How to Win as a CIO and Financial Leader – with Bob Fecteau, CIO of SAIC

This episode is sponsored by the CIO Scoreboard

My guest for this episode is Bob Fecteau who is the CIO of SAIC. SAIC is a 15000 employee, $4.0 billion publicly-traded company.

He is one of the four top people who travel to Wall Street to report on the company performance along with the CEO, CFO and COO. He signs off on the SOX control documents for his publicly-traded company.

From my perspective of working with and interviewing hundreds of CIOs, he is a visionary, and is one of the best in the profession. He is a giver who wants to elevate the whole profession and share his wisdom.

I think every early, mid and late career CIO with gas in the tank will benefit from listening to Bob’s perspective as it rang true for me. Here are the quick wins for you. I warn you that you will want to take notes on this one because as I read through the show notes, I had a difficult time choosing which points to put in this list as there were so many. I encourage you to go to the show notes page at to see the show transcript and the links to vendors and programs we discussed.

Here are the highlights from the conversation:

  • Painting the visionary picture of what is the “art of the possible”.
  • His perspective of the role of the CIO and Finance.
  • His perspective of how he uses labor and time savings that has made a big difference for ROI and TCO calculations for technology investments.
  • What it means to be a “state of art” versus ‘State of Market” with technology investments.
  • We discuss his role with Compliance.
  • We discuss his belief of the role of the CIO and innovation.
  • The top 3 skills a CIO must have: Analytical, Financial, and Communication.
  • What it means to own the problem.
  • Important CIO Tools he uses that I thought were right on.
  • His approach to Total Cost Accounting or an ERPC for CIOs and the tools he is using and testing;
  • Portfolio Management Software called
  • What it means to have consistent artifacts as a CIO.

About Bob Fecteau

Bob Fecteau is the Chief Information Officer (CIO) for SAIC. In this role, Bob is responsible for guiding technology investments and delivering operational services in direct support of the business. As the CIO, Bob focuses on the efficiency and effectiveness of enterprise IT operations in support of both internal business needs and customer support processes.

Prior to joining SAIC, Bob served as the CIO of BAE Systems’ Intelligence and Security sector and as Chief Information Officer, United States Army Intelligence and Security Command (INSCOM). In 2001, he was selected for the Department of Defense’s Chief Information Officer Award for Outstanding Achievement in Information Management.

As an Army officer he served a variety of roles with the intelligence branch including, Army System Integration Management Officer (SIMO) for Army Intelligence; Intelligence Systems Architect for automated systems; Tactical Intelligence Officer; Human Intelligence Officer; and Company Commander. While assigned to Army headquarters as the Army SIMO, he received the National Intelligence Meritorious Citation for support to the Army’s and National Intelligence Community’s Y2K mission as well as serving as the Army’s Intelligence Year 2000 Program Manager.

Bob also serves the technical community as an executive board member of CIO Magazine’s CIO Executive Council and a judge for their annual One’s To Watch program. He also works as a mentor within the Pathways Program and teaches Enterprise Architecture and IT Leadership at Carnegie Mellon University’s Executive Education Program.

Bob’s technical and leadership acumen has also been recognized by industry peers. In 2009 he was selected as one of the top 100 IT Leaders by Computerworld Magazine and in 2004, he received Government Executive Magazine’s Grace Hopper Government Technology Leadership Award for his efforts in breaking down barriers between government and industry through the use of the Army Contractor Automated Verification System (ACAVS). The ACAVS system has continued to deliver outstanding savings for the U.S. Army and contract companies in support of intelligence missions.

Bob received a Bachelor of Science degree from Corpus Christi State University and completed Syracuse University’s masters of information studies in Washington, D.C. He also received a Chief Information Officer certificate from the National Defense University.

Read Full Transcript

Bill: Welcome you back again to the show.

Bob: Oh, it's great to actually be on the show. I found it to be a really proactive event the last time we did it.


[00:00:30] Well, good. Well, good. You're one of the first couple of guests from a couple of years ago, so it's good to have you return back on the show. It's one of the things we talked about prior or just a couple of weeks ago, kind of prepping for this, was the role of the CIO in the stability and discipline of the profession. You have some really strong opinions about the consistency of the discipline of being a CIO. Maybe we could start out there.



[00:01:30] Sure. I think one of the things that's really important for everyone to understand is the beginning of the day, the CIO function is literally only about 16 years old, coming now up on its 17th year. We've have three generations of education cycles that have come out of the universities that have actually produced true CIOs that are fully-skilled at information resource management at the enterprise level. Part of that is because the original charter started in 1998, and then as it progressed, you started with the concept, it gets chartered into law, in the federal government, anyway. Then the functions fill them with talented people. But in the beginning of the CIO cycle, you had cycles that were only 18 months long. Mostly because it takes about a year for you to figure out whether the guy running the whole program has the skill or doesn't have the skill. They're generally one-year decisions and you have to live with them, and then the next six months you figure out what it actually takes to replace the CIO.


