 Live from Las Vegas, it's theCUBE, covering Knowledge 16, brought to you by ServiceNow. Here are your hosts, Dave Vellante and Jeff Frick. Welcome back to Knowledge 16, everybody. This is theCUBE. theCUBE is SiliconANGLE's flagship program. We go out to the events and we extract the signal from the noise. We're here. This is day two for us. We'll be going wall to wall for three days at Knowledge 16. Hashtag no 16. Chris Beatty is here, he's a CIO, relatively new CIO at ServiceNow. Chris, thanks for coming on theCUBE and spending some time with us. Sure, happy to be here. So you were hosting the CIO Decisions event yesterday. I was, great event. We had a lot of CIOs, a lot of energy in the room. One of the main themes was, technology change happens all the time, but really, what are the leadership challenges? And what courage is required of leaders to really break through the status quo and get to that next level. We talked a lot about the importance of getting the right culture within IT and what it really means to have a service mindset throughout the enterprise. And as our vocabulary becomes the same, inside IT and across all the departments, as a leader, how do you enact that change? So really a lot about the human element as opposed to the technology part of it. Yeah, so a lot of discussions over the past several ServiceNow Knowledge Conference one year Frank said, he sort of threw down the gauntlet and said, CIOs, they have to be business leaders. No longer is it just a technology role. Others have come on theCUBE and said, well, you know, CIOs role, they got to choose. They got to choose a technical path or a business path or a data path even. Chief data officer, what are your thoughts on the future of this year? Yeah, I mean, there's a lot of press about the role of the CIO, right? And if you go back years, it's anything from CIOs dead, ITs irrelevant, right? It's going the way of the dodo bird to CIOs more strategic than ever disrupting and creating new business models. I think the answer is somewhere in between. And it's probably changes, you know, depending on the day of the week, right? So CIOs have a base job, which is running, you know, the technology infrastructure of any company, running the applications. But I do agree with Frank in terms of CIOs up leveling their responsibilities and taking on the responsibility for more. I can tell you what I take responsibility for, right? And yes, it's IT, but the overall velocity of our business, how fast can we run with everything? Hiring employees, closing our books, every single process in the company is powered by an IT platform, right? And so IT is really in a unique position and it has a bird's eye view of the organization to really help drive velocity. And velocity is everything. How can you outflank your competition? The other thing I think CIOs need to take responsibility for is maximizing the productivity of every single employee in the company, right? And if you take that on, you start to look at things a little bit differently. It's not about IT projects, it's really about outcomes and, you know, what measurable things are we delivering? And last and certainly not least, I think the responsibility for customer experiences, again, customer experiences are powered by IT platforms. CIOs have the ability to influence every single one of those experiences and make it great. And more and more, as we look towards the future with things like automated bots and augmented reality, customer interactions are going to become human to platform and that's going to increase IT's relevance in that. So in thinking about CIO imperatives, you know, the bromide of 80% of the dollars we spend is on keeping the lights on and 20% on innovation. I don't know if that's a real number, you know, but nobody seems to argue with it. You hear that number a lot, but I think the good organizations actually do measure that number. So they will know what their number is. And at ServiceNow, we've done a lot of work. So our ratio is actually 60% run the business, 40% on innovation, and we're driving that down so it's an even 50-50 split. I think that where you don't want to go is spending too little time on what I call the utility computing because that's the fabric that gets work done, right? It's everything from networking and email and all those basic services you still need to have. Those aren't going anywhere, collaboration services. I like to split it up into a little finer grain. I wonder if you could comment. Run the business, grow the business, transform the business. Now, maybe you're always transforming your business. I don't know, but in terms of- I think you have to be. In terms of specific spending on initiatives to transform the business, is that a reasonable way to look at your portfolio as a CIO? Absolutely, right? And I think if you're not doing things to transform your business, you're not acting with enough urgency. So my view on it is identify the big rocks, right, that we need to knock down. Make sure we make room for those. Even if it's at the cost of the grow or run part of the budget, because if you're not getting those