valuable data with a lower barrier to entry.A lot of these older legacy systems, they just get sort of stuffed in the corner a bit and get forgotten about as most of our energy is focusing on building the latest and greatest and the new thing, Jim Ducharme, CTO of ClearDATA, a multi-cloud security company for the health care industry, tells InformationWeek.Taking ActionSifting through the details of the two incidents and the limited information being shared is likely frustrating for potentially impacted organizations.The longer we wait and the less information we share as a community -- good, bad or indifferent -- is putting further harm and risk to even of the most critical organizations that are already running on thin margins and overly stressed teams, says Mattila.It is time for health care CIOs and CISOs that work with Oracle Health to break out their incident response plans.Has Oracle sent a notification to your organization? Are there any signs of data exfiltration or suspicious movement in your network?Related:Especially if you're going to do something that disrupts production in your organization, youve got to have a good reason to do it, Devin Shirley, CISO for Arkansas Blue Cross and Blue Shield, points out. So, you really need to dig in and [get] as much information you can.Devin ShirleyAccess management is essential. Look for identities that you dont recognize. Reset passwords and credentials. How many passwords need to be reset likely depends on how embedded an organization is with Oracle, according to Shirley. It may just be a small team, or it may be hundreds of people. An organization may need to rollout password resets in phases.There's a way to appropriately balance, and I think that's where the CISO and CEO can come to terms and agree on: How do we make sure we're not impacted by this, but how do we also keep people working and productive? says Shirley.Following any incident, security teams need to maintain continuous monitoring to ensure threat actors do not have any lingering access.Continue to monitor and stay as close to what's going on, Mattila recommends. I would at least anticipate that my security team would be giving me a daily update on any progress that's being made, anything that was identified, that we're addressing accordingly any risks or potential suspicious activity that has transpired over the course of the last 60 to even 90 days.The ongoing Oracle incident is a reminder for all health care leaders to think about their enterprises reliance on legacy systems. Upgrading this technology is often an expensive, multi-year project, and not every organization can afford to shoulder that right now. But that doesnt mean that risk should go unexamined.If you've got some really legacy infrastructure out there you may not be able to upgrade it immediately -- these may be big, longer term projects -- but you better think about compensating controls to keep it secure, says Ducharme.Third-Party Risk, AgainLast year, the health care industry was rocked by the ransomware attack on Change Healthcare. While that incident was an abject lesson in third-party risk, the industry is still learning.I can tell you that despite Change Healthcare, despite the Anthem breach before that, we still see the same patterns of attack that took down Anthem [and] that took down Change prevalent today in some of the largest health care organizations in the country, says Ducharme.A lack of multi-factor authentication on critical systems facilitated the attack on Change Healthcare, and the 2015 Anthem breach involved stolen login credentials.The two biggest ways that we see attackers trying to infiltrate these health care organizations: one is identity theft and two is infrastructure compromise on older systems, Ducharme stresses.Health care systems are so complex that it can be difficult to identify and mitigate all of the potential risks. There are so many broken windows in health care organizations that make them susceptible to breach, that sometimes it's tough to know which window to fix first, Ducharme explains.Despite the knowledge that these risks do exist, with the potential for devastating consequences, health care organizations may not be prioritizing their security posture.Were in a downturned economy. The natural instinct is to start cuttingeverything. And I think that's where CIOs, CISOs, CEOs, CFOs really have to think and look at things through a risk lens. Yes, we can cut any and everything: technology, security, but what's the risk potential? asks Shirley. You save $1 million or $2 million now and then you get breached six months later. Now, you might be paying out $200 million in class action lawsuits. Was it worth it?Third-party risk isnt going anywhere. What does that mean for the health care industry?We're going to [need] demonstrable change in the industry. There has to be. It is no longer acceptable to consider these types of events as business as usual, says Mattila.About the AuthorCarrie PallardyContributing ReporterCarrie Pallardy is a freelance writer and editor living in Chicago. She writes and edits in a variety of industries including cybersecurity, healthcare, and personal finance.See more from Carrie PallardyWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Max Vetter, VP of Cyber, Immersive April 3, 20254 Min ReadZdenek Sasek via Alamy StockJust a few months into the year, organizations have already been rocked by massive breaches, high-stakes settlements, and disruptive LLMs. The pace of these events isnt just alarming -- its a warning sign. If these early shockwaves are any indication, cyber professionals are in for a year of unprecedented challenges and shifts in the threat landscape.Cyberattacks arent just likely anymore -- theyre practically inevitable. With the rise of GenAI, ever-expanding threats, and hostile nation-state actors, the game has changed. Yet, most organizations continue to play defense the same way: relying on outdated training, investing in cyber insurance policies, and adopting the latest tech tools, believing the tick boxes required by compliance actually help them be secure.But are they actually ready? Organizations must go beyond simply claiming readiness to prove it.This will be imperative for overall business operations and their bottom lines, as the global average cost of a breach was $4.88 million, with the vast majority (68%) of breaches involving the human element. Organizations must start from within to ensure theyre doing all they can to protect themselves from threat actors.Security leaders can strengthen their readiness by focusing on these key actions:Related:1. Out with the old, in with the newIts past time to ditch painful traditional training (like anti-phishing videos) and other outdated methods that dont measure what people will do in the event of a threat, which can lead to a false sense of security. It's time to shift focus to the continuous development of your team's skills through hands-on crisis exercising. And this doesnt mean one-and-done training will cut it. Regularly pressure test your people to ensure they can adapt and communicate effectively. Regular cyber drills will ensure your people are ready.2. Focus on your people over tech stacksJust recently, MGM agreed to pay $45 million following breaches in 2019 and 2023. They were impacted by malicious actors taking advantage of the human element of their security posture. This example underscores the bottom-line need to uplevel the knowledge, skills, and judgment of their entire workforce to ensure no one is taken advantage of as a weak or missing link and instead