Building a Bridge Between Strategy and Governance Aboard the IT Enterprise – An Interview with Kevin Gray, CIO of the City of Burbank
Eleventh in a series of in-depth interviews with innovators and leaders in the fields of Risk, Compliance and Information Governance across the globe.
Kevin Gray is the Chief Information Officer for the City of Burbank, leading an IT department responsible for administrative and network management, geographic information systems and technical services for more than 1400 city employees across 15 departments. Before assuming this role he served as VP of Global Media and IT for Viacom, one of the world’s premier entertainment companies, overseeing an international team located across six continents. He received his Bachelor of Science from California State University, Long Beach and is a certified Scrum Master and PMP. I spoke with him over lunch this May about aligning governance with business strategy, balancing risks and opportunities in AI and his insights on career growth.
Kevin, you began your career path at Orion Pictures administering Unix systems and then directed data center ops for DreamWorks. How did this early hands-on experience with application design and DB administration prepare you for future IT leadership positions at Viacom and ultimately the CIO role with the City of Burbank?
Well I started out on a service desk actually, really at the entry levels in IT, and I’ve been lucky to have grown up through all aspects of it. I think climbing that ladder one rung at a time definitely helped give me a clear vision to see across all the disciplines of technology. It enabled me to see the forest through the trees, the big picture, gave me the ability to design operations, develop strategy… and equipped me with a vision to incorporate it all. And now I can more thoughtfully pull together a clear plan for how to run an organization, understand how to innovate, how to drive change through both a specific business unit or an organization. Experience is what best prepared me to lead.
One of your focal points has always been the importance of properly aligning IT governance with an organization’s business strategy. What are some of the practical ways IT teams accomplish this goal and how critical is the relationship building component that accompanies that synchronicity?
I think the most practical way to accomplish this is to focus on the people. Focus on the people developing the strategy and look at how their business is trying to implement it, because the most important thing is to be in alignment with the shared goal, in alignment with the people you’re partnering with. You have to be a true partner with the business. And that has to be the focus, not the technology. The technology is the secondary piece. Technology is what you use to try to find the solution for the business problems that they’re trying to solve. And those business problems don’t always stay the same, they change. They change based on economic conditions, they change based on market conditions, they may change based on who might be occupying the seat that you’re trying to partner with.
So, you have to stay close and you have to stay connected. That allows you to stay aligned. Then you can figure out the solutions that are going to help solve that business problem. You have to be agile. You have to be able to switch directions. When the business switches direction, you have to be able to switch direction. And I think too many times, IT organizations, they don’t stay connected. They believe that they’re trying to solve this business strategy, that they’re trying to solve the business’ problems. But then the business problems change, the strategies change, and they’re suddenly not connected and eventually they’re heading down the wrong direction for another three to six months, which is a lifetime in technology.
Not only do I try to stay aligned with my business partners, I require my teams to stay aligned. My direct reports for example, I’ve aligned with the executives of the city. My direct reports each have between four and six departments that they need to be aligned with. And they’re required to meet with the executives of their department regularly to make sure that they’re staying aligned, and they’re moving in the right direction. I also talk with these city executives to make sure that we’re aligned.
You have to be a true partner with the business. And that has to be the focus, not the technology. The technology is the secondary piece…. The technology is what you use to try to find the solution for the business problems that the business is trying to solve.
Where does that help the most? Well, it’s less likely, for example, that the Parks and Rec department will try to implement a smart irrigation system without the help and expertise of the technology team. And sometimes they’re not purposely trying to avoid this collaboration but they simply don’t recognize the opportunity. They don’t think of the value that we can bring to this business problem that they’re trying to solve. They’re not thinking of the technology that we can introduce, or they may be thinking of technology but they don’t necessarily think of us as the ones who can best bring that solution to fruition.
You’ve travelled regularly around the globe for business and for pleasure. How have those experiences influenced your strategies and approaches to managing people or the design of systems and programs? To borrow a phrase, should you act locally but think globally when it comes to an IT vision?
The greatest things I’ve learned from traveling is what I’ve experienced interfacing with different cultures and seeing the unique ways that people approach problems, the ways in which people work with one another. The ways in which people analyze problems I think is very important because every problem is not a nail, so every solution can’t be a hammer. If you don’t have a good appreciation for the different tools, the different ways of seeing things, the different approaches towards problems, then you’re not able to choose the right tools from your toolkit. It really prevents you from being able to see new and unique ways of solving problems.
