Five Years In

Last week marked 5 years at Queen’s in my role as CIO/AVP.  I was very aware that this date was coming, but it still stunned me when the first congratulations came in on LinkedIn.  The fact the LinkedIn publicizes such anniversaries still bothers me a bit.  Don’t get me wrong – I did appreciate all the notes (and nice comments) from people who took time to offer congratulations, but deep down I feel I have lost a bit of control there.  I don’t let Facebook know my birthday, so I get a lot fewer best wishes than my friends, but that is ok – those who should know, know.

So what do you do when you reach one these types of milestones…. I find the older I get the more I need to reflect.  On a personal level, I find that at these times I crave much more “me” time and that means long walks and listening to music.   I am not sure my family notices, but I do.   I am going to write down some of these reflection in my blog.   I am going to move away from the more formulaic approach that poses a question, tells a story and draws a conclusion, to a longer set of reflections.   Maybe this is as much for me as for “you”. 😉

I recently had a good chat with a trusted colleague who I have known a long time, and who I have gotten to know much more while here at Queen’s.   They suggested that I should formally identify what I have achieved during my first five years.  I decided that my achievements are to a great extent reflected in what the ITS organization has accomplished, and how we have advanced information and technology at Queens since I arrived. The idea sounded very intriguing, but also daunting.  An IT organization in Higher Education is in continuous flux, with ever changing priorities and successes almost every day.  How could I possibly summarize all of this?   It is a challenge I run across frequently.  We don’t want to leave out anybody’s contribution, but we can’t have a list that goes on and on, or people will lose interest.   This paradox, where stakeholders say they don’t know/understand what we do, yet aren’t sure they have time to engage in understanding the whole picture, is felt by every CIO I know, and can be oh so frustrating for people working in IT.  Communications has become such an important piece of the modern day IT organization and something we have been emphasizing here in ITS.   We are doing some good things in this area, as is Queen’s and University Relations, and I hope to see us do even more.  The eternal optimist in me says that eventually we will find the right balance.

In 2013, ITS developed a 5-year ITS strategic plan that defined our roadmap up to the end of 2017. We have begun discussing the next iteration, but I envision this one to  be more of an IT@Queen’s Strategic Plan (or maybe even a digital strategy for Queen’s), rather than being limited in scope to just ITS.  Bringing IT planning to this next level will require increasingly more engagement with the community and the Senior Administration.

The ITS Strategic Plan establishes four high level pillars listed below, with some highlights and measures of success from each.

  1. People:

Attract leading talent and keep them engaged and empowered by committing to staff development and professional growth through clear career paths and recognition.

In the areas of talent attraction, retention and development I think we have accomplished a great deal.   We have a sound staffing strategy that is leading us in the right direction.   We have moved most of our staff to continuing appointments where it was evident we had a sustained requirement. We have undertaken a market value assessment in the areas where we had recruitment and retention challenges, and have provided opportunities for growth and development, especially in leadership and management roles.   We are closer to having all positions filled, but know that in the IT field there will always be some turnover.  We have actively tried to “grow from within” and it has worked very well for most roles.   We continue to develop a talent management plan and will need to continue focusing on total compensation, along with a robust rewards and recognition structure.  We need to take more of a community view around recruitment and retention and work with local groups and partners to make that happen.


  1. Organization

Forge a shared sense of purpose and priorities, employ unified and coherent processes, and develop leadership aptitude to build an enduring service culture across the organization.

I believe we have seen a great deal of growth within the organization on this front.  There is a lot more cross-team awareness and collaboration and there is growing trust within the ITS team. Five years ago we identified a goal of having more contiguous space to facilitate greater cross-team collaboration, and we have come much further with this than I thought possible. We have moved from multiple locations on campus (and off – Princess St), and as of Winter 2017, ITS will be in just two locations (Mac-Corry and Dupuis).   The nature and quality of our space has also changed and mostly for the better.  Given the age of the campus there are things that we will not be able to change and things we will continue to work on.   The next phase includes renovation on the first floor of Dupuis to consolidate the admin group and to create a Network Operations Centre, and I am especially looking forward to relocating the Help Centre from Stauffer to “Main Street” MacCorry. The intention here is to create a dynamic and accessible “hub” for people to get help and to build more integrations with the Centre for Teaching and Learning. Feedback about this move from many parts of the campus has been very positive. We want it to be a hub of activity and innovation and we are taking it to the “streets” to make that happen.