empower everyone to be an asset for the security and bottom line of the organization.That said, it would be naive to overlook technologys role as the bridge between malicious actors and their victims. To stay ahead, organizations should consider using newer tools, like GenAI, to strengthen their defenses. Integrating these tools into hands-on exercises allows your team to concentrate on remediation and enhancing defenses. Humans should also always be kept in the loop because its critical to remember GenAI can be a double-edged sword: while DevSecOps teams can use it to automate and accelerate vulnerability detection, bad actors will exploit these same tools to generate malicious code and enhance phishing or fraud tactics, increasing overall risk.Related:3. Involve your execs, not just techsInvolving all executives in a company's cybersecurity strategy is crucial for creating a holistic and effective approach to security. Cyber threats are not limited to IT; they can affect every aspect of a business, from financial systems and customer data to supply chain operations. Keeping these conversations siloed is a missed opportunity. Instead, leaders like the CEO, CFO, and legal team should be involved to ensure security strategies align with the companys broader business objectives. The industry agrees, as 96% of cyber leaders believe communicating cyber-readiness to senior leadership and boards will be crucial this year.This cross-departmental involvement helps create a unified approach where security is seen as a technical challenge but also as a core part of the company's overall strategy, influencing decision-making at all levels. A modern, comprehensive cybersecurity strategy requires leadership engagement across departments to ensure resilience, compliance, and long-term business success.Related:4. Treat cyber risk like any other business riskApproaching cyber risk like any other business risk is essential for a companys long-term stability and success. Like how businesses monitor financial performance, competitive threats, and legal liabilities, cyber risk should be tracked with the same level of attention. An organization must continually assess its cybersecurity posture, identify vulnerabilities and evaluate potential threats.This means not only implementing technical defenses, but also establishing policies, processes, and training programs that foster a culture of security awareness. By treating cyber risk as an ongoing priority, companies can address weaknesses before they become breaches, ensuring their cybersecurity efforts are integrated into the broader risk management framework.As we navigate the tumultuous technological landscape, its clear that a reactive approach is no longer enough. Organizations must evolve beyond checking off boxes for compliance or relying on outdated solutions that offer limited protection. The best way to stay ahead of malicious actors is to encourage a culture of proactive, holistic cybersecurity -- where technology, human capabilities, and leadership all play integral roles.Cybersecurity should not be an afterthought or siloed responsibility. Instead, it should be embedded in an organization's strategy at every level. By focusing on the right people, technology, and approach to risk management, businesses can better position themselves to be ready for whats to come.About the AuthorMax VetterVP of Cyber, Immersive Max Vetter leads a team of cyber experts at Immersive Labs, helping customers stay ahead of threats and be resilient against cyber-attacks. Max spent seven years with Londons Metropolitan Police Service as a police officer, intelligence analyst, and covert internet investigator, including working in the money laundering unit in Scotland Yard. He also worked as Assistant Director of the ICC Commercial Crime Services investigating commercial crime, fraud, and serious organized crime groups. Before joining Immersive Labs Max spent three years training the private sector and government agencies including the UKs GCHQ and its cyber summer school in ethical hacking and open-source intelligence and was the subject matter expert in darknets and cryptocurrencies.See more from Max VetterWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

TechTarget and Informa Techs Digital Business Combine.TechTarget and InformaTechTarget and Informa Techs Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Bridging the Gap Between the CISO & the Board of DirectorsBridging the Gap Between the CISO & the Board of DirectorsPositioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite.Dark Reading, Staff & ContributorsApril 3, 20251 Min ReadBorka Kiss via Alamy StockAs a chief information security officer (CISO), it's been exciting to see more CISOs become a part of important business conversations andget more face time with their boards of directors. However, more face timedoesn't automatically translate to better communicationor stronger alignment between CISOs and boards.According to data from our recent "CISO Report," of the respondents who indicated a "very good" or "excellent" CISO-board relationship, 44% of CISOs believed they were adequately communicating security milestone progress, while only 29% of board members believed the same.This gap in communication and understanding can directly affect a company's bottom line. For example, inadequate security resources can lead to data breaches that affect consumer trust. Also, insufficient regulatory compliance can prevent the sale of certain products and invoke fines. These disconnects don't just cause frustration; they also may lead to real financial and reputational damage. To build stronger alignment and ensurecybersecurity is seen as a business priority, CISOs need to take proactive steps. Here are three key strategies that can help.Read the Full Article on Dark ReadingAbout the AuthorDark ReadingStaff & ContributorsDark Reading: Connecting The Information Security CommunityLong one of the most widely-read cybersecurity news sites on the Web, Dark Reading is also the most trusted online community for security professionals. Our community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.See more from Dark ReadingWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Matthew Jamison, Principal, The Gunter Group April 2, 20254 Min ReadCharlotte Allen via Alamy StockIts never been harder to be a chief information officer. You have the demands of major digital-transformation projects that far too often fail to fully deliver on their promise. You have the give and take between user convenience and IT security in an era when, thanks to ransomware, breaches have never been more costly. You have talent gaps and budget limitations.And, you have unremitting requests from business units amid the emergence of generative AI, which has had the effect of releasing squirrels at a dog show.So, its no surprise that, while infamously short CIO tenures seem to be marginally longer than they were a few years back, their departures are often someone elses idea. How can a CIO avoid that fate?Dont try to be a technical wizard. The CIO job is mostly about communicating. You dont make it to the C-suite without proven technical skills. That background remains indispensable. But the CIOs job is to deeply understand the businesss goals and then guide the selection, implementation, and acceptance of technological solutions that best help the organization achieve those goals.The business environment is in constant flux. Technologies quickly evolve. Knowing the business requires constant dialogue with C-suite peers as well as business-unit