[00:02:30] Part of the problem during that cycle is they weren't trained. Education programs came online around 2000, and while there were tech office people from the back office of the IT coming forward to lead, they hadn't received any education on how to manage the complexity of what technology investments really mean to a company. Consequently, they had a high turnover rate. Then education came on board, and as we have seen more and more people trained in full scope information resource management, we are starting to see the careers trail out to four to six years now. I've been in this position four years, and I had been in the previous position eight years. But that mostly has to do with the fact that I was trained as a CIO in the federal government. That's one aspect of the CIO function that I would talk to you about that really has made a difference in the value of the role within the company.


[00:03:30] The second part is defining what the CIO is responsible for. Technically, the CIO is one of the three key leads in the company. The chief executive officer, the chief operating officer, and the chief financial officer. The CIO is the fourth one, and literally, he actually signs on the execution documents for SOX control for publicly created companies. One of the reasons that's so important is because I'm in a compliance role as the CIO here. That's a very important feature of what the responsibility in the corporate world is about. I have to certify to the stockholder that we are in a secure environment, that our systems are online, and that they work properly. I'm also responsible for making sure those systems calculate the revenue properly for the business. So as you can see, it's a very complicated kind of role.

[00:04:00] The other piece that's really important to me is I have total responsibility for the IT spend. It doesn't mean we spend all the IT. It just means that one of the key features and functions of a CIO is to understand where all the costs for IT originate from and be able to categorize those, organize those, and then report back to the business in an authoritative way what the total technology investment is to make the business run. From that total knowledge picture, you can then categorize it into managed or unmanaged. You've heard the term shadow IT. That's generally IT that's outside of the purview or view of the CIO's direct control or authority, but it's still a responsibility that the CIO owns. So in that case, I kind of define the role as all-encompassing.



[00:05:30] I think the last piece that's really interesting is that we're responsible for understanding how technology can better support the business. That takes you from the response-types IT department into the proactive IT department, of delivering technology so the business can operate better, by using your talents, skills, and capabilities to improve the way the business operates. It includes business process analysis. It includes technology research and investment comps[inaudible 00:04:58]. It really talks about developing business cases that really the business can understand in the vernacular and communication style they are accustomed to, in terms of return on investment and total cost of ownership, in continued trail and [inaudible 00:05:11] expenses. So in that way, as we walk out towards the future, when you walk into a company, the CIO function is generally not consistently defined from one business or industry to another. Yet the skill is actually consistent and defined.

[00:06:00] One of the key things that I have a real gripe on lately is that we aren't consistent with the artifacts that are necessary to understand how the CIO runs in an office or in a company. The key thing for that is its consistency and consistent artifacts. When the CIO goes in to take over a new job in a company, he generally looks at the project schedule programs that are red, green, and yellow. And he looks at the pipeline to understand how many future contracts he's going to have to support, and if it's a production type company, what is the production rate? What's the optimum desire for the business? What's the [inaudible 00:06:11] orders and can they fulfill the orders in the time that they are contracted for?

[00:06:30] If you're the CFO, you can pretty much get the handle on most of the business in a couple of days. You look at the accounts financial management programs. The first one you worry about is what is the general ledger say the total value of the company. Then when you walk down that path, you say, okay. What's the accounts receivable? How many orders are outstanding, and then what is the pipeline of orders and structures in the future? From that point, within a day or two, you can probably get a pretty good assessment with the business of how strong it's going to be, where it could be, and where you can start to connect to it.

[00:07:00] In the IT space, we have no consistency. One of the things that I try to do is focus on consistency starting as an assess management or asset tracking kind of capability. We own probably the largest capital investment in the company is the IT department, and understanding where it is, how many you have, and what technology they're running on seems to be a really good foundational place to start doing this so that you can manage and help business tide its investments into the future with the technology deck.


[00:08:00] I think when you start talking about the history of the CIO, the role of the CIO, and the maturity of the CIO, we're starting to talk about that. One of the things that we as an industry have to do is we have to clearly define what is the artifact that should be in the company when a CIO arrives so that they can be most effective at getting to the future as opposed to trying to track down where everything is when they get on board. In those kind of lights, I see some disconnect between maybe how the CIO role has been done before, kind of do whatever you can to make everything work, to where it should be going in the future. Does that answer your question?



