The five minute CIO: Niall Kelly

16 May 2014

Niall Kelly, CIO of Netwatch

“It’s hard to take someone seriously when their office resembles a server museum,” says Niall Kelly, CIO of security company Netwatch. He urges tech professionals to become business problem solvers by adding skills in non-IT disciplines.

In the time since you last spoke to us, how has your role changed: is it more business-facing and less involved on the technical side, or has it changed in other ways?

With satellite offices in the UK, New York and Boston, and mobile sales and technical personnel on the road in each of these areas, my role now involves ensuring that our IT department give the ‘road warriors’ what they need in terms of secure, timely access to real-time customer information on the move.

It’s got to be quick – reflecting instant customer alarm information received at our hub in Ireland – and above all, it has to be secure. So my role is to manage the flow of information across these cultural and time divisions; and also to induct a rapidly growing number of new employees who may have differing levels of IT experience.

As CIO, what are the key performance indicators you look for in your business to gauge how your IT is performing?

We carry out focus group sessions with all departments regularly; how well our department is operating as a business unit is reflected in the feedback at these sessions.

We operate an internal live CRM system, called CRATOS, to log and react to all user requests for IT assistance in the company. How fast we react, and how quickly we can resolve these issues, is a KPI for our unit.

On a broader note, if we win new business because of real-time CRM information – for example, comments made by a client to a staff member in Boston about their business expansion in New York which results in a new business win for Netwatch – well, that’s a great result for the IT business unit.

You said before that virtualisation changed your business – have you seen any other signs of a game-changing technology on the horizon, or one that you’re already testing and looking at closely?

Over the last two years, we were faced with coming to the end of a €500,000 server spend, necessitating a major new investment in hardware. We have almost entirely moved all production servers to the cloud, totalling almost 40, and we have seen a huge operational and financial advantage.

Moving to the cloud has allowed us test products and software in a controlled environment without affecting our live environment. Our ability to spin up server environments for new products or services is almost instant; and of course our level of redundancy is second to none compared with any other player in the industry.

On a different level, our in-house R&D team is working on cutting-edge video analytic processing software designed to help our clients achieve their security and process control efficiency goals. This is a real game changer for us; in the past we would have had to wait until a supplier came up with products.

How close is Netwatch to its ideal state of IT, as far as you’re concerned?

We are getting there. Having our own in-house software developers means that we can react quickly to a client’s specific needs; we are currently working on some major ‘life safety’ processes for an international public transportation company. Internally, our software teams can develop a new piece of integration software to help our monitoring personnel react even more quickly to clients’ situations.

Our state of IT is certainly hugely robust, with extremely high levels of redundancy in-house due to the nature of our mission-critical service. We have come a long way since we took on our first client in 2002.

Two years ago you said you would look at cloud services where security could be proven. You’re using the cloud now, but given everything we’ve learned since the revelations by former CIA contractor Edward Snowden, is there anything that makes you wary about it?

We are satisfied that the cloud operators take their business as seriously as we do. Still, we maintain the ultimate end control over our systems encryption and client confidential information. As mentioned, our live production environment is now almost entirely cloud based, and we have had no issues. As an extreme last measure, we still maintain operational capability at our central Netwatch hub; we would have to be strongly persuaded to switch this off!

Given the general security threat level we see, has the allocation of 7-10pc of IT budget to security increased?

It is probably still the same proportionately, but our overall IT budget has significantly increased. We have recently undertaken penetration testing by some external experts, which although costly is well worth the investment.

You weren’t so keen on the ‘bring your own mobile device’ developments. Was Netwatch able to resist the trend or did you have to bow to the inevitable? And if so, how did you manage the process?

We see little demand in this respect in our environment. My gut feeling is that after the initial rush to mobile as a concept that people decided to leave their work environment at work, and enjoy their free time with their own devices!

I could be wrong, but there may be a feeling that they want their employers to furnish the right tools and environments in the work environment; and then get away from this when necessary. I see a backlash against 24/7 email access amongst IT professionals!

When so much of IT service can be outsourced or put in the cloud, is there a danger that IT professionals who stay in their own silo are at risk of being passed by for senior roles, or worse, becoming obsolete?

Of course. IT needs to be a considered factor in every senior management decision-making process; just like HR and operations. If it is not, the senior IT manager is not doing his job and needs to be making himself visible as a senior business problem solver within the organisation.

IT managers are often the ones whose offices are cluttered up with the tools of their trade; I see this almost on a daily basis in the client companies I visit. It’s hard to take someone seriously when their office resembles a server museum.

IT managers should also challenge themselves daily in terms of their skill sets; faced with hiring an IT manager who has yet another SQL or Cisco qualification, I would much rather speak to someone who not only has the technical qualifications but has been on a sales training workshop, or gained experience in the field selling extra revenue-generating services to clients.

You’re a big believer in having IT professionals becoming more engaged with the business. Do you think that’s a way for IT professionals to take on a more strategic role and could it be a career saver?

Yes, absolutely. IT managers are critical in any business and have much to offer as business problem solvers within the organisation. Unfortunately, we are often not the best at self-promotion.

Take the IT budget process as an example. In a lot of companies, the IT managers put together their wish list in terms of annual spend, and senior management try and find some reasons to cut it. Most IT departments present the annual budget this way.

The right way to do it would be to present the business case in terms of increased business and revenues which could be gained by the introduction of new technologies; having interviewed and garnered the desires of the individual department managers before this, ensuring that the IT spend is seen as business enhancing, not just a necessary evil.

Too often, I see IT managers present the need for upgrades or new investment as “it’s time to do it” or “everyone else is doing it”. That’s not the way to endear the non-tech CEO to your department.

In your opinion, what should a top-performing IT professional be doing to stay relevant to the business and to deliver value rather than just being seen as the person who keeps the lights on?

Get out there and learn the client acquisition side of your business. Find out how your company gets new business, and why. Find out how your sales teams work, find out how your marketing teams promote your products and services, and then give them tools and processes to help them.

Also, do a basic ‘Finance for non-financial managers’ course. Being able to converse from a position of some understanding of the financials will further your engagement with the management team.

The downside to getting all this extra attention is that you’re also the potential public face of a data breach – look what happened to the Target CIO. Any thoughts on how to avoid the wrong kind of publicity?

That goes with the territory. But you must understand the risks. If your company holds the credit-card data for thousands of ordinary consumers, then you have a moral obligation to ensure your systems are rock solid and fit for purpose.

Engaging the services of outside experts to challenge your systems is also eminently advisable; we learnt a lot from that process in Netwatch.

Gordon Smith was a contributor to Silicon Republic