There's much talk lately about IT needing to align with business goals and to be responsive to user needs. This talk can reflect misunderstanding of enterprise IT by the rest of the organization.
Sometimes this is due to a lingering "glass house" or "ivory tower" mentality. Other times, corporate culture has unwittingly relegated IT far from the core business and has viewed it as a remote keeper of vital but secret (and expensive) knowledge.
Whatever its origin, the communication gap is frequently widened by IT itself. Perhaps it will be helpful to identify and discuss a few common false views held by users -- or IT pros -- that I've observed:
Myth No. 1: IT is the department of "NO." IT departments that are not customer oriented usually earn this reputation. It doesn't have to be this way. The mission of the IT department should be the same as the mission of the organization. We need to find more ways of saying "YES." We need to listen to clients and provide value by enabling them to perform their jobs better through proper use of technology.
Myth No. 2: IT support is a commodity and not part of the core business and can be easily outsourced. IT is integral to the core business of most organizations today since you can hardly do anything without IT. Proper support of business applications usually requires deep understanding of the business, and this understanding is not easily outsourced. While outsourcing some aspects of IT should always be considered as an option, it rarely pays to outsource intellectual capital.
Myth No. 3: Cybersecurity is strictly IT's job. Within any organization, cybersecurity is everyone's job since everyone has access to protected information and most breaches are a result of human action. Cybersecurity is rooted in risk management and safety. This is a vast, highly interdisciplinary field with three main areas of focus: technology, policy, and people management. Organizations frequently make the mistake of implementing only a few of the technical controls while ignoring the rest.
Professionals from a wide variety of backgrounds are needed to work on various aspects of cybersecurity. Psychologists, sociologists, criminologists, computer scientists and engineers, network engineers, business administrators, risk managers, political scientists, lawyers, human resources personnel, recruiters, lawyers, and people from many other disciplines are involved in an organization's comprehensive cybersecurity program.
Myth No. 4: Requiring users to change passwords frequently improves security. This is a favorite for many people working in the IT department of NO. They will make users change passwords frequently, but system administrator passwords will go unchanged for months -- even after systems administration personnel depart the company!
Frequent password change is a major burden on users -- especially if they are forced to use highly complex passwords. People usually solve the problem by writing down their passwords in a conspicuous place, resulting in reduced security. It also drives up the number of support calls. Passwords are usually compromised through phishing or spyware. Training people to manage and protect passwords and to practice safe computing is a far better idea than forcing them to change passwords frequently.
Myth No. 5: We need IT support to move PCs and to connect projectors. I have never understood this phenomenon. Using expensive IT people to perform routine tasks such as equipment moves and setup is a total waste of money. Technology has become ubiquitous, and most users are capable of self-help of this type, allowing IT to concentrate on more complex support tasks. Unless there is a requirement to implement specific port-level security, most users can be effectively trained to disconnect and connect computer equipment.
Myth No. 6: You need an information technology or computer science background to work in IT. This is far from true. When I became a network engineer, network engineering was not taught in any of the colleges. Many of my best employees came from non-IT backgrounds and became successful because of their friendly personalities, discipline, and passion for helping people and learning. Technology changes so rapidly that people can become highly proficient in new technology in a short time. Indeed, they must continue learning or they will become obsolete rather quickly.
Myth No. 7: The leader of an IT department needs to be technical. IT department leaders need to understand the business and cultivate strong relations throughout the organization. They need to be able to develop long-term strategies that aligns with the business goals. They need to be able to inspire the IT team to be innovative and helpful. They need to be able to stay current with the industry by networking with other IT leaders.
All that said, while technical skills are not essential for a CIO, a complete lack of technical experience can be a major drawback because non-technical executives may not make the best strategic technical choices or understand how to recruit, mentor, and retain good IT people.
— Mansur Hasib has served in CIO/CISO and other leadership roles in the public, private, and education sectors.