things done, again, back to that getting left behind, things are moving too quick. You got to keep pace. So make room for the transformation somehow, and that means squeezing every bit of automation that you can out of the run part of the business, which is something I've used service now for in my past. I used to be a customer. I bought the platform twice over before I joined the company, and I did it a lot, and I'm doing it now, now that I'm at service now. That's one of Frank's requirements to become a CIO, I think. How do you measure that split? You said you're at 60 today, you'd like to be at 50. A lot of CIOs go, I have no idea how to measure that. I look at my projects, but I guess, how do you do it? And it's tough. We actually use, not surprisingly, our own IT financial management module to do that. And so, technology is technology, but we take all of our GL data and we map it to a taxonomy of business services. And certain business services we know are not transformative, but they're a run part of the business, and we do that mapping once, and then every month we can look at actuals against it. We can look at our unit costs, but the other big input is projects, right, which is, again, also in our platform. So we're able to look at those two things together and a data-driven segmentation of our spend. Too many times I've seen IT organizations, they do it as one-time exercise as part of annual planning, then they don't look at it again until the next year annual planning, but there's a lot of runway in between and decisions you're making every day, which you should be making based upon data, but instead you're doing it on perhaps nine months ago information. So you essentially categorize the business process, the business services as run or grow. Grow or transform and on an ongoing basis. Absolutely, and the most dynamic part of it is projects. So every one of our projects, when we look at our portfolio, we look at our project portfolio by business areas, the sales, marketing, HR, finance, so on, but then we also do categorize our portfolio by, is this just sort of keep the lights on activity, but it's a project we still need to do, or is it growing the business in some way, or is it truly helping us transform the way we operate? Yeah, reasonable people can sit down and agree on sort of what those look like and adjust accordingly. And we also do a top-down allocation of what percentage do we want to go into each bucket, and that's not the same for each area because different parts of our business are at different maturity curves, different pressures on them. I wouldn't want to be very transformative with our GL. That's not an area I want to innovate on, but with our sales and marketing organization, absolutely, we want to be in high innovation, high experimentation, whatever we can do to help drive growth. So that's a top-down bottom-up exercise where the executive team says, okay, this is gonna... Top-bottom, sideways, inputs from everywhere. One of the things I think CIOs, it is incumbent upon CIOs to do, is manage, spend, but more importantly, where are people spending their time? That's an arguably a fixed cost. You have a set of people, where are they spending their time, and are they spending their time on the right things? And if you get that right, the rest can get a lot easier. So Secretary Gates last night, speaking to, maybe roughly 100 CIOs in your CIO decisions conference, gave the thumbs down on consensus management, and I sensed just a little bit of discomfort in the room because CIOs is a hard job, right? You serve a lot of different masters, if you will, and as well, you've got heads of application development, you got architects, you've got the business to serve, and so there's a lot of consensus building, and so he got questions on how do you do that. What was your reaction to that, and your colleagues, you know, what was your sense of it? I actually asked him a question, and because he said consensus building doesn't work, and to an outside person looking in, it would seem like by nature, everything in the government is consensus oriented. He had a lot of examples, actually, where he did things against his own team's conviction, but he felt like that change was necessary. So two things, I think Dr. Gates has dealt with monumental organizations, right? Texas A&M is the smallest organization of those, the CIA and the DOD. The Department of Defense has three million people, so the scale is unlike what most enterprise CIOs or leaders have seen. So when he talked about not being consensus oriented, he viewed it as a requirement, and I actually agree with him. If you're trying to disrupt the status quo, you can't be consensus oriented. I don't think you'll move fast enough, and most of the time you won't get very far. So I think it's incumbent upon leaders to be the ones that break the status quo and say, we gotta change. And but what Dr. Gates did describe is that if people are informed about the why from their leader enough, even if they disagree, they can get on board. And he brought up numerous examples of where he had conversations with Congress