Episode 297 Deep Dive: David Gee | Career Guide for Aspiring CISOs

[00:00:00] Speaker A: At some point when you're interviewing for a ciso, you're not looking back at the degree, you're not looking back at their accreditations. That's all foundational. But what you're looking for is looking for do they have the right sort of international experiences, experiences in driving change, experiences in talking to boards and their behaviors in doing that. Those things are what makes up a true leader. And you can actually build those and develop those over time. [00:00:26] Speaker B: This is KBCAZ. [00:00:30] Speaker C: Target for ransomware campuses. [00:00:32] Speaker A: Security and testing and performance and scalability, risk and compliance. We can actually automate that, take that data and use it. [00:00:42] Speaker C: Joining me today is David g. Advisor at JS Careers, Bain & Co. And Emmett Tull. And today we're discussing how to aspire and grow into a sizo. So, David, thanks for finally joining and welcome. [00:00:55] Speaker A: Thank you so much. [00:00:56] Speaker C: So, David, I want to talk about you just for a moment and for people who perhaps don't know you, you've, you've held some very heavy hitting titles. People were to look you up on, on LinkedIn. You've had some really big roles over the years. So I think you're probably the better person to ask around how to grow into, you know, a sizer or CIO as a leader. So maybe let's start about building a career. And I would say my follow on question to that would be, you know, leadership is really, really hard and sometimes I've found over the last, you know, 12 or so years I've been in this space that people get into these leadership roles and they discover, well, actually I don't really enjoy managing people. So share whatever you feel, what comes up in your mind when I ask you that question. I want to get into some of the specifics. [00:01:42] Speaker A: If I go right back, right. Like, let's go back to when I was in high school, okay. So in high school I, I played basketball and rugby and all that sort of things, right. But I, I love basketball as my key sport. I just, you know, excelled at it and I was the best shooter in the team and I was getting promoted, you know, into big, higher, higher teams and then at one point, you know, get into the second and first for two years. And then my coach said to me, david, can you actually, can you stop being a shooter and just pass the ball, be the point guard? And I was like, what do you mean I'm the best shooter? No, no, I want you to make others better. And that was my first sort of lesson in leadership, which is being out of your comfort zone and doing Things that you know, that aren't natural to you and then trying to make others better for the team rather than you being the star. That was my first sort of stretch moment where I was like, oh my gosh, can I do this? Can I, can I actually be the point guard rather than the shooter? So to me I really believe that that was something that took me a good stead. So when I got into my career and you know, started and by the way I was married at 20, okay, at university and I was doing sort of odd jobs but I had some principles I wanted to do besides the fact that I had a wife and kid to support. I really wanted to make sure that whatever I did, I enjoyed and I didn't want to be stuck at any one industry or company or country. I had this motion, I didn't know how to do it but I me was like, how do I have a career which enables me to keep learning, doing things and keep, you know, reinventing myself and then if I can do that then I won't get stuck in the place. And to me that was sort of my principles I, I, I work with. And that kind of led me down the path of, you know, being a CIO for 20 years and a CISO with HSBC. And then my last role I did three, four years with Macquarie running tech, cyber and data risk. So to me the iterations was all about leadership and all around trying to reinvent myself and then trying to do different things if that makes sense. [00:03:27] Speaker C: I used to work at a bank, that's how I started my security career historically. So, and I think everyone listening to the show has definitely heard me say that so many times, but you may not have known that. So I have a question for you considering your background and leadership, what I found at times working in a bank, there are people who are in these heavy hitting roles. I don't know if their leadership was genuine though. Have you seen that? And then tell me more about what genuine then leadership means to you in a recruitment standpoint. [00:03:56] Speaker A: Right. You're looking, you're looking to classify people. So if I doing recruitment or screening candidates for example, right. I'll, I'll be able to figure out, you know, pretty quickly within five minutes what's this person's DNA, what, what drives them? Are they a person? Maybe you send crude which is are they going to be a painkiller in terms of they're going to come in and actually make a big difference the organization or they're just a vitamin, right. If they're a Vitamin. They're actually