C-Level View | Feature
IT Takes a Village: Getting a "Seat at the Table" is Not Enough
A Q&A with Jill Albin-Hill
We've heard a lot over the past few years about how IT departments are getting a "seat at the table" — IT's evolution from a mere provider of technology services, to a new, more authoritative voice engaged with upper-level administration in strategic planning and oversight of technology applications for the institution. Here, Dominican University's vice president for information technology talks about the changing role of IT at her institution and how forming partnerships at many levels, both internal and external, is the real key to success.
How do you get to a place where people at all levels finally see technology as just an enabler and recognize the IT department as a true partner? — Jill Albin-Hill
Mary Grush: Is IT "getting a seat at the table" at your institution?
Jill Albin-Hill: Yes, but getting a seat at the table is really not enough. The evolution of IT for our higher education institutions has to include building partnerships at many levels. Internally, this means fostering a more mature understanding of technology by people at the departmental level and all constituencies institution-wide, so that effective and intelligent planning and program implementation can take place. We provide support at the departmental level, of course, but we especially need the agreement and commitment of departments throughout the institution to become more tech-savvy — at least in a way that allows for useful conversations between us. IT should also be looking outside of the institution for partnerships that can help us leverage consortia, networks, new cloud-based models, and all the other rich resources of the IT community at large. In a sense, IT now "takes a village".
Grush: Isn't it important for you to have a "seat at the table"?
Albin-Hill: Of course. But you know, lots of times we hear CIOs or IT leaders focusing on their own leadership development as, "I want a seat at the table." This is mainly because for years we have struggled with getting people to tell us about what they were doing. We would hear about some new system they wanted to have installed — after they were already purchasing it! Or, they were struggling with a problem and never consulted IT or thought to bring us in. So the idea of getting a seat at the table, where those strategic conversations were happening, was very appealing. Your technology leader needs to be where higher-level technology plans are formed.
Grush: Were you, or the IT department, prepared for a seat at the table?
Albin-Hill: Good question. Be careful what you wish for! I think I've lived a little bit in these past 5 years since my institution first had a technology plan developed and approved by the board.
In turning that corner and having my seat at the table, I became aware of a very important question: How do you get to a place where people at all levels finally see technology as just an enabler and recognize the IT department as a true partner?
It should be no surprise that with one significant change, like getting a seat at the table, further adjustments are needed. Being included at the table is great! We now are to the point where there is hardly a conversation that happens in which we in IT are not asked to be there. As a result, we've needed to think more about balance and capacity in some regards: Now that we've built up the excitement, how do we actually address it all? How do we give service to each of these needs as they all arise? We are really having to try to prioritize things in new ways, because we are so often called on by every area of the university.
This is the environment in which we quickly grew to understand that all this is not just about the CIO. It has become very critical to have a team of professionals in IT who are business-savvy and can learn about what people are trying to do so we can talk technology in terms that matter to people. I think we've been seeing that anyway, universally, as a profession.
Think back about the old jokes referring to the computer science majors and their pocket protectors. As a profession we've learned that we need people who may fall comfortably into that stereotype, but now we also need them to develop soft skills and the people skills that go along with that. I would say right now we are at the point, critically, where it can't be one way or the other for our IT staff. We have to have a strong mix: people who have the technical chops and really can see things from different points of view and communicate solutions to different constituencies.
And that communication can't be purely technical jargon. It has to be in a language that our constituents understand — you've got to be able to walk in their shoes. So, it starts with the CIO, but it's not just the CIO who can do all that's required and make great progress by herself. I've seen, more than ever, this need for a strong team. Perhaps especially at smaller institutions, where we already have staffing challenges… where we haven't put that much intentional mentoring and development into the IT leaders within our structure.
So, once we create that spark for our constituencies, and we get everyone interested in wanting to see how the IT department can partner with them and make all these wonderful things happen, we can then actually reach them by having a really solid team of IT people who can be out and talking with the user community to see where solutions can make a difference.
Grush: How has your institution benefitted by forming external partnerships? Do you have a good example?
Albin-Hill: Forming external partnerships presents a great way to both manage costs that are continuing to rise and increase our capacity to offer new services. A good, recent example is a consortium we've formed with four other schools in our region to obtain security-as-a-service.
