Name: Josh Hamit
Company: Altra Federal Credit Union
Job title: VP and CIO
Date started current role: June 2016
Location: Onalaska, WI
Josh Hamit is Vice President and CIO, Information Technology, for Altra Federal Credit Union, a not-for-profit financial cooperative serving nearly 120,000 members across 50 states, with over $2 billion in assets. He has nearly 20 years’ experience working in IT and information security that spans multiple industries in healthcare, education, and financial services. Hamit holds globally recognised certifications from (ISC)² and ISACA and is a member of the ISACA Emerging Trends Working Group.
What was your first job? My first job in IT nearly 20 years ago was working on the IT help desk for a large health system in La Crosse, WI. The position offered a diverse mix of providing assistance over the phone and hands-on technical support. I was still attending technical college at the time and was eager to put some of my newfound knowledge into practice, so I accepted a position with fairly brutal 12-hour overnight shifts. Despite the challenging hours, I still appreciate that first opportunity to get my foot in the door and kick-start my career in IT. Down to this day I still consider the help desk to be one of the best initial avenues to learn about IT because it exposes you to so many different aspects of technology and the business.
Did you always want to work in IT? To be honest, no, it wasn’t really on my radar initially. I had done some physical labour working in the trades. I also worked in electronics manufacturing for a short time, as well as the patient business side of healthcare. It was soon after marrying my wife in 1998 that I decided to attend technical college and pursue a career in IT. Although I had a genuine interest in the field of healthcare, I ultimately landed on an IT career path as the best fit.
What was your education? Do you hold any certifications? What are they? My formal education includes an Associate in Applied Science in Networking and a Bachelor of Science in IT. I also hold CISSP and CCSP certifications from (ISC)² and CISM certification from ISACA.
Explain your career path. Did you take any detours? If so, discuss. There weren’t any detours, but I did take some leaps of faith along the way. Probably the most pivotal moment came early in my career when I transitioned from a comfortable IT position working for one of our largest and most established local employers and took a chance on a much smaller employer that I felt offered more potential and opportunity to grow. Within a couple years of making that transition, business was exploding, and I was suddenly on a new trajectory in management, taking on a wide range of responsibilities and projects, and building a team from the ground up.
Looking back, I can honestly say there were some moments where I was either going to sink or swim, and probably felt like I was in over my head as an inexperienced manager learning on the fly. However, I found those defining moments taught me a lot and made me battle tested for the future, probably more than I even realised at the time. Thinking back on that experience, I would encourage folks to take a leap of faith occasionally. If you’re not happy in your role or don’t feel as though your talents are being put to good use, don’t be afraid to make a change.
What business or technology initiatives will be most significant in driving IT investments in your organisation in the coming year? Altra moves at an incredibly fast pace that’s driven by our innovative culture. The heart of that culture really stems from our desire to deliver the best possible service and experience to our members. Certainly, a massive component of that experience hinges on our ability to deliver our products and services digitally. Providing online and mobile banking is the minimum threshold in our industry. Our goals extend way beyond that to take traditionally complex processes like opening an account or applying for a loan, and really make those processes easy and convenient for a member using our digital channels.
We love to see our members in person, but we also recognise that life is incredibly busy and it’s not always practical to drive into a branch. Why should you have to? While it might sound lofty, our goal is to provide a digital companion for just about any type of transaction you might otherwise walk into a branch for. With that being said, our employees are our most valuable asset that truly differentiates us, so we still need to offer virtual experiences that maintain the ever-important human touch. As we continue to accelerate our digital and virtual strategies, our partners have become an increasingly critical extension of IT. Fintech is another area we continue to watch closely and invest in to extend our capabilities and promote more innovation.
What are the CEO's top priorities for you in the coming year? How do you plan to support the business with IT? Our CEO, Steve Koenen, emphasises three key areas that are foundational to our business strategy, which are digital transformation, simplification, and talent management. Besides the obvious in being aligned on strategy, I think the most important way we can support the business is by not holding it back. What I mean by that is sometimes IT departments can fall into the trap of being too comfortable with “the way we’ve always done it” syndrome, possibly even becoming change averse. As an IT department, it’s imperative that we’re up to the task of enabling the business, securely, being nimble enough to pivot as priorities shift, keeping step with the latest innovations, and looking for opportunities to disrupt ourselves occasionally. Of course, IT departments are increasingly stretched thin with an aggressive stream of projects and seemingly never-ending pipeline of maintenance.
We’re no exception, so we’ve had to work smarter at times by automating wherever possible, shifting more workloads into the cloud, adopting an agile mind-set in our workflows, and replacing complacent vendors that only want to deal with break-fix issues instead of helping us think more strategically about our technology investments.
Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include? There’s the age-old argument as to whether information security should report into the CIO because it represents a potential conflict of interest. This is an understandable viewpoint because inherently a huge component of what a CIO is charged with is to advance technology and that mandate can come at the expense of ensuring security is factored in. However, I do think it ultimately boils down to the culture of the organisation and the way the CIO views security. Security has to be integral and foundational to any technology initiative. If the CIO has an agenda to get technology out the door and doesn’t value information security’s input, that’s a major problem. It sounds simple enough to have information security report into other parts of the organisation, but there’s also risk in taking a very technical discipline and having it report into a non-technical area.
There’s also the possibility that moving information security outside of IT could lead to a more adversarial relationship. Regardless of where security reports, it’s imperative that the CIO is one of the strongest advocates for security within the organisation. On the flip side, the clear technology boundaries that once existed are becoming increasingly blurred as more departments influence technology and innovation. That can create some challenges for a CIO to maintain control with the prevalence of shadow IT. That’s where it becomes so critical to have safety nets in areas like project management, change management, vendor management, procurement, etc. to ensure that IT and information security are looped in early.
Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? Digital transformation is far bigger than any one department, although we tend to default associating digital with IT, as they might seem somewhat synonymous. In reality, digital transformation is something that everyone needs to get behind and support because it impacts every facet of the organisation. I don’t necessarily view member experience and operational efficiency as competing priorities when it comes to digital transformation. In many respects, they complement one another, especially in financial services where so many backend processes affect the frontend member experience. That’s where an orchestrated digital transformation strategy really benefits from peeling back the layers to see how different processes affect our front-line employees and members.
As an organisation we try to use digital transformation as more than an opportunity to make an interface better, by also focusing on how to improve the underlying processes that impact the overall experience. That’s where automation and tools like RPA can take your digital transformation to the next level. This is the direction that the industry is going in; according to ISACA’s Next Decade of Tech survey report, 93% of respondents say that the augmented workforce—people, robots and AI working closely together—will reshape how some or most jobs are performed.
Describe the maturity of your digital business. For example, do you have KPIs to quantify the value of IT? It’s not a coincidence that we’re approached frequently by many of our industry peers who inquire about our processes and technology. I guess we have a bit of a reputation in the industry when it comes to our early adoption of technology and how we’ve operationalised innovation. Reputation aside, we track a fair amount of metrics and KPIs that help us measure our performance and identify opportunities to improve. Areas like system uptime, support SLAs, patching cadence, security metrics, and internal net-promotor score (iNPS) are some examples of measurements we pay close attention to in IT. We also review projects to see how we did relative to coming in on-time and on-budget, and constructively identify lessons learned in order to keep improving.
What does good culture fit look like in your organisation? How do you cultivate it? Altra has an incredible culture that starts with taking care of our employees, who in turn take care of our members. We’re really proud of the fact that Altra is a Great Place to Work® Certified Organisation. In fact, if you go out to greatplacetowork.com, you’ll find 94% of our employees say that Altra is a great place to work compared to 59% of employees at a typical U.S.-based company. While lots of organisations might talk about having a great culture, we think it speaks volumes that our employees promote us as having a great culture. When you talk about culture fit, it starts with having a genuine desire to help others. Every employee that comes into the organisation goes through a program called “Get Altrafied” that reinforces the service standards and values we’re expected to uphold. Another way Altra nurtures our culture is the emphasis around volunteerism. Every employee receives eight hours of volunteer time off (VTO) annually, and Altra has a special day set aside each year called “Altra Gives Back Day” where all employees volunteer their time assisting other organisations in the communities we serve.
What roles or skills are you finding (or anticipate to be) the most difficult to fill? The two areas that really stand out are data and information security. There’s simply far more demand than there are qualified resources to fill these positions. These areas were difficult to fill prior to the pandemic, and there will be some new challenges and opportunities to navigate with the massive shift to work from home. On one hand, employees will have more opportunities that aren’t tied to a physical location. On the other hand, employers will potentially have more markets that they can dip into for talent acquisition. For us, talent is an area of strategic importance, both in hiring difference makers and retaining our talent. Salary is important, certainly, but so is the total package when it comes to organisational culture, benefits, flexibility, recognition, training, and giving your employees an opportunity to grow.
One of the areas I’ve spent a lot of time is finding out what our people are passionate about and doing my best to put them in a position to succeed. Sometimes it’s involved reorganising resources within the department or creating new committees to help advance innovation. There’s so much you can do to generate more engagement by simply getting creative and thinking outside the box. Another area I’ve focused on is trying to promote within whenever possible, and this can be an invaluable option when it comes to filling positions in high demand. Having a technical background is a great foundation for someone who has an interest in cybersecurity. Never overlook the talent that might be sitting on the bench waiting for an opportunity.