In terms of developing an evidence based culture a lot has been accomplished. We worked with Educause to help them re-define a key part of their Core Data Service benchmarking instrument. Queen’s also championed the creation of a set of Canadian IT Benchmarking metrics, based on the Australian CAUDIT model.  Most of our Canadian peer institutions participate in one or both of these programs, which render some valuable organizational metrics, providing a much better sense of how we are doing relative to other schools.  We also participate in various other studies and surveys and have reported out on many of these.   There are links on the Assessment page of the CIO website.

In the very near future we will start publishing various KPI’s that we have been developing.   This will give the community more insight into our services and ensure alignment with our SLA’s and community expectations.

  1. Partnerships

Develop partnerships on and off campus to introduce innovative and cost­effective ways to meet campus IT requirements in a changing environment. Build trust in service decisions through transparency in planning and budgeting.

A lot of work has gone into building relationships and partnerships.   Queen’s is very much a federation of IT support centers built on Common Vision, Shared Governance and Joint Accountability.   Not everything is perfect, but there is a good deal of regular dialogue, and trust is developing across the different parts of the federation.  There is more work to be done on transparency, from both the enterprise and the distributed IT units, but this is coming.   Fine tuning our communications strategies will help.

Over the last few years we have built strong vendor relationships and have forged some strong partnerships with a group of these vendors.   We have also contributed to the growth of CUCCIO (Canadian HE CIO’s) as well as the resurrection of an Ontario HE CIO’s group.   We have advocated or encouraged various cross-institutional collaborations, such as the Knowledge Content Centre, a Shared Responsibility for PeopleSoft initiative, a Shared Storage solution, and a shared CISO/Security infrastructure concept.   These collaborations are difficult and need a lot of time to develop the necessary value and trust. ITS has made significant contributions towards these initiatives.

There has been consolidation of services on Campus through such things as Office 365, OnQ, Virtualization of IT infrastructure, and Data Centre Management. This consolidation has yielded a more consistent and familiar foundation of IT capability for Queen’s students, faculty, and staff. Further planning and projects will be undertaken to ensure we continue to find efficiencies in IT at the University.

As mentioned earlier, elevating IT planning to the campus level and establishing a Queen’s IT Strategic Plan, with which we and our campus partners can pursue an IT@Queen’s vision with a strong focus on creating a digital strategy for Queen’s will be a major focus. We need to ensure we prioritize the right projects for Queen’s overall, and that we meet the needs of the community the most effective and efficient way possible.


  1. Technology

To be seen at the fore among Canadian universities, ITServices must select new technologies and service delivery methods that effectively support the university’s business requirements. It must also learn from and share learning with the Canadian university community. ITServices can maximize efficiencies through training, automation of overheads, and (where needed) retirement or replacement of ineffective services used at Queen’s.

Queen’s has embraced “the cloud” and introduced a number of new “cloud-based services”, such as Office 365, OnQ, and Travel and Expense.  In all cases we have made sure we have exercised due diligence in addressing risks related to the protection of privacy, IP and our information resources in general.  In most cases, these initiatives were less about saving costs, and more about finding ways to meet the ever increasing demands of the community in the most effective way possible. Most of these cloud-based services provide functionality and robustness of service that is expected and needed by the community, but that we simply could not provide on our own.

I think we can do more to retire aging services, although we have done a lot of this over the last few years, like shutting down the mainframe, replacing old identity services and eliminating dial-in modem access.  The later was more symbolic than material, but it shows how hard it can be in an academic environment to shut down services that only a few people depend on.  The next big decommissioning will be Queen’s Telephone System, which has been with us for over 25 years.

On the financial side we have moved a long way towards creating sustainable funding for infrastructure renewal, refresh, and growth although there are still gaps to be filled.  We continue to be challenged with the conflict between operations and projects and there is risk in several of our operational practices that needs addressing.

