Dave Hansen, CABy Brian P. Watson | Posted 2007-06-07 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
In what ways are today's innovative CIOs exploiting today's emerging information technologies?
Dave Hansen: Focusing on employee development.
Promoted to CIO last fall after four years at CA, Hansen talks about the challenges of managing 560 technologists worldwide at a $3.8 billion company struggling to right its reputation after the jailing of its former chief executive, Sanjay Kumar, who, along with former sales executive Stephen Richards, pleaded guilty last year to obstruction of justice and securities fraud. Baseline senior writer Kim S. Nash spoke with Hansen.
Baseline: You are CIO at a tech company. You get access to new technologies before other CIOs. You also get support for those products that other companies don't get. Does that mean you can be more innovative?
Hansen: People ask me about the difference between being CIO at a tech company compared to any other kind of company. The first is, I have 15,000 people here who think they can do my job better than me. I really do. The second and easier one isI've had headhunters call me because of thisyou have to really integrate a showcase strategy around your tech. We run more CA technology than any other customer.
What do you do with that early access?
There's a technology, for example, CA just went to market with and it does not have functionality we need. I said to the development group, "I want to use the app but I can't without this piece. Can you put this in?" They decided to put it in, with me co-funding it.
What is that product?
It's Unicenter Patch Management. Those products were designed for Windows patching and not necessarily for Unix. It works with Unix, but CA hasn't decided as a company to commit to researching Unix vulnerabilities to push out those patches to customers. Internally, I wanted the product to do both. There are a couple products on the market that can, but we had built our own.
In hiring and training high-performing I.T. staff, how innovative are you?
We're very, very focused on employee development and career pathing and training and education. It's critical. Some people overlook that when they're trying to run 100 mph and you end up not keeping staff up to snuff. We want independent certification for almost all roles. We categorized 600 roles to 12 groupings, such as management, field support, and network-and-telecom. We defined internal and external certifications we want people to have and have gotten aggressive funding to do that.
Certifications are controversial. Are they worth the money?
There are a lot of different needs and desires these people have. Some people feel strongly about getting an accredited certificationMicrosoft, Cisco. All my security guys are getting CISSP [Certified Information Systems Security Professional accreditation]. These guys really feel that they're being heavily invested in. They all [the I.T. staff] have a development plan about what certifications they're working toward for the next couple of years.
It is hard to measure the loyalty you engender with training or any kind of soft investment?
When I walked into CA five years agoit's been a tough five years at the company. We're starting to see the end of the bad stuff. But employees have worked really, really hard. I've gone in with the attitude of, if I can get an I.T. organization that people enjoy working inwith equipment, software, trainingthen I will have a great I.T. organization. But there are many pieces; it's not just throwing money at people. And believe me, we did do the money part. I analyzed the compensation of every employee and made sure they were paid to market rates. We compared against the 25th percentile, 50th and 75th and are making sure no one's under the 50th. When you fix one thingtrainingbut find out you're underpaying, that won't work.