Landmark Leadership Conferences for IT Executives
What is a CTO?
by Fred F. Farkel, Wednesday, January 16th, 2013


Guest article by Jamie Yancy, United Western BANCORP

My Role as a CTO requires many talents and I believe the strongest of them is patience; your personality must be one that allows you to utilize this tool in conjunction with lots of others. Speaking the kings English is not enough to make you and your team successful you must also be a linguist with the ability to understand as well as be understood. Rather than just giving you a bullet list how about I tell you a story and you see how many skills you can identify?

I am the CTO for United Western BANCORP, a holding company of a 3billion dollar unitary thrift, a Trust company, a SBA lending group a small broker Dealer and several other financial companies or entities. The IT department headed by the CTO reports directly to the COO of the holding company but in addition the CTO position reports to the Board of Directors for the Bank and the Holding Company Board of Directors. In addition, each of the subsidiaries of the holding company is regulated by a government regulator. The Office of Thrift services, Texas Department of Banking, The Securities and exchange commission to name a few. We also had a compliance officer, internal audit group and accounting auditor. All of which have direct ties to IT. The IT group was 12 employees in Denver and 4 in Waco Texas at our Trust Company. Did I mention that we also had a records management group in Phoenix AZ? During my tenure at United Western this small exceptional IT group built seven branches for the Bank, maintained two and a ¼ datacenters and a Business continuity site. In March of 2006 the following report was given to the Board of Directors on the state of IT along with a very Aggressive 24 month plan to correct those issues:

Our review of the current state of IT is as follows, the overall IT Operation is much Unorganized the Infrastructure is out of date and poorly designed. We can find no evidence of IT policy or procedure and it has a very poor grade from the regulatory community. The experience level of the staff is entry level coupled with extremely poor morale. IT has a poor relationship with the business units a lack of oversight and management a very poor relationship with the OTS the Banks primary regulator due to mismanaged projects and the absence documentation. A new core back office is being purchased with little to no involvement or resources from IT. 

As the new CTO of this organization it was clear to me what had to be done and I presented the board of directors with a high level yet very specific 24month plan it included the following:

Bring in new talent, upgrade the infrastructure with critical systems having the priority, and implement a project management plan and a change control procedure to align the IT department with the goals of the company. Develop a partnership with the business units for successful implementation of new products. Create an environment of professionalism; promote team and individual responsibility while creating an enjoyable work environment for the organization.

This had to be accomplished within 24months but the overall transition had to be within 60 days. The approach We adapted was one of focus, every decision was developed around the following principals.

  • Availability – The ongoing availability of systems addresses the process, policies and controls used to ensure authorized users have prompt access to information. This objective protects against intentional or accidental attempts to deny legitimate users access to information and/or systems
  • Integrity of data Systems – Systems and data integrity relate to the processes, policies and controls used to ensure information has not been altered in an unauthorized manner and that systems are free from unauthorized manipulation that will compromise accuracy, completeness, and reliability
  • Confidentiality of data/systems – Confidentiality covers the processes, policies, and controls employed to protect information of customers and the institution against unauthorized access or use.
  • Accountability – Clear accountability involves the process, policies and controls necessary to trace actions to their source. Accountability directly supports non-repudiation, deterrence, intrusion prevention, intrusion detection, recovery, and legal admissibility of records.
  • Assurance – Assurance addresses the processes, policies and control used to develop confidence that technical and operational security measures work as intended. Assurance levels are part of the system design and include availability, integrity confidentiality and accountability.

In order to execute this type of plan in this type of environment takes some creative involvement and constant communication of goals issues and concerns to the staff. I met with each person individually and in addition had weekly staff meetings that were focused on the projects of most importance. I asked only one thing from those employees that expressed interest in wanting to stay on board “Give me an opportunity to prove to you that this process works”. Not everyone wanted to buy into this new vision and so I used my first lifeline, phone a friend. I convinced a couple of highly respected people that I had worked with in the past to join me on this adventure and they did so with as much reluctance as I did. To make a long story with these additions to the staff members that also trusted me and stayed on for the adventure we built a team. And we accomplished our 24 month plan in 14 and we had a lot of fun on the way.  Our next report to the board of Directors was filled with accomplishments and future scape, we not only carved 10 months off the original plan but we did it all within budget. In fact, we had a list of 46 overall accomplishments completed within the first 24 months including successful implementation of the new core processor for the bank.

We refreshed our infrastructure at a rate of 1/3 per year from the desktop out to the server farm. And we documented everything in fact we had a procedure on how to write procedures. IT was also responsible for IT Risk management and governance and Business continuity and disaster recovery. Because of this we developed the baseline documents and created committees with members from all the key business units and for each of these committees we assured that our policies and procedures were tested in real time drills. To accomplish this we developed an IT committee as well as a change control procedure that included any moves adds or changes to any portion of the infrastructure. All change controls were documented and needed the approval of the CTO prior to being started. This was truly a dynamic organization and the team was filled with true professionals. We had a posting once for a Telephone Technician and we received and reviewed 342 resumes and after four weeks my HR was concerned that we didn’t know what we were looking for. “342 candidates and no one fit your bill?” I gently explained to her that we were not just looking for skills but personality was even more important than skill. We are looking for a person that fits into the team environment we have created. Two days later we found that person.