Among the many successes ITS can feel proud about over the last 5 years, several are particularly significant:

  1. People Soft

Five years ago Queen’s was nearing the end of the initial PeopleSoft implementation and there was still much to do to mature these systems to the level of functionality and stability needed by the University. Working closely with our partners in Finance, the Registrar’s Office and HR, we have completed 3 significant upgrades on-time and on-budget.  These were major undertakings, and succeeded because of the hard work by our partners and our teams.  The ITS PeopleSoft team’s competency with, and understanding of the technology, is now much stronger, and this has allowed us to  move to a Continuous Development model over the next 18 months, which is expected to be less disruptive and more efficient in terms of resources.

  1. Office365

Most universities have ceased running email and calendaring services in-house, but doing so has not been without challenges. Today, in addition to meeting the core needs for email and calendaring, Office 365 is providing the University with a richer suite of collaborative tools that continues to grow.  The Office 365 migration also enabled us to develop an Authorization to Operate (ATO) process for evaluating cloud based solutions and assessing and mitigating the associated risks with other vendors. A remaining challenge is developing awareness and understanding of the vast productivity tools within O365.

  1. PPO

The creation of the Project Portfolio Office has had a significant impact on how the University prioritizes, sequences and undertakes major systems projects, as well as how effectively they are delivered.  There is significantly better awareness of what is being done, greater accountability around projects, and more opportunity for collaborative or convergent approaches.  Work continues on improving the associated governance structure and surfacing more projects.


The last area I want to talk about, all on its own, is Information and Cyber-Security, a pressing focus and responsibility at Queen’s and virtually every other university.   A couple of years ago the Electronic Information Security Policy Framework was established and has given us a strong foundation to build on.  More recently, we have successfully recruited an experienced Information Security Officer, expanded our security team, and begun a special project to tackle immediate challenges related to IT hi-jack in the coming months. A more comprehensive IT Security plan will be developed in the year ahead and I am confident we will significantly enhance our security posture.


There are many achievements within ITS and across the University that cannot be acknowledged here, but this does not diminish their value.  As CIO and Associate Vice-Principal, my best days are when I either observe, or am fortunate to be part of, a creative or complex process involving both IT and non-IT people – some project or decision – which, at the end of the day, makes the lives of our students, faculty and staff somehow better.


Can the Enterprise be agile ‘enough’?

In the role of the CIO I spend a lot of time thinking about what the enterprise should do and what distributed IT should do.   There is a balance there that seems like a never ending tug of war, rather that a collaborative approach to supporting IT with common vision, shared governance and joint accountability.  For me, it inevitably comes down to the fact that there exists a view that Enterprise is just not agile enough.  As the speed of innovation seems ever increasing, this agility challenge seems to get deeper.   Our community wants to use the latest and greatest and we aren’t always in a position to do that.

The question then  becomes, why can’t the largest IT shop on campus, with the most collective knowledge and experience, be more agile and meet the needs of the community.   I think the reasons are many, and some are complex, but today I was reminded about one of them, and it focuses on risk and privacy.

Here at Queen’s we have been rolling out more and more functionality around Office 365 (probably slower than the community wants).  One of the pieces that we were missing was around Groups.   This is a huge piece of added functionality for our community.   We have rolled this out now, but we have not done it for students, and I know this will frustrate the community and they will struggle to understand what they probably see as a stupid decision.   I assure you, it is a well thought out decision, that maybe the distributed support units would not have reached, but at the enterprise we must consider the risks.

The issue here is around the fact that the membership of the groups is visible to the whole community, and from a privacy perspective student information must be treated differently than the information of our employees.   Many moons ago, when I was a student, we used to pick up marked assignments in a box outside the faculty office – you could see everyone’s mark.  I also recall seeing class lists with names, ids and grades posted on the wall.   This normally doesn’t happen anymore and we take the issue of student privacy very seriously.

We will find a way around this.   The obvious solution is to make groups “private” and that functionality has now been created in O365, but it looks a little buggy.  As the enterprise, we need to make sure this is all worked out before we go live, another piece that makes us seem less agile.

