I’ve¬†been the CTO for four companies (so far), so I guess you could call me a serial CTO.¬†I’m well-acquainted with the many¬†changes in the industry over the years. Below¬†are a few things¬†I’m¬†seeing¬†right¬†now¬†and a few things I think firms are moving toward over the next year. ¬†

 

#1. Source Code

There’s¬†a significant shift in the industry¬†right now (more so¬†in smaller startups than mature ones):¬†firms are pushing for source code. And by source code, I mean¬†code¬†that’s¬†typed up by software engineers or infrastructure engineers.

That source code is versioned, approved, and reviewed‚ÄĒand¬†it’s¬†no longer just for software. Source code is now for firewall configurations, Defense in Depth (DiD), and Zero Trust deployments for virtual machines and virtual hosts.¬†It’s¬†a lot of code and text-centric deployment.

If you¬†haven’t¬†already,¬†you’ll¬†start hearing phrases like¬†“infrastructure as code”¬†and¬†“platform as a service”¬†in almost every single industry. What that means is the technology skills you need are shifting from being a deep expert in a piece of technology to being a deep expert in writing code that manipulates a¬†firm’s¬†technology. And¬†that’s¬†a level up for a lot of IT organizations¬†that¬†didn’t¬†start off as coders. ¬†

 

#2. Automation

Five years ago, workflows were disparate, proprietary, and locked. Today’s systems are¬†much more open and connectable, and increasingly sophisticated. As a result, there’s been an enormous increase in an IT team’s ability¬†to¬†automate¬†integration¬†across tools.

I know I¬†just made a¬†point about engineers writing source code, but robotic process automation tools are also in play (e.g., RPA tools).¬†You’ll¬†find low-code environments connected to tools that allow you to script and operate the tool in a semi-autonomous way.¬†And there are no-code tools that let you drag and drop connections between things;¬†you can build technology without having to be a software developer.

The same is true for internal interfaces and APIs. There are tools like Retool that allow you to create those administrative functions without writing a line of code. You drag a database query in here, you drag an API endpoint in there, and you connect the two things together.¬†That’s¬†changing the way we build software, the way we create solutions for customers, and the way¬†we deliver¬†those things. Automation is making software development and solution development more democratized. ¬†

 

Learn More

#3. Security and Defense in Depth

There have been a lot of¬†high-profile security incidents¬†in the past six months¬†resulting in a big push toward Zero Trust security.¬†The traditional castle-and-moat approach to protection has¬†been slowly dying for the last ten years, and¬†the security breaches¬†we’ve¬†seen lately are the final nail in the coffin.¬†There’s¬†no longer a well-defined edge of your company.

My best advice is to actively review and improve your¬†firm‚Äôs¬†security posture on an ongoing basis. If¬†you’re¬†not doing that,¬†it’s¬†not a matter of¬†if¬†you’ll¬†get caught (by auditors, bad actors, or the public);¬†it’s¬†when. ¬†

 

#4. Public Cloud

Public cloud¬†won’t¬†come as a surprise on this list;¬†it’s¬†obviously a big deal. About five years ago, there was a shift in the financial services industry toward the public cloud, but some folks were a little late to adopt the technology.

If¬†you’re¬†not talking about the public cloud, you should be‚ÄĒmainly because it used to be harder to certify and ensure security, and¬†that’s¬†no longer the case. We see¬†both¬†huge financial services firms and small financial¬†services¬†firms being built cloud-first‚ÄĒwithout any form of infrastructure¬†that’s¬†on-premises or locked away.¬†That’s¬†a massive transformation in the industry. ¬†

 

#5. Data Science and Warehousing

If you think about the rise of disciplines like data science across an organization, ten years ago‚ÄĒeven five years ago‚ÄĒit was all about data warehouses, business intelligence dashboards, and business intelligence analysts who were the keepers of KPIs and metrics and data. Everything was wrapped up in dashboards and reports.

Over the last few years, the emergence of data science as a discipline has turned into a world where those data scientists are not using a tool to build a report; instead,¬†they’re¬†writing code.¬†They’re¬†down at the data level‚ÄĒat¬†the very lowest¬†level‚ÄĒaccessing information in an unfettered form.¬†They’re¬†building a model, a solution, a piece of analysis, a piece of code, a piece of software‚ÄĒan actual solution or product even though¬†they’re¬†not typically part of the IT department, they’re¬†part of business functions.

We’re¬†going to start seeing a lot of that‚ÄĒbusiness functions becoming more technical and effectively building software or solutions for a company without having to get IT involved.¬†IT’s¬†role becomes more security and quality review rather than actually creating some of this.

The secret for a CTO is listening to your business and making sure¬†you’re¬†building professional empathy with that part of the company. You need to understand what your data scientists are looking for. Are they looking to have their own team that builds data-centric solutions? If so, you have to think carefully about whether you create that capability inside IT and then connect it to the business. Do you let a team build that capability and connect it to something your organization already has? Do you federate that function across the entire organization? Each of these decision points is different for every organization. In the long run,¬†we’ll¬†see a democratization of data and how technology solutions are built across an organization.

All of this leads you to Zero Trust Security and ensures¬†you’re¬†enforcing good security practices across something much larger than a traditional IT department or technology organization. ¬†

 

Summary

CTOs are managing change in real-time. What we saw¬†even¬†five years ago¬†isn’t¬†how things work today. Security posture is moving away from castle and moat and requiring diligent review and improvement of your security posture¬†to¬†meet¬†auditor¬†expectations¬†and deter bad actors.¬†The public cloud is an integral part of this shift in¬†how to¬†certify and secure¬†data.

Source code is no longer just for software.¬†It’s¬†for firewall configurations, Defense in Depth (DiD), and Zero Trust deployments for virtual machines and virtual hosts.¬†The focus is less on expertise in a piece of technology and more on expertise in writing code that manipulates the spectrum of your technology.¬†And, in fact, not all source code is written by a human.¬†Sophisticated automation is¬†changing the way we build software¬†and¬†create solutions for customers.

As a CTO, particularly in these challenging and changing times, listening is your best asset. Build empathy, understand what engineers and data scientists (and anyone else on your team) needs, then determine how their needs and ideas fit the department and organization as a whole.

Learn More