Chapter 2: Tony Scott, CIO, Microsoft

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

images

Tony Scott
CIO, Microsoft

Tony Scott joined the Microsoft Corporation in February 2008 as Corporate Vice President and Chief Information Officer. Under Scott’s leadership, Microsoft IT is responsible for security, infrastructure, messaging, and business applications for all of Microsoft, including support of the product groups, the corporate business groups, and the global sales and marketing organization. Scott champions IT as a value-added business for Microsoft and works with all the company’s groups to identify opportunities, structure IT solutions, and deliver measurable returns to the business. Scott is also the executive sponsor for Microsoft’s Operational Enterprise Risk Management efforts and supports the integration of management principles from the Quality & Business Excellence team, which drive continuous and breakthrough process improvements across the company.

Before joining Microsoft, Scott was the Senior Vice President and Chief Information Officer for The Walt Disney Company, where he led planning, implementation, and operations of Disney IT systems and infrastructure across the company. He also held the position of Chief Technology Officer, Information Systems and Services, at General Motors (GM, where he was responsible for defining the information technology computing and telecommunications strategy, architecture, and standards across all of GM’s businesses globally). Previously, he was Vice President of Information Services at Bristol-Myers Squibb, and his professional experience has also included assignments at Marriott International Inc., Cadre Systems LLC, Sun Microsystems Inc., and PricewaterhouseCoopers.

Ed Yourdon: Let me just ask the basic questions about how you got started in the field after college. Did you start right off in IT or did you start through another path?

Tony Scott: I graduated high school in 1970, and there was a belief at that point that because of advances in technology that somehow the work week was going to be significantly reduced.

Yourdon: Ha-ha.

Scott: And that what we would all struggle with was going to be how we were going to use our leisure time, you know, that we were all going to have this abundant amount of time on our hands. So that’s the career I started off in. It was called Parks and Recreation Administration. The discipline was called Leisure Studies and it was going to help us figure out how to use all of our spare time.

Yourdon: Did you have any role models or heroes that you were sort of looking to as you went through this early stage?

Scott: I worked in the field and actually did a lot of leadership training, because part of the Parks and Recreation core discipline was all around developing leaders and people who could lead activities, in the spirit of “what are we going to do with all our free time?” And so in that discipline I had a number of role models. One was a guy named Rick Bunch, who was actually the first guy who got me to come work for him in that field.

Yourdon: Well the obvious next question for me is to ask you then is how you got from that kind of start into the computer field and into IT?

Scott: Well, what happened was after two years, I figured out that this was pretty much not going to happen. If anything, the result of all this technology is that people are not likely to reduce their work week; they are likely to just take on more work. That was my conclusion, so I changed fields kind of by accident.

I had moved, by this point, from the University of Illinois in Champaign to Silicon Valley. And I began to work in Silicon Valley—still working for the Parks and Recreation Department, but I began to see and meet people in technology. People who work for HP, people who worked for some of the chip companies, Texas Instruments, and various others. So my general awareness of technology started to ramp up pretty significantly. And finally the critical event was that I decided to get married and my wife-to-be also worked in the Parks and Recreation Department. They had a rule that they didn’t allow two people that were married to work in the same department, so it meant that one of us had to find another job. So I ended up taking a job with Marriott … which was opening a theme park called Marriott’s Great America in Santa Clara, California, in 1976.

Yourdon: Oh, I’ve been there. We may have been there at the same time. I was doing work at Amdahl at that point.

Scott: I was on the team that opened that park in 1976. The area I was in charge of was Games and Arcades. It was all electronic pinball machines and arcade games, you know Pong, and all the racing games and Atari was one of the big suppliers. You’ll probably remember all this.

Yourdon: Yes, absolutely.

Scott: Well, it turns out that the theme park industry had a couple of pretty big problems to solve in terms of managing its business. One was that these are very labor intensive businesses and a reliance on part-time labor, much like a McDonald’s for its restaurants, its retail stores, its games and arcades, its rides. You need labor to run all these things. And the amount of labor you need is highly dependent on how many people are going to show up to the park on a given day.

Yourdon: Right.

