Challenges For CTOs In 2023

The scope of work challenges facing modern-day CTOs involves a multitude of often critical scenarios. The function of the CTO began as an offshoot role from the CIO office, with the CTO’s primary focus on implementation of technology alone. And today, the implementation function remains - and encompasses an ever-growing list of responsibilities.

Because alongside delivery of hardware and software infrastructures, modern CTOs also deal with cyber security, cloud platform enablement, data management, artificial intelligence, mobile apps, and a host of other functions. That’s before consideration of external factors and variables that the CTO manages, some of which, left untouched, have the propensity to disrupt and impact business operations.  

Effectively managing this range of functions also means exhibiting a wide range of appropriate character skills. The ever-increasing pace of technology advances means that CTOs need to exhibit first class communication, negotiation and analytical skills. After all, they are the main digital warriors within organisations.  According to a survey by IT research firm Gartner, successful CTOs must be able to speak the language of both technology and business as it is the CTO who decides which IT will deliver competitive edge, increase productivity and offer differentiation. This means that customer experiences, user experiences and digital transformations all fall within the CTO’s daily remit. And given that technology today has permeated into every business function, CTO’s now work actively with every department.  

Being such an essential cornerstone of any businesses’ strategy, the role of a CTO is increasingly high-profile and in high demand, with CTO job vacancies up 27% in the last 3 years alone. 

But whilst increasingly sought-after, what are the types of complex tasks that CTOs currently face daily? 

Top of the list, not least because of the dramatic uptick in cyber threats and ransomware incidents - up 38%³ in 2022 - is responsibility for managing cybersecurity. This is an increasingly complex job, set against a constant stream of new cyber threats, both internal and external. The landscape has become exacerbated recently as increasing amounts of business-critical data and apps now reside outside of former secure physical on-premise IT facilities. 

As the power of new technologies emerge, CTOs are the ones responsible for keeping pace with advances and for facilitating appropriate user case adoption pathways. As key recommenders of new digital enablement, CTOs first need to assess viability, impact and security ramifications. Whole industry sectors have sprung up with previously unseen ferocity around AI, IoT, Cloud, DevOps and blockchain. The pace of change has been relentless, and CTO’s must determine if and how these technologies can be effectively integrated into their own organisation’s operations. 

All these tech advances need to occur and co-exist alongside current IT infrastructures – often in legacy systems.

Many organisations are still reliant and are adequately working from previous generations of systems and applications. CTOs take daily decisions on how to manage, maintain and upgrade legacy equipment. Often, they retain elements and modernise where possible, upgrading with as little disruption to day-to-day operations. Such re-invention of legacy systems is a delicate management act of identifying, extending and repurposing hardware that can still be used successfully. Such complex extensions can thankfully be planned alongside reputable TPM (Third-Party Maintenance) partners, who, working in partnership with the CTO, work out cost and resource projections for and against continued use, including maintenance costs, patching routines and fixing security and performance concerns. 

The fourth challenge that CTOs face is adapting to external global and local factors. Extremely prevalent in the last three years, when CTOs became work enablement heroes as they provided IT amidst global lockdowns. Then came facilitation of re-inventing work cultures – from mandatory home working through to hybrid working– and more recently, back into working from company facilities. Each twist in the pandemic journey and its subsequent aftermath, carried extra-ordinary demands upon CTOs, many of whom switched to cloud based service provision almost overnight. Then came waves of global supply chain issues meaning dramatically increased hardware lead-times and restricted supply. And the final stings arrived in 2022, with dramatic shortages of qualified IT staff, and gross inflation costs for things like data centre energy consumption. 

On skilled IT staff, it’s a constant challenge for CTOs to attract and retain top tech talent. The STEM skills shortage gap means the demand for skilled tech professionals continues to press. Successful CTOs rely on teams of qualified staff to deliver and enable their tech vision, so attracting and retaining great staff in the highly competitive tech industry is challenging and attrition rates are high. Of course, once recruited in position, CTOs need to devise rewards and recognition to encourage stable and successful working teams. This includes ongoing training, evaluation and encouragement of new skills and when skills aren’t available internally, good CTOs aren’t afraid to outsource specialist roles and projects as needed, including sourcing highly trained external engineers, developers and consultants. 

Spotlighting the responsibilities and challenges of a CTO wouldn’t be complete without detailing the impact of the cloud on all organisations. The gamechanger behind the world’s IT infrastructures in the last 10 years, cloud computing has become all pervasive in the adoption of the latest gen apps and services, moving compute, processing and storage out of the physical data centre and into a third-party cloud hosted service. For CTOs, the real challenge before any such planned and demanding migration is to ensure services and data remain sustainable, scalable, and secure within the cloud. They also need to be realistic about the perceived long-term cost savings. Cloud repatriations due to high egress charges have become normal, so detailed planning and calculations need to occur first. CTOs also need to carefully detail which cloud provider has the best suitable security protocols and the most streamlined migration processes.

Lastly data. Data breaches continue to be one of every CTOs worst nightmares, ensuring that their organisation doesn’t fall foul of data privacy, compliance and data hacking. Accidental data breaches and nefarious cybercrimes, cause the biggest fallouts. Constant vigilance to cyber hygiene, cyber risk identification and adherence to incident management planning are critical and make organisations less susceptible.

Some CTOs will have the luxury of accessing a dedicated CISO, but often they themselves will retain responsibility for cyber threats, including that of motivating organisation-wide cyber cadences to try to prevent impact from employee attacks like phishing.

CTOs also need to adhere with increased data privacy regulations such as GDPR and HIPAA, while still being able to collect and use data effectively in order to provide personalised services to deliver competitive edge. 

Being a CTO in 2023 has to be recognised as one of the most demanding yet fulfilling executive roles on the Board. Not least because of the raft of growing challenges, but also from accountability. Modern-day CTOs are expected to deliver results and analytics back to management that clearly demonstrate ROI on their elected technology investments and in doing so, show that they have minimised tech inefficiencies and accurately tracked value to spend ratios.

Chris Carreiro is CTO of Park Place Technologies

You Might Also Read:

Under Pressure - Can CISOs Avoid Burnout?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Encryption, Security & Privacy
Insurers Must Pay Merck's $1.4B Losses For NotPetya »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.