leaders. That means taking the initiative to reach out to and drive strategic conversations with leaders across the organization to deeply understand what their functions do; what they hope to do; how theyre using technology; and how all that contributes (or may one day contribute) to the organizations overall strategic goals.Related:However, to grasp the technological state of the art, CIOs must rely on the deep dives of trusted IT architects and other specialists. Only then can CIOs serve as trusted intermediaries between business and technology experts. So, regardless of ones background, a CIOs communication skills and political savvy are vastly more prized than their technical knowledge.Also, a CIOs technical upbringing can color a worldview in unproductive ways. A CIO who came up through data-center management and infrastructure may be prone to invest in performance past the point of economic return. One who grew up in development may pour more money into custom solutions and user experience than pays off. Staying laser-focused on the companys strategy and business goals while understanding -- and communicating at a conceptual level -- how evolving technologies can meet those goals lets CIOs grow beyond their own backgrounds. Thats good for the company, and for the CIO.Related:Focus on strategy. That takes ruthless prioritization. Marketing wants a new automation platform. Finance and operations want a new security app. Product wants custom development for an R&D project. Business development wants IT due diligence for a prospective acquisition. Sales wants a new lead-generation system. Operations wants a new messaging app.Each may be a good idea in isolation. But approving them all would overwhelm the IT group even if one could budget for it all. Yet, so often, the CIO says yes, yes, and yes. Thats overpromising, which is a guaranteed path to underdelivering, disappointing and throwing the CIOs competence into question.A focus on strategy is crucial here. What is technologys role in the business? Unless youre a Spotify or a Netflix, technology is not what the business does, but rather an enabler of what the business does. For example, with a financial advisory firm, finding new customers to advise is the lifeblood, so it makes sense to invest in and support state-of-the-art analytics and lead-generation capabilities for the sales team and to hold off on that new messaging app for operations.Say no, then explain the strategic business reasons why. Vivid explanation must accompany ruthless prioritization. This takes us back to the importance of communication. Failing to deliver on too many yeses can doom a CIO. But saying no (or, with good ideas that rank as lower priorities for the time being, not yet) will disappoint, too. That can sour a business unit or administrative functions relationship with IT. At its worst, it can lead to rogue installations that bring security risks and maintenance nightmares.Related:The way a CIO avoids this is, yet again, by evangelizing the IT organizations alignment with the companys overall strategic goals. That means being firm and factual about where a rejected or waitlisted project sits on the long roster of prospective projects -- and why the ones above it are more important to the businesss success.It may mean describing the need to engage external partners or bring in outside resources. It certainly means explaining that each new system or API represents a long-term commitment of money and attention. And it could even mean reminding people that trying to deliver for everyone runs the real risk of delivering for no one.Failure to deliver due to impaired strategic vision, compounded by poor communication, is bad for the business and everyone involved. By constantly communicating, ruthlessly prioritizing, and focusing on projects that make the most strategic sense for the business, CIOs can make the right moves for their companies and help ensure that, when they do depart, they do so on their own terms.About the AuthorMatthew JamisonPrincipal, The Gunter Group Matthew Jamison is a principal at The Gunter Group, a management consultancy based in Portland, Ore. The former IT solutions architect helps CIOs and technology leaders align their efforts with enterprise strategy with a results-oriented understanding of the intersection between reality and architectural theory. With over 20 years of functional information technology experience, Matt is an expert in mapping technology solutions to business needs, with experience that spans multiple industries, including healthcare, telecommunications, and security and software.See more from Matthew JamisonWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Vendor relationships have been changing over the years, with more vendor organizations becoming consultative in nature. For decades companies have been adding a service arm to expand their share of wallet, a KPI that doesnt necessarily benefit customers. The ultimate test of a vendors value is the business value realized as the result of the partnership.Vendor relationships are more important than ever before, says AJ Thompson, chief commercial officer at IT consultancy any Northdoor. With technology solutions now so complex and constantly changing, he says you can't underestimate how important solid relationships between organizations and vendors have become. This is true in several ways. Tech is getting more complicated by the day, so vendors who really know their stuff are worth their weight in gold. They share knowledge and provide the support you just can't get elsewhere.One of the big benefits of a strong vendor relationship is that enterprises get early access to new technologies and features, which helps chief information officers stay current. Its also important to have trustworthy vendors that maintain decent security and compliance amid increasingly complex regulatory landscapes.When youve found good relationships, you end up with solutions that actually fit your needs and more wiggle room during implementation, says Thompson. Plus, when things go wrong -- and they always do -- problems get sorted much faster when you're on good terms.Related:Trust is the necessary foundation, which is built through open communication, solid performance, relevant experience, and proper security credentials and practices. [P]eople buy from people they trust, no matter how digital everything becomes, says Thompson. That human connection remains crucial, especially in tech where you're often making huge investments in mission-critical systems.For example, when Northdoor was implementing a complex solution for a client with an extremely tight deadline and hit a snag, its primary vendor's account manager brought in the senior engineering team within hours to resolve the issue.