Scott: And also the time of day they are going to show up. And your profitability is highly dependent on whether you correctly forecasted your labor needs on that given day. So right around early ’78, as I had gotten a year or two of experience under my belt in this business, I got put into another position, which was to do planning and forecasting for the business. And I discovered a little company called Apple Computer. They had an Apple II+ computer, and it could be programmed in BASIC and Pascal and all kinds of things.

I thought, hmm, I wonder if we could write software to do attendance forecasting and help with planning. And as a benchmark I bought a time share service from Computer Sciences Corporation [(CSC)], which was selling labor modeling software to toll roads and telephone companies and other entities who had similar kinds of problems that needed to be able to accurately forecast the amount of labor they were going to need based on external forecasts and projections, and so on.

So I got the CSC terminal and understood how their particular software worked, and we began to develop sophisticated computer models with CSC to help us better forecast the labor and attendance, and in parallel to developing, writing software actually on the Apple II to do the same thing. And within about three or four months, discovered we were beating the pants off of the CSC program on a pretty regular basis in terms of doing a better job and so on.

I didn’t do this by myself. I had some people from the IT department. They were better at programming, and I was better at sort of figuring out the math behind some of the stuff. But anyhow, I taught myself to program. They would write the basic program and I would tweak it, you know, and put in some of the math models and all that sort of stuff. To the point where we bought a whole bunch of Apple II computers and a Corvus disk drive and started using the Apples for lots of things. Um, created a bunch of different databases, and we just got hooked. And so everything just sort of took off from there.

Eventually I went to work for Sun Microsystems, finished my degree, finished college at the University of San Francisco in information systems management, and went to law school at Santa Clara University while I was at Sun. Then I worked for Pricewaterhouse, and Bristol Myers, and General Motors, and Disney and then here. But it all started with the need to solve some attendance, forecasting, modeling, and labor scheduling kinds of problems that were real business problems that I was confronted with.

Scott: That is the long story.

Yourdon: Yes, but it’s a fascinating one, and interesting for me. Like I said, I was in the same area at about the same time, and had Apple II computers for my own kids. Well, at the end of your story, you’re here now obviously at Microsoft.

What you do as a CIO at Microsoft. What duties and activities that the job entails—is there some way you can summarize what your key responsibilities are as CIO at Microsoft?

Scott: Sure, I divide it into three big buckets. In the middle it is the sort of the same thing any CIO at any large company would do. We have any number of internal systems that we run the business on, and so in our case that includes sales and marketing systems, financial systems—we have probably the same collection of systems and software that any other CIO at any other company would have. We have payroll, you know, blah, blah, blah.

Yourdon: Sure.

Scott: And in that sense, I wear about the same hat and shoes and everything else and have the same concerns and issues as any other CIO. What makes this job different are two other pieces. On the left-hand side, we work very closely with our product groups, and it starts with defining what the product is going to be in the first place, all the way through.

Once we are into the development process, IT supports a lot of the product tooling the product team uses to make the product. So code source repositories, code signing technology, all kinds of things to help build the product and quality check and that kind of stuff all sits in IT at Microsoft. And then we also play an important role which is: once a product is in its early stages of development and is complete enough to start deployment, we start deploying it internally at Microsoft in small quantities initially—and then as the product matures and gets closer and closer to its release date, we have typically broadly deployed it inside Microsoft. It even has its own name: we call it “dogfooding.”

Yourdon: Oh, yeah. That phrase has been around for a long time.

Scott: And so we are the number one filer of bug-fix requests and enhancement requests and so on, more than all the rest of Microsoft customers combined because of that important role. But we are also one of the groups that signs off and says that the product is ready to ship, so it is a little bit of an usual role for an IT organization, and particularly one we take seriously. So that kind of on the left side of the main role … is pretty classical.

On the right-hand side, I also spend—and my teams spend—a fair amount of time with our customers. Virtually every customer who comes to visit, to do an executive briefing, or whatever, wants to know how Microsoft does IT. It really is: “how do you use the products for Microsoft, how do you integrate them together, what lessons have you learned with whatever the latest is?”

