Top CIOs Share Best Practices

WASHINGTON -- Negotiating skills may not be on the top line of most IT professionals' resumes, but according to two leading CIOs, having that kind of savvy can go a long way toward improving your organization's computing performance.

Learning to negotiate well, with both internal customers and external suppliers, was just one of the lessons imparted during a how-to panel discussion held Tuesday afternoon at the Comnet show here. Bob Gayley, the chief information officer for Amtrak, and David Swartz, CIO for information systems and services for The George Washington University, also told attendees that understanding overall business needs and establishing a clear way to measure IT performance were additional keys to a successful information-systems strategy.

According to Gayley, building a winning IT organization starts with "understanding your business peers, and what they are trying to accomplish. You've got to get involved with them, to understand the demands [of the overall business]."

And once the demands are clear, Swartz said it's important to establish metrics that measure the hows and whys of IT performance, so that internal customers understand why IT can't always do everything they ask.

"One of our biggest challenges is meeting expectations," Swartz said. That's why inside the university, his department creates service level agreements (SLAs) with the different constituent groups. Such internal contracts, he said, "helps people understand that it takes money to deliver IT."Tuesday's news of the Mydoom virus spread was old hat to the two CIOs, who said that dealing with external issues is a prime concern for all enterprises.

Gayley said one of his biggest concerns on the security front is "wondering what the next thing is." He's also aware that the time adminstrators have to react to worms, viruses and other attacks "is minutes now, not hours." Since virus protection firms typically take much longer than that to craft responses, both CIOs said enterprises need to build their own defenses to keep operations safe.

At George Washington, Swartz said his department has set up a "controlled area" where their servers direct users whose clients are determined to be infected. Gayley said at Amtrak, the protection against viruses and worms starts at server level. Users there aren't allowed to log on, he said, unless their client has properly updated software. And, "all our servers are kept up to date, all the time," Gayley added.

On the issue of open source products, the panelists were split. Swartz said that George Washington has discussed the idea of eliminating Microsoft products from the data center, simply to eliminate the need for multiple patches and updates. Using Linux on servers, he said, "seems like a safer environment to be in."

Amtrak's Gayley, however, said he shys away from open source, preferring Unix products from IBM. "I still don't believe it [open source] is mature enough," Gayley said.Gayley also said that IT directors should always try to seek the best deals from their vendors, by asking to renegotiate existing contracts, or by turning to resellers for quotes on updates and maintenance. "Don't presume that when that bill comes in, you have to pay," he said. "You've got other options."