The CTO is also responsible for the security of network, which included physical, logical and personnel security. We have a responsibility to each other to make sure that every member of the team is safe as well and the security of the information that our systems processed. We handled customer information on our systems and our customers trusted us to keep their information secure. So in every interview I asked the candidate to give me their wallet. And without looking in the wallet I placed it in my pocket and continued the interview. At the end of the interview I returned the wallet and explained our responsibility. As technology employees we are trusted with information that is personal and important to each individual our job and responsibility is to return it to them in the same state it was received. We don’t need to view it, understand it, change or modify it. We keep it secure and treat it as if it were our own.  As CTO we become the reflection of our team and that reflection must be one of integrity!

As CTO we work with a number of companies that want to sell us goods and services and it is important that we establish a relationship that goes far beyond that of sales person and buyer. We must always assure that we are providing the best service and support for any product we introduce into our environment and this includes the stability of the company we are purchasing from not just the marketing of the product. Because of this we developed a Vendor Management procedure that established the ground rules for engagements. This procedure was thoughtful of the sales process but also look deeper into the organization. We included testing and review in the process to assure that service level agreements were being met and that we had the ability to get upgrades and maintenance as well as special promotion pricing when available. By implementing these procedures we are able to control cost and budget for events prior to them creating outages or unforeseen expenses. In addition we made sure that we included training for our staff in the cost of equipment so we could eliminate the concern of learning curves. The CTO is responsible for end user training and making sure we understand requirements and the business direction so we can best fit the technology to the need. I learned this from my time at Argonne National Laboratory. They named this process management by walking around, it’s a simple process you must first understand that everyone is your customer, and the best way to understand your customer is to visit them on a regular basis to assure your solution are the correct ones for the task at hand and to discuss things that can be enhanced to make the customer more successful. This procedure is not just for the CTO but it’s the attitude of the entire team. It also changes the perspective of IT from those guys that speak their own language and live in the dark only to be seen when there is a problem. Now IT becomes a partner in the business and is actively involved in the day to day operation as a solutions provider. Not only did the executive staff see and talk to the CTO they knew every member of the IT team and knew that when they asked a question or had a concern it would be addressed. From the cleaning crew to the president to the board of directors it’s our responsibility to listen until we understand and address until it’s no longer discussed.

So we built a team, we trained them, we empowered them, we exposed them to all levels of the company, now how do we keep them together? This was my favorite part of the job, as CTO we become involved we take a personal interest in each individual and their individual needs. We all work to develop a lifestyle for ourselves and our family and each of us have our own idea of what that is and this should never be taken for granted. Once you develop a level of Trust you work to keep it. As CTO it is vitally important that develop a personal bond that allows us to discuss anything. As professionals and members of a team we have to be able to discuss the difficult. We must be able to share the good news and the bad news and our opinion without the fear of judgment or belittlement. You have to know that I respect your opinion and I have to know that you Respect mine. So many wonderful things come out of sharing views and opinions and there are so many ways we can display our respect. Our team had Pot Lucks where each member had an opportunity to develop the theme and we did everything from Bacon to popcorn. We had lunch together and we tried all different types of food styles and themes. We played together sports, opera, concerts, card games, jokes in other words we got to know each other. We laughed together and we cried together. Success is not measured by how well you do in the good times it how well you handle the bad times. During an audit we detected some strange activity on our network and as we are attempting to meet deadlines for the regulators our resources were very thin remember this is a group of 12 handling what our peer group was handling with 30-46 employees. I left the meeting with the regulators to assist in the investigation of security issue and upon returning to my office I found that everyone from helpdesk to engineer was working on the issue, it was discovered that one of the auditors had an infected laptop. High Fives to the entire team and lots of embarrassment for the auditors.

We moved our infrastructure over a weekend, sixty plus servers twenty plus circuits and routers and switches etc. 48 hours to make sure all our business opened on Monday without a hitch. Not one member of the team slept during this move. Those that were not directly involved got involved and made sure the others had food and drink and support for the long days and nights. You see when it’s a critical time and you think your back is against the wall it’s refreshing to feel the hand of a team member on your shoulder asking what can I do to help !. On an individual level we were all from different backgrounds and on the surface had nothing in common outside of the work environment, but that all changed and we became stakeholders in something larger than our own wants and needs.  Our motto was critical systems available at critical times. It was very obvious that we were the critical systems and we became redundant and resilient, that is true professionalism. We took what was a poorly designed infrastructure and took it forward to baseline and by using good vendor management practices our vendor assisted us with a major portion of the cost and training of our staff. Our executive team was always excited at budget time that we could maintain a current environment and cover those little green ghost within our planned budget.   It really is about the people you have around you and when you get to that point where you trust them and they trust you there is no obstacle to success.

On this elite team we built, the entry level helpdesk employees became system administrators and then went on to become engineers and risk managers and Directors. Within 18 months the perception of IT went from below poor to excellent. My management by walking around became a cheering session for praise of the team and a productive time of true planning and sharing of Ideas for future projects. Employees from other departments wanted to be in IT the group that worked hard and played hard and did it together.

So I ask you what a CTO is.

The member of the team that is focused, patient, loyal and ready to put together whatever resources necessary to assure success for the overall goals of the business by putting people first and empowering them to excel to excellence!

Comments Off on What is a CTO?

Comments are closed.