Clearly that is one of the focuses of the dialogue with customers, but they are also very interested in how we do governance, our IT lifecycle management process, how we’re organized, our internal metrics of success, things like that. We aspire to be a trusted advisor on how to do IT and the question I proposed not only to myself, but to my organization—we aspire to be the world-class benchmark for IT, and we ask ourselves every day: if not us, who would it be? And if not here, where else could any IT organization aspire to be that? And if not now, when? You know, that kind of thing. We seek that role, we practice it every day, and we get a lot of very positive feedback from customers in terms of the value they get out of that dialogue.

Yourdon: You know 30 years ago, it would have been IBM’s role to do that sort of thing. Do you think that what you described represents kind of a technology shift that everybody assumes that they will be using Microsoft products and the distributed kinds of computing tools rather than main frames today?

Scott: I think that’s one of the elements of it. Certainly Microsoft has a breadth of products that probably no other tech company has today.

Yourdon: That is a good point, yes.

Scott: And it is a leader in several of the areas in terms of where people want to go—whether it is cloud or whether it is mobile or any of those kinds of things. We’re in the game in a whole bunch of different spaces that not many other companies are. So I think that’s one element of it. And our sweet spot is certainly central to where most IT organizations are, and I think that’s a part of it as well.

Yourdon: I’ve obviously been following many of the things that Microsoft has been doing in the marketplace, and I would imagine you can just give me a general answer on a lot of these topical issues, like cloud computing and so on, you’ve got or Microsoft has got white papers or position papers. Do those tend to come from your group or are they influenced by your group?

Scott: Well, it is really collaboration. Just like the dogfooding and things I was describing earlier. For example, cloud computing group, we have played a key role in helping shape the product from an architecture perspective and from the perspective of, “here is what CIOs are going to look for in terms of capability, and manageability, and how they think about the business case for the cloud and so on.” We have been one of the major contributors to that whole discussion for sure.

Yourdon: Ok, well that is very interesting. Maybe one last thing. One of the things I am quite interested in myself is the generational issue. How is the up and coming generation of kids coming out of college viewing IT and technology, as opposed to my generation or yours?

Scott: We do think that relevance to Gen whatever-it-is—the millennials, or whatever you want to call them today—is something that is certainly relevant. So we do a lot of work with customers in terms of our own models around that.

Yourdon: One of the big topics obviously is social computing. How do you think about that? And should you think about that as a CIO?

Scott: We have a really good model that we use that essentially evaluates anything like that along two different vectors. One is value and one is risk. And depending on where you fall in that matrix, you can either embrace it, ignore it, manage it, or exploit it—those are the four different ways we think about it in that space and each of those strategies would have a certain set of characteristics and an external company might choose to put a specific technology in a different place in the matrix, which is fine.

But what we have given them is a model to say here is how you can think about this stuff, and you can make your own judgment call based on your company profile and your regulatory environment, and so on, which bucket you will put things in. And it is leadership like that that we think is a role we can play in terms of helping develop useful models and frameworks for the industry.

Yourdon: I’ve got a bunch of questions that I can’t avoid asking because I’m sure everyone will want to know—and that is the question of whether Bill Gates or Steve Ballmer hired you or promoted you into your position, or whether you have any other tidbits, you know, about them that you want to talk about.

Scott: Well, I actually worked for Kevin Turner, who was our Chief Operating Officer at Microsoft, but Steve was a part of the interview process, and I’d actually worked with Bill on a number of different things even before coming to Microsoft—so it’s probably the only job where I’ve gone into the job knowing the senior executives and the company reasonably well before coming to take the job. All the other times, it’s pretty much an interview and then a surprise as to who the execs are and all that stuff.

Yourdon: Well, being interviewed by the COO is a good enough big name for anyone, I’m sure. Was there anything else unusual about the interview that got you into Microsoft?

Scott: Well, when I interviewed with Steve three years ago, the obvious question is, how do you see the future? I still have the little piece of paper that Steve sketched out where the company was going from a cloud perspective and phone and all that sort of stuff—so I have to say, it was pretty impressive. And I was impressed at the time with the plans, and I’ve been impressed with the investment and the subsequent realization of the vision that Steve laid out a couple of years ago.

Yourdon: Very impressive. Well, that leads to a related question. If you had one piece of advice that you could give to aspiring CIOs, whether it was somebody who was dreaming one day of being the CIO of Microsoft or possibly the CIO of any other organization, what would that one piece of advice be?

