CIO Spotlight: Victor Montero, Onapsis

What's the best career advice you ever received? "To never underestimate my gut feeling."

Name: Victor Montero

Company: Onapsis

Job title: CIO

Date started current role: October 2014

Location: Buenos Aires, Argentina

As CIO and co-founder of Onapsis, Victor Montero is responsible for developing, implementing and aligning IT and InfoSec programs with business objectives. During his time at Onapsis, Montero has held a number of executive roles, including COO and CPO. These roles, together with his 20+ years' experience in the IT and InfoSec fields, have provided him a deep knowledge of the company needs, structure and internal processes, enabling him to drive enterprise value.

What was your first job? I started my career in IT by setting up, installing and fixing PCs for small businesses on my own. However, my first "formal" job was as a System Operator for one of the most important Latin Web Portals back in the 2000's (Terra Networks). I used to work in the night shift so I could use the day to continue my studies.

Did you always want to work in IT? Yes, I've loved computers since I was in grade school. I got my first PC at the age of 13, and since then I fully submerged myself in this fascinating world.

What was your education? Do you hold any certifications? What are they? I went to a public technical high school in Buenos Aires, Argentina, then began pursuing my degree in Computer Science at The University of Buenos Aires University. It was difficult to keep up while working full-time and traveling, and then it became impossible when I co-founded Onapsis with my partners. That said, I plan to resume and finish my degree in the near future.

Explain your career path. Did you take any detours? If so, discuss. I started my career with my own tiny business, providing IT support for small companies, before working as a System Operator at Terra Networks, where I could learn and quickly develop my role as a System Administrator.

After some time, I realised I was very passionate about InfoSec topics, so I started to professionalise myself in this area. Shortly thereafter I took on new responsibilities as a Security Administrator and started engaging in hardening projects for some mid-size implementations. It was in that phase of my career that I decided to fully jump into the InfoSec discipline, and spent many fun years learning and working for some of the larger enterprises in Latin America.

In 2009, my partner and I decided to start Onapsis. While I ran several functions and roles during the initial years of the business, I decided to focus again on my area of expertise. I currently hold the CIO role in the company, leading all IT and InfoSec internal initiatives and distributed operations.

What business or technology initiatives will be most significant in driving IT investments in your organisation in the coming year? As we evolve the SDLC (Software Development Life Cycle) for our main product line into a pure DevOps discipline, the use of cloud services becomes more and more significant in terms of investments, and this coming year is not the exception, as a big portion of our IT budget is allocated to IaaS.

What are the CEO's top priorities for you in the coming year? How do you plan to support the business with IT? IT priorities at Onapsis are always around protecting organisations' (including our own!) crown jewels, as well as the continuous improvement of response capacity against potential threats. This year in particular, we'll be also working intensively on the internal integration of several solutions we use in order to streamline core business processes.

Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include? Generally speaking, with the emergence of the DevOps discipline, IT departments' responsibilities, scope and definitions have changed dramatically. Conventional CIOs need to quickly adapt to this new reality, ensuring their departments act as enablers rather than blockers, while guaranteeing higher service levels at the same time.

Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? Yes, we are. The emphasis and focus of investment have mostly been - and will continue to be - on customer experience and revenue growth. This year, however, some initiatives around operational efficiency were discussed and considered for execution in order to support the scalability of the business. 

Describe the maturity of your digital business. For example, do you have KPIs to quantify the value of IT? We're purposely carrying out some activities and initiatives supporting DX, mainly in the customer experience field, where many of our business decisions are supported by a comprehensive set of KPIs we routinely review and update, as needed.

What does good culture fit look like in your organisation? How do you cultivate it? Humbleness, transparency, respect, accountability. Openness to discuss and constructively criticise ideas.

We cultivate this culture by leading by example and coaching our people at all levels, remarking and recognising good behaviours, and putting in place the right systems and processes which support culture embracement.

What roles or skills are you finding (or anticipate to be) the most difficult to fill? Senior SecDevOps are especially difficult to find roles. Candidates submitting resumes mostly come from the traditional InfoSec field, or sophisticated developers that are security enthusiasts. These roles are and will be in high demand in coming years.

What's the best career advice you ever received? To never underestimate my gut feeling.

Do you have a succession plan? If so, discuss the importance of and challenges with training up high-performing staff. When thinking about a succession plan, I always prioritise giving my team leads the space and tools they need to grow, providing a safe framework for them to learn from failures, and coaching them to become better leaders through periodical formal and unformal in-person feedback sessions. During this time, we recognise their achievements but also discuss areas of improvement in which they have to work, being clear on my and the company's expectations, as they continue to grow within the organisation.

What advice would you give to aspiring IT leaders? Delegate and offer support. IT people tend to believe it's necessary to master every single IT discipline to become an IT leader, and feel insecure if they don't do so. However, I know the experience I've gathered during my ~25 years in IT has a much higher impact when I use it to guide my teams on how to resolve problems, rather than jumping in and solving them myself every time. In fact, my most important challenges as an IT leader have always been around people, not technology, so keep that in mind as you climb the ranks.

And trust your gut.

What has been your greatest career achievement? Building an IT team and an infrastructure which has successfully supported Onapsis's growth since its inception.

Looking back with 20:20 hindsight, what would you have done differently? I've learned and developed my leadership soft skills the hard way, at least during my first few years as CIO. Given how important it was (and is) to have a high-performing, cohesive and trusting IT team at a fast-growing company, I would have invested more time in formal training and coaching as a leader in the early stage of my career if I got a "do-over."

What are you reading now? Super Thinking by Gabriel Weinberg and Lauren McCann.

Most people don't know that I… …am slowly becoming a hobbyist DJ.

In my spare time, I like to…Play and mix music, visit faraway places (I love driving).

Ask me to do anything but… Lie.