When I became CIO for the State of Utah, I had very little appreciation for how much time and effort went into governance issues in a large organization. Before my stint as CIO, I'd been CTO of http://iMall.com, a company I founded; I had hired nearly everyone who worked for me. As we'd built the organization, we'd also built and shaped the vision and the culture. People naturally understood the business, because they'd seen it develop and had crucial roles in making it work. Furthermore, while we'd had our share of culture problems, we'd handled them on the fly and with decisiveness. When decisions needed to be made, we made them, and things worked marvelously.

I soon found out that the state was a different animal altogether. There were, of course, differences between the public and private sectors, but over and above those, the organization was an order of magnitude larger than what I was used to, and there was what I call "legacy lethargy." Moreover, IT was organized in a decentralized fashion so that no one really had the authority to make important decisions, even when there was clear and imminent risk.

For example, at one point, for a period of about two months, a wireless network was set up in the capitol with no access control whatsoever. Anyone with a laptop and wireless card could come to the capitol and surf the Net at taxpayers' expense. What was worse was that the network had been set up for legislators, so it was possible ...