enterprisesecuritymag

Employing Strategies For Cyber Security

By Sunil Garg, CIO, Exelon

Sunil Garg, CIO, Exelon

Defining Problems to Determine Economic Technology

While it seems cliché, a major challenge in 2014 (and going forward) is Big Data. To some degree, the term ‘Big Data’ has become so overused to have lost meaning; however, whether we are talking about structured or unstructured data, at-rest or realtime, the fundamental issue remains the explosion of data and the inability to effectively act on it.

My expectation is to be a voice of reason and not frenzy when it comes to Big Data. It seems technology providers have become so entranced by anecdotes on the use of ‘Big Data’ that lost in the discussion is the central question: “What problem are you trying to solve?” Clearly defining the problem helps determine the most economic and useful tools and technology.

Cyber Security–the Biggest Challenge Currently

We not only have the same data privacy concerns as other enterprises, but we also run critical infrastructure–the electric grid. Thus, the implications of a cyber security problem go well beyond our company, employees and customers, and we take that
expectation and obligation seriously. We have state-of-the-art systems and actively address cyber security threats. Given the rapidly changing nature of the threats, we are interested in solutions across the risk equation, from improving our ability to successfully protect our assets and prevent attacks, to better detecting and monitoring them, to responding and containing events, to quickly recovering and restoring.

Continued Impact of Mobility

One of the many trends that continues to significantly impact the enterprise is mobility. People want information when they want it, wherever they are and on whatever device they are using. Most large enterprises’infrastructure and operations are not designed for this type of world. Our design is an inside-out, economies of scale, limited-choice model and we need to adapt to an outside-in model that meets the internal and external users’ needs and expectations, while at the same time maintaining fiscal discipline.

My role as a CIO

A couple of years ago, we took a step back and asked ourselves, “Why does an IT organization in a large corporation exist?” We kept returning to “what” we do and “how” we do it, but not “why” we do it. Eventually, when we looked at the changing nature of our industry and technology, we came up with a two word mission statement: Advance Progress. We realized that even if we were world-class at what we were doing, given the advances in the
industry and technology, each day that we didn’t move forward, we fell behind. Thus, we had an incredible opportunity to go from playing not to
lose to playing to win.

Lessons Learned as CIO

IT organizations can become fixated on technology, when the key is people. As part of our strategicplanning process, we developed a series of actions that needed to be reinforced and celebrated to create a high-performing environment where people feel valued, we seize opportunities and we promote critical thinking. One of my favorites is ‘have the meeting after the meeting in the meeting.’ We often sit in meetings and people don’t feel comfortable sharing their thoughts, but later complain about what should have been said or decided at the meeting. We have a sign in every conference room that says, “Are you having the meeting after the meeting in the meeting,” and expect our leaders to create the
trust and social capital to allow that to happen.