just something that's nice and might help progress things, but actually not going to make a big difference. And to me, leadership is about making the big difference. You know, being the painkiller, the going and solving big problems and being willing to take the hits with that. Now, you know, there are a lot of people who are in the art of survival, and their survival means I'm going to just stay under the, under the pulpit. Not taking your chances, you know, speak up at all times and be visibly leader. But actually when it comes down to taking the hard yards or, you know, taking the hits because someone your team screwed up, that's not leadership to me, okay? That's. That's just being a manager. And so you see both of those type of people in the organizations and there's. Statistically, you can say there's probably 13, 14% of people in organizations who are true leaders and wander the hard yards and want to make a difference, want to transform and to make changes happen. [00:05:06] Speaker C: So what are the rest of the people doing? Just sort of sitting on the bus, waiting for someone to drive them somewhere? What does that look like? [00:05:13] Speaker A: Life goes on. So we all have different motivations, right? Some. Some people are motivated by just wanting to go to work, to meet ends and pay the bills and have fun outside of work. Everybody's motivated a little differently. Different stages of your life, different stage your career, you motivate differently. And so it just takes an army of different people to make up an organization. You need to work yourself out in terms of what makes you tick and what sort of person you want to be. And therefore, you will need to make the sacrifices to take my case. Right? I worked across pharmaceuticals insurance with MetLife in Japan. I was pharmaceuticals illegally in Australia, China, Asia, PAC, Japan, the U.S. so I moved, you know, five times, five countries. You know, if you're willing to be uncomfortable and learn new things, you know, be uncomfortable and grow because you have to speak different languages, deal with people who, you know, may not get it the way you get it, and then work with that sort of understand that that makes you grow faster. I think because you're of your comfort zone, you're in. Thrown in the deep end, literally, with, you know, with large teams, small teams, and both of those have different stresses, right? So to me, that's. Some people want to do that, other people say, no, no, no way. Don't want to ever, you know, be involved in something that's so different and foreign to me. [00:06:26] Speaker C: Okay, I got a couple of questions about corporates I'm ex corporate myself. I always say to people I was a really bad employee. I'm definitely a better entrepreneur, definitely an entrepreneur at heart through and through. But I want to talk about climbing the corporate ladder now, and there's so many questions I have around this, but one thing that I observed in my career early on is someone could literally be hopeless in the corporation but survive in terms of any, you know, when there's a restructure, they always survive. There could be someone who was really talented in terms of their craftsmanship, but would always be a first person out the door because people didn't like them. So perhaps their social prowess or their social game wasn't as strong as the other person who maybe technically wasn't as good or. But people liked them. So talk to me more about how people in these corporations can climb the corporate ladder with having a good social strategy and a good social game. [00:07:22] Speaker A: Good question. I mean, I, you know, wrote a book last year which came out called the Aspiring CIO and ciso. And then I talk a lot about, you know, soft skills. Now, to me, every individual is made up of all the above, right? So you've got a series of skills. Knowledge, experience and behavior. Skills, Knowledge, experience, behavior. So to me, you know, in early your career, you build up those foundations of skills and knowledge, things that you want to, you know, you think is going to help you, whether it's a certification, accreditation, you know, whether it's networking, whether it's now pump engineering skills, and then knowledge around how to do that across, for example, different industries. And then the realization is, and maybe to your point is that what matters more is actually for the people who do succeed for the right reasons, because sometimes people succeed with the wrong reasons. Your experiences and behaviors, right? Top of the equation. That's actually how you act, how you perform, how you, how you do things when no one's watching, for example, that's part of your brand. People see you being a leader to get stuff done, you know, ask problems, solve problems, to bring your team on the journey with you, to, you know, make change happen. That's all becomes, you know, your experience and then your behavior to then, you know, for example, say no to boards. Say, say no to your boss. You know, when. Then things are tough. All those things to me makes up what makes a great leader. And you're right, there