Leighton Wiley had the opportunity to sit down with Glenn Kapetansky, Trexin’s Chief Security Officer and Technology Capability Lead, to discuss the importance of governance in Information Technology organizations. For over 20 years, Glenn has advised senior executives and built teams across multiple industries and roles, including a stint as interim CISO at University of Chicago Medical Center. A repeat recipient of Bell Labs’ Arno Penzias Award for Innovation in the Marketplace, Glenn remains active in the Chicago CISO of the Year program, Cybersecurity Collaboration Forum, and the Technology Leaders’ Association and holds the following certifications and memberships: IEEE, ISC2 (CISSP), ISACA (CISA, CDPSE), and ITIL (SM). Glenn is a nominee for the 2022 Chicago CISO of the Year.
[Leighton] What is the biggest IT governance mistake enterprises make?
[Glenn] In my experience consulting with CIOs (and having been a CTO and CSO myself), their biggest IT governance mistake is not treating IT governance “like the Business does”. Just today a Client, the Chief of Staff for a CIO, was telling me the CIO wants to “manage IT like a business” and asked me “what do other industry leaders do?” I told her she shouldn’t ask what others do, she should go grab the Capability Map her own company uses to manage its business, and create IT-internal analogs to do that. IT’s “business within a business” should map closely to the Business, right?
[Leighton] What makes this mistake so potentially destructive?
[Glenn] When the CIO is governing according to a pattern that doesn’t match—or may in some places be in conflict with—the Enterprise governance, the result is inefficiency at best and outright failure to support value creation at worst. These days where “Digital is the Business”, such mismatch can be a threat to the “thrival” (thrive + survival) of the business. So many CIOs desire the impact of adopting a “Product” mentality but continue to govern according to a “Project and Program” mentality!
[Leighton] What is the best way to avoid making this mistake?
[Glenn] I keep a couple things in mind:
- I myself was slow to adopt a Product mindset, but now I can’t shake the mindset where IT’s limited development capacity needs to cover (and balance) four distinct dimensions: new functionality of course, but also defects, compliance, and technical debt. That premise now influences my perception of priorities, metrics, and demonstrated value to the business.
- Don’t hand your organization over to some bright shiny tool and expect the business value just to start rolling in. The brain should rule the tool, not vice versa! The key is consistent investment and ongoing governance over time and includes succession planning for your experts. We have run into too many organizations where one person accumulates too much intuitional knowledge but doesn’t share. The result is that tribal knowledge eventually leaves, and the CIO relies on a tool or transient consultant.
[Leighton] What constitutes a solid IT governance approach?
[Glenn] I am currently a fan of both Technology Business Management (“TBM”) and the Flow Framework, which I perhaps unfairly relate to Waterfall and Agile governance, respectively. Just as there is room for both types of project management, depending on company culture and needs, so too do I think there is room for both TBM and Flow in IT. Both reflect IT Governance’s critical role across enterprise domains (security, compliance, brand, reputation, etc.), and IT’s responsibility to be a stakeholder in all the core governance groups and processes up, down, and across the organization. As mentioned above, “Digital is the Business” means IT operations are business operations.
[Leighton] Does any of this relate to Trexin’s Technology Capability which you lead?
[Glenn] Actually, this question comes at a good time, as I currently am rebooting Trexin’s Technology Capability to reflect the post-pandemic realities of our Clients. That means fine-tuning our cloud domain to migrations, and our data domain to cloud-based technologies, and strengthening our cyber domain in the areas of privacy and compliance. But most importantly, we are launching a new Technology Enablement domain to help C-levels with technology governance. This “business of technology” dimension is fundamental to success in the Digital movement.
[Leighton] Thank you for your time, Glenn. To find out more about our Technology Capability, please click here: