 From Las Vegas, it's theCUBE, covering Knowledge 16, brought to you by ServiceNow. Here are your hosts, Dave Vellante and Jeff Frick. We're back, this is Knowledge 16. This is theCUBE, we go out to the events, we extract the signal from the noise. This is day one of a three day wall to wall coverage theCUBE has of Knowledge 16, hashtag No16. Link Alander is here, he's the CIO and vice chancellor of college services at Lone Star College, longtime CUBE alum. Link, it's great to see you again. Good seeing you again too, always great to catch up with this place. Another knowledge, bigger and better than ever, you're speaking later on this afternoon, you've been over at the CIO event, how's this year going for you? You know, it's going great. The CIO event of course is excellent, a lot of leadership, foundations, the keynote to see where ServiceNow is heading right now, kind of the shift and I always, we're still back to one of the themes from Ian's ago, let's kill email, but the reality is email's not dead. So as we focus on it, you know, I came into this from the stance of moving to enterprise service management. So as I bring a team here, we really get the opportunity to see where we're at today in that comparison and then how we can leverage the platform to move ourselves forward. So your role is evolving at Lone Star College, you set off for camera, you're not giving up the title of CIO, you're a CIO. Yes, I am the CIO. Point and bread. That's not changing. But your responsibilities are expanding. Talk about that side of things. Well, so, well, last year, actually it's been a year and a half now, human resources put underneath me. That's why the title changed and all that to fit better and then analytics because, you know, analytics is not IT. As much people want to think it should be buried inside of IT, it never should be because it's about the business process, it's about the business service. Human resources was just around the concept of aligning that service management piece. What we had completed in IT around service excellence, one of my right hands basically put it as customer delight. Our focus was on customer delight. So it is about that communications piece. How do you talk to your customer? How do you move forward? How do you understand what their challenges are and help them find a solution? It may not be, it's instead of saying, no, you can't do that for you, sorry. You're out of luck. So in that evolution, we've really moved ourselves forward on the enterprise service management platform side. And early days, financial aid we brought in, student call centers, now you've got human resources. We were talking earlier about we're moving our legal in there. It's going to accelerate the pace it takes to get a contract illegal down to one day, maybe two days if somebody didn't catch their approvals fast enough. So that's a big transformation from an organization. You've automated that whole process. So I actually, before you go on, I want to ask you a question about analytics. So you have a data czar that's working for you outside of IT, is that right? Or are you the data czar? Well, no, I actually have a team. I have a data team. So we're talking two different sets of analytics too, because we're actually using service now analytics when it comes to the service management analytics. But for the organizational analytics, we actually have a large team that does our analytics, everything from dashboarding through, in our case, core institutional reporting that's required. Is there a chief data officer as part of that team? I have a person leading that group, yes. I mean, de facto, even. De facto, yes. So there's a lot of discussion too about whether the CDO should report to the CIO. In this case, it does. But you had said, this question is as to whether or not that data analytics function should be an IT. It's not an IT function. We kind of agree on that, but it kind of reports in to the head of IT. Well, you know, but see, when I sit down at that table, I sit down as the vice chancellor of college services. So I have to sit down with three separate hats in front of me, and I can't favor one over the other. Otherwise, I wouldn't be doing my job correctly. So when I look at the analytics side, from an IT perspective, I will get on my team that provides the data, my database services, and you know, why are you not getting this done, or what's happening here? So I've got to look at it from all areas. Like Bill Belichick, or GM, coach. There you go. Just need to Tom Brady. You got to figure out who you are at that point in time. Well, so is this how the role of the CIO is evolving? I mean, we've heard at this event previously, Frank Slutman, one year, a couple years ago, said CIO should be a business person. Absolutely, absolutely. We've certainly seen examples of that. Now you're sort of given responsibility for, you know, other services beyond just IT services. How is that role evolving? Well, the role's evolved for years. The question is, is the CIO evolving? So, and that's where the challenge is in the organization. A lot of CIOs are going through this process now where they're understanding that, yes, I need to understand, what are the business goals and objectives? How do I achieve those goals? How do I add value to the organization? How do I not become a cost center that has a target on my back? How