are people who hide in the shadows and then they somehow survive. But listen, that's not the way to live. The way to live is to, you know, get out there and do things that you enjoy, make some money on the way. But the money is not the motivation. It's me having the challenge and learning and, you know, continuous learning and then making people that you work for, work with, sorry, better. And the best versions themselves, to me, is so motivating. I just love that part of it where, you know, you can, you know, develop these people into CIOs or CISOs and, or leaders because of their, maybe some coaching you gave them or some tips you gave them and, and you know, without overdoing it, you can actually provide them, you know, little anchors and north stars that help them through the whole career. [00:09:24] Speaker C: So what about people that play the game, though? Like, I mean, I've been in companies. It's like, oh, that guy's playing the game, or she's playing the game. I hear that a lot. What, what do you think people mean by that person's playing the game? [00:09:35] Speaker A: Well, as you say that, you know, people who, who do that in your organizations or done in the past, right. They're playing by different set of rules. They definitely get away with it. Sometimes they may even get promoted. Now what, what that means is the people who they working for perhaps are okay with that because they're, you know, very loyal, they're very supportive. So therefore they're not going to actually, you know, ever feel challenged by that person that's playing the game. Okay. And so I've seen many really bad examples of that, examples of people playing the game. And to me, you see that and I, and I go, that's just how not how I want to live. That's not how I want to, you know, see myself in any fashion from an integrity standpoint. So how do I try to just avoid even going down another path or, you know, trying to acknowledge that's okay, because that's not okay. Those people get caught at eventually, maybe. But look, I think it's all about you living with yourself and knowing that you're doing what you believe is important and making a difference to the world. [00:10:31] Speaker C: So you said that you've seen some bad examples. Can you provide one? [00:10:35] Speaker A: Yeah, I can and I won't name companies, but I was, you know, interviewing for a very senior role and I got, you know, some stakeholders involved, senior stakeholders involved that were in the C suite and said, can you interview this candidate? Because, you know, it's really important that you have, you know, get buy in on this candidate. And then they came around and said, no, no, no. Can you actually, instead of hiring this person, Bob, can you go and hire Carissa who's not even interviewed for the job, right? And I was like, oh, that's interesting. That person is not qualified, actually. He's a bit of a Muppet, to be honest. Okay. And I was thinking, okay, they're playing, they're playing the game. They're actually wanting me to hire the wrong person for the, for the wrong reasons. And, and I'm, you know, I'm saying to them, you know, I'm in a zoom meeting, saying, thank you very much for your input. And I, and I completely ignored them because I know they're not playing with a straight bat, right? In terms of intent, what they wanted was the person to come into their job, senior role and actually be a Muppet, right? Be someone who would not do the right thing. And so that you get that and say, how do you then work through that in a, in a, in a graceful fashion so you don't tell them, tell them off or say, that's inappropriate. Just move on with it. Okay. And then get. Do what's right rather than do what someone else is angling towards. [00:11:42] Speaker C: So why would that person want to hire someone, to your words, a Muppet? Is it because. [00:11:46] Speaker A: Because it makes their life easy? Makes their life easy? [00:11:47] Speaker C: Is it because they're not going to challenge them like, okay, well, I need this person? [00:11:50] Speaker A: Exactly. Now that's. Listen, I, as I said, I do a bit of advisor work for Jay's careers from creating and tech and cyber and data. And, and we know that, you know, most people do want to do the right things in terms of, can I hire the best person possible, right? And then you put forward five candidates out of maybe 30, 40 you screened and you go, actually, they don't like any of these people. Why, why is that? Is there, there's something else going on that I don't understand? Because the candidates you put forward may be amazing, right? Amazing. Got the experience, background, the right sort of cultural fit, ticking all the boxes, but don't get the job. Then you realize, actually they're a bit afraid of this person because they're a little bit too high powered or they may be fearful that they might take their job. And, you know, I learned it in my career, Chris, is that, you know, I learned this from a, a guy who was, you know, end up being the global head of HR for Lilly Pharmaceutical, which is the largest pharma company in America right now. He said to