[That account manager] knew our business well enough to understand the stakes and trusted us when we emphasized the urgency, says Thompson. That kind of responsiveness simply doesn't happen with transactional vendor relationships. In fact, the client later mentioned that watching how our vendor partner responded during that crisis gave them more confidence in our overall solution than any sales presentation could have.Related:AJ Thompson, NorthdoorThats why Thompson invests significant time in regular face-to-face meetings with Northdoors key vendors discussing products and roadmaps and the people behind them.Vendors who don't hide their limitations and are upfront about their capabilities tend to earn trust quickly. Meeting SLAs consistently matters enormously, says Thompson.Those who [understand] the specific challenges of your industry are gold dust, particularly in IT and cybersecurity where proper security practices and the right certifications make all the difference to confidence levels.Ashish Malhotra, president at management advisory firm Ampalyst Advisors, says selecting a vendor and executing a professional services agreement is relatively straightforward, but getting it wrong is prohibitively expensive.In todays dynamic technology landscape, vendor selection is more critical than ever, says Malhotra. As companies increasingly favor a buy over build approach, choosing the right vendors becomes paramount.Vendors can provide significant value in several ways, such as providing access to global talent and ecosystems, having the flexibility to scale resources up or down as needed, and shifting human capital from fixed to variable costs.Related:Vendors can also help their customers address in-house skills gaps and reduce managerial overhead costs. Importantly, customers can benefit from the industry expertise gained from multiple client engagements and innovative problem-solving approaches while ensuring adherence to proven methodologies and upskilling internal staff in emerging technologies. However, most important of all is trust.Trust is fundamental in partnerships, but in customer-vendor relationships, it must be paired with verification. Third-party governance is a critical function that should remain independent of the outsourcing arrangement, says Malhotra. Yet, many organizations make the mistake of allowing vendors to self-govern through dashboards, report cards, and operational meetings leading to weakened oversight.An executive-level technology governance framework helps ensure effective vendor oversight. According to Malhotra, it should consist of five key components, including business relationship management, enterprise technology investment, transformation governance, value capture and having the right culture and change management in place.Beneath the technology governance framework is active vendor governance, which institutionalizes oversight across ten critical areas including performance management, financial management, relationship management, risk management, and issues and escalations. Other considerations include work order management, resource management, contract and compliance, having a balanced scorecard across vendors and principled spend and innovation.Vendors that excel in these areas build greater trust, says Malhotra. Trust is not an abstract concept -- it is measurable through quantifiable performance indicators.Igor Epshteyn, president and CEO at digital product engineering company Coherent Solutions, believes as AI, cybersecurity, and compliance requirements are growing more complex, cooperating with a trusted vendor means having a partner who can provide up-to-date solutions.For businesses cooperating with IT vendors, it is crucial to choose digital engineering partners who have a proven track record and recommendations and, importantly, can guarantee strong cybersecurity measures, says Epshteyn.The Biggest Mistakes Vendors MakeOne of the biggest mistake vendors make is failing to drive tangible value for customers. Instead, the relationship is more transactional in nature, with the goal of upselling and cross selling products or solutions regardless of how the implementation will likely playout in the long term.Over-promising and under-delivering, poor communication, being stuck in their ways or vanishing after the sale absolutely kill trust and damage relationships beyond repair, says Northdoors Thompson. Vendors who refuse to adapt to changing needs are a write-off, and those who focus too much on closing deals rather than providing ongoing support won't keep clients for long.Ampalysts Mahotra says one of the biggest mistakes vendors make is bundling their services into rigid, all-inclusive packages that customers cannot easily modify. This includes offering a 2% innovation credit that customers do not know how to utilize, embedding proprietary portals and tools that cannot be decoupled if the customer terminates the contract and structuring contracts that lock customers in rather than fostering loyalty through performance.Ashish Malhotra, Ampalyst AdvisorsWhile [bundled services] are marketed as value-adds, they often function as exit constraints. As customers mature in their procurement strategies, they prefer vendors who win future business through high net promoter scores and strong performance -- not those who rely on contractual entrapment, says Malhotra. He says that while customers must ensure vendors are not earning excessive margins, sustainable partnerships require vendors to maintain healthy profitability. A well-structured engagement should be mutually beneficial rather than a race to the lowest cost.Coherent Solutions Epshteyn says missteps in communication, unresponsiveness, and overpromising are quite common.Clients should receive regular feedback, and their issues should be addressed as soon as possible by a dedicated account manager, says Epshteyn. Vendors who aim to build long-term and trustworthy partnerships should make sure they deliver on their promises, set clear deadlines, and are transparent about challenges and changes.How CIOs Should Approach Vendor RelationshipsNorthdoors Thompson says CIOs should do their homework on both a vendors technical capabilities and how they treat their customers.Set clear expectations and measurable KPIs from day one so everyone's on the same page. Schedule regular reviews to keep things on track and nip problems in the bud, says Thompson. Try to create genuine partnerships rather than just transactions. Where appropriate, get vendors involved in strategic discussions [because] it leads to much better outcomes. And finally, put real time and effort into nurturing key vendor relationships. Theyre strategic assets that pay off tremendously.Ampalysts Malhotra says vendor selection should involve both threshold and comparative criteria. The threshold criteria are binary conditions that vendors must meet to be considered. Missing any of them should preclude a vendor from further evaluation. These criteria may involve environmental factors like political and social stability where the vendor operates, legal protections including robust regulatory frameworks and IP security, and company-specific requirements such as minimum revenue size, relevant domain expertise, compliance with industry regulations and talent availability.Once vendors meet the threshold criteria, they should be assessed using a ratings-based approach that considers the infrastructure and technology ecosystem, depth of talent and expertise, cost structure, and financial viability. Other important considerations include the labor pool size, literacy rates, and access to educational institutions as well as language and communication proficiency.Vendor selection is just the first step, says Malhotra. Managing these relationships is the companys responsibility and cannot be outsourced. This is where technology governance and third-party governance become essential in sustaining long-term, value-driven partnerships.As the tech landscape continues to evolve, strong vendor relationships become a critical differentiator.[Strong vendor relationships] not only help in navigating complex technological challenges but also drive innovation and create strategic value, saysThompson. By focusing on transparency, performance, and mutual growth, organizations can cultivate vendor relationships that significantly contribute to their success in the digital era."