So, at the end of the day, back to my role as the CIO, I need to work with the community to ensure they understand why we appear to not be agile.  The community needs to understand the risks and embrace the need to ensure they are mitigated at the enterprise level.   Maybe we are actually agile enough, we just need to agree on what needs to be done to role out a new solution/service…. common vision, shared governance and joint accountability.





What is that app scraping and what do ‘they’ know about me.

I recently changed out my phone (and OS) and it has me really thinking about what I share and what is being tracked.  We hear about this all the time, so I was really surprised about how vulnerable I felt setting up my new phone.  It shouldn’t have really been a surprise, but made think I need to pay more attention to how and when I share information about myself.

I think a couple of caveats are in order.   I don’t use a lot of apps.   I don’t see value in most of them, as I use the smartphone as a productivity device rather than an entertainment device.  I get the entertainment value, but maybe I am an outlier.

I have used many different types of phones over the years and my most recent phone was a Microsoft Nokia device.   It worked very well and integration with my Office365 tools was seamless.  I would have stuck with the OS if they had an acceptable new release.   My new phone is an android device.  I have been there before, and was one of the very early adopters, so thought the transition would be easy.

Setting everything up takes time, no matter how you slice it.  What surprised me was how quickly things were linked to each other and how much it was telling me about others (and myself).   You know the kind of things…. “hey, you did this, you should talk to so and so because they did this too”   I am paraphrasing, but it is the essence – your behaviour and behaviour of others makes linkages and suggestions.  Don’t get me wrong, I love some of the connections and it makes my life easier, but some of it was really creepy.   I am not sure where the line is, but currently feeling it has been crossed.

As an example, last week we decided to go out for dinner and I decided to book my reservations on Open Table . It worked fine, aside from the weather, but not the fault of the app.  When I got my entre it contained Jerusalem couscous and it was delicious.  I had never had this, and I thought I would google it and learn more.   After I typed Jerusalem, it automatically prompted me with couscous as the first choice….. I found that odd.  Was this really the most popular search, or did it know something about me?   Did it know what restaurant I was at – did it know the menu, did it connect the dots.   I have no idea, but given everything else I had seen over the last few days with the new phone, it was a question that crossed my mind.

Mining this data and making the connections can add value, but it makes me wonder who else is accessing this information and driving something from it.  There is a business in here too and we know ‘they’ are using the information.  There was an article in IT World Canada about Pokemon Go and it raises similar questions and talks about being vigilant on what you share.

My advice, go back and check your apps and see what you share and make sure it is necessary.   Find the right balance for you.




Don’t take the bait

Many of you will have read  the news about the  cyber-security event at Calgary.  Our thoughts are with the team there who are recovering from a very difficult situation.   At this point we really don’t know what has happened aside from a few brief media releases.  All hands at Calgary are likely on deck and our debrief with them will happen in due course.

We at ITS continue to monitor for malware and it is important that our communities become more vigilant when responding to emails and clicking on websites.    At lunch today I was stopped by a couple of faculty members who asked me what happened at Calgary.  Malware can come from various sources including phishing.  Their response was simply “who is stupid enough to click on these phishing emails?”, and my response was, lots of people do because it is getting really hard to identify them.  If in doubt don’t click, call the IT support desk or check for alerts on our website or go to the phishing page..

Here at Queen’s we continually monitor the network for anomalies, we regularly apply system updates, test for vulnerabilities on critical systems, actively run anti virus and malware and work at educating the community.   In the last year we have expanded our security team by adding two more staff, and recruited a new Information Security Officer.

All of these initiatives mitigate the risks, but we can’t eliminate the threat completely.  Ransomware is prevalent on the internet and it is growing exponentially.  Not all parts of the community are as forthcoming as Calgary has been, so we don’t hear about all the incidents.  Fifteen  years ago hacking was more of a sport, now it is malicious and criminal.  It is a rapidly moving target and we are evolving with it.



