Back in 2018 Dave Jones was working as group CIO of an energy services business, Cape PLC, that got acquired by industrial services giant Altrad. With 20 years of experience in CIO or other senior IT roles across FTSE 250 companies under his belt -- as well as in other mid-cap construction, engineering and manufacturing firms -- and the new combined company wanting him as CIO to take a “very different role to what I'd been used to; one less about transformation and more about cost-cutting and transactional ‘keep the lights on’ work” he started thinking about “what I wanted to do in the event that that role wasn't going to be for me.”
Ultimately, it wasn’t and after some soul searching, Jones departed on amicable terms with the aim of setting up as a fractional CIO or portfolio CIO; a strategic trouble-shooter dedicated to helping those who might not be able to afford or need a top-tier CIO on a full-time basis, but who still wanted experienced help delivering transformational IT projects. He set up shop in the summer of 2018 -- admitting to The Stack that “might not have been the best time to launch: it was a red hot summer and the World Cup was on”.
Doubts aside, three years later he is running a thriving business. Better yet, it’s one that comes with the real job satisfaction of regularly helping businesses deliver real IT transformation.
We sat down to talk through life as a fractional CIO, the benefits of hiring one, and some of the common issues he sees working with mid-cap firms and SMEs.
Dave, for those unfamiliar with the idea of a fractional CIO, how does that work?
Being a fractional CIO typically involves working with small to medium-sized enterprises who can't afford a full-time CIO – unlike the big organisations with full-time permanent CIOs and all the teams that go with them – but who still want that level of expertise and outside advice on what the organisation should be doing.
Being fractional, you’re typically working with two or three organisations at one time and taking lessons learned with you across them. I mostly work with manufacturing and construction businesses in particular.
When do you typically get brought in?
You normally get these opportunities when something’s not quite right and they need to get to a better place. That trigger point is the start of a journey usually. A fractional CIO will get invited or referred in to take a look at a particular issue. They’ll do a wider piece of work to look at IT in general at that organisation, and from that put together a roadmap and some recommendations and quite often get invited to deliver that.
Are there any particular common themes you see as a fractional CIO?
To be honest yes. Legacy systems are quite a common problem; organisations finding that their systems are not – in their perception -- fit for purpose anymore. The job often starts by delivering a really agnostic, honest view of that; in some cases, you find that it’s not the systems but the processes that need to change.
Covid has been quite a big driver for organisations realising that they have under-invested, whether that’s in equipment or DRBC (disaster recovery and business continuity) planning. It’s highlighted weaknesses in many organisations, including the customer-facing element; how well companies can keep trading in this environment and all the digital changes they need to make. A big common theme is that organisations often aren't very good at running the PMO (project management office) and don't really have a clear strategy about what they're doing and why they're doing it. They just have a load of projects, scattergun, all over the place. Setting up a proper PMO is a common challenge across many clients. Issues around cybersecurity and the broader risk element around security are another common theme you find when you land.
There might be a particular trigger point but often you find when you land that there’s lots of areas that need attention. I guess that’s where an experienced CIO comes in: to spot those things that maybe a hands-on IT manager might not spot because they’re understandably so busy doing BAU-type stuff.”
How big are the IT ‘teams’ that you’re normally dealing with as a fractional CIO?
Right now I’m with an organisation that has quite a substantial IT team of around 15 people. That’s quite large for a fractional CIO role. Typically at SMEs, there’ll be an IT manager who’s generally pretty good at the day job but they’re running around like a headless chicken to keep the lights on and don’t have time to look at strategic planning and may not have the skills to put the business case across for investment, because they’re talking in techie language rather than what the business wants to hear about removing risk or adding benefits.
Follow The Stack on LinkedIn
That’s one of the things an experienced CIO can generally do: understand what needs doing and put it across in terms that the business understands. If you can’t put it across in a way that makes sense for the chief executive and the CFO it shouldn’t be going to a board anyway… That’s where we often come in and gaining increased IT budgets for the right reasons is typically not a problem when you go in as a fractional CIO
You mentioned that sometimes processes rather than legacy tech are the issue. Can you expand on that a little?
Quite often when you’re requested to fix a legacy systems issue, when you look at the key processes and ask why they’re doing it that way, the answer is often ‘because we’ve always done it that way’. In a lot of cases there’s some fairly easy process changes that can make quick wins and quick improvements to how SMEs work. But some of them do have really old-fashioned systems in place, for example very basic finance systems where everything runs on Excel, or Tier 2, Tier 3 ERP systems that have just been allowed to get really old; clients haven’t been keeping up to date and upgrading systems due to the cost and effort required to do so.
Then they get so far behind they have to make these big decisions and bite the bullet, because they’ve not been adding new modules and new features and new functionality that probably drives the behaviour of the process as well – they’ve not had scope to think about really changing things and everything’s got a bit stale.
Are SMEs looking to the cloud much would you say? And what are your takeways on typical security posture at this smaller business level?
A lot of them are thinking cloud-first, but also realising that it’s not a one-size-fits-all approach. Particularly for things like manufacturing clients where they need infrastructure on-site, critical infrastructure that needs to be maintained and protected; but if you’re setting up greenfield, you almost certainly wouldn’t want to put infrastructure on-premise if you can avoid it. That’s my view anyway. On security, you can normally run an audit fairly quickly to see what has and hasn’t been done and put together a quick remediation plan if there are obvious gaps where you can get quick wins. But even in SMEs you could literally spend months, trying to get to an acceptable security maturity, posture. Things like Cyber Essentials can actually be quite hard to achieve in legacy environments where where things are being allowed to get out of date, and you have got --particularly in manufacturing -- operational technology to worry about as well.”
Dave I know you’re busy. Do you work with a team?
I absolutely do. I operate an associate model. We’ve got fractional CTOs, CISOs, programme directors… I’m at the point where opportunities keep coming in and we’re working with a few other consultancies as well.
One thing I realised early on running my own business is that converting opportunities is an art that takes a lot of proposals and presentations; going from a permanent CIO role to running a startup business means you’re doing everything yourself, from your marketing and business development through to your financial accounts receivable, it’s been a learning curve and given me a real appreciation for all the other functions in a business!