[00:09:00] Well, it does, and I would like to dive into a couple of the terms that you used because I think some of the folks that are listening ... Maybe we need to uncover what it means to have an artifact, because I often hear that the CIO will be involved in budgeting and planning, like they will prepare their budget for the year. That's completely different from what you and I are talking about as far as having ... The CFO in the business has a complete advantage in the fact that they have a general accounting, accepted accounting principles, gap accounting principles. They have an AICPA that governs, as long as people are ethical and honest putting data in, from the CFO all the way down to the bookkeepers entering data. There's a certain way of putting in data so that the business can understand the health of the organization from a financial point of view. But that doesn't exist on the IT side. Maybe we could start there.

Bob: Well, it exists, but I don't think it's standard.

Bill: Okay. When you say standard ...

Bob: There's no common practice.

Bill: What would be common?



[00:10:00] The concept of doing asset management is critical, so that you can understand where it is and where you're going to go to. It's a fundamental of IT architecture. How to describe and how to list the assets are rated against cost which I think is the standard that everybody should start with. Isn't it part of the discipline that we're taught? We're taught a whole bunch of things like program management, project management. We're taught about maybe finances and how the finance connects to a budget, but connecting IT directly to the effectiveness and efficiency of the business and where its impact and how those cost, that's all part of the total information resource management concept.


[00:10:30] What do you mean by that? Can we give an example. What would be a practical way ... So we're starting at the beginning of the your, and if someone wanted to start over with a different ... I mean, I hear this constantly. I wish I were better financially so I could go toe to toe with the CFO. This is a common weakness that, honestly, is a ... I think people try to hide behind or they don't hide behind and it becomes a weakness. Where would one get started?


[00:11:00] Well, one starts well before the budget of the business. Let me give you an example. The budget for the business is declared in the planning process. Since IT is generally the largest expense and most expensive component of the business after human capital, it's incumbent on the IT department to put together a really predictive cost about what next year's going to cost to run. That includes managing the licenses. It includes understanding how many assets you're going to buy. It really does matter about how you manage depreciation, schedules, and everything else for double declining depreciation concepts under the gap accounting rules.


[00:12:00] You also have to understand the complexity between expense and capital investment. Capital gets depreciated. A very interesting thing. I'm limited to how much capital I can spend by how much depreciation I'm able to carry on a fixed budget for five years after the investment. So understanding how those business cases tie together so you can achieve a return on investment when you buy a technology is incumbent on the skills of the CIO. Understanding the asset, understanding its value. When does it come out of value, and when does it have to be reinvested, then you tie into that the complexity of vendor support. Vendors will rotate technology into your inventory that you may own. At some point in time, maybe before the depreciation is completed, they'll start to say we're going to unsupport that stuff. If they're critical business system, you can't let that happen as a CIO.



[00:13:30] Those are the foundations for how the big investment budgets start, and then second part is the operations and maintenance. How many patches have to be put on? What is the number amount of labor that takes? Can you build the work breakdown structure for all your labor force so that you can accurately predict what it's going to cost to run you the next year? Once you figure that out and you can give a fixed cost of run with good estimates to the business, the business can now take that and defray those costs as a foundational operational piece so that they can predict what kind of impact their contracts and contract wins will have on the total budget. If I can give you a cost that says, look, you can plan on it costing $6,000 per person per year for total IT support, hold me accountable for that, then you can start planning how much business you have to run to pay that bill and answer your profit bills, your growth objectives, and the margins in the business for labor management. That's why it's essential that a CIO. It can't be just an IT guy. He's got to understand all the components of the business.

Bill: That makes sense. That's what you're referring to when you say artifacts. Is that correct? With the consistent artifacts, you're saying that they must understand all the pieces, but that's not consistent from company to company. Is that what you're saying is a weakness within the profession? Is that a CIO could leave-

Bob: That's correct.


[00:14:00] Okay. You can go to another company like Boeing or Lockheed or you can go to ... Probably not them, but you can go to a mid-market company, and the way they manage the expectations there of IT, that CIO is going to come completely with it to a different landscape of what's expected. Is that correct?



[00:15:00] That's correct. It's not the expectation. It's probably the skill of the CIO, number one. Number two, if they don't have a methodology, a consistent methodology to operate, start-up time is extended. It could be 120 days before they get their feet on the ground. One of the key functions the CIO is responsible for is the painting of a visionary picture of what's the art of the possible within sight of an O&M run rate. Then if you want to make alterations to that art, what would an investment do to it? Is the investment going to jump you up the stack and get you something more? If so, how do you calibrate and quantify what that more is so that you can talk to the business back in terms it's understanding. Returns on investment. Total cost of ownership. How was the ROI calculated? What are the net values of a tangible or intangible cost? Does it decrease labor if we implement the solution? Does it make the labor more flexible or does the process increase in speed?

