What’s the difference between a CTO and a CIO?

“Good question,” admits ZDNet. Where once the Chief Information Officer was universally acknowledged as the most senior IT executive, now, says the tech site, it “depends very much on the type of business you’re talking about.”

Where a business has only a CIO or a Chief Technical Officer, it’s an easy call – that’s the top IT executive. The duties and responsibilities are clear. Where the situation gets murky is when an organization has both.

Explains ZDNet, “The traditional split is that the CTO is responsible for the operational concerns associated with technology implementation. CTOs drill down into the details of technology. They have a strong systems focus and they know how technology works, making it more of a chief architect role.

“CIOs, on the other hand, tend to focus more on engaging with the business. So while the CTO might go and speak with vendors to source technology, the CIO makes sure the internal business gets the secure and governable systems and services it wants.”

Everyone got that? No? How about this from InsiderPro:

“CTOs are similar to CIOs. But they are responsible for the overarching technology strategy and infrastructure to help meet the organization’s goals, while CIOs oversee the IT departments and staff to manage everyday operations and in many cases work with business leaders on aligning IT with business goals.”

Where both roles exist, InsiderPro says “the CTO usually reports directly to the CIO.”

But wait. Pointing out that “As the importance of technology within the business has risen, so has the demand for knowledgeable technologists,” ZDNet says, “Some businesses – including established enterprises – have opted to rely more on a CTO than a CIO.”

Dig a little further and you’ll find that the hierarchical distinction is becoming less important as the bigger businesses move ever further along the path to digital transformation. Bornfight, a project-focused development firm, has a different take on the relationship between chief technology and chief information officers. It defines the jobs this way:

  • “Chief Information Officers are members of the executive team who are responsible for ensuring that a company leverages technology in a way that helps it optimize, improve and streamline internal processes.”
  • “Chief Technology Officers are members of the executive team who are responsible for ensuring that a company’s product utilizes technology in a way that will meet the customers’ needs.”
  • The company included this handy chart comparing the roles.CTO vs. CIO - blog.jpg

Bornfight’s most significant contribution to the discussion may well be that in organizations large enough to need both, CIOs and CTOs are complementary to each other.

“From a business perspective, you need these two positions and you need them to fit well together and cooperate — this leads to progress. The right way to approach this is to look at these positions as two sides of the same technology coin, a sort of a buddy-buddy relationship.”   

Photo by ThisisEngineering RAEng on Unsplash


Boston to Become a Major Amazon Tech Hub

Bucking a tech trend to going remote, Amazon announced last week it was expanding its already sizable presence in Boston.

The company said it would be adding 3,000 more in the next few years in a new office tower to be built adjacent to its existing site.

In a statement, Amazon said the new jobs include technology roles in software development, artificial intelligence and machine learning, along with non-tech corporate roles in product management, HR, finance, and more.

“Much of the technology that makes Alexa smarter every day is invented in Boston. Our teams here play a key role in driving Amazon’s innovations – from Alexa to AWS to Amazon Pharmacy,” said Rohit Prasad, vice president & head scientist for Alexa at Amazon.

Amazon already has some 3,700 employees at its Boston Tech Hub, most of whom are working remotely because of the pandemic. The new building, now under construction, will be completed later this year and will accommodate 2,000 Amazon employees. It will be Amazon’s second full-building lease in Boston’s Seaport.

The giant ecommerce company has been on a hiring spree, adding 400,000 new workers in the last year. Most of the jobs have been in logistics, with Amazon bringing on tens of thousands of warehouse workers, delivery drivers and others. In September, Amazon held a one-day virtual career fair to fill 33,000 positions around the country.

After the company’s headquarters in Seattle, where it has 80,000 workers, and a “second headquarters” being developed in Crystal City, VA, Boston will become one of the largest of the company’s tech hubs. Others are in Dallas, Detroit, Denver, New York, Phoenix, and San Diego.

New York City, which the company initially selected as the home of its East Coast headquarters until it ran into opposition from activists and city leaders, has more than 8,000 Amazon workers. Over the summer, the company said it would add 2,000 more jobs there.

Photo by Christian Wiediger


Ethical Hackers Wear Computing’s ‘White Hat’

“Ethical hacker” sounds like an oxymoron, but the role of these “white hat” security experts is crucial to keeping computer systems safe..

These elite professionals are hired to attempt to break into a system to discover vulnerabilities and propose solutions before malicious hackers exploit the weakness to the detriment of the organization. The EC-Council describes an ethical hacker as “an individual… who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a malicious hacker.”

In large organizations, penetration testing, another term often used — some claim wrongly — for ethical hacking, is done regularly. The idea is to stay one step ahead of “black hat” hackers who are constantly attempting to break into networks and systems. Whether they do it for the sense of adventure – so-called “gray hat” hackers – or to steal or destroy data or hold it hostage in exchange for ransom, these hackers are committing a crime.

Catching them is not easy. Many intrusions come from overseas; some are state-sponsored. Even when they are domestic, hackers are usually skilled enough to cover their tracks well enough to go unapprehended. The best may even go undetected until the damage is done.

That’s why the work of ethical hackers is so important, prevention being the best cure.

Increasingly, organizations are hiring or contracting security professionals with one of the two most common certifications in penetration testing. Both require candidates to take an extensive exam.

CompTIA, the computer trade organization, offers a nearly three-hour long test with up to 85 questions. The CompTIA PenTest+ is a combination of multiple choice and performance questions based around simulations.

The Certified Ethical Hacker test of the EC-Council is 4 hours long and all multiple-choice. Unlike the CompTIA test, the certifying organization, EC-Council, requires candidates to first take the organization’s training program or provide proof of two years of work experience in information security.

Both organizations require holders to earn continuing education credits over a three-year period in order to retain their certification.

The two organizations compete fiercely for candidates, with each claiming their certification is better and more thorough.

EC-Council even argues that penetration testing is not the same as ethical hacking, arguing that “in many organizations ethical hackers are not even involved in penetration testing teams or processes.”

Which is best? As with most certifications in IT, both sides have their proponents. For a relatively even-handed approach, here’s a link to a Medium article discussing both. Spoiler alert: It gives the nod to the CEH certification largely because it’s been around longer and is accepted as a DoD 8570 Baseline Certification.

From an employer’s perspective, both certifications mean the candidate has been tested by a credible outside organization and found to be capable of providing that dose of prevention so critical to today’s cybersecurity.