do I become an enabler for the business? And that's really where we came into that part of the process because we were recognized that all of a sudden IT was here trying to help find solutions and provide better customer service. I, myself, come from a background and hired for a long time through different institutions. And so when somebody talks to me about student services or student success, these are topics I understand. I came to Lone Star originally because I didn't feel I had the strength in the academic side. And so when I first arrived there, I was really focused on academic, understanding how the academic side operates and what they need in IT. So I've had the opportunity to get well-rounded in education, but it really is just about anybody that comes into this role. You must understand the business you're in. And then the next part is, you need to be able to talk, have an intelligent conversation around a topic area, bring value to the organization and come back with ideas. Well, you know, if we did this. So the legal one was rather interesting because we had a new general counsel come on and we were trying to help him and he's like, well, there has to be something better. There has to be a better way to approach this. And we were able to dig through and said, you know what, service now. We've been doing this in HR, we're doing this here. So finally, we got them into service now and they see an opportunity the same way we see it, which is we're improving, we're getting rid of the little stuff, the mundane work, you know, the task-oriented work and we're focusing on the things that are really a challenge. And IT has been there for a while because self-service and all the other opportunities we've given the customer, now we can shift that back and say, okay, I can now focus on what is the hard thing to get completed? How do I really put an effort in and a lot of staff hours into this one piece? So you started IT service management. You mentioned HR, legal. Financial aid, general student call center. We're looking at scholarships right now. We've had a little bit of ideas around our foundation and scholarships and what we can do for them. Grants, grants are a very big challenge because you have to really track and trend your grants. When you look at ITSM, the areas that we've matured there are phenomenal and then we're getting ready now to move into ITOM, which we didn't do because we'd already built a complete structure around that and we were feeding that to service now. So now I'm looking at it from opportunity that if I can eliminate a lot of the tools I put into play and get into one single tool and maximize the value of that tool. So I think you've heard me many times and when we've talked in this, it's never about the tool. It's always about a people in a process first and then how does the tool come in? Well, this platform, we can actually adjust that because we're not bound by the tool. It's like the legal module. They have a great legal module. Well, it didn't fit what we needed. So it's been adjusted accordingly to meet our needs from the platform side by keeping the core components. So we haven't customized, we haven't taken it to a path where we can never upgrade, but at the same time as we looked at the process they had and how do we take that process and then actually put it into play with ServiceNow? And so we're all in with ServiceNow. Do you worry about lock-in? Always. I think that- How do you manage that risk? Well, the very first thing to be honest with you is anytime you enter in any cloud situation or any product situation, you want an exit strategy of some kind. In case something goes wrong, something happens, you have to be at that point. So the only way to manage it really is to, one, keep a good strong partnership. I believe that I have a strong partnership with ServiceNow. I don't believe it's a vendor relationship. And I think that's critical because as we look at what we're doing each time, as a partner, we're engaged with things like, where are you heading? What's happening next? And then the same thing with the user group community we're engaged with that group. So from a partner standpoint, we look at that first. But if the worst-case scenario came, I've got to be able to get out of the solution. I've got to have an exit strategy, which we actually had designed before we went into it. Now the question becomes as we get further and further entrenched, what do we do? And I'm comfortable. I'm comfortable that the company and the operations are going the right direction for me at the same time as I'm going to protect my organization to make sure we're safe. I guess a big part of that is transparency on the part of ServiceNow and your ability to communicate your roadmap and your needs. I mean, on a scale of one to 10, 10 being really transparent, how, where would you put ServiceNow as an organization? Ooh, that's a tough one. Especially what I'm sitting here around. Frank's not around, is he? He's a pretty good guy, he's a pretty good guy. Let's see, you know, as far as transparency, I would give him a good strong seven. I think I would. No company can be completely transparent. They've got a lot of things working in the back room or ideas that they're moving forward on. Stuff they don't know. They don't know what they don't know kind of thing. Yeah, but there's ideas