me, david, when you're hiring people, can you hire someone who could be your boss? Can you hire someone you think you can see that person Being so good, they can be your boss. And I thought, wow, that's a, that's a really high bar. Okay. Because you have to put them in different light. And so when you think about that through that lens, you definitely will, you know, look for, look for amazing, look for, you know, incredible abilities, et cetera. [00:13:04] Speaker C: Okay. I want to keep going on this, down this talk track for a little bit more. This is quite interesting. So I'm just going to use myself as an example because there's probably other people out there listening and I think it's better to pick on myself than someone else. So when I worked in corporate, I spoke up a lot. Clearly it makes sense. I'm a journalist and I'm asking you questions. This is how I've always been. People didn't like that, David. So then I don't think I was ostracized, but I sort of got the vibe that management, middle management started to feel a bit rattled by that for someone of my caliber. How, I mean obviously I don't, I don't work in corporate etc anymore. I don't have a boss. So maybe that's why I'm an entrepreneur. But how do those people succeed in these environments where you've got people out there, they don't want Carissa Brain in there asking questions and speaking up and challenging things. And you know, I was junior, I was an analyst, so it's not like I was a senior person. It seemed to get people at times. Maybe I would rub people the wrong way, right? But then how does someone like me ever progress to be potentially in a corporation like that, to a management role, leadership role, if people are just trying to, you know, keep my head under the water. [00:14:10] Speaker A: Yeah, it's really a hard one to analyze. But I think, look, I've met people of that sort of Persona, right? I've met people that percent who've been successful. Clearly they've had to think about their approach somewhat to say like, you know, for all means, challenge for all means, be yourself. Because otherwise you, you'd think why bother being here? Right? But then how do you, how do you maybe, you know, tweak your questioning a little bit to, to be a little bit as confrontational, to be a little bit more open ended, to be somewhat, you know, in the conversation for sure, rather than, you know, because if you're either in the conversation or you didn't say check out and say, oh well, I'm not going to say anything because these people aren't going to listen to me, right, that would be A bad outcome. So how do you, how do you refine your behavior somewhat to be, to be effective rather than saying, okay, I don't want to change my, my core values. I don't want to change what I'm trying to get to. I think this objective is still right. How do I work with this conversation to get what I want out of it? Now if I give you an example, right, you know, I, I've always been myself a transformation person. How do I get stuff done? I've, you know, run program director, project director, you know, getting, getting things done. And to me then I said, well actually I want to get things done, but why don't these people get out of the way and get it, you know, let me get faster, right? So that's the sort of change happening faster. And I realized actually that won't work. How do I then adjust myself to bring people on the journey? So I talk about this being one of my, you know, 20, 25 year, you know, improvement plans for myself. I want to be known as a transformation strategic person, which, which is what my brand is. However, my brand was also. David doesn't always bring people with him because he's in a hurry. Okay, so how do I then still be, you know, passionate, active, dynamic, bring people with me? So I over explain. I, you know, take the time to repeat myself in different forums with the same message to say, is it okay? Do you guys get, guys and girls get this? Do you think there's other inputs I need to take on? And then by slowing down a bit, I get everybody buying into it. So therefore I can go faster because they're bought into it. So I've kind of learned there, there are ways to, if you like, improve yourself, you can take the input from others to say, this is what I have. If I did this approach, would that, would that work with you? Would that, you know, make you feel like you've, you know. So I think that's way to test the water. Certainly, you know, in your case you could have got a mentor to help you tweak your, your, your yourself a little bit. But listen, it's a really interesting problem because, because leaders have, you know, have strong opinions. So you know, it's. To not have opinions actually would be counterproductive. But then how do you make it work in an effective fashion? [00:16:42] Speaker C: Yeah, I like that. And I think I've probably just got those leadership qualities. And I think that's. If I perhaps loved the environment to the point I may not have been able to go out on my Own, like years down the track, right? So I sort of see it as more of a blessing in disguise. But one of the things I really