The CIO (Chief Information Officer) is the CTO before CTOs existed — the person who managed all of a company’s technology when “all of a company’s technology” meant Mainframes, SAP, email servers, and the printers. Then the internet happened, software became the product, and the interesting half of the CIO’s job was given to a new person called the CTO. The CIO kept the other half.
The CIO now manages: the SAP instance, the Active Directory, the VPN that nobody uses but cannot be decommissioned because one person in accounting connects through it, the internal network, the printers (still), the enterprise service desk, the laptop provisioning process, and the compliance frameworks that keep the auditors from returning more often than annually. These are essential functions. They are also invisible functions — the kind of work that is only noticed when it breaks, and never celebrated when it doesn’t.
The CIO is the person who kept the lights on for thirty years and is now being asked why the lights aren’t more innovative.
The Great Division
In the beginning, there was one technology leader, and that leader was the CIO.
The CIO owned everything: infrastructure, applications, databases, development, support, security, and the budget for all of it. The CIO reported to the CEO. The CIO attended board meetings. The CIO was the most important technology person in the company, because the CIO was the only technology person in the company senior enough to have a title with “Chief” in it.
Then software became the product. Companies that sold insurance started needing mobile apps. Companies that sold widgets started needing e-commerce platforms. Companies that sold nothing started being valued at billions because they had software. Technology was no longer a support function. Technology was the business.
The board wanted someone who could talk about technology as strategy — as product, as competitive advantage, as the reason customers chose them over the competitor. The CIO could talk about uptime, disaster recovery, and SAP upgrade cycles. The board wanted someone who could talk about APIs, platforms, and developer experience.
The CTO arrived. The CTO got the developers, the product, the cloud budget, and the conference invitations. The CIO got everything else — which was everything the CTO didn’t want, which was everything that wasn’t exciting, which was everything that actually kept the company running.
The division was never clean. The division was never agreed upon. The division is still being argued about at companies that have had both roles for fifteen years.
The Territorial Map
The CIO-CTO boundary is the most disputed border in the corporate Org Chart:
| Domain | CIO Claims | CTO Claims | Actually Owned By |
|---|---|---|---|
| Infrastructure | “We run the data centers” | “We run the cloud” | AWS |
| Data | “We manage the data warehouse” | “We build the data platform” | Neither (it’s a mess) |
| Security | “We own compliance” | “We own AppSec” | The CISO (created to resolve this fight) |
| Internal tools | “We manage JIRA” | “We chose JIRA” | The team that actually configured it |
| Vendor relationships | “We manage Oracle and SAP” | “We manage AWS and the modern stack” | Both, in parallel, duplicating effort |
| Innovation | “We have an innovation lab” | “We have a platform team” | Nobody is innovating |
The CISO (Chief Information Security Officer) was created specifically because the CIO and CTO could not agree on who owned security. Rather than resolve the conflict, the organisation created a third role. This is the Org Chart’s standard conflict resolution mechanism: when two boxes cannot agree on a boundary, add a third box. The third box creates two new boundaries. The boundaries create two new conflicts. The conflicts create two new boxes.
The SAP Burden
The CIO’s defining relationship is with SAP — the enterprise resource planning system that was installed in 2004, customised beyond recognition by 2008, and has been “scheduled for replacement” every year since 2015.
The SAP instance is the CIO’s inheritance, albatross, and job security, simultaneously. It cannot be replaced because it has been customised to match business processes that nobody documented and several people who understood them have retired. It cannot be upgraded because the customisations are incompatible with the new version. It cannot be decommissioned because the CFO’s team runs payroll on it, and the CFO does not accept “we’ll figure it out” as a migration plan for payroll.
The CIO manages SAP the way one manages a historic building: with care, with resignation, and with the knowledge that demolition would cost more than maintenance.
The CTO does not manage SAP. The CTO has never logged into SAP. The CTO mentions SAP only when explaining to the board why the company needs a “modern data platform” — which is, in practice, a second database that will eventually need to sync with SAP, creating an integration problem that the CIO predicted and the CTO dismissed.
The Invisible Competence
The CIO’s tragedy is the tragedy of infrastructure: it is only visible when it fails.
When email works, nobody thanks the CIO. When the VPN connects, nobody thanks the CIO. When the disaster recovery plan executes successfully during an actual disaster and the company loses zero data, nobody thanks the CIO — because the successful execution of a disaster recovery plan means nothing bad happened, and nobody celebrates the absence of catastrophe.
When email goes down for forty-five minutes, the CIO is summoned to explain.
This asymmetry — invisible success, visible failure — is the defining characteristic of the CIO’s career. The CTO launches a new product feature and receives applause. The CIO keeps the authentication system running for seven consecutive years without an outage and receives a question about why the IT budget hasn’t decreased.
Measured Characteristics
- CIOs who existed before CTOs: all of them
- CIOs who lost half their job to CTOs: most of them
- CIOs who are bitter about it: “bitter is a strong word” (it is not denied)
- SAP instances managed: at least 1 (always)
- SAP instances successfully replaced: industry-wide, approximately 0
- SAP upgrade cycles survived: 3-5 per CIO career
- Printers still managed: yes (somehow, still)
- VPN users: 1 (accounting)
- VPN decommission proposals: 7 (all rejected)
- Territorial disputes with CTO: ongoing
- Roles created to resolve CIO-CTO disputes: 1 (CISO)
- New disputes created by CISO role: 2
- Years of uptime nobody celebrated: all of them
- Minutes of downtime everyone remembers: 45