Being open to experiencing those different cultural challenges opens you up to seeing different ways of addressing problems. I think it helps support and promote innovation, new ways of approaching the problem itself, new ways of defining the solutions. In terms of thinking globally and acting locally… when I was at Viacom we coined a term, maybe we didn’t coin it or somebody borrowed it from somewhere, but the term was “glocal.”
Glocal… because, people see and experience their own world and their world is always local. In a lot of cases, laws and regulations are very local. But, in order to scale, you have to think on a larger spectrum. To serve a global company, you have to think globally. So, what you do is that you first define governance. You define overarching policies for how you’re going to attack problems and then, within that framework that you’ve defined, then you define local policies to attack the local problem that you have to deal with. Approach it from a top down perspective.
Now that you’re in the public sector your customers aren’t just consumers, they’re citizens and public servants. What’s the difference between developing IT solutions for private entities versus public orgs and what are the common themes?
The main difference I’ve gleaned is that in a public organization we’re not really developing products that we’re selling to people. We’re not trying to grow markets. Our market is our community. We’re not creating or manufacturing anything. What we’re delivering are our services across the board. We are a service organization. Our product is the service we provide. And so our focus has to be on improving, scaling, making those services more efficient. That’s really the biggest focus as opposed to how to best develop a product. How do we best market a product? We do market ourselves in a sense, but it’s not a physical product. We don’t have, necessarily, supply chains for an item. We have supply chains for services that we provide. That’s the biggest difference.
In developing our IT frameworks, it doesn’t necessarily translate to a different approach, it’s just a difference in what we’re focusing on. We’re providing a service as opposed to say distributing a film. So developing those frameworks is very similar. Many of the concepts, many of the approaches, almost all of them are applicable to addressing the challenges of a small city.
I talked earlier about thinking glocally for a large multinational corporation, but I don’t have to think glocally here. I do however have to serve 15 entirely different businesses. It’s really 15 entirely different business units within a small city. I have a utility whose service is providing electricity and water for the citizens in the city. That’s completely different than a police force that’s focused on law enforcement which is completely different than a public works organization focused on building and maintaining streets and street lights. Two entirely different businesses, if you will. So, when I’m developing a framework for a city it has to be an overarching framework that can serve these diverse business units. Yet when we focus in on a specific business unit we have to zone in on the solutions within that framework that best serve that particular service that the business unit is providing.
Your education continued well beyond your initial degree work, leading to a SCRUM master and PMP certification. In today’s competitive career landscape how have these credentials aided your professional development and what designations do you advise others seeking IT leadership roles pursue?
My perspective is a little different here than some of my peers. Yes, continued education is an absolute necessity. You have to continue to learn. You have to continue to grow. As people get older they naturally get accustomed to their ways but sometimes they get too comfortable. They don’t look to learn and grow. Hence, you get guys and gals that have been a mainframe administrator for their entire career and they stay a mainframe administrator until they retire. My willingness to learn is what really provided me with my first big opportunity in technology, because at my first company we were a mainframe shop for government contract pricing applications. When mainframes became too expensive to maintain our business made a decision to move into open systems like Unix.
I worked with a team of mainframe engineers, and I was a service desk guy. Well, when we started that transition to Unix, not all of the mainframe guys wanted to get onboard. That opened the door for me. I started learning Unix and became a system administrator. I went to Unix Systems Administration training, I bought books and I started to read. Within a couple years time I became the lead on the project.
Yes, continued education is an absolute necessity. You have to continue to learn. You have to continue to grow. As people get older they naturally get accustomed to their ways but sometimes they get too comfortable. They don’t look to learn and grow.
When we transitioned that application from the mainframe I became the go to person. It set me up. And I learned at that point in time, early in my career, that the worst thing that we can do was get stuck in our ways, get stuck in the technology that we focus in, get stuck in the way with which we conduct our career. So, I’ve always embraced that. What I don’t necessarily embrace on its face are certifications, because I’ve known a lot of certified idiots.
Some folks have 10 certifications but practically they can’t accomplish much of anything because they live inside of a book. You need that book to learn the concepts and methodologies. But in order to transition that to real life you need to deploy it in real life, to find out what works and what doesn’t. What works out of the book, what doesn’t work, what applies, what doesn’t apply. Once you do that, you need to get back in the books and keep learning. You’ve got to figure out what’s the next step. What’s the next step in the journey to continuous improvement? What’s the next step in the journey to growth, for you and your career, for your business, for whatever you’re supporting?