John Edwards, Technology Journalist & AuthorApril 2, 20255 Min ReadYuri Arcurs via Alamy Stock PhotoWhen it comes to business and technology tasks, many IT leaders believe they can do anything. While this may be generally true, it also opens a potential trapdoor. Actually, no leader can work effectively and efficiently without delegating specific tasks to qualified team members. Over time, failing to offload routine tasks to subordinates will prevent the leader from focusing on other, critical priorities.Even when an IT leader recognizes the need to delegate tasks, failing to provide sufficient guidance can lead to delays, warns Pavlo Tkhir, CTO at digital transformation company Euristiq, in an email interview. This includes failing to set deadlines, task priorities, and project goals. "It causes confusion, which slows down the process and kills motivation," he explains.Failure to CommunicateClear communication is essential, says John Kreul, CIO at insurance firm Jewelers Mutual. He advises IT leaders to spend time with team members in small group meetings, one-on-ones, and town halls to build trust and confidence. "The goal is to create an environment where the leader can listen to feedback, take and answer questions, and, ultimately, drive clarity and transparency," Kreul states in an online interview.If goals aren't effectively communicated, team members will be prone to making incorrect assumptions. This can lead to trouble when the leader realizes that project outcomes aren't aligning with broader enterprise objectives. "It obviously causes delays, because the team will need more time to figure out what they need to do," Tkhir says. "On top of that, it can really undermine your authority as a leader and damage overall team dynamics due to lost trust."Related:Customer-CentricityA major mistake many IT leaders make is failing to develop an Agile customer-centricity plan, whether it's for internal or external customers. "It's the starting point and the North Star when there's a question about direction or next steps," says executive team coach Keith Ferrazzi, via email.Theres a difference between what's urgent, whats important, and what's both, Ferrazzi says. "Being able to focus attention on the most pressing and high-value tasks that make up a sprint -- a practice of breaking-down complex projects into smaller, simpler sprints of work -- is essential." This is the key attribute in the most successful Agile teams.Intelligent DelegationThe ultimate goal should be seeing team members self-assign tasks, identify potential roadblocks, and allocate support, Ferrazzi says. He also believes that IT leaders should allow their teams to hold fellow team members accountable. "In this way, the team adopts 'teamship,' with a contract of peer-to-peer accountability."Related:Without driving individual and team connectivity, and getting close to what's happening, it's impossible to understand how the team really feels, Kreul says. Actively listen, assess how well team members understand current priorities, provide feedback and, finally, self-reflect on your performance as a leader, he advises. "The ultimate harm is low employee engagement, which leads to poor customer experiences, inconsistent execution, and regrettable turnover."All AboardLogical task delegation is essential. "You should provide context on tasks by outlining the 'why' of it and articulating main requirements and goals," Tkhir says. "You need to set clear deadlines and expectations, including key metrics." It's also important to create a check-ins schedule throughout the task completion period, allowing team members to know when they will have an opportunity to have their questions addressed.A leader should set guardrails yet allow the team to own their tasks and drive execution. "Empowerment will drive ownership and foster a curiosity to learn versus being told what to do," Kreul says. "Task ownership will allow personal and team growth through learning by doing -- critical experiences for growth."Related:An effective way to ensure successful task delegation is to encourage feedback and rapidly act on necessary changes or improvements. A post-task analysis can also help team members feel engaged. "Run a review session, where the team can share their perspectives on how the project went in terms of task delegation and completion," Tkhir says. "This is also a good way to facilitate open communication within your team or company."Ferrazzi says that IT leaders shouldn't micromanage Agile teams, but ask strategic and reflective questions at review points, such as: What did we achieve in the last two weeks? Where did we struggle and why? What will we achieve in the next two weeks?Parting ThoughtsLet go of the perceived need to control -- trusting your people is often hard, but it will lead to engaged and empowered teams, Kreul says. "Recognize and put your people first," he advises. "Recognition reinforces the value of your teams work and motivates future contributions."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

IT executives are under ever-increasing levels of strain. Chief information officers, chief information security officers, and chief technology officers are responsible for managing growing threat levels while juggling skill gaps and talent shortages. Even as awareness of the very real threats cyberattacks pose grows, the average C-suite remains indifferent until a crisis occurs.Studies indicate that people in leadership positions are expected to be more resistant -- perhaps even immune -- to the stressors that result in mental health problems. But IT execs appear to be particularly vulnerable given the novel and tenuous nature of their roles.The narrative emerging from both academic research and media reports suggests that they are being crushed by unrealistic job expectations.According to one report, 78% of CISOs were seeking a new role due to the stresses of their job. Depression, anxiety, substance abuse and even suicidality are rampant at both the executive level and among their subordinates.Industry leaders and external observers are now looking at how to address these issues -- through both systemic change and individual effort. Here, InformationWeek investigates the state of mental health among IT execs and their teams. Andrew Shatt, chief knowledge officer and co-founder of meQuilibrium; and Lincoln Stoller, a software company founder and psychotherapist, offer their insights on the nature of the problem and how to address it.Related:The State of IT Exec Mental healthIT execs have begun to raise the alarm -- they are not OK. A toxic conflagration of factors has resulted in a typical work environment that frequently results in severe mental strain.An onslaught of cyberattacks, severe staffing, and skills shortages combined with indifferent C-suites have created a set of stressors that are nearly impossible to cope with.A 2024 report on CISO burnout released by Vendict found that 80% of CISOs were highly stressed and 61% felt overwhelmed by the expectations placed on them. The problem has been brewing for some time -- even a 2020 report by Nominet found that 91% of CISOs were suffering from moderate to severe job stress.These problems run downhill -- 50% of respondents in the Vendict report said that team members had left due to stress. A 2024 Hack the Box report found that 90% of CISOs were concerned about stress affecting their teams. Per a report by Yerbo, 42% of IT professionals are burning out and considering quitting their jobs.Causes of Mental Health DeclineRelated:An enormous suite