The hybrid team leader: David Kennedy of Orion Health

The hybrid team leader: David Kennedy of Orion Health

David Kennedy of Orion Health discusses why a co-joined CIO/CISO portfolio is an imperative for a global company dealing with sensitive information.

Recently, Kennedy’s team launched a project called ‘Elastic Networking’ to “provide improved access to business critical core systems.

“We created the core network,” he says. “We pulled all of the core applications into this secure area, and then we have different architectural zones by which we can have different levels of security.

That means in one of the outer areas someone can bring a device and they can use it, but they won’t actually penetrate into the core network. Again, it is based on security.”

Read more: The top cyber risks for NZ in an interconnected world

Kennedy has conducted a full risk analysis of all the different areas versus the needs of the executives, the needs of the customer, and created a map showing the risks.

One of the major business risks that emerged was connectivity, and the inconsistency and quality of the network. The smaller offices would have a much lesser experience than the major offices.

The mantra for all my teams is this: Simplicity, clarity, and visibility in all that we do.

David Kennedy, Orion Health

Read more: Linda Price of Gartner on a critical CIO focus for 2015: Being a powerful digital leader and influencer

“Elastic Networking was born to really have a high level of confidence in the network availability,” he states.

It also entails simplifying the supply chain so the company can leverage its size as it works with bigger partners like Verizon.

With Elastic Networking, Orion Health can subdivide the network into separate architectural branches and proactively shape network traffic, thereby increasing stability, security and visibility, Kennedy explains. The two major benefits include better performance and better availability.

All these changes have made a strong, but positive impact to the IT team, he states. “It has turned the IT team into a more strategic force. So they do less reactive work and much more strategic work, thinking about what future and innovation we can pull in two or three years’ time, rather than dealing with the problem today.”

The next phase will only allow people into that core network with an agent running on a device. That means it creates a space where anyone is BYOD, says Kennedy.

Read more: Career watch: Why more CIOs are getting MBAs

“You can’t really stop people from doing it and if you try and stop them, they’ll just find ways around it. So rather than trying to restrict people, you try and allow them to use it and just protect those core aspects.”

Another project, which goes hand in hand with the Elastic Networking is the ‘180 Degrees IT’.

“It’s about giving control back to the user for their laptop,” Kennedy explains. “The users will have high levels of administrator access to enable innovation. We have agents running on these systems, on the laptops, and that gives us configuration of all the individual laptops so we can see or we can help make the estate more consistent while allowing them to download things.”

It means they could contact the user before they have an issue. The team can identify if the user is running inefficient versions of software and automatically contacts the user to have all features and functions working at their optimum.

“If someone downloads a malicious tool bar, we can automatically send them an email to say that you’ve downloaded something that will affect your performance in three weeks. And then in three weeks, we can email them with this message: ‘You don’t have to delete it, it’s up to you, but here’s the procedure for deleting it’.

Read more: Digital Glue: Why APIs need to be part of your 2015 strategy

“If they choose not to, that’s fine; it’s just going to slow the machine down. And then in three weeks we can email them again and ask, ‘How is your performance?’ Again, it’s about giving that power back to the user and the transparency to help them diagnose their own problems.”

The Self-Service Portal is another project and provides a user-friendly IT support website designed to get the quickest and most effective response to low priority IT queries. “This is the go-to place for IT-related FAQs and how-tos,” says Kennedy.

Its features include the network and application performance monitor. “This enables every user to self-diagnose IT issues. If the user has a performance issue they can check the monitor to help determine the root cause of the issue.”

There is also a MacHelp area providing “great tips and tricks” for users who are new to Apple technology.

Read more: South Island DHBs work with Orion Health to build regional patient information system

Leading the way with security

Kennedy started as a contractor for Computer Sciences Corporation in the UK, and this, he says, was the start of his education in information security.

Kennedy did not go to the university until “much later”, when he was with KPMG. But his initial role at CSC paved the way for a career in information security, as he worked on military-based information security and technology consulting.

“I left CSC after about two years, because the military security is very black and white; there are huge documents of what you can and can’t do.

“I wanted to learn much more about risk management and the balance of risk management, so I joined IBM in 2000 as an information security architect,” says Kennedy.

Strategy outsourcing during those years at IBM was “very big”, he says. “My role really was to interpret the security requirements and place them into the architecture for delivery.”

He worked mainly with financial institutions across Europe. He also worked with the UK Post Office, Deutsche Post, and Heineken.

“I left there several years later because I felt that my career came to a juncture where you can choose security management or you can choose security technology,” he says. “I felt as if the technology aspect was really starting to go offshore. I think you have more of a chance to make a difference if you do security management.”

He then moved into information security management consulting at KPMG, working with major financial banks like Barclays, Nationwide, Lloyds and Co-Op in the UK, and also worked in Germany and Turkey developing information security systems to support many different sectors. His KPMG assignments took him to the United States and then Asia – Taiwan and Singapore – working with BP and other KPMG offices.