want to understand is loyalty. Now, I'm very big on loyalty. I, you know, when I'm back someone, like, I really back them. And how do people stress test? Well, not stress test. It's not like it's a. Playing a game, but it's just more. So how do you know for sure that people in your, you know, your team or whatever it is, or your counterparts, how do you know that they're loyal towards you? [00:17:20] Speaker A: Gosh. Look, listen, I. I start with giving loyalty to everybody, right? So a higher person, I give them trust. He or she gets my 100% trust. And I don't want to micromanage, but I do want to see results, right? If I see that I'm talking and I'm not seeing Carissa coming to the table, not seeing Carissa, you know, getting the outcomes that I'm looking for, I'd start asking the question, right? So, but you've got to start with that premise around. To me, that's. That's what a good leader does. Starts with the, you know, I want a team to be, you know, strong and individually with the best versions of ourselves. And so if I, If I get a little sidebar, if I can, and I talk about this in my keynotes and stuff is around. Look, the. As a leader you get, you inherit a team. Sometimes you get a chance to rebuild that team from scratch. Mostly you get a chance to just take what you have and make them better. So if I use the lovely example I always took about as this little algorithm for leadership, which is really simple, you got the team of four people, right? You got David and David's, you know, David's sort of five out of ten. Some days he's six out of ten, other days he's. He kind of plods along, right? You got Carissa, she's star man. She works between eight or nine out of ten. And. And you got two other colleagues. Now, each of these colleagues, if I coach David to actually, you know, be his best version, he could maybe be a seven some days, other days a six. But I'm trying to get him to be comfortable that I've got his back, right? That he, that he screws up by pushing the barriers a bit, he won't fall. I'll catch him. So he'll. He'll try to be the best version of himself, 70 charisic, maybe spider be a nine. You know, rather than just this an aid. So if you then have each member operating the very best version of themselves and they're actually then working as a team rather than, you know, chipping at each other and being bad caustic behavior, then you get this very simple equation, which is Charissa's a 9, David's a 7, and there's a times multiplication sum. Right. Guess what? As a leader, you get more done, you get more outputs. Okay. Amazing transformation results. But when you got negatives or people operating at the lowest of their range, because we all operate different days nowadays, some days we're good, some days we're not so good. That's the truth. Right. So how do you, as a leader, elevate people so they feel comfortable being out of the comfort zone and being that in that space where they're maybe pushing their barriers way beyond where they normally would? [00:19:36] Speaker C: Yeah, that's interesting. I think I like when you said, like, getting, making people operate at, you know, their best in their respective roles. Right. I want to talk a little bit more about how do you feel when I asked you this question? And I know people have variants of opinions that do you believe leaders are born or do you believe you can train them? [00:19:58] Speaker A: I'll get back to my. It's kind of like the question around intelligence, right? Intelligence. People born with a certain amount, but you can also develop that. And so if I talk about that first, if I, if I say, okay, I was a 20 year old dad, my wife and I still married after all these years, right? We, we had a, we had a kid and we didn't kind of look nervous about it. So we said, how do we, how do we grow this, this little being, you know, to be safe and, and, and healthy and smart? And so we, we went down this path of, of trying, trying different things. And we went to a little course and we, you know, we basically, you know, my son was three, four months old. And so the course taught you to say, you know, schools operate a certain paradigm, not two or five years old. So how do you actually teach the kids earlier? So therefore we played Mozart, you know, so you're going to play Mozart, listen to the best music. We showed, we showed my son. So we showed him Monet and Picasso and Renoir. And you know, so we, we showed him the, the best. Okay? And then we, instead of just saying doggy, we, we say, oh, here's a photo of an Alsatian, he's a photo of a Dalmatian. You know, we showed them the different genres of dogs and so forth. So he became, you know, very able to classify things. So when my son was 12 months old, he could read, he could, you know, he could read sentences, he could, he could swim, he could, you know, when he was, I think was 15 months, 18 months, we did Suzuki Valley. He did all these things because we, we tried, because we know, we tried to make him brilliant. And so to me, I learned my first lesson around people development as a 20 year old, 21 year old, that actually it doesn't matter what