of issues have contributed to the mental health crisis among IT execs.Working conditions are of course a major factor. Their leadership positions are often lonely. They are part of the C-suite but often have little in common with their executive peers -- who are more likely than not to dismiss their concerns. And they are responsible for hugely consequential aspects of the business, keeping it secure from threats and managing highly technical projects with little support.We may understand that theyre more important than we thought they were, Shatt says. But the distance between them and the rest of the organization creates a greater mental health risk.Their personalities also play into the equation. CIOs, CISOs, and CTOs are highly independent people -- and some lack interpersonal skills. And they may view their ability to meet punishing deadlines and crushing workloads as a badge of honor.I see the CIO -- and the whole tech department -- as needing to become more personally capable in dealing with people, because theyre not really able to be isolated behind a computer anymore, Stoller says. Too many people are involved. If you go to school to be a computer engineer, they dont teach you about mental health, they dont teach you about management.Related:Theyre probably less people people than most others in the organization. Theyre more perfectionistic. They have to be very precise in what they do, Shatt adds. That can put them at greater risk of burnout, because theyre really giving more resources than they have.Vendicts report suggests that funding and staffing difficulties play a huge role in driving mental health decline -- both for these execs and their subordinates. The challenges of maintaining functional technological ecosystems are complicated by resource shortages, leading to long hours and an increased likelihood of errors.Easy solutions are in short supply, but a number of steps can be taken to address this crisis.Increased Funding and StaffingWhile it is likely the most challenging ask for current CIOs, CISOs and CTOs, increasing their funding and staff resources would likely go the furthest in mitigating the factors afflicting their mental health. According to Vendict's report, 45% of respondents said that increasing their resources would alleviate some of their stress.Funding for parsimonious solutions, such as AI programs that might be able to automate tasks that must be done manually by analysts, might serve as a compromise. If AI programs are able to eliminate the need to analyze every report manually, cyber teams are then able to turn their attention to the most pressing issues.Investment in both technological and human resources has a cascading effect. Alleviating strain on staff by improving the tools they have to execute their tasks and compensating them at fair rates reduces turnover rate. Encouraging them to stay through regular training opportunities can further facilitate a cooperative and enthusiastic workforce.Their bosses can then concentrate on big-picture issues.Open DiscussionIT execs can start the conversation themselves -- encouraging the discussion of mental health issues among their peers and subordinates. By sharing their own struggles, they can create an atmosphere where others can do the same.A CIO at a Minnesota insurance company shared a video describing his mental health challenges and found that his colleagues began sharing theirs as well.These discussions need not be limited to mental health -- dialogue about working conditions, conflicts and management of projects is also helpful. These conversations are unlikely to be easy and result in immediate solutions, though, Stoller is quick to note.Were in the stage where were moving toward manifest failure. In that process, there will be some people who will be raising their hands and saying, We have a better way. But most people wont be listening to them, because they haven't gotten to the point of giving up their authoritative roles, he says.Still, attempting to dissolve top-down methodologies is likely a good starting point for addressing pain points for both execs and their staff.Encouragement of Healthy HabitsAs IT ecosystems adjust to the increasing strain, it is incumbent upon leaders to both adopt mindfulness in their work and encourage it among their subordinates. According to the Splunk report, only 36% of UK businesses provide mental health support to their cyber teams.In the absence of formal programs, IT leaders can facilitate discussions about proper sleep habits, taking breaks when needed, and awareness of symptoms of stress. Organizing workshops to discuss these approaches -- and what additional steps may be needed -- can create space for employees at all levels to figure out what works best on both the individual and team level.This should be approached carefully, though, Shatt cautions. If anyone is going to get turned off by the concept of self-care, its going to be people in an IT role, he says. He suggests framing advice in terms of lifts and drags: what reduces their working capabilities and what increases them.I would encourage people to engage with disorder, because thats where things are happening that you dont understand, and thats where you need to be involved, Stoller adds.

Lisa Morgan, Freelance WriterApril 1, 20255 Min ReadDave Meyer, Chief AI Officer, ReveleerIn the healthcare industry, compliance falls short as an AI strategy. Chief AI officers, CIOs, and CISOs need to prioritize responsible AI usage to minimize potential data breaches that could not only lead to fines and litigation, but also reputational damage.Its really a trust factor, says Dave Meyer, chief data and AI officer at value-based care platform Reveleer. [Public healthcare information or] PHI is paramount in healthcare, so we have to treat it responsibly. No one in our organization, including data scientists, has access to anything they dont need to access. Data access needs to be strictly governed.Transparency is also critical because it reduces the risk of relying on what could be a hallucination.When we give AI results, or when we go through our data models, we support it with monitoring, evaluation, assessment and treatment (MEAT). So, for example, not only did we find the term, diabetes, in a patients chart, theres also an explanation of why we suggested this particular ICD [internal classification of diseases] code, says Meyer. That way, when AI provides suggestions, the human still decides whether the suggestion is valid or invalid. We're not trying to [replace] humans. We're trying to make their job easier and more accurate.Related:AI as a Problem-Solving ToolWhile the ability to quickly identify health conditions and find correlations is powerful, its considerably less helpful if users must then manually wade through volumes of information, which could be several hundred or more pages, to locate the references. Instead, AI can surface the references quickly, such as by identifying on what pages of a document, or pages within a set of documents, those references can be found.That sort of use case opens the door to GenAI, however, like in many other industry sectors, GenAI tends to be misunderstood. People who lack a foundational understanding of AI tend to believe that GenAI is the latest and greatest version of single technology called, AI versus another AI technique.I think people view GenAI as a panacea, and it is not a panacea, especially in the healthcare industry where you cannot just have a black box that says, Heres the answer, but were not going to tell you how we