Don’t be afraid to take on big projects, get yourself a good mentor.

David Kennedy, Orion Health

At KPMG, he worked with the certification team, looking primarily at the advisory and audit against ISO27001, ISO20000, and other industry recognised standards.

KPMG also allowed him to complete his MBA. “They gave me the space and time to do it”, which Kennedy says was critical for anyone wanting to undertake this qualification.

He finished his MBA over two years, on part-time. His then boss gave him lots of time off to be able to study in between.

He found the MBA a “real eye opener”.

“It took me from understanding about delivery of projects and delivery of engagements to how organisations are structured, even things around venture capitalism and the finance side of things, which I wasn’t really subjected to or had exposure to during my career, all the way through to marketing,” Kennedy says.

His offshore stints exposed him to multicultural workplaces and leadership norms.

“Understanding the cultural differences really helped as well.”

He moved to KPMG in New Zealand, and after two years, worked as a contractor. Orion Health was one of his clients.

“After spending only a few weeks here, I decided this is the place that I wanted to work and I have been here ever since,” says Kennedy.

His message to ICT professionals and even students is to consider a career in information security. “It is something that will grow bigger and bigger.”

A good background, he says, is application security and code security.

“Start at the ground up, then make a decision whether you want to continue into technical or go into management.”

But he is emphatic about the importance of getting a technical background for a foundation.

“Start technically, because at the end of the day, it is all based on technical stuff. Also, don’t be afraid to take really big career risks.”

This means taking on big projects. “Get yourself a good mentor”.

Game on: IT”s Oscar Awards

Game on: The IT team that can close the most tickets keeps this Oscar for a month.
Game on: The IT team that can close the most tickets keeps this Oscar for a month.

Building a deep leadership bench, as well as developing and motivating his team members, are at the top of Kennedy’s agenda.

Read more: Z CIO Lois van Waardenberg: Pure energy

He has a compact team of 20 in Auckland, plus less than 10 people in the United States, and two in London.

He says it is important to have a clear strategy to ensure the teams can align to the common goal.

“The mantra for all my teams is this: Simplicity, clarity and visibility in all that we do.”

Gamification is one approach Kennedy uses for the ICT team through a program called Ticketmaster.

“There’s a little Oscar statue and the first week of every month the IT teamglobally goes through a competition for who can close the most tickets. Each ticket is weighted differently, it depends if it’s a priority one or a priority zero. And then it’s a race to the first week to see who wins this trophy. This trophy gets shipped around the world once a month.”

Read more: ‘Do not walk into the future facing backwards’

Kennedy says it was an idea that sprung up when he first joined Orion. He noticed that the tickets were piling up.

“You have to think of ways by which you can respond to what the customer needs, and the business needs. And Ticketmaster was a way to get people into spirit of doing things faster.”

He vouches for the positive culture at Orion Health.

“The market goes through constant change,” he says. “In order to meet that, you have to then enable your teams to not be put off by change. And the culture we have here really is one of constant change and saying: ‘What’s the next best thing?’. That comes from [CEO] Ian’s innovative mind.”

The global CIO

Kennedy is essentially a global CIO based in Auckland. So what are some insights he can share on working with teams and customers across the globe?

“Lead by the front,” he advises. “Commitment and drive are key, and working together creates fantastic results.”

The culture we have here really is one of constant change and saying, what’s the next best thing?

David Kennedy, Orion Health

It is also important to listen to customers, both internal and external.

“‘Listen to your customer’ is a mantra that I now live by through my time at KPMG, he states.

“Make sure you strike a clear balance and add value uniformly” to both of these groups.

“It is very much a part of a collaborative crowdsourcing culture at Orion Health,” he says.

Stakeholder management is a key part of the role. He meets monthly with most executives, and bi-monthly with two other executives due to work commitments. “It is important to understand their strategies and needs so that I can mobilise them through technology,” he says.

Related:CIO to CEO: Career advice from Rob Fyfe

The upsides of the role

“I work with many people and continuously learn from my teams,” Kennedy says. “I’m fortunate that I can educate customers and employees about what we do and the culture we have here at Orion Health.

“The fast growth we experience allows for continual improvement, for pushing the boundaries of technology to better the company and improve the experience of the employees.

“Also, knowing that we are making a difference in the health sector is something that is very rewarding.” Photos by Tony Nyberg .

This article is the cover story of the Summer 2014 issue of CIO New Zealand.

Send news tips and comments to

Follow Divina Paredes on Twitter: @divinap

Follow CIO New Zealand on Twitter:@cio_nz

Sign up for CIO newsletters for regular updates on CIO news, views and events.

Join us on Facebook.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags kpmgdavid kennedyMBAOrion Healthgamificationglobal ciochief security officertechnology vendor

More about AppleDeutsche PostFacebookKPMGOrionOrion HealthTicketmasterVerizon

Show Comments