the school system says. You can be anything you want to be provided you focus and use the right approaches. And so to me, leadership's the same, right? If you actually, you're born with certain skills and you're born with certain knowledge and experience, but actually, if you push yourself, anybody could actually be a C suite person. They just need the right coaching, the right ingredients and understand, you know, what is it they need to do around, say, experience and behavior. Side forget the knowledge and skills are important. That's kind of foundation. But at some point when you're interviewing for Siso, you're not looking back at the degree, you're not looking back at their accreditations and looking back at, you know, that they worked in cloud for. That's all foundational. But what you're looking for is you're looking for do they have the right sort of international experiences, experiences and driving change experiences in talking to boards, experience, you know, and their behaviors in doing that. Those things are what makes them a true leader. And you can actually build those and develop those over time. [00:22:25] Speaker C: Okay, so in terms of leadership qualities now, so obviously, you know, with Trump taking over, for example, it's going to use him as an example now. People either really not like him or they really like him. So in leadership, do you think, especially in Australia, because I find Australians aren't like rocking the boat a lot. I mean, corporate America, I mean, you've worked there. It's a bit of a different game. But do you think people feel uncomfortable with knowing that some people just may not like you and your leadership style? And then I also want to zoom out and then compare that between, you know, corporate Australia versus corporate America. [00:22:59] Speaker A: Well, gosh, I mean, I think, you know, Trump thrives on that. He loves the fact that people find him controversial. I think he likes to shock people. He likes to, you know, I remember working at a firm, MetLife in Japan. It was, you know, CIO role, and it was MetLife's largest retail market globally. And the CEO was saying to me, hey, David, we need to think like Trump does. And I was like, I was a bit horrified. Right. And what do you mean? He says, well, what would Trump do in this situation? You know, and that is okay, so maybe I don't want to be Trump. Maybe I don't think the way he does, but what would he do in this particular market or whatever situation? So that was another way of, of, you know, wearing a Persona, if you like, and then trying to operate that way. Now obviously you meet people like that that are a bit Machiavellian and so forth in your career. It's not always fun to work with people like that necessarily, but it is what it is. And then you got to figure out how do you, how do you operate, you know, that fashion without actually becoming that person? Because you've, I've also seen people who start imitating leaders and because they like their style. I think the curse, you know, this is the CIO or whatever and act like that and even talk like that or have the same expressions. It's a form of imitation, you better call it that. And some people do that. But I, I see that my kind of shudder internally when I see that because it kind of, it kind of shows that, that you may have a lot of self doubt in a way that you're just imitating someone else rather than trying to be yourself. [00:24:19] Speaker C: Okay, that, that's interesting. So when, so when the CEO said, you know, what would Trump do? What does he mean by that? Does that mean like trying to polarize people or what is that? What does that statement or slash question varying. [00:24:32] Speaker A: It's a really scenario, scenario thinking. Right. Which is, you know, you know, normal person would go this, these paths. What would Trump do? Trump would do something different, very different. Now I think that's a, you know, you think about all the things you've seen recently and heard about recently. He may go a complete 360 degree view of where traditionally would go. And then, so that's that sort of radical thinking. Now that's really great for brainstorming. That's really great for, you know, when you're thinking about out of the box. That's something that's, you know, you'd never think about Panama Canal or Greenland being part of America, for example. Right. But that's, that's where Trump thought about things. And you know, logically, he's got a view. Right. Doesn't mean there's right or wrong. It just means he's got a radical view of things. And so if you, if you are trying to develop strategy, then that's not A bad place to start with because you want to have a clean slate. [00:25:17] Speaker C: So the other thing I'm curious then, to notice, to build on this a bit more, the interview I did with Shannon Sedgwick, as you know, we spoke about, like, Australians, even from a geopolitics perspective. You know, we're, we're fence sitters, we don't like to rock the boat. Whereas Americans are more like, you know, to your point, a bit more radical. Right. So would you say in your experience, it's not about