that they have that they're moving forward. It's kind of like today with the watch demo. I'm like, oh yeah, I love wearables. I live off of this thing. I get very easily down to say, oh yeah, I just got an email, sorry. Yeah, yeah, yeah. But at the same time as, you know, for them to bring that forward at this point. So they're creative in looking at these items, but they don't want to get out there too soon. I'm just curious on the partner versus vendor. You mentioned a couple aspects of what defines that relationship. Of all the vendors you have, how many do you consider to be close business partners where you're really sitting at the table and building a long-term relationship? Yeah, you got to have an exit. But it's life so much easier if you're working with a partner versus a vendor. Right now I would say out of our partner strategy we've got four. That's it. But those are our four core providers for the organization. They're leaders in the market space. That's the other key. Most of my partnerships are with leaders. Our core service now at the time when we first engaged with them and actually I would say from a partnership standpoint I've been a strong partner with service now probably since about 2010. We've been on the platform since 2008. So we've built that partnership over that first couple of years. You've got past that vendor relationship and then moved on from there. But yeah, right now just our core technology stack would be sitting in that partnership realm. And I've got others that are in that core technology stack that are not a partner. They're a vendor. We're a buy-sell. They have a great product but they don't really want to bring us into that point and we really haven't approached that point. We had a great discussion off camera about you had mentioned you're looking at potentially expanding into the security realm with service now and you were sharing with me like your philosophy on security. So I want to document that. The premise that I'm going to put forth the summarizing our conversation is you should organizations increasingly should treat security as an ongoing part of their business continuity plans, not necessarily as a sort of separate stove pipe managed by a few security practitioners. Is that a fair summary? Yeah, service continuity is what I use. I don't- Service continuity. Service continuity. Yeah, right. You're out of business. Yeah, it always comes down to service continuity. How do you continue that process and provide the same level of service in the event? It's very simple to me as I look at all those events as like problem management, incident management, you have a response that you have to take. So it has to be inherit. It has to be natural. You just do it as we were talking about that response, especially for security is what's more important is that you have everything planned out and you're ready to deal with that incident in that response because it's going to happen. So how you handle that response can actually dictate your future, right? I think we had that little bit of that discussion there too. So it does come down to that service continuity. How do you continue to move forward and get through that threat and then afterwards make sure that you prevent that from happening again? Unlike many CIOs that I talk to, your discussions with the overseers at the college are not entrenched largely in the security discussion. You've earned some level of trust with regard to your capabilities as a business, your ability to respond. Can you talk about that a little bit? How you actually achieve that? What expectations you were able to set and how you're able to execute on that? Well, the biggest part, especially when you look at that event, it's how has IT performed overall over the history? You've got to have some history. You've got to have some credentials. How do you deal with these responses and these emergencies? That gives you a little bit more slack in that process, but it is about constant communications. So what the board receives from me is communications that's very straightforward, typically in an annual report type format. Short updates, clear, concise updates, but then when an event happens, we were talking about the flood that happened in Houston and very quickly I had an email out and my service desk team was already on it. They already implemented their service continuity because while we may be shut down, we have students online taking classes. We have students that need to know what's going on, what's happening, so they're calling in and our service desk continued on through that entire process without issue. So they see that as an example on a regular basis. We have a system down. Everybody gets to see exactly we did X, Y and Z or if we even have a like today, I should say today Monday, we had a blip. We had an anomaly happen. We saw a performance degradation. We immediately had a team on. We had a WebEx open. We had everything running. So we were preparing for a service continuity event that didn't happen. And they see those too because the business units are getting these notifications. Hey, we've got a WebEx open. We had this issue coming up. And when they see that, they realize how fast we are to respond to what could be a potential issue that we've built that trusting relationship. So that's a good example. If I understand it correctly, the