The CIO as cheerleader/collaborator/therapist/technophile/entrepreneur

Jack Wood, CIO for home goods e-commerce powerhouse Wayfair, wears many hats and he doffed them all at IT Roadmap in Boston this week.

The event's keynote speaker described himself as a combination cheerleader/collaborator/therapist/technophile/entrepreneur and suggested that IT leaders and those pursing such a career path at any fast-growing business might find themselves in a similar situation. (Not to say there are many companies growing as fast as Wayfair, which in 2014 boasted year-over-year revenue growth of 44% to $1.3 billion.)

Here's a quick rundown of Wood's roles:

*Cheerleader: Wood says his cheerleader skills are on display when it comes to hiring. Or as he put it, "hiring, hiring, hiring." The company has 400 engineers already and is hiring one a day for the rest of the year. The market is competitive, but facts such as Wayfair's wide adoption of free and open-source software such as FreeBSD and embrace of popular languages like Python and Java makes the company a place programmers want to work, said Wood, who is also very tempted by the Postgres object-relational database management system. Among other things, programmers today like to get their name into the open source community by contributing updates, he said. "It was like being part of Greenpeace back when I was in school."

*Collaborator: Wood at certain times during his career has heard daily complaints about silos forming within a company, about people throwing trouble tickets over the wall in hopes of getting them addressed by IT. "Your job is to reduce silos," he said.

*Therapist: Currently, this mainly involves keeping IT security staff from climbing out onto the ledge, Wood said. He discussed encouraging employees to get out and see what's going on in the business, to change jobs every so often and even to interview for jobs to get a sense of what they're worth in the market.

*Technophile: While CIOs deal with both the business and tech sides, Wood said he considers himself a techie and has worked at IT companies like Lucent and Akamai previously. He said he makes sure that he's out in front on technology trends, such as the cloud, where Wayfair plans to put its next data center. And while the cloud looks like the way to go, Wood said it's no cinch: the bulk of the company's code needs to be rewritten to work in the cloud. Wood also took a strong position on Wayfair's content delivery network strategy, boldly pulling them out of Akamai even after he came to Wayfair from that company (Akamai is the "Cadillac" of CDNs, he said, and Wayfair couldn't justify that with limited funds). Once Wayfair got itself into a better financial situation, it returned to Akamai.

*Entrepreneur: While Wayfair is no startup at 3,000 employees, he said as CIO he needs to think like an entrepreneur and make changes to strategy on the fly. Wayfair currently is in the midst of a big global expansion, and while it looked to hold the line on hiring after going public last year , it now realizes it needs to hire hundreds of people to empower the company to realize its potential internationally.

MAKING ARBELLA LESS VULNERABLE

As Wood alluded to, a big part of his job is supporting IT security staff in light of malware's pervasiveness. In a separate talk at IT Roadmap, Arbella Insurance Group VP and CIO Paul Brady zeroed in on "Security: The Changing Risk Landscape." The topic has certainly gotten the attention of Arbella's board of directors, which wants to know what Brady's team is doing to make the $850 million property and casualty insurer less vulnerable to cyberthreats.

[As an aside, Brady shared an almost-obligatory story about how his last name was used to tease attendees at a company event held at Gillette Stadium, home of the Super Bowl champion New England Patriots and quarterback Tom Brady. While attendees were disappointed the Arbella executive wasn't that Brady, he did get a $250 Brady shirt from the Pro Shop out of the caper.]

One big and unpopular move Brady said his team took in the wake of a few minor but potentially serious ransomware hits on the company in which computer and network drives were encrypted was to ban employees from using personal email accounts on the corporate network (they can still access such accounts via mobile devices). Even though antivirus and spam filter technology was updated to address the immediate threat, after some data restorations from tape had to be employed, the company knew that new variations of the threats would be on the way shortly.

"We haven't had any major exploits, but the security team has gone from percentages of jobs to multiple people trying to stay ahead of whatever is coming next," he said.

Brady added that Arbella is working to be proactive about sniffing out potential security threats via less obvious sources, from Reddit to vendors that prowl the darknet. Executives weren't happy that they didn't first hear about the Heartbleed Bug last year from Arbella's security vendors, but rather from the press.

Brady said that just because his company isn't as big as organizations like Target and Home Depot that have been hit with high-profile cyberattacks doesn't mean his team can rest easy. "The reality is that whatever vulnerabilities are exploited have the same risk to us," he said.

The CIO cited research that up to 90% of breaches start with security lapses involving employees (usually inadvertently), and this has led Brady's team to search for better ways to educate Arbella's workforce about online security, ideally via gamification. Arbella is reviewing multiple vendors, including Wombat Security Technologies, and Brady says he told the vendors that their offerings "need to provide valuable education and can't be boring."