This 3-Word Mantra Helped Define a New CIO’s Mission

By Bob Hestand
Neil Kelly Company

Technology was not the strongest priority at Neil Kelly before I joined as CIO in 2019. As a 74-year-old construction and home remodeling company, it’s safe to say that we weren’t exactly tech-centric, and here’s proof: Neil Kelly hadn’t implemented technology to automate any internal processes, such as onboarding or offboarding new employees. We notified our customers about payments due through unsecure emails. And our backups? They were for one day only.


As far as I was concerned, my mission as new CIO was clear. To align with Neil Kelly’s commitment to putting the needs of our customers first, combined with the persistent cyberthreats and ransomware attacks that organizations in every industry grapple with, we needed to stabilize our infrastructure, visualize the type of company we wanted to be in the marketplace, and modernize our technology to best serve and protect our customers.


Stabilize, visualize, and modernize was not the only strategy I created and implemented at Neil Kelly. After interviewing and getting buy-in from a number of senior leaders and other stakeholders within the company, it became our mantra. Here’s how we worked together as an organization to execute our vision to strengthen our security posture, ward off an attempted ransomware attack, and delight our customer base.

Step 1: Stabilize

There was no question that we needed to establish a security technology stack and implement best practices. First, I worked with IT to update our infrastructure, and then we addressed basic security hygiene by adding antivirus and other software to lay the foundation to secure systems. Next, we addressed any vulnerabilities or bugs through patch management. Finally, we planned a robust backup and disaster recovery strategy.

And it’s a good thing we did. Last year, on the Wednesday morning before Thanksgiving, Neil Kelly was hit with a ransomware attack. But I’m proud to say that, because of the work we did across the organization to strengthen our security, we were back in business by Sunday afternoon. Yes, the attackers got in, but they took nothing with them, and more importantly, we didn’t pay a penny.

Step 2: Visualize

Neil Kelly used this step to define who we wanted to be as a company. With our commitment to implementing cutting-edge technology, strengthening our security posture, and digitalizing our current operations, who could we be today and in the future?


This question naturally led to us shifting our focus externally. We decided that, in order to differentiate Neil Kelly from its competition, we would start by using technology to provide superior value to our customers and meet their expectations by optimizing and securing their digital experiences.

Step 3: Modernize

This is where we really dug our feet in and started actualizing our visualizations. With the rise in cyberthreats and other security-related risks top of mind, we knew that it was important for all organizations — even ones in slow-to-adopt industries like ours — to provide their customers with the tools they need to feel safe when interacting online.


First up was the creation of a customer portal, which is something many customers expect from the companies they do business with. To meet this expectation, we would no longer send invoices via email. Neil Kelly customers can now rely on the safety and security of a dedicated gateway versus an electronic communication that, quite honestly, could have come from anywhere.

Always Room for Growth

Before we began our digital journey, Neil Kelly didn’t embrace technology. But now we’ve used it not only to improve security for our customers, but to strengthen our backup and disaster recovery strategies to successfully thwart the plans of cybercriminals. There’s no doubt we still have room to grow. However, Neil Kelly stands firm in our belief that an unwavering focus on security and improving the experience of our customers will pave the way to our continued success.


Other news