regime that you've put in place puts a heavy emphasis on the response. I mean, obviously you're trying to stop the bad guys who wouldn't, but you've innovated on the response as well. Is that a fair assessment? Yes, I mean, the threat's gonna happen. The threat happens all the time. So it is about that response. It is being quick to respond to, communicate and take care of the problem. Do you think that's changed amongst the CIO community in the last, say, 10 years that the shift in mindset toward that response versus sort of keep them out, dig a bigger moat, wider moat? Well, you can dig a big, wide moat. Doesn't matter. I've got these big, robust two hot data centers, amazing firewalls, they're redundant. You try to overload them. They're gonna take over. I've got next gen firewalls behind that. I've got, you layer the stacks of protection I have put in. You still have to prepare it. And we were talking about it is, okay, so that's the perimeter. Well, inside my perimeter is 100,000 students. Those 100,000 students are on my network. So how do I protect against that? So now I have inside perimeter protection. You can build all this entrenchment that you wanna build, but the reality is, is you need to be prepared that it's gonna happen. Somebody is going to get to that point or at least send the alarms up that you have to respond to. ServiceNow was talking yesterday at the financial analyst meeting about the statistic. And I've heard a range here, but it's large that after an intrusion, it takes on average 205 days for the average organization to realize that there's been an intrusion. I've seen numbers as high as 3, 350, et cetera. First of all, does that sound consistent with what you see in the real world? And can ServiceNow help compress that time? So the interest with ServiceNow, of course, is tracking and trending those responses. ITOM and ServiceWatch, there's a lot of opportunities with those tools. And of course, we have a perimeter, we have a pile of tools we're using. In our case, our threats are a bit different because of course, we're not a big financial institution, so we're not ripe with all those other pieces. But you're, from the days to recover from a major event, and my peers and what they'd have actually experienced a data loss event, yeah, it easily is that. It is easy that. And do you think, Phil, that ServiceNow can help you attack that and compress that? Yes, mainly through the data collection and then the reporting and then as the event's going on, all of this information that's happening in the problem management side and what you're seeing from outside information coming in and technicians on the inside updating information as they go through it. So you have a comprehensive log of the event from start to finish. Now you're speaking just right after this, I think. Correct. You were addressing, what are you talking about? The shift from IT service management to enterprise service management. It's actually enterprise wow. But I'm actually walking through the journey, but the best part about that is it's the pitfalls we learned along the way because we didn't know we went to enterprise service management. It's kind of, I think we had a discussion when we went to the cloud. I didn't know we went to the cloud exactly. I just knew we went to this heavy virtualization, these two out data centers and I kind of realized, wow, we really pushed into this new wage, this new change. We've got a new operating model. Yeah, but now, yeah, it really is about how our journey to enterprise service management and the fact that we actually started enterprise service management before I've even heard of it. It just was around the fundamentals of, how can we be a better service provider? How can we help our customers achieve their objectives and the business units make it simpler? My last question is, what's exciting you these days as a CIO, as a practitioner, what floats your boat? Whew, what's exciting me? See, I asked you if you're going to give me any hard questions right now, what's exciting me? You know, what excites me is that you're seeing the maturity level in the cloud. The platform side, it is so flexible that you can respond to a customer need quickly, that you can dynamically spin up the capacity. You're, I mean, when I first started this process and trying to build this high availability, it was difficult, now high availability is really not difficult, it's just around the processes. So, the maturity of the technology and the maturity of the service piece, that excites me. But it also excites me when I start seeing new IT people come into the market space and they understand that already. They're coming in with an idle understanding, they're coming to understand that business mentality. So, original IT practitioners didn't have that business background, they didn't have that communication skill, you're seeing a lot more of it in the organization now. Well, you're a real leader in this space. You've got a lot of experience, appreciate you sharing your knowledge and I'm sure the ServiceNow community does as well. So, good luck with your talk this afternoon and thanks again for coming to theCUBE. Thank you, always great being here. All right, Link Alander, always a pleasure. Keep it right there, everybody, this is theCUBE, we'll be back live from Mandalay Bay. This is Knowledge 16, right back.