The end of an era – change can feel hard


Have you ever been in a situation where something has been around so long that you couldn’t imagine the world without it?  Then “someone” makes a decision to take it away and your first reactions are fear, resentment and anxiety.    You feel a sense of loss that slowly translates into doubt as you begin to question why this decision was made.   You become anxious and confused and you can’t imagine how you could live without ‘this’.  It is really easy to get stuck here, and that can end up being problematic.

In these situations you need to be deliberate in order to move forward.  You need to step back and separate fiction from reality and explore the reasons behind the decision.  You need to question what is really the worst thing that can happen, and look objectively at how you can move forward.   You need to question what is important, that you got from ‘this’, and what do you really need.  This will allow you to better understand and work through the change.

At the end of March we closed our Campus Computer Store.  The Store has been around for a long time and has touched a lot of people over the years, but the world, and the market has changed.   It used to be that every fall many students would pick up a new computer when they arrived on campus and now they all come with one already.   We are seeing vendors like Apple and Microsoft selling directly to their educational customers and there is a proliferation of on-line competitors.   The store has always had two sides, retail and internal procurement. Over the last few years retail sales have gone down dramatically, which has really put the operational model we use into an unsustainable position and we needed to rethink how we do this.

On top of that we have seen a big push towards commoditization of desktop technologies.   When we standardize on our desktop and mobile devices, it enhances the user experience, becomes less expensive to procure and easier to support, freeing resources for other more meaningful activities.  If we are being truly objective, close to 100% of the devices we use on our desks should be treated like a commodity.  When we come into work there is a phone on our desk (stay tuned on that one) and we simply accept it is there.  There may be choice of a few models, depending on your role, but if it breaks we bring you a new one that looks and works the same.   We need to think about our desktops and laptops the same way.   As we evolve more into cloud services, there is less reason for storing files locally and most of us should have a common set of tools available. That allows us to simply swap out a machine whenever a problem arises.   There will be exceptions to this and some people will have unique needs, but they should be few and far between and can be accommodated.

At the moment you can go to the procurement site and you can buy just like you did before and have goods delivered directly to you.  You may even notice some of the prices are better, and there is no mark-up, which was necessary to cover the costs of running the store.  In the next short while you are going to see a list of preferred desktops and mobile devices to make your decisions even easier.

On top of that, ITS is going to expand the Direct Computer Support program to support hardware.  “This means that your desktop computer will be just a device you use, can be easily replaced, and have a predictable and consistent fixed cost over time.

It is hard when something you are used to changes, and it is normal to be a little cautious and have questions.  However, don’t let the feelings of  loss and frustration distract you from being objective.  Try and understand the need for the change, engage with the individuals and groups supporting people though the  change, help shape the change, explore how the change can help you and you may end up in a  better place than you are today.



Wanted – faculty whisperer who is highly regarded as a soothsayer and has the ability to walk on water…..

Have you ever wondered what it takes to be a good CIO?    As with most leaders you could list such things as being honest, collaborative, creative and inspiring, or having strong commitment, positive attitude and the ability to execute.   A team player who provides a good cultural fit, would also seem desirable. However, thinking specifically about a CIO, are there things that are  inherently different that require different attributes?”

There are many interesting insights in CEO’s seek CIO’s with a “Bias for Action” that really set the bar pretty high for a CIO and make me wonder how you can possibly get there.  I think expectations are so broad and high that you need to have a strong team reporting to you, and you need to report up to  a strong team.  That is the only way to become transformational and  develop the ability to “walk on water” .

The most interesting piece for me, was the need to “gut-think”.  They argue that CEO’s are able to act faster because they “trust the gut”.  The suggestion is,  many CIO’s tend to be analytical and rely on evidence based decisions and that takes time.  “CIOs who can channel their inner CEO by reassessing their business, adjusting their strategy and executing earns the coveted “transformational CIO” moniker”.   These are arguably the most successful CIO’s, but I want to challenge the notion that is that simple..