and people within the DOD about change he wanted to drive, and even though they were very opposed to it, they got on board because they intellectually could understand why. And over time, he won over hearts and minds. How about your priorities? So you come in relatively new to service now. So first of all, first impressions, any surprises, pleasant or unpleasant, and what are your priorities? So coming in, no surprises. I had a lot of admiration for the company as a customer, and now that I'm here, I love the culture. The culture is very execution oriented, get stuff done, very customer focused. When we talk about our go to market, we really talk a lot about what's going to be most important for our customers. What pressures are our customers under? What problems can we solve for them? It's really not a discussion around squeezing the maximum amount of margin out of each customer, which I think is fantastic. We drive pretty hard, but we're also very team oriented culture. So that's been great. My priorities at ServiceNow, when I think about my six strategic themes that I'm focused on, growth is hugely important at ServiceNow right now. So a lot of time I spend sales and marketing effectiveness and innovation, and what can we do to drive, help drive growth from an IT perspective, working with our partner organization, helping our partners do business with us easier, things like partner portals and things like that. Velocity I mentioned earlier, driving velocity through every department at the enterprise, at ServiceNow, and really maniacally going after business process automation. And the great thing is we have a platform that makes it easy, right? And I have full access to that platform. So self service catalogs and knowledge base, but really going department by department saying, how do we do that analytics? Obviously we want to continue to measure and improve our business, but we're starting to do a lot more with predictive analytics, right? And how can we use data to really predict next best actions in a variety of arenas? Security is the gift that keeps on giving for every CIO, never ending. And it's just one of those things that'll be a constant. You're saying angle. You gotta accept it. And then really focus on team, right? I think talent and team and culture are hugely important. You could have the best plans on paper, but if you don't have the right talent and culture within your team to get it done, I don't think you're getting very far. Operational rigor is a big one for me and a metric-based approach to managing our business and driving outcomes. So when I look at projects that I execute for the organization, on time and on budget, that's fine. That's table stakes. Really what I'm after is on benefit, right? Are we delivering the benefits that we said we were going to get? And last, but certainly not least, a part of my job is now on now. And what we need my now on now is me being our best and first customer. And that's at a very strategic level, working with product management to help them with roadmap features and things like that, that I think all of our CEOs would need. Also upgrading early, so hopefully we can iron out the bugs before all of our customers and then consuming our own newer products and implementing it internally, learning the lessons within our four walls so that we can inform our fields so they can help our customers. How about on benefit? What percent of your projects are on benefit? That's another one of these things. 70% of the projects fail. It was a number, I don't know. It's one of the market research first ones. And even that's a problem because fail is identified as not being on time or on budget. And I view that as interesting, but not compelling. Are you delivering the outcome? And so we're early, I've only been at service now six months, but I know in the past, through rigor and even making it a metric that's important, I've gotten to an 85% hit rate on benefit, certainly you could do better. But some of the benefits we have realized with our platform, an 83% increase in IT productivity leveraging our application but examples outside of IT where we've eliminated 4,500 hours of work from our financial close by putting email and manual checklists onto our platform. 85% reduction in time that we spent, hours spent on onboarding new employees. I mean, the list goes on and on but it's a requirement in my organization. When you're doing a project, you got to have an outcome and set an aspirational outcome. Cause if you talk about a 10% improvement in anything, that's sort of easy to get. But if you tell yourself, I need to get a 70% improvement. It forces you to really rethink things and think differently. And I think that's our job as leaders to set the bar really high and ensure teams have the resources to go after it. So even if you're late and over budget, if you get that outcome. I didn't say that. You're not allowed to be late or over budget. I was going to ask you though. So that's got to be all three. So that's a prerequisite. You got to be on time and on budget. Yeah, and we're not perfect but our target is to be 95% on time, 