[00:15:30] There's a whole bunch of ways to measure it. I tend to measure things by time and labor. If I decide to do an investment in the technology that takes out 10 people out of the foundation support infrastructure of the company, and it also increases the speed with which people can do their job, then the ROI calculations are calculable against known standards. Take the average labor, for instance. The average labor cost per person, average salary, you divide that out into minutes, and if you knock 10 minutes per person off per year, well, over 15,000 people, that's a lot of money. And the ROI closes very quickly.

Bill: So you're saying 2,000 potential working hours per year per person, and then you're just dividing that into the minutes per person, correct?

Bob: Correct.

Then divided into the savings that you're expecting to achieve. Is that how you're coming up with that math?

Bob: That's how we do it.

Bill: Okay.


[00:16:30] Then, heres the thing. Your first work is done by the minute rate, but it's like a 200% increase to do rework, when you find a mistake, go fix the mistake, and then have the person redo it. So there's a training component and a clarity purpose component that comes into the fielding of technology. If you can reduce the error rates at the initial site, the repair is much less expensive. Simple solutions that do very effective work with minimal error are key elements to your business case.

Bill: So not like a ... I'm going to take this another step. So quickly moving through a project versus more of a long tail waterfall-style project. Is that the way I'm interpreting that?

[00:17:00] No. Not at all. I mean, you can deliver very quick incremental actual solutions that are all tied to a future vision as long as what you're delivering builds on each other and it's concise and it's clear what people have to do. For instance, email is easy to do. You can do an upgrade to email, but there's no ... Generally, that's an O&M function without ROI. But if you were going to add on a tool on the email, you'd want to quantify what that tool does and what's the value you expect to get it. And then it can be measured against people's performance. That's a better way to look at it.

Okay. That makes sense. You've often said that, to me at least, that the CIO, what the business thinks is important versus what the CIO thinks is important are two different things. You have a pretty clear opinion about that. Maybe you could share that with us.



[00:18:30] Yes. That's really important. One of the prime responsibilities the CIO has to the business is the business builds a strategy, and that is about running the business, growing in the perspective, expanding it's market space, etc. But the CIO's responsibility is to take that vision and view and translate it to an IT strategy and vision that we can quantifiably and demonstratively connect our IT support towards the accomplishment of the future that the business has decided it wants to go. For instance, let's just say that the business decides it wants to be a data center provider. The CIO then has to plan what's it cost to run a data center and how many technologists are optimal in running data centers? Where are the subject matter experts in this area? My contribution to the business is to paint the vision on how to effectively invest in scalable solutions and expand those things over time to achieve the results the business has asked for. That is directly a CIO function.

The business is coming to you? Let me just clarify, make sure I understand. The business is coming to you, Bob, and saying this is where we want to go and then you're painting the vision of how to enable that?

Bob: I think it's a little bit different.

Bill: Okay.


[00:19:30] I think it's got to go this direction. Actually, as one of the leaders of the business, I work with the business to create and understand the strategy of the future. Then naturally, my [inaudible 00:19:23] says this is what my contribution is going to be in changing, adjusting, and developing the IT staff to accomplish the vision that the business wants to achieve. Through these investments. Through this change. Through these business systems that you've requested to allow you to morph and change your business. That's the CIO's role is to translate the corporate strategy into a tactical strategy that delivers the right solution.

Bill: Yes. That makes sense. Then where does the art of the possible come into play? When you were using that word earlier, which I love.


There's a couple of things. The art of the possible. That's generally how can you do the job with the people that you have with minimal training? That's the art of the possible. You've frequently heard cutting-edge technology, bleeding-edge technology. Most of the technology, state-of-the-art concepts, those are not affordable in mid-margin businesses. They're very applicable in research and development. However, they are not very applicable in maintaining, operating, and running an IT shop or IT support to a business. We have to be state-of-the-market. State-of-the-art is so expensive, it pushes everything outside of a good business case to get the very best, the very newest and the very latest technology. It's much better to be in state-of-the-market, centered on what the rest of the people in your space are using and technology that's mature to the point where it's stable enough that it doesn't take fixing every day. The CIO is responsible for knowing that.

Bill: Yeah, I love that.

That's the difference between state-of-the-art, state-of-the-possible, and then state-of-the-market.


[00:21:30] Yes. I love that. That's a great, great way of saying it. I've never heard that said like that in the same way. So your role ... And sometimes I like to break it into offense versus defense, but the funny thing is is that if you can't take care of defense very well, with understanding and helping on the finance side ... It almost seems like a deeper financial sense that you've broken down earlier for us will actually help potentially create more offensive opportunities for you to be able to enable the business.