We worked together to make a plan, forming our consortium called the West Suburban Information Technology Group. Elmhurst College, Judson University, North Central College, Wheaton College, and of course Dominican University pursued a contract with an outside vendor to provide a shared managed security service. To paraphrase our objectives: "The concept behind this endeavor is to enable the member schools to leverage economies of scale and scope as we work within constrained budgets to improve our respective information security environments. Each of our schools is unable to retain full-time staff to address the information security needs of their institution, but all anticipate that sharing of a cloud resource will have significant impact on reducing institutional risk." GreyCastle Security, from Troy, NY, was selected from RFP responses returned by more than ten vendors.
The consortium was spawned from a somewhat larger group of area colleges and universities, WSIT – West Suburban IT, that meets regularly to talk about IT topics. Higher education has always been very good at sharing and bouncing ideas off each other. This larger group brings CIOs and some of our IT teams together every other month or so to talk about many relevant IT issues. We tend to set the agenda based on different projects people are doing, but often it's just a good touchpoint to boost one's awareness of what's going on.
The institutions are all at different places in terms of their specific IT programs and implementations — there have been different SIS or network vendors chosen, for example. But the concepts and struggles experienced by us are basically still the same, regardless of some of the solution choices that we've made. So it's been very valuable to be a part of this collegial group.
A couple years ago we started noticing that information sharing is one thing, but there are some things that we could be doing better together. Security was one of the first things we started to talk about, in terms of sharing services among us. Each of us was struggling with the growing feeling that we did not have adequate attention to our institution's security profile.
With schools of our size, it's hard enough to have sufficient staffing in general, but to be able to hire a CISO… nearly impossible! Security professionals are really a hot commodity right now. So it's difficult to approach security issues well, when we are looking at our own internal staff. Many of us do penetration testing and perform different tests of our systems. But we all were faced with not having any dedicated internal staff for this.
So, we asked if security is a space where we should work together. We were already each spending money in the area of security, so if we pooled some of that together, would we be able to get more resources together and provide services that we can't afford separately?
We started talking about this in WSIT, the larger group of our area schools. We finally formed the West Suburban Information Technology Group security-as-a-service consortium with a subgroup of five WSIT institutions, and a few more are considering their options to join.
Our first step, the RFP, helped us to lay out and quantify exactly what it was that we were looking to get. It wasn't just penetration testing — we wanted something more. We wanted each of our schools to have a kind of quarterback doing security. And, we wanted to gain some efficiencies together, in the projects that we would choose to do. There are different ways you can leverage external partnerships: just for buying power or as a truly shared endeavor in terms of the workload. Ours is kind of a hybrid, if you will. We did get some buying power, and we are also benefitting from doing this together.
As more schools join the consortium, they can benefit from our groundwork and not have to start from scratch.
We all basically agreed on what our initiatives are and who's doing what piece, and we charted a roadmap together in the first year of a three-year agreement.
Grush: What has the consortium meant to you, so far?
Albin-Hill: What has it meant to me, now that we've had this? I was talking with my leadership team about why it was important that we go this way.
Cybersecurity in general addresses vulnerabilities that could be catastrophic for the institution, if you have a major incident. It's also very much of a time-consumer if you have an incident, even of a small size. So, how we continue to improve our posture and avoid bad things is certainly more important than might seem obvious on the surface. Also, being able to have a concrete plan for what we would do if something happens is of real importance.
Without having a full-time, dedicated security staff, how could we do all that on our own?
Before we formed the consortium, IT at each of our consortium schools at least made their best efforts. At Dominican University, I found, without some structure and a timeline, we were just not making as fast strides as I knew we should. So, for me, the true benefit of this managed contract is that we have set the roadmap, that we have frequent calls, and that I have a full backup team — our consortium partners and our vendor — for any questions that may arise. I have, more or less, my security bench on call at any time. And they are at all times helping us with proactive efforts that we can work on together. For what I was probably spending on penetration testing alone, now I am getting a full complement of service, support, and colleagues helping us make progress on our security maturity across the organization.
Grush: What has been a key takeaway as you look back at your efforts to develop partnerships, both internally and externally?
Albin-Hill: If I had to pick one thing to emphasize, I think it would be the impact of working with people, and the importance of learning to do that. It covers a broad piece of what you do for your role in IT, and it might include anything from professional development for IT staff, to learning about potential consortium partners, to establishing better services for departmental constituents… and so much more. It's a new style of IT. All of these things require you to learn and understand what people are trying to do.
Grush: So it comes back to working with people — and creating that "village"?
Albin-Hill: Yes, certainly.