95% on budget, knowing you're going to have 5% wiggle room and 95% on benefit. What is on, so when you talk to the board, switch topics about security, what should be on a CIO's checklist for communicating to the board about security? So I think it's really about risk, right? And what risks do we think we have? What's the likelihood of those risks and what's the plan to mitigate those risks? I don't think security should be talked about in a this is done or that's done because you're never really done, right? It's risk management and the bad guys continue to innovate faster than the good guys. So what's your current security posture? What's the state of your risks and how are you mitigating them and in what timeframe? The stuff about we have DLP, we have IDS, we have IPS. I mean, the list of acronyms is interesting at a more tactical level but at a board level, I think it's really risk management. So I've promised I want to put forth so you talk about mitigating risk but is there a place for a narrative that says you can only mitigate so much, you're going to get penetrated. It's how you respond. Absolutely. That is critical and I as the CIO can lead that response or whomever is the appropriate person. I think you have to do everything you possibly can to secure your perimeter but it's known that you are going to get breached. It's just a fact. So then it really becomes how quickly can you identify the fact that you have anomalous activity happening on your network or data? How quickly can you mitigate it? And in the past when I was at Verisign JDSU a lot of that was manual, right? You know you have a piece of bad malware in the enterprise. You may even know what assets it's on or you think you know. Usually you think you know and then you really find out later where it's gone but tying those assets to risk meaning what business service is it? Is it my CFO's laptop or is it the person in AP? So you treat it a little bit differently and is it the infrastructure that supports our badge reader or is it our ERP system? So that's the missing piece and I do thank our security organization and our business unit. Sean, cause they've actually built a solution to help solve that. Where you can go from security incident, piece of malware to asset, to business service to employee within minutes which that used to be half a day at least and half a day is a long time in a security incident. Yeah, so there's that magic number of whatever it is 205 days to detect a penetration. Yes, Gary. Do you feel like your organization can compress that? Is that a viable metric to be focused on? It's certainly a viable metric to focus on in terms of knowledge of, again, anomalous activity. I don't think we're near 205 days but absolutely we are focused on it. I mean, because we need to secure not only our data but the data that our customers entrust us with. Meaning you feel as though you can detect in a much shorter time frame and have some industry average. Depending on the risk, right? Without getting into a lot of the details. Yeah, yeah, yeah. Well, so you, but implicit in that you have a sense of the value of your data, your assets, your IP, which you're saying you've got pretty good visibility on. Is that right? Yeah, we do. We spend a lot of time making sure our security posture is solid. Again, customers entrust us with their data. We take that responsibility very seriously. Not speaking for service now but just general knowledge of your colleagues. Do you feel as though the lack of ability to value data assets IP negatively affects people's ability to appropriately spend resources on security? It's tough because one of the first things you need to do in security is say, what do I need to secure first? And then you say, okay, well, that's my core IP. Well, where's my core IP stored? I would argue that a lot of companies don't even know because it's scattered on different file shares and different servers. And then you don't know whether people are putting it on box or Dropbox or one of the many storage sites out there. So a key first step I think for a lot of organizations is really just getting a handle on where their IP is. Right. All right. Big challenge. Chris, thank you very much. Appreciate you coming on. Last, give you the last word. Knowledge, 16 for you. What's the kind of bumper sticker as the trucks are pulling away from- It's been awesome. I mean, just talking with customers and fellow CIOs. You know, we're all in this journey together towards this service enabled enterprise. But it is about leadership and just courage to bust through this current status quo that we're in within the enterprise to get to that next level of efficiency. Excellent. It's a lot of fun. Well, congratulations on the new role and hosting that awesome conference. I just got the tail end of it, but it looked like great energy. It was a lot of fun. I've had some really good discussions with some of your colleagues. So really appreciate you coming on. Thank you. All right, keep it right there, everybody. This is the CIO. We'll be back from Knowledge, 16 in Las Vegas right after this. Three once in a while, a tri-