EP Wealth Advisors

Mike Madden, Director, IT Operations and Security

Leading it With Clarity, Trust and Purpose

Mike Madden

Financial Innovation Authority

In my experience leading IT operations and security, clarity and trust remain the most important principles in building resilient and high-performing technology teams.

Technology teams are at their best when people understand not just what they are working on, but why it matters. In IT operations and security, there are always competing priorities: service requests, projects, incidents, risk reduction, business enablement, and user experience. A leader’s job is to help the team understand what matters most, where to focus, and how their work connects to the broader goals of the organization.

Trust is just as important. I want people on the team to feel empowered to solve problems, raise concerns early, and take ownership of their areas. At the same time, trust has to be paired with accountability. Strong teams follow through, communicate clearly, and learn from both successes and setbacks.

Resilience is something you build over time. It comes from good habits, strong relationships, clear processes, and a culture where people are comfortable improving the way things work rather than simply accepting the way they have always been done.

Driving Change while Managing Cybersecurity Risk

For me, the biggest lesson is that successful transformation depends on strong organizational change management. Technology may be the visible part of the change, but the real work is helping people understand it, adopt it, and feel supported through it.

You can have the right platform, the right architecture, or the right process on paper, but if people do not understand the purpose behind the change, adoption becomes much harder. I try to spend as much time thinking about communication and stakeholder alignment as I do about the technical plan.

People generally want to support change when they understand the reason for it. They want to know what problem we are solving, how it helps the business, what it means for their day-to-day work, and how they will be supported along the way.

That same tension between enabling the business and managing complexity becomes even sharper when it comes to cybersecurity. One of the biggest challenges is reducing attack vectors while still enabling the business to move quickly.

Most organizations now operate across a broad ecosystem of cloud platforms, SaaS applications, mobile devices, remote access, third-party integrations, and sensitive data. All of that creates flexibility, but it also expands the number of entry points that need to be protected.

“Technology decisions work best when people feel informed, included, and supported through the change.”

For IT leaders, the focus has to be on simplifying and controlling the environment: strong identity and access management, disciplined device management, application governance, vendor oversight, data protection, and employee awareness.

Reducing attack vectors is not a one-time project. It is an ongoing discipline of removing unnecessary exposure, standardizing where possible, monitoring continuously, and making security part of how the business operates.

Communication, Judgment and the Future of IT

For me, communication is the key to balancing operational efficiency, security requirements and user experience when making a technology decision.

Those priorities can sometimes feel like they are competing with each other, but they are all connected. The best decisions usually come from bringing the right people into the conversation early, understanding what the business is trying to accomplish, and being clear about the risks and tradeoffs.

I think it is important to explain not just what decision is being made, but why. If a security requirement adds a step to a process, people need to understand the reason behind it. If we are standardizing a platform or changing a workflow, the team needs to understand how it improves supportability, reliability, or the overall user experience.

Good communication also helps avoid surprises. When stakeholders understand the objective, the constraints, and the expected outcome, it is much easier to design solutions that are secure, practical, and usable.

At the end of the day, technology decisions work best when people feel informed, included, and supported through the change.

Those same principles—communication, judgment and accountability—are also what will define the next generation of IT and cybersecurity professionals. The next generation will need a strong balance of hands-on technical skills, communication, thoughtfulness, and adaptability, especially as AI and automation become more common in the workplace.

The technical foundation still matters. IT and cybersecurity professionals need to understand systems, infrastructure, identity, security, data, and cloud environments. At the same time, they also need to be able to communicate clearly, explain risk in practical terms, and connect technology decisions to business outcomes.

AI will absolutely create new efficiencies, and professionals should not be blind to that. The people who thrive will be the ones who know how to use new technologies thoughtfully, without becoming overly dependent on them. AI can help accelerate research, automate repetitive work, identify patterns, and improve productivity, but it does not replace judgment, experience, or accountability.