Scott: Well, it’s probably the lesson I’ve learned over and over and over again—which is, nothing is ever as good as it seems to be or as bad as it seems to be. Every time as I’ve gone into the role, I heard about all the things that are broken and all of the things that are going well, and there’s usually a little exaggeration on both sides, in terms of how bad it is or how good it is.

Yourdon: Well, that’s certainly interesting advice. Another related thing—and these are little segués in a sense—I’ve now talked to maybe a half a dozen CIOs, and one thing I’ve heard in common from almost all of them is the importance of the team that they’ve assembled to just help them get through the day. I’m curious as to what kind of key qualities you look for in someone who’s going to become a member of your team that you work with on almost a day-to-day basis.

Scott: Sure. I think there’s three in particular that I look for. One is just pure leadership capability. These are big, complex, challenging, physical organizations that we’re managing, and to do that well, you need a lot of leadership capability. You have to have somebody who enjoys that role and who sees as a core part of their being developing other leaders in the organization. So leadership is probably the number one thing that I look for.

Two, I think you need to be technically astute and competent, especially if you’re working in a technology company like Microsoft. There’s a whole set of things that we do every day where technology does make a difference, and being technology-literate and making the right choices is fundamental to what we do. And these are big architectural decisions that we end up making, and so that skill is pretty important. And probably the third one that I look for is just basic integrity in terms of not only telling the truth, but representing the truth and dealing with people and situations in a very honest, transparent, straightforward sort of way. People that can uphold our values and represent them well, so that integrity factor is critical in all of our leadership roles, if not in life, then certainly in leadership roles people play.

Yourdon: I heard a variation on that yesterday from a CIO whom I interviewed who said one of her key things is that everyone on her team, has each other’s back, so to speak. They realize that they all have to succeed, and so rather than the competitive backstabbing that you might allow or even be expecting in some situations, her team won’t let any other member of the team fail if they get into trouble or get overloaded. And I guess you could argue that’s one aspect of integrity.

Scott: Well, I think it’s also part of leadership.

Yourdon: Yeah, good point.

Scott: Part of what I look for there is an element of that, where we all have to work closely together to succeed, and it’s not even about our team winning . . . especially at Microsoft. It’s about Microsoft winning, but also enabling people in the world to reach their potential, to paraphrase our mission—and that’s a fairly lofty thing for us to shoot for, but we all carry that weight. You know, at Microsoft in particular, if we all don’t do our jobs well, we’re hindering the world from reaching its full potential in a certain way, so we have to shoot for a pretty high goal, I think, and that usually means more than just individuals winning. It means a broader purpose.

Yourdon: Ahh, good point. Are you guys helping out in Egypt at this point? Maybe that’s a little off target, but, boy, that’s amazing watching. I’m sure you and everybody else are just glued to the television to see what’s going to happen there.

Scott: Yeah, it’s pretty incredible. Well, I think what you’ll see when all the dust settles, what we’ve seen over and over and over again is, our Microsoft team is in there as quickly as possible helping rebuild and re-establish the necessary infrastructure for a country or a region to function. So whether it’s an oil crisis or tsunami or floods or snowfall or earthquakes, Microsoft always responds and is there to help rebuild, at the earliest possible opportunity.

Yourdon: You know, I hadn’t thought of that, but I now recall seeing a similar thing from the CIO of FedEx and the CIO of Delta Airlines about what they had to do immediately after—well, not even after, but in the midst of—Katrina, and basically, any high-technology company these days is going to need to and want to step in to help out with whatever rebuilding of whatever infrastructure they’re involved with given a natural or political disaster. So, I guess that’s something that every CIO has to be prepared for. If you turn on the news and see that all hell’s breaking loose in some part of the world you never cared about, it may still have a huge impact on what you have to do tomorrow morning.

Scott: Sure, exactly.

Yourdon: That’s very interesting. Okay, another very interesting question. I’m sure you and every CIO I’ve spoken to ends up having to interact with a lot of very strong-willed peers who may not be in your empire itself, so to speak, but literally peers in other business units—or, in your case, product groups. They think they know how to use IT. They not only know how to do their job, they probably think they know how to do your job better than you do, and you can’t boss them around, because they don’t report to you. How do you go about influencing these people and get them to do what you think is right and to avoid doing what you think is wrong?

