Data breaches the new normal. Here’s how local firms can protect themselves.

Jayco CIO Services' Jay A. Cohen said he knows the look all too well.

The owner of The Villages-based professional services firm often advises CEOs on beefing up security on the tech front and eliminating vulnerabilities that could allow a breach.

Then, he said, the eyes reveal all — they believe it won’t happen to them. But it’s a gamble not worth taking, given the current climate in which businesses of all kinds are experiencing security breaches, he said.

Last week, the "cl0p" ransomware gang claimed to have hacked several large companies, including Radisson Hotels Americas, Nucor, Allegiant Air and Bristol Myers Squibb. In these cases, it appears a third-party software used by all the companies fell prey to a hack that may have affected 17.5 million customers, clients and more.

But Cohen said while cybersecurity concerns frequently are the gateway to hiring senior tech leadership, CEOs shouldn’t respond to fear mongering by suddenly bringing on new staff. “These roles are proactive and strategic, and you want your hiring process to be proactive and strategic, too.”

Cohen, a 30-year industry veteran, honed his skills in information technology at Federal Staffing Resources, Information Management Resource Group, Nextel Communications, Coventry Health Care and Paragren Technologies Inc. He ultimately launched his own company in 2018 that offers fractional CIO services. Fractional services, which often are for chief marketing officer positions, fill a part-time need for companies that aren't large enough or don't have enough work for a full-time C-suite tech leader.

Orlando Inno met with Cohen to hear about the differences between a chief technology officer and chief information officer — most companies' top tech leadership roles — and ways a business can benefit from having these professionals on their teams. Here's what he shared:

For those who have trouble distinguishing between a CTO and a CIO, can you explain the differences?

It's really up to the organization to split those duties up, yet the real focus of a CIO is taking care of the entire IT department and making sure it's running well. The CTO establishes policies and procedures, but the real focus should be on new emerging technology and how that's going to be incorporated into the organization.

What can go wrong if the CEO is playing the CTO role?

There are a lot of CEOs who will read about a new technology and decide ‘That's awesome. We should implement that.’ Maybe you should and maybe you shouldn’t. A very knowledgeable person should have a seat at the table to explain possible outcomes when adding that element to the tech stack. Not all software plays nice together, and some software makes systems vulnerable to attacks. If the CEO is functioning as a de facto CTO, there might be a knowledge gap. That will get them in trouble because maybe they don't have the experience to know what that technology really does. Or maybe they didn't implement it just right. If you don't implement it just right, it may not work for you. Then you'll walk away saying ‘This doesn't work,’ but actually, the problem was you. 

What can happen if there’s no CIO in place at a company?

A CIO has a broad view and a detailed view — this person is responsible for leading the IT team effectively and the team needs knowledgeable leadership. It goes way beyond management skills. The Equifax hack that exposed 143 million people came down to one guy who didn’t feel like patching one server. If a leader is a great manager but doesn’t know the significance of patching a server or even what patching a server is, there will be trouble in the ranks. When I worked for Fannie Mae, we would get a patch and we’d have to test it to make sure it didn’t break. It could take six months to install a critical patch because of all the internal processes, and in the meantime, the servers were at risk. The foresight, timing and coordination that needs to happen in an IT department are complex, and cybersecurity is just one slice. The person leading that effort really needs to know what they are doing.

Beyond cybersecurity, how does a CIO function in a company?

Regulations certification is an important piece of it. A client I'm working with right now is a software provider. They have a device that goes on nurses and tracks them throughout the hospital. The software shows where the nurse is and who the nurse is attending to at any given time. Having that data is helpful for many reasons. The client just had a HIPAA [Health Insurance Portability and Accountability Act of 1996] audit and there were a lot of findings. They had holes in all of their documentation, holes in areas that do not pertain to what they are working on right now, which for the federal government is bad. They are not going to get another government contract if they don’t make changes. Leading those corrections, or better yet ensuring the problems don’t happen in the first place, is part of the CIO's job. That’s the tip of the iceberg. There is so much more. 

Jayco CIO Services

Job facts

Zippia data shows that when companies hire C-suite tech experts, experience is prized. Most of these leaders are 40 years or older. The tech sector is known for gender and race inequity, and the CTO and CIO workforce reflects those same trends.

Sign up here for The Beat, Orlando Inno’s free newsletter. And be sure to follow us on LinkedIn, Facebook and Twitter.