It comes back to the actions of  the teams you deal with, or maybe just the culture you live in.   I think higher education can impose certain constraints on the CIO that at times conflict with this need to gut think and make decisions quickly.  I don’t think it is across the board, but there is a strong culture to think things through very deeply and consult very broadly, before undertaking any action.  That is not necessarily bad, but sometimes it can lead us to become handcuffed and we don’t do what is needed.  Even when we do make decisions, by the time we get there it may  too late because the world has changed or the problem itself, that we are trying to resolve, has become bigger and needs another approach.

So, I think I agree that organizations are asking a lot from their CIO’s, and deep down they want their CIO to be transformational.  However, I am not sure that our governance structures in higher education are  mature enough to support the CIO driving transformation.   Maybe we need to just trust our gut more and go for it – who knows, maybe we can all walk on water.

Your mission, should you choose to accept it…..

Suppose you are given an opportunity to present a SWOT about your organization.   The audience is an incoming Provost and all their reports, including the Deans.  The rules are it has to be a verbal pitch and you have 3 minutes maximum to present.   Others in the room will also be presenting their SWOT’s.   You can only do one Strength, one Weakness and so on. That is much harder than it first appears.  This is your archetypal elevator pitch, so what would you say?

I presented  this challenge to my peers in CUCCIO and the response was startling.   I ended up with about 40 CIO’s responding, which is about 2/3 of the community.  It has led to some interesting discussions and some valuable data.    There  is a lot of commonalty between schools, but each school is also unique in terms of their maturity and what they focus on.   I will summarize some of the responses and finish with my statements, as this was a real exercise for me.

In terms of full disclosure, I see Strengths and Weaknesses as being internal to the organization, while Opportunities and threats are external to the organization.  Strengths are characteristics that give your unit an advantage over others, while weaknesses are characteristics that place your unit at a disadvantage relative to others.  Opportunities are external elements that exploit your advantage and threats are elements in the surrounding environment that could cause challenges.   Inevitably people read this differently, and the lines get blurred.  I hope this clarification helps explain my SWOT statements..


Most CIO’s talked about their people.   I don’t disagree we have great people, who are very dedicated, in higher education, but if we all have great people then how is this an advantage?   In addition, several CIO’s talked about a buy-in to the Enterprise.  I think this either plays out from the size of the school – the smaller the school the more buy-in to enterprise – or from the maturity of the school.   By that I mean the more mature the school is the better handle they have on enterprise computing.   Engagement was also mentioned frequently and I think this plays into the need for CIO’s in HE to build consensus and drive norms which may differ from other sectors.

Other things that were mentioned included Infrastructure, Applications, Services, Project Planning and Governance.   Governance was only called out once, but it probably blends into engagement and enterprise.  Almost every item on the list resonated with me, the challenge is picking only one.

My response:

The ability to take an institutional view. By that I mean we have the  capacity to understand the complexity and scope of the enterprise environment and design and implement  solutions that satisfy that environment in an efficient and cost effective way – this is true whether it is administrative, academic or research technology – I think IT has a unique view across those disparate domains ( examples would be our ERP , or our institutional LMS.


Governance came up frequently as did recruitment and retention.  Governance has been top of mind for many of us and given we still see it on these lists it is a tough one to resolve and some of us till aren’t there.    Agility, maturity, language, culture were mentioned in various ways. Size, capacity and redundancy came up with someone lamenting that “there is too much work keeping the lights on and not enough put towards grow and transform”.  This is an ongoing challenge.  Internal challenges within the unit were also mentioned frequently, referencing such things as silos and inability to take ownership as a team. This category is  normally the easy one to tease out in Higher Education IT.

My response: 

We are not always good at speaking the language of the business and this challenges our ability to effectively communicate the value of IT. We frequently find that advancing institutional IT priorities must rely on persuasion and influence rather than common vision and goals and this takes a long time. This means that we aren’t always agile and this frustrates the Faculties who have resources, to the point they build their own solutions.  We then sometimes let go of institutional solutions, or water them down, which can further increases the divide between faculties.


Not surprisingly the biggest opportunity was around cloud and shared services.  There are clearly many definitions around the cloud, but they all contain the same message around finding efficiencies, creating agility and enhancing security. Many people also referenced various campus initiatives that were redefining IT support on campus.   New technologies, internal pressures, efficiencies and campus culture were also mentioned,   There was a theme running through many of these that the organizations were maturing and there was an opportunity to engage in a new and different discussion.  In other words there was an optimistic view that the community was starting to be ready for this dialogue.