[00:22:00] Well, one of the key things that CIOs have a challenge with is how transparent can they be with their IT spend. Transparency requires dedication and focus, I'll tell you that for sure. One of the things that I do is I charge ... I actually categorize all the costs in IT from bottom to top on a spreadsheet, cost per person per year, cost per person per period, and percentage of revenue to the business. Objectively, you want to stay with inside of your market venture or below to be an optimal IT organization. Otherwise, you can't measure yourself for performance, and then it's just IT going in the bucket. You know, the cost of IT is a very expensive item.


[00:23:00] Here's the thing. The key thing the CIO has to do is do the IT for the business, ensuring that IT's not doing IT for IT's sake. In order to do that, you start with a business financial concept. You work from an asset out to a capability, and then you do the accounting from the cost per service that you're delivering. When you do it that way, and this is the consistency I think, every CIO [inaudible 00:22:50] needs to start on is to get those artifacts very consistently delivered so that you can have something sharable between one place to another. Right now, that's not the case. You go in the CIO office, it's different every place you go.


[00:23:30] Yeah, it's very different, and I think you're absolutely right. This has to be something that's consistent. It's very difficult, then, to move from company to company and to be able to help an organization out without that consistency. You're saying we can start right at the individual level, not worry about the company but worry about the individual CIO learning these skills. Where would they start, do you think? Because a lot of the CIOs-


[00:24:00] There are plenty of good educational programs out there. I was actually educated at the federal system, at National Defense University. Carnegie Mellon's got them, Syracuse has got them, but they all have different syllabuses. There's got to be some consistency in the syllabus structure and educational offerings. When you go to one university to another, an MBA program is very consistent. When you go to one university today for a CIO program, it might be centered on software development and application development, whereas another university might be on asset management, project management, and program management. That inconsistency is creating this turbulence in our new profession called the CIO.

[00:24:30] So someone who has made a career that has been ... I mean, there's just a ton of people, Bob, that have been involved from the early mid-90s that are really not that old, and they need to mature their skills, and they need to do it real-time.

Bob: Absolutely.

Bill: Then you do it real-time. I know there's a lot of on-demand courses out there, but is there ... If someone came to you and wanted to build their skills to the next level, would you say go to Syracuse and take their online program or go to Carnegie Mellon?

No. The first thing I would do is I would tell them to start determining whether they want to be a CIO or not.

Bill: Well, assuming yes that they wanted that or they were already in the role.



[00:26:00] Here's the point, and I want to be able to be clear on this. I could tell you that I work with the business, and almost every day they say, "There's no way I would want to do your job." You start to think to yourself, well then who's going to do my job when I get too old to do it? The problem is this is a very hard job. I wrote an article for CIO Magazine once. My staff internally would say they don't want to be ... Take a single look at my day, and they don't want to be the CIO, and the reason is it's a hard job. It's complex. It's got depth. It's got every part of the business, and the reality is that you can't be super successful at doing it unless you can manage true diversity, true challenges of a business.

[00:26:30] There's a couple of things that I think that CIOs must have. They've got to have analytical skill. They have to have financial acumen, and they've got to become communication experts. If they can't do those three skills, then they are going to be handicapped. The other piece is that you've got to have a very, pretty varied, rotational assignment plan of being in the business and out of the business and having some access to IT capital planning and IT value management programs.

[00:27:00] I guess to really tell you, that you get a full circle CIO, you have to spend some time in the technology services delivering services to the business. Then from there, you've got to go to business to see how well the IT does support you. Then you can take that business experience and bring it back to the IT shop as an IT leader, CIO-like leader, and actually help shape the future of where the business can go with the best technology that has been best delivered. I think that's what I would suggest. It takes rounding. I think it's up to me to build a pipeline that's going to provide those rounding opportunities within the organization.

[00:27:30] If someone's been a CIO for a while and needs rounding, and they need financial rounding or analytics rounding, is there a place to go for that?

Bob: Are we talking about someone who is a CIO today?

Bill: Who is currently a CIO. Whether or not they have the title, some organizations it's VP of IT or Director of IT, depending if you're an association or not. I mean, there's so many different ways to ... I'm using the metaphor CIO because not all organizations actually fully title someone as a CIO.

[00:28:00] Right. Well, I think the first thing is is that you have to take some kind of training in information resource management. Information resource management, at the top level. You've got to understand what it takes to build the portfolio of capability and tie it to the financials that run the business. If you are a CIO today and you don't have the time or the inclination to go to train, then I would suggest you do this right away. Go find somebody you like in finance and talk to them about how can you be more effective at using the financial system to help you run your business. They'll be glad to help you.


[00:29:00] When you get to a company, it's generally a small place. You can find enough people to help you and get you savvy and then ask them what their ideas are to help make your system better to work with the leadership. I was talking with the line leadership, and say, "Okay, guys. I'm giving you this. Is this helpful?" If it's not helpful, find something that is. But, I still say it starts with this asset management. You talked about financial accountability and it talks about managing the investment portfolio, and managing all the IT systems is part of a total ecosystem that you can account for. If you can't do those things, I don't think you are really doing CIO work. If you're making applications that you can't tie to a business, then I think you're just an apps developer.