What I don’t necessarily embrace on its face are certifications, because I’ve known a lot of certified idiots.
When books aren’t enough for me, if something isn’t sitting well, or sticking with me, then sometimes I’ll go take a class. That class may result in a certification, it may not result in a certification. But I tell you what, in the end I can sit down and have that conversation about Lean Six Sigma principles with the green belt or the black belt, whether I have the green belt or the black belt certification or not, right? That’s my goal in my career.Now, certifications do certainly help when you’re moving from one job to the next job. If you don’t have the certifications, it may dent your resume. But if you can get in the door and sit down and talk about those principles as well as anybody else that might have the certification, then the knowledge is as much if not more valuable than the paper.
Is there any opportunity to monetize public data or do public entities avoid that? I think about Amazon, after their headquarters search, who was accused of using that project to harvest data about urban housing and planning.
Perhaps, but I don’t think so and let me tell you why. In general, everything we do, every email we write, every plan we develop, every policy we write, can all be acquired with a public records request. Everything we do has to be public. There’s very little that is done either in a local government, state government, or federal government that isn’t accessible publicly or that can’t be obtained with a request. Amazon or anybody else can get that type of information in one way or another. There are very few restrictions on what information, what data a city has that they are not obligated to share with whomever asks. There’s some rules and policies around getting that data, but the truth is anybody can ask for anything from the city and we’re usually obligated to provide it. There are very few legal ramifications that prevent us from sharing that kind of information.
For a city monetizing that information, it’s counter to what we do, you know what I mean? We collect revenue, but the revenue that we collect is intended for the provisioning of the services that we provide, right? We’re not profit-motivated by any means. There’s a double-edged sword to that, because not being profit-motivated sometimes results in a city not being as efficiency-motivated, not necessarily trying to find ways to do more with less or save costs. But not being profit-motivated also means you can’t go chase dollars. If you’re chasing dollars, it should be funding the service that you’re providing.
What about using AI and machine learning? Are those being adequately leveraged in civic pursuits?
I’d say we’re still in the beginning stages, in the infancy of all that. I have a few strategic initiatives that I’m driving for the City of Burbank. And I’m really trying to stay ahead of where most of the cities are and trying to catch up where we might be behind. When I catch up I want to go beyond. Of course, I’m happily sharing everything that I learn, everything I’m doing with all of our sister cities. I’ve taken several steps, written several policies and proposals and presentations. I did a smart city presentation for the city that actually got the city here to start thinking about what that means for us, where we stand in that journey, and how we can continue to become a smarter city. I’m really trying to push the envelope. And one of those areas includes data analytics. We’re building a data and analytics practice here in the City of Burbank where it didn’t exist before, so that we can find ways to better utilize the data we have. Because, you’re right in that we have a ton of data, but we haven’t always put a lot of thought into how we can better use it to improve services that we provide. That could be anything from improving the traffic flow to increasing the revenue from parking. Or even predictive criminal enforcement, if you will. For example, if there are ways you can determine where a crime may occur then you can better deploy your resources.
That sound like London where every major intersection is captured. It raises a lot of interesting questions in terms of the inherent bias possible in deploying AI algorithms so I would imagine it’s going to be very challenging.
It will certainly be very tricky, but I think if we’re careful about how we action the information that we gather from the analytics, then I think we can better protect ourselves.
That runs up against some privacy issues. Are we going to get more bureaucratic in terms of regulating that?
We’ll see. I think there’s going to be a journey, there’s going to be a pendulum swing. And I’d say, the pendulum is swinging towards less privacy in public spaces, but there’s going to be some problems with that, and the pendulum will begin to swing back.
Do you think it perhaps could lead to less privacy in public spaces yet more in private ones?
That is exactly what I expect to see, and I’ll give you an example. The camera systems that we have in the City of Burbank are pretty strategically placed, but not very widespread. In another prominent Souther California city, they have camera systems that are very widespread. And they started to focus on major thorougfares and not necessarily within their residential areas. But what they found is that when they catch crimes and able to use the video evidence in their prosecution successfully, it was a great thing. In the neighborhoods people didn’t want cameras in the neighborhoods there. But then, when they started to experience burglaries in those neighborhoods, people would come back and ask if there was any video evidence, and they didn’t have any video evidence. Naturally those residents began to request video systems. Now, the city is at a point that if a burglary happens, and they don’t catch it on video, they’re almost obligated to deploy new cameras.