My Response:

Shared services across HE, including the cloudWe are looking for some level of aggregation to cut costs and/or satisfy a growing pool of unmet demands.   The catch here is that we must undertake our due diligence to ensure our information resources are well protected – we can’t outsource stewardship or ownership of Personally Identifiable Information and Intellectual Property.  This doesn’t always sit well with the community when they see it as another delay.


The top threats were equally split between finances and cyber-security.  In some cases there was discussion that the financial challenges were impeding the ability to deal with cyber-security which is somewhat troubling.  The rate of change was also called out by some people as being a challenge.  Somewhat related to this is the notion of unrealistic expectations in our community, to the point that someone actually sated that there was  “a divergence of expectations and reality”

My response:

The increasingly hostile security and privacy risks that need to be responded to in a highly distributed decision-making landscape.  Like the rest of the world we probably aren’t really aware of the threats and the risks and they have become malicious and costly to mitigate or clean up.


Given the prolific response to the exercise I think this gives us some relevant material to work with.   We are looking at sharing the detailed responses with the CUCCIO community.   I believe that going through the exercise helps us shape our thinking and hearing other perspectives is incredibly valuable in validating our thinking.

Postscript: …as always, should any member of your team be caught thinking about this,  we will disavow all knowledge of your actions and/or this post.



The demise of the Canadian University CIO…?

I remember many years ago a colleague joking that CIO stood for “Career is Over”.   In those days there was lots of turnover and success did not always translate into longevity in the role.  Some recent departures in the Canadian University sector are making me ponder whether there are systemic issues that are causing our best and brightest to leave the sector.

I have talked about CUCCIO (Canadian University Council of CIO’s) in previous posts, but maybe just a little refresher.  Most University CIO’s in Canada are members of this group.   We engage on a daily basis through our lists, and meet face to face three times a year.   The group is very collegial and there is probably a core group of 35-40 at each meeting.  It is an important organization with some great leaders.  We learn from each other, we advocate, we commiserate and we make HE IT better when we get together.

Over the last year and a bit I can think of 8 CIO’s from this group of 40 who have left their roles, all but one of which were at a U15 (research intensive) school.  Prior to that, a couple of well-respected long serving CIO’s also retired.   This has an impact on an organization like CUCCIO, and on the Canadian University Sector.   These were some of our best and brightest. People who were driving organizational change and transforming the way we thought about IT. I feel the loss.

These individuals left for varying reasons, some stayed in HE but went to other countries, while others left the sector entirely. My question – Is there something systemic drawing or driving them away?   Certainly the CIO role can be a challenging one.

In trying to encourage collaboration across Universities I have been thinking a lot about why it is so challenging in IT when we see other parts of our institutions, such as the libraries, have success.  When I talk about collaboration I mean much more than just collaborative buying clubs, I am thinking about infrastructure and services that multiple institutions plan, invest in and share.

CIO’s in public sector institutions often work in an environment where expectations for IT in our communities exceed what can be achieved with the resources we have to work with.   At times many of us can be head down trying to meet these expectations, sometimes with a very singular focus driven by institutional priorities.  There can also be little tolerance in our communities for IT failure and that can push us to be more risk averse than we would like, or need to be. Although we are working hard at it and we are moving forward, many places haven’t truly embraced technology as a strategic enabler and look at IT as just another cost centre.   This makes it really hard to motivate real change and encourage our organization to advance where they need to.  There is simply very little capacity for collaboration

A few years ago I was talking to a colleague who moved from HE to a private sector agency.  They looked great, were happy and there was excitement in their voice.   They said that when they had good ideas for moving the organization they had instant support from the CEO and there weren’t long drawn out consultations with the community.  They were still doing their due diligence, but made decisions faster and resourced them appropriately.  They said it was fantastic to deliver what their community was asking for in a timely and responsive manner. They were doing it well and their staff were happy. It was fun being a CIO again.