[00:29:30] Sure. That makes sense, and I've actually heard that a couple of times that some of the CIOs have literally gone over to finance and sat down next to them and partnered with them to close up some of their gaps, and that's worked well. Do you have a particular system that you use for managing portfolios, or is it just Excel spreadsheet ultimately at the end of the day?

Bob: Well, no. The new tool that's coming is out of a company called Apptio. The first part is there's a couple of tools. One of them is Troux Metis and that was the first architectural aggregator of all the systems, where you could build a map of the systems you own, and then you can actually start to tie it to a roadmap.

Bill: What's the name of that?

The latest ... Huh?

Bill: What was the name of that?

Bob: Troux Metis. It's called Troux. T-R-O-U-X. The latest one that's come out, it's called Apptio. It is called a technology business management component, and it's probably closer to an ERP for CIOs than the Metis enterprise architecture framework was.

Bill: Okay.

That's the latest that's coming out. It has total cost accounting as its foundation. I advocate that total cost accounting is the primary CIO's responsibility. It maps up to what we're doing. Then we are currently in pilot right now to see what value we can get out of the platform.

Bill: Oh, that's great. That's a great tip for people, the Apptio tool set.

If you can run Apptio, you're running a CIO office. If you can run the whole module structure, figure out the cost to run, identifier ones. One of the reasons, Bill, that it is so important that we deliver this cost to run thing, is you've got to know what it costs to deliver a financial ERP, because eventually someone is going to come to you and say, "I think you ought to take that to the cloud and buy it as a service." Well, if you don't know what it costs to run, how are you going to figure out when going to a cloud is a better idea?

Bill: Yeah, you've got to have something to compare it against.

The cloud server ... The software as a service keeps on giving, man. The bill is very high, and it's not going down. It's going to go up, and how do you manage that? How do you do a cost comparator based on the features available in a [FAS 00:31:41]. Your software is a service compared to an infrastructure element ...

Bill: Yeah, there would be no way-

Bob: ... that you keep on premise. It's tough.

[00:32:00] Yeah, that is tough. So that total cost accounting piece. At least current state, you need that balance sheet, so that would be important. Now, you've also mentioned the compliance role that you have as well. Are you talking about compliance from a regulatory compliance, from that angle and a security compliance? Or is that something that SAIC has started to break out, and now it's something separate from you?


[00:32:30] No, I'm talking about the total compliance regulatory requirement. I'm responsible for ensuring the efficacy, the security, and the accounts access management for the key financial systems inside the company. It's me, the CFO, and the CEO sign the document that goes to Wall Street.

Bill: Okay.

Bob: I'm certifying the systems operate the way they are supposed to, they haven't been tampered with, and that the security controls put in place are viable and effective.

[00:33:00] Do you see that role changing at all in the future with companies with the advent of the CISO role? Do you see that role shifting for you in the future?


[00:33:30] No. The CISO's role is to safeguard the contents and the data of the business. The CISO role is an actual oversight role, and generally, in my case, the CISO reports to me, so I'm the responsible person. Some places, I guess the CISO could be responsible for it, but he's not the top technologist in the business, usually, so that's where I find that fabric a little bit unconnected.

Bill: Yeah. No. I think it's good to hear the way you view it, because I do see confusion right now with not only the piece that we are talking about, being a CIO, but then a completely brand new set of leadership emerging, but nobody's really sure where they are ultimately going to report. Up to the CIO or up to the CFO or to some other structure.



Well, the CISO function is kind of limited, whereas the CIO function is all-encompassing. When I say that, if you got a CISO who is accounting for all the costs and the security and all of the features, then he's running as a CIO. He's not really doing the CISO role solely. The other piece is in the CIO role, provide a space for the CISO to operate and the CISO does the security compliance checks over the systems. He actually makes sure they operate within accordance with the direction from the CIO and the company. Then they report back to the CIO, back to the CEO, about how things work. It has provided an independent view. Some places it's put in the legal department. Because they don't have financial responsibility for the management of the investment, it's an incomplete role. The CIO's job is to do managing investment.

Bill: What is your belief on the word innovation and the role of the CIO with innovation? Is this something that you've formally thought about? Do you have a team that's really responsible for disrupting SAIC itself in the sense of constantly challenging assumptions? What is your thought on innovation, that word, and its role within your organization?