Scott: Well, I use a principle I learned many, many, many years ago when I was a playground leader. And I was taught this by another playground leader. If you’re leading kids’ activities on the playground, there’s always some kid hanging on the sideline. Maybe he’s a bully or maybe he just wants to tease or be disruptive or whatever. And the technique that I was taught was put him to work, make him a solution rather than a part of the problem. And I’ve followed that principle throughout my career, and so if you have somebody who’s strong-willed or has a strong opinion, first of all, they might be right and you have to consider that possibility.

Yourdon: Sure, yeah.

Scott: But second of all, put them to work and get them engaged and make sure they’re a part of the solution. And so what I’ve found is that one of two things happen. Either they get engaged and contribute, or they shut up very quickly and run the other way, and one of the two doesn’t happen.

Yourdon: Of course, one thing that’s different about your peers and which you would also find in other computer companies or high-tech companies, but which I don’t see in some of the other places, is that your peers in the product groups or business groups, are presumably all extremely proficient with technology. It’s not just that they’re stock traders or automobile designers. Obviously, all of these people know a hell of a lot about IT, so that you’re in even less of a position to boss them around and tell them that you’re the only person who knows the complexity of what you’re dealing with. So that’s a very good strategy to deal with, you know, kind of get them involved with you.

Scott: Well, yeah, it turns out that with our product group, they can be as opinionated as anybody. It’s usually about somebody else’s product, though. They usually think that their product is great and everybody else’s has got a problem— but again, the same strategy: put them to work. We actually have a significant number of people who are not technology-literate. They’re in traditional business functions like finance or HR or whatever it happens to be. And they just want something that works for them. They’re not as enamored by the new feature or the new capability, maybe as somebody with a more technical background, so part of our challenge as we’re developing applications or creating user experiences is to satisfy both the technical and the nontechnical in terms of what we do and how we do it and the services that we offer. That’s part of the fun at Microsoft.

Yourdon: Now, there’s an aspect to this that I had expected to hear more about and that is the situation where these peers and their respective business units are able to get their hands on technology by themselves because it’s so cheap and so pervasive. The PC version of that 25 years ago was just going down to Radio Shack to buy something. And these days, they can just download an app for their Android or iPhone or whatever, and start using technology that you’re not even aware is in the office, until it gets big enough to be noticed. Is that kind of a problem area that you run into a lot?

Scott: No, we don’t think of it as a problem, really. What we have is a model that we use to figure out how we think about any given application and it basically is a matrix that results from on one side, the threat or the risk associated with that application, if any, and on the other part of the matrix, the business benefit from that application. And the result is four quadrants that either allows you to say, “We have to contain this. We have to embrace it or we should embrace it. We should allow it and not mess with it at all—it just exists. Or we should ban it, and effectively block it.”

And so there are some things where’s there no business value and a high business risk either in the form of viruses or some sort of threat, IT threat or whatever, that we just block. But there are many others, like a lot of the social network capabilities, the better ones, where we say, “Not only are we going to embrace it, but we are going to fully utilize it for the business benefits that it can bring.” So everything falls in the matrix somewhere and every company can make its own judgment on any given thing about which part of the matrix it falls in. But we use that framework really to evaluate things and then put in place either the appropriate measures or not, as the case may be.

Yourdon: Well, that certainly makes sense. The aspect of this that I’ve heard from most of the other CIOs that makes eminently good sense is that somebody might bring a new toy, a new gadget, a new smartphone into the office without your knowing it, but sooner or later—and it’s usually sooner these days—they want to access your data, and they want to connect to your infrastructure. And that’s something you’ve got control over and you’re very concerned in terms of risk—obviously security and privacy, and so forth—so they can’t get very far, so to speak, without running up against your protection or evaluation matrix that you’ve put in place. So I guess maybe I was over-worried about that one.

But why don’t I move on then to the next obvious question: what are the main problems and concerns and issues that you worry about that keep you awake at night? I assume security is at the top of the list, but are there any others as well?

Scott: It is. I mean, Microsoft is one of the most attacked companies on the planet in terms of every hacker trying to earn his merit badge seeing if he can get in, so out of necessity we had to try to be at least very good at the security thing. So, while you always worry about that every single day, on a daily basis we don’t end up having much issue in that particular space.