So I leave you with a few questions that I hope will be discussed at our next meeting of CUCCIO.  Is there a systemic issue, or is this just a blip?   Is the grass really greener on the other side?  What can we do to help create an environment for success? How do we make up for this loss of talent and what are our collective plans for succession?

Encouraging Collaboration between Universities

We have all heard our favorite quotes about failure being an essential part of creativity innovation and moving forward.  My favourites focus on the notion that failure is simply the act of gaining experience.   Even though we encourage and embrace failures in our students and faculty when it comes to learning, research and discovery it has always been elusive in administration and especially in IT departments. We simply won’t talk about about our failures, and I think that is a challenge.  If we want to work collaboratively, the biggest success will be driven from sharing our failures.

This morning I went to the gym early  and jumped (stumbled?) onto the bike with the intent of catching up on some reading from the most recent Educause Review.  The first article, Embracing Failure to Spur Success: A new Collaborative Innovation Model by Kim Wilcox and Edward Ray really was a good start to my day.

They talked about some of the problems we are all facing and how each of us are making progress, but “the progress could be even faster and more dramatic if we did two complementary things: collaborate with each other across campuses, and embrace. share and learn from failure”.   I couldn’t agree more.    I could sense my cadence get faster as I read this.   I recently invited a colleague of mine from another ‘system’ to speak at a meeting of my peers from across Canada.  The discussions were on shared services and I remember the colleague saying, “I am not sure what I can say about that, because what we did wasn’t a complete success”.   My response – that is exactly what we need to hear.  That is the value that you bring to us, to be open and honest about what didn’t work.

Wilcox and Ray are  talking in the article about the University Innovation Alliance.   A consortium of 11 major public research universities looking for new and innovative ways to collaboratively address shared problems.   They point out the need for candor and that rests on a strong foundation of trust.    To help develop that trust they have agreed to a common set of goals and it seems like there is some unwritten commitment to be frank and open when it comes to sharing.

Here in Canada the university CIO’s across the country have created an organization called CUCCIO.   We meet on a regular basis and we share a lot of information about what we are each doing.  Since the early days there has been a push towards building trust amongst the membership and this has gone a long way to opening up and sharing not only our success, but our failures.  Our discussions are frank and informative and they add value.  Recently a sub-group from Ontario has started to discuss shared services.  The group is smaller, and given the fact that education is funded provincially it may be easier to facilitate at this level.   That being said we still benefit from seeing what the rest of the group is doing in their respective provinces and learning from their success and failures.

I think the next step for us might be, as outlined by Wilcox and Ray, to get “buy-in from the leaders…. it sends a signal to the entire campus administration and community that collaboration and innovation are to be prioritized and that sharing lessons learned from failure is not only acceptable, but essential”.  We need the whole community on board if we want to drive the type of collaboration that I think we need.

A great call to action, not only for the UIA, but for all of us.

Success is stumbling from failure to failure with no loss of enthusiasm.” Winston Churchill.


Security is everyone’s business ‘redux’

We have been having a broad discussion around information security here at Queen’s and a while back I wrote a blog that talked about how security belongs to everyone and we are only as good as our weakest link.  I thought it would be helpful to share what one department has recently  done and show that this is not insurmountable.  Taking some small, well orchestrated, steps can completely change our security posture and significantly mitigate risks.

Queen’s Advancement Services have recently stepped it up to ensure the information they handle is safe and secure and procedures are consistent across the board.  Currently 99% of their staff have taken the ITS Security Awareness Training.  In addition, 98% of their staff have attended a personal Information Security Session designed for the department.  This covered things like email best practices, handling paper, and mobile device management.  They have also created a Security Standards page for the department and ensured active and signed confidentiality agreements for those handling sensitive information.

On their hardware side they have created physical and logical safeguards for all their devices and  they have moved all of their servers to a secure data centre on campus.  All their applications and business software has been audited by the ITS Security Group and all of their servers are  maintained and patched on a regular basis, with an associated change management protocol.

Congratulations to the team in a Advancement.  You have done a great job and set an example for others to follow.  Our information is valuable and we have been entrusted to protect it.