Within the SAIC, and it is my job to be innovative when the business demands it. It's not my job to be innovative on a daily basis without demand. That's very important. I want to stress this. If I keep doing stuff for the sake of doing it because it's sexy IT or it's new innovative IT or it's new game-changing IT, and the business doesn't need it or hasn't requested it, then I'm doing IT for the sake of doing IT. That's not my job. My job is to align IT investment, innovative or otherwise. If the business says I want to do some innovation technology, it's up to me to build a business case of how to deliver that and how to deliver it in a fiscally responsible way. Most of the time innovation concepts are built and developed in IRADs, in Investment, Research, and Development. It's the CIO's job to take a valid proofed concept to determine scalability within a business case. It could be the greatest thing since sliced bread, like an auto-driving car. But if it's not your core business, and that auto-driving car is not going to make you money and I can't make every car in the United States do it, and that's what our mission is, then I shouldn't do the investment.


[00:37:30] I'm kind of like the gatekeeper for that kind of stuff. Innovation to me is not about what the CIO does every day. I mean, I can do innovation. I can be innovative in the practice. I can be innovative in leading technology. But innovation is when it gets mass adoption, and I am advocating innovation in training CIOs better in the future. But notice, that's not about being innovative on my platform. My job is to optimize the platforms, continue to run the operations and maintenance to them, and when something game-changing comes out, nominate the candidacy to the business with the concept of determining its scalability and usefulness by everybody. Then I can install the new capability once the business itself decides they want that investment. If you do it without that business link, then you're just doing IT for IT's sake.


[00:38:00] So you really think there has to be that strong business case when bringing on these ideas. You're not necessarily testing on the edge of the company looking for ... You don't have a group that's actively budgeted for that you funding for innovation. It's just sort of ... Those ideas just come into your group and bubble up to you, and that's how you're managing it from that angle.

Bob: Well, we keep track of all the technologies and select the ones that we think will best support the business.

Bill: Okay.


[00:38:30] I think one of the things in your questioning, Bill. It's kind of unusual. I'm not the IT guy. I'm the leader of technology investments for the business. I'm a business leader first and technologist second. My job is to keep the business out of trouble in their spend of technology.

Bill: Your job is to keep the business out of trouble in the spending of the technology. That makes sense.


[00:39:00] Spending dollars on technology. That's correct. It's not to make ... I do make decisions based on where I think we should go with technology, but my primary job is I'm one of the business leaders in the C-suite that makes decisions on how to execute this business. Not just run IT. I'm not the IT guy. I'm the business leader responsible for controlling, operating, and running the technology investment, the second largest investment in the company after human capital. Key role.


[00:39:30] One of the things you talked about was owning problems last time we talked, and I thought that was a pretty profound statement that you made, Bob, on owning problems from beginning to end. Would you be able to clarify for listeners what that means and then kind of the role or how it's made a difference for you in your career with this concept and this belief that you have?


[00:40:30] Absolutely. Here's a good example. Let's say a software company that you've been using all along all of a sudden jacks its price 25%. That's a problem, because your budget is built on what it was last year plus an increment. If they exceed the increment, then you have to do a [inaudible 00:40:06] on whether or not it's the right solution for the business to operate. That's a problem. For me to finish it, I could just go to the business and say, "Well, you know, we're not going to deliver this service next year because they upped the price by 25%." I don't have that luxury. I have to come up with a viable alternative, or I've got to negotiate the fix on the problem that the company wants us to do in terms of decreasing that 25% into something that's either planned or usable.

[00:41:00] Really, it's up to me to use my expertise to determine whether the value that they've added to the platform warrants the 25% or not, increase in cost. That's called owning the problem to the end. Some CIOs will go, "Oh, I have to turn this over to the board and let the board make the decision." Not in my world. That's abdicating my responsibility. That's what I'm talking about owning the problem to the end. Fixing it, budgeting for it, designing it, implementing it, making sure people are trained to use it, and then delivering a solution that everybody can use and then putting it on role and effecting the way 16,000 people operate. Owning the problem to the end.


[00:42:00] The other part is identifying problems. Sometimes it may not even be the IT department's problem, but it could be enabled by technology and improved. It's up to me. That is probably closer to the innovation side you're looking for in how a CIO interacts with this business. The reality is my job is to diagnose and understand problem sets, and then from those problem sets, if there's a technology solution, if there is a good one, that will make a difference in the performance, then we should nominate it responsibly, budget and plan for it, and then test case it out to see if it's going to make a difference before making the business buy the whole thing.


[00:42:30] I love that. I love that answer. I think that's very informative for people listening. As we wrap up, Bob, is there a way that you can suggest for the people listening that are CIOs, and they recognize that it is a hard job, and you've given very specific ideas in how to shore up weak spots that everybody listening may have in some way, shape, or form. How do you stay at your best day by day, year over year to continue to refine your skills? You clearly are at the apex of your career. How do you stay sharp and always fresh with these concepts?