I suppose one of the things I think about a lot is what I’ll call “macro-architectural threats,” and let me explain what that is. Over the years, the quality of the components that we build things out of has just gone up and up and up. And you see it across the landscape. Cars are better. The quality of everything we buy and use has just gotten better and better and better over the years as the broader quality movement has taken hold. And so, it’s not very common anymore that you see product failure in the same way that we used to see it, maybe a few years ago. Or defects show up in a particular product, because most manufacturers—whether it’s Microsoft or hardware people or whatever—have gotten pretty sophisticated at building a quality product or component. Where the new opportunity is in the architecture that is built up from all of the pieces. So it’s still possible, for example, to build something, a solution for an end user that, while the components are all of high quality, the way they’re put together may be vulnerable or may have some architectural flaw in the way it’s created. And because of the complexity of many of these things today, it’s hard to actually see these architectural flaws. We’ve seen examples of this in the nation’s electric grid.

Yourdon: Right.

Scott: Where in some cases accidents happen because of some unanticipated event that exploits an architectural flaw that was latent in the system. The Internet is a Petri dish, I think, in some respects for some of these architectural failures to not only happen, but also the magnitude of them could be enormous at some point as we build up solutions and capabilities out of all the components that exist. And I don’t say that in a way that should be interpreted as we shouldn’t use the Internet or it’s dangerous, but I think we have to be prepared for some of these bigger failures to occur, and we will recover from them relatively quickly, but they will occur, like the stock market crash.

Yourdon: Oh, the “flash crash” last year?

Scott: We keep having these long, deep depressions that once were the case, but we’re still having these events, and I think of threats that we may face in the technology space in much the same way. They will happen, we will recover reasonably quickly, but they might be rather prolific in terms of their impact.

Yourdon: I can certainly tell you that the Defense Department and various other government agencies spend a lot of time worrying about that, simply because there are people who are trying to deliberately exploit these things as opposed to accidental architectural defects.

Interestingly, one of the ways that I earn a living is working as an expert witness for lawyers, trying to figure out whose fault it is when some huge system doesn’t work. And it often has to do with these architectural problems between vendors. So, the Microsoft product is fine, and the XYZ product is fine, but there’s something about the architectural interface that can either be exploited or has some limitation that nobody ever thought about. I don’t think that problem is going to go away in the short term, and, indeed, if anything, it may get worse. So that’s a good one to bring up, because I think that’s probably something that every CIO is either already worrying about or really ought to be.

Scott: I totally agree.

Yourdon: Because if nothing else, all these CIOs are usually the final stage of approval and endorsing some of these huge architectural complexes involving vendor software. So they’re the ones who are going to get the blame if it does all come crashing down on their heads. Okay, let me just ask a couple final questions. These were prompted by some of the things you said in our first conversation. You had told me about how your IT department works with several of the product groups when a new product is being developed. And I’m curious to know whether your IT group takes a proactive role in terms of interactions with other departments, or do you wait for them to come to you to start talking about new stuff that they’ve started doing?

Scott: No, we’re very proactive, actually, so as each product cycle begins, we’re in the early stages of the design—putting our two cents in in terms of what features it needs, what capabilities it needs, how it should work, all those kinds of things, and we follow that all the way through the whole life cycle, including upgrades and subsequent patches that may occur. So we live with the product groups through the entire life cycle, and we have a very active program that measures the health of that product relationship.

Yourdon: And, and I would assume that might even start with the kind of early exploratory prototyping?

Scott: Oh yeah, absolutely.

Yourdon: Well, I think that’s a good thing for people to know about, that these products don’t just sort of spring out of the Microsoft firewall without a lot of internal stuff going on with you guys.

Okay. Well, I could go on all afternoon, but I’m sure you’ve got a long list of things to do, people waiting outside your door at this point, so I should wrap things up.

Scott: All right. Thank you.

Yourdon: Well, thank you. I really appreciate it again, and good luck with everything else.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 2: Tony Scott, CIO, Microsoft

Create new playlist

Sign In

Sign Up

Tony ScottCIO, Microsoft

Table of Contents for
Chapter 2: Tony Scott, CIO, Microsoft

Tony Scott
CIO, Microsoft