got there,' says Meyer. Were using it for evidence extraction from the chart which we can then double check for hallucinations. We take that evidence and run it through our models.However, Reveleer also uses AI for other techniques, such as rules, to pull evidence.Related:A lot of people think they can upload a chart and then ask GenAI for the answer. It will give you an answer that looks okay on the surface, but they are not production level, customer trustworthy answers that are in the percentile of accuracy that [is necessary] in the healthcare industry, says Meyer. Healthcare is a high stakes industry where youre trying to drive patient outcomes, and I dont think that GenAI can be trusted on its own to provide that answer.Some Healthcares Challenges and How to Address ThemOne of healthcares biggest challenges is failing to understand that the accuracy of a prediction can, and often does, vary with use cases. Since healthcare organizations need highly sensitive patient information to provide diagnoses and treatment, the confidence level matters greatly.Trust is a big factor, so being given a suggestion that is 70% accurate isnt good enough. The stakes are too high. You have to balance the sensitivity and security of the data with who has access to it, says Meyer.Of course, trust must be earned by a vendor, particularly when patient records are involved. In Reveleers case, customer trust in its AI capabilities has been earned in a stair-step fashion over time. Specifically, the company began by automatically routing patient charts, then later NLP techniques were added so patient information could be surfaced faster and validated. Now its AI provides automatic pointers to where critical information can be located.Related:One of the biggest challenges is getting the data in an organized format that is usable, says Meyer. In order to build any AI model, you need to have a large quantity of data, and you need to govern that data appropriately. Managing your data is really the foundation of everything before you start building models. You also need to make sure that you know how to handle the data well.In addition to getting the foundational elements right, its important to choose the right tool for the right job.Data science still is a good method for solving a lot of these problems. Everybody's trying to jump to GenAI as the solution. Don't force that if youre getting good results from data science, says Meyer. The same is true for rules-based systems. For example, if you see the word, blood pressure and the reading next to it says 120 over 80, you don't need a GenAI model to pull that out for you. Or, if the data is in a structured format, and you can pull it out without any AI.However, dont overlook the need for a human in the loop when it comes to AI.In the healthcare industry, machines need to be partnered with humans, because healthcare is too high stakes for a lack of human oversight. One suggestion may have a better than 90% confidence score while another only has a 50% conference score, says Meyer. AI can help you cut through the noise and surface the good stuff quickly, but its always going to need the human element. Were not trying to replace humans; were just trying to make them more efficient.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Lisa Morgan, Freelance WriterMarch 31, 20259 Min ReadAndrea Danti via Alamy StockThreat actors are using AI to launch more cyberattacks faster. Recently, theyve employed autonomous AI to raise the bar even further, putting more businesses and people at risk.And as more agentic models are rolled out, the malware threats will inevitably increase, putting CISOs and CIOs on alert to prepare.The increased throughput in malware is a real threat for organizations. So too is the phenomenon of deep fakes, automatically generated by AI from video clips online, or even from photographs, which are then used in advanced social engineering attacks, says Richard Watson, EY global and Asia-Pacific cybersecurity consulting leader. We are starting to see clients suffer these types of attacks. With agentic AI, the ability for malicious code to be produced without any human involvement becomes a real threat, Watson adds. We are already seeing deepfake technology evolve at an alarming rate, comparing deepfakes from six months ago with those of today, with a staggering improvement in authenticity, he says. As this continues, the ability to discern whether the image on the video screen is real or fake will become increasing harder, and proof of human will become even more critical.Autonomous AI is a serious threat to organizations across the globe, according to Doug Saylors, partner and cybersecurity practice lead at global technology research and advisory firm ISG. Related:As a new zero-day vulnerability is discovered, attackers [can] use AI to quickly develop multiple attack types and release them at scale, says Saylors. AI is also being used by attackers to analyze large scale cybersecurity protections and look for patterns that can be exploited, then developing the exploit, he adds. How AI Attacks Can Get WorseI believe it will get worse as GenAI models become more commonly available and the ability to train them quickly improves. Nation-state adversaries are using this technology today, but when it becomes available to a larger group of bad actors, it will be substantially more difficult to protect against, Saylors says. For example, common social engineering protections simply dont work on GenAI-produced attacks because they don't act like human attackers.Though malicious tools like FraudGPT have existed for a while, Mandy Andress, CISO at search AI company Elastic, warns the new GhostGPT AI model is a prime example of the tools that help cybercriminals generate code and create malware at scale. Like any emerging technology, the impacts of AI-generated code will require new skills for cybersecurity professionals, so organizations will need to invest in skilled teams and deeply understand their companys business model to balance risk decisions, says Andress.Related:The threat to enterprises is already substantial, according to Ben Colman, co-founder and CEO at deepfake and AI-generated media detection platform Reality Defender. Were seeing bad actors leverage AI to create highly convincing impersonations that bypass traditional security mechanisms at scale. AI voice cloning technology is enabling fraud at unprecedented levels, where attackers can convincingly impersonate executives in phone calls to authorize wire transfers or access sensitive information, Colman says. Meanwhile, deepfake videos are compromising verification processes that previously relied on visual confirmation, he adds. These threats are primarily coming from organized criminal networks and nation-state actors who recognize the asymmetric advantage AI offers. Theyre targeting communication channels first because theyre the foundation of trust in business operations.How Threats Are EvolvingAttackers are using AI capabilities to automate, scale, and disguise traditional attack methods. According to Casey Corcoran, field CISO at SHI company Stratascale, examples include creating more convincing phishing and social engineering attacks to automatically modify malware so that it is unique to each attack, thereby defeating signature-based detection.Related:As AI technology continues to advance, we are sure to see more evasive and adaptive attacks such as deepfake image and video impersonation, AI-guided automated complex attack vector chains, or even the ability to