[00:44:00] First of all, I read tremendous amounts. I probably read 15 to 30 hours a week extra after doing the regular job. That's a lot. You've got to keep abreast. I'm always browsing the news sites. The other part is partner with other CIOs. Let's build a community that we all share lessons learned and good ideas, and then let's keep those good ideas going. Then the last part is contribute of yourself. I like to contribute to these concepts and forms because I think I'm responsible for defining the CIO program I'm going to leave behind in the future. I want people to have an azimuth to go directly to where they want to get to be the best. I don't know if I'm the best, never claimed to be. But boy, I will tell you. Running around and chasing smoke and new ideas every day without a definitive guideline to go there, it makes my job hard. So by standing on two feet, establishing clear priorities, focusing on delivering consistent artifacts of the business, and understanding how to account for all of these things to me is the foundation core of what the CIO and the true information source management concept needs to know.

[00:44:30] Now, I was educated at Syracuse with a Federal CIO background. Carnegie Mellon has a program. I think Stanford has one as well, and so does Duke. They're all good. They're leading you to figure out what that azimuth is and what is the core component. I think we as CIOs should nominate core components. We should be able to evaluate each of the different places you would go to get them and then provide clear guidance to the people that want to be a CIO, which ones are the best. That's only going to happen if we choose to lead. If you want to follow, you can do that, but at the end of the day, we are responsible for what the next generation knows and doesn't know. To me, that's a serious responsibility.

Well, the three things that you mentioned were reading, and you read 15 to 30 hours as far as helping you be the best leader you can be, and 15 to 30 hours of week. Lessons, you go and share your ideas with other CIOs, and I'm assuming different groups. And you contribute yourself through writing and through podcasts and other areas. As far as books, are they mostly books that you're reading or mostly websites, news, or is it just a variety of different ...


[00:46:00] Well, there are books. There are technical publications. There are concepts, lab papers are always coming out. There is one more piece. Become a mentor. I mean, you have to share these ideas, and one of the best ways to do that's through a mentor/protege type program. I have one here. I take 12 people every six months from the business. I also mentor within CIO executive council on, pathways program. I've been at four of those sessions. Then I also work at shaping the future path, the CIO path of the future with and other CIOs by shaping and designing what we're supposed to be doing. We put that into a bona fide roadmap that a lot of CIOs have been following. It's how you grow and develop.

[00:46:30] The best part about doing the mentor program outside of your company is you get a view into what others are doing. That allows you to improve your internal game. I do both internal and external in the path I taught at Enterprise Architecture and Security Architecture at Carnegie Mellon University. I love doing that. I would like to do more of it, but the business demands are really harsh, so you can't get it all and do it all the time. But that's how you make a difference, I think, in the future. We have to chart it and do it. Otherwise, people are going to do it for us and we're not going to like it, especially if it's the business or the financial guys making the decisions for us.

[00:47:00] I think this is great, and I'm really looking forward to publishing this conversation, because the wisdom you've shared and some of the really good tips for people are tangible and really executable for people to really raise their leadership to the next level, because you just didn't do it by standing around. It was a really, really active and proactive approach, and I just love that message.

Bob: Well, Bill, I appreciate the time to talk to you. As always. Have a great holiday, and I hope this helps some people.

Bill: Absolutely, Bob.

Bob: Please share some feedback if you can.

I will. I'm going to ask people to leave their comments on iTunes and also you're on Linkedin. Are you on Twitter, by any chance, Bob?

Bob: I am on Twitter. Rsect@twitter.

Bill: Okay, I'll ask people to leave some feedback on Twitter as well and on the show notes page so that you can kind of see real-time what people's thoughts are regarding the show today.

Bob: That would rock. Thanks a lot.

Bill: Thank you, sir. Have a great day. Bye bye, Bob.

Bob: All right. Bye.

How to get in touch with Bob Fecteau:

Key Resources:

Where to Develop Additional Learning:

  • Syracuse University –  Information Management at the iSchool
  • Duke University – Office of Information Technology
  • Stanford University –  Information Science and Technology
  •  Carnegie Mellon – Institute for Software Research, Executive & Professional Education Programs
  • Penn State – Information Sciences and Technology Programs which have an integrated Enterprise Architecture component that was built by CIOs and business leaders in response to a need to teach students how to align IT to the business.  Undergraduate, Graduate and Executive Certification Programs
  • National Defense University – Information Resource College’s, Chief Information Officer Program
  • Harvard Sponsored Program in their Center For Management Research: Programs on Leadership for Senior Executives as well as the Kennedy School of Government
  • CIO Executive Council – CIO Pathways – provides a broad range of CIO Level leadership programs

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.