create financial and social profiles of target organizations and personnel at scale to target them more accurately and effectively for and with social engineering attacks, says Corcoran. An emerging threat is AI-enhanced botnets that will be able to coordinate attacks to challenge DDoS prevention and protection capabilities, he adds.How CIOs and CISOs Can Better Protect the OrganizationOrganizations need to embrace AI for Cyber, using AI particularly in threat detection and response, to identify anomalies and indicators of compromise, according to EY's Watson.New technologies should be deployed to monitor data in motion more closely, as well as to better classify data to enable it to be protected, says Watson. Organizations that have invested in security awareness and are moving accountability for certain cyber risks out of IT and into the business are the ones who stand to be better protected in the age of generative AI, he adds.As cybercriminals evolve their tactics, organizations must be adaptable, agile and ensure they are following security fundamentals.Security teams that have full visibility into their assets, enforce proper configurations, and stay up to date on patches can mitigate 90% of threats, says Elastics Andress. While it may seem contradictory, AI-powered tools can take this one step further, providing self-healing capabilities and helping security teams proactively address emerging risks.Reality Defenders Colman believes the best protection strategy is a layered defense that combines technological solutions with human judgment and organizational protocols.Critical communication channels need consistent verification methods, whether automated or manual, with clear escalation paths for suspicious interactions, says Colman. Security teams should establish processes that adapt to emerging threats and regularly test their resilience against new AI capabilities rather than relying on static defenses.Stratascales Corcoran says well-resourced organizations will be well-served by leveraging AI across vendor products and services to stitch telemetry and response together. They also need to focus on cyber hygiene. Organizations should ensure they protect their people and give them the tools, processes and training needed to combat social engineering traps, Corcoran says. "AI-enhanced automated vulnerability exploitation only works if there are vulnerabilities, he adds. Shoring up vulnerability and patch management programs, and pen-testing for unknown gaps will go a long way toward defending against these types of attacks.Finally, Corcoran recommends a zero-trust mindset that narrows the aperture of access any attack can achieve, regardless of the sophistication of AI-enabled tactics and techniques. ISGs Saylors recommends continuous vigilance of an organizations perimeter using attack surface management (ASM) platforms, and the adoption and maintenance of defense-in-depth strategies. Common Mistakes to AvoidOne big mistake is believing generative AI is nowhere in the organization yet, when employees are already using open-source models. Another is believing autonomous threats arent real.Companies often get a false sense of security because they have a SOC, for example, but if the technology in the SOC has not been refreshed in the last three years, the chances are its out of date and you are missing attacks, EYs Watson says. [You should] conduct a thorough capability review of your security operations function and identify the highest priority use cases for your organization to leverage AI in cyber defense."Over-reliance on point solutions, regardless of their capabilities, leads to blind spots where adversaries can exploit using AI-enhanced techniques.Defending against AI-based threats, like any other, requires a system of systems approach that involves integrating multiple independent threat detection, and response capabilities and processes to create more complex and capable defenses, says Corcoran. Organizations should have a risk and controls assessment done with an eye on AI-enhanced threats. An independent assessor who isnt bound to any technology or framework will be best positioned to help identify weaknesses in an organization's defenses and look at solutions for processes, and technology.Elastics Andress says companies often underestimate the severity of AI-enabled threats and dont invest in the proper tools or protocols to identify and protect against potential risks.Having the right guardrails in place and understanding the overall threat landscape, while also properly training employees, allows companies to anticipate and address threats before they impact the business, says Andress. Threats dont wait for companies to be ready. Leaders must be prepared with the proper defenses to identify and mitigate risks quickly. Security teams can [also] leverage GenAI, he adds. It gives us an ability to be proactive, better understand the content of our environments, and anticipate what threat actors can do.Aditya Saxena, founder at no-code chatbot builder Pmfm.ai,says organizations are unnecessarily creating vulnerabilities by relying more on AI generated code and implementing it without review.LLMs arent infallible, and we risk inadvertently introducing vulnerabilities that could take down systems at scale, says Saxena. Additionally, bad actors could train models around subtly exploiting vulnerabilities. For example, we could have a version of DeepSeek that intentionally corrupts the code while still making it work, he adds.Up until last year, we were mostly using AI as an assistant to speed up the work, but lately, as agentic AI becomes more common, we could be inadvertently trusting software, like Devin, with sensitive information, such as API keys or company secrets, to take over end-to-end development and deployment processes.The biggest mistake companies can make is underestimating the evolving nature of threats or relying on outdated security measures, says Amit Chadha, CEO at L&T Technology Services (LTTS).Our advice is clear: Adopt a proactive and cybersecure AI-driven approach, invest in critical infrastructure and threat intelligence tools, and collaborate with trusted technology partners to build a resilient digital ecosystem, says Chadha. But the most important factor is the human element as [most] cybercrimes happen due to human errors and mistakes. So workshops must be conducted for all employees to educate them on cybercrime prevention and ensuring they do not become the unwitting agents of a leak or data breach. In this case prevention is the cure. ISGs Saylors warns that organizations are not prioritizing basic maintenance of their cybersecurity stack and taking basic precautions, such as running VM scans and patching at least critical issues immediately.We have seen multiple examples of very large companies that are months to years behind on patching because the apps team wont let us do it, or they are running N-3 versions of software because it is too hard to upgrade, says Saylors. Those are the organizations that have already been hacked. AI attacks will just increase the speed and severity of the damage if they become a serious target.He also thinks boards of directors should be educated on the continually advancing nature of cyberattacks being generated by AI and GenAI platforms. The board of directors has the responsibility to prioritize funding for cyber transformation, says Saylors. Start a quantum resiliency plan now, and ensure you have multiple copies of immutable backups.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like