which one's better, but which one can be more effective? Because sometimes even Australian politics, people obviously saying, like, oh, like, I don't even know what this politician thinks, they don't really have an opinion. Whereas to Trump, it's like, this guy has an opinion. Now, again, some people really like that, some people really don't like it. But which one would you say in terms of an outcome is better? [00:25:57] Speaker A: Oh, gosh. What I would maybe replay is that I did a MBA at Macquarie Graduate School a long time ago, but I remember the teacher was telling us around differences between American style and Australian management styles. And I said, okay, that's really, that's an interesting one. He said, actually, Americans are all about personality, not about integrity in Australian management or the opposite, which is. It's all about integrity, not personality. And I said, okay, that's interesting. Yeah, I get it. You know, which is integrity is all about doing the right thing, right? And personality is all about being charming. And so I kind of worked in many different, you know, Eli Lilly, MetLife, I worked in many American based companies. And I said, that's kind of true. You're meeting these amazingly charismatic CEOs who can talk and slice their Eskimos, for God's sake. They're amazing. Do that. They all have the great integrity to match that. Some, some did. Some actually were just outstanding, right? Like sort of Obama level. And others were, oh my gosh, I wouldn't trust this person at all. And so I kind of believe that theory is kind of true in terms of trying to break down, you know, the vast difference between Australia and the. [00:27:02] Speaker C: US but in terms of getting the outcome, would you say that? I mean, I know the answer depends, but do you think having that bit more radical approach better in terms of outcomes or. [00:27:14] Speaker A: Yeah, it's interesting. If you look at, you know, America, despite its problems and issues, it has, it's still the, you know, that most patents in the world come from America. And so clearly there's some really smart thinking there and some, you know, great design thinking, some different innovation that comes out of that, that place. So I would say that works for that, that aspect of America for sure. Now does that translate necessarily into corporate America? Some, sometimes I've seen that work. Not always, but sometimes it does work that way. That. But obviously in the valley and places like that, these guys are very good at that. And there's a lot of tribes that sit there that are amazing in this space. [00:27:49] Speaker C: So I want to talk to you a bit more about vision. Now you would know in your career there's people out there that talk a big game, but you got to play it right. So how, what have you seen in your career around vision and then communicating that? Because in journalism I look at what companies are saying and sometimes they talk about all these things they're going to do, but then there's no follow on. So and that goes into the integrity piece. So how does that sort of look from how you see it with your background? [00:28:16] Speaker A: Yeah, I worked for some amazing organizations in my career. So, you know, strategies and strategic planning and having that big picture view, you know, and then saying, okay, this is what we're trying to do. We're trying to build, you know, the organization between here and next 10 years, these sort of changes. I've seen some incredible strategies developed which said, here's our 10 year plan to grow. Let's take the example the China market. Okay. I was, I was in China back in 1999 when China was an idea and we were trying to convince people to invest into China. Now of course China's had the rise, it's, you know, maybe flattened out somewhat. Right. But between that period of time, no one believed that this was going to happen, that there's going to be, you know, China would be such a big market and number two in the world. But back then it was, you know, below Germany, UK, et cetera, number 20 or 25, can't remember. But we had this long term plan that says, okay, if we can do these things and execute and measure that on the way and make these kinds of things, specific investments in different markets with different products and different staffing resources, we'll get that growth plus some. And that again that, that strategy. For example, Lilly in China back in 1999 was a 2010 plan. And we thought that China would be, you know, Lilly would be number four in the world by 2010. And we were wrong because it's number two by that stage. Right. And so we were wrong by fact, even though we had sort of three scenario curves around growth So I think I've seen some good examples where people have got the strategy and had the execution ability to actually go and do that and back it over. You know, sort of a long term view rather than being tactical. I think that's, I've seen probably more good examples than bad examples, to be honest. [00:29:47] Speaker C: So then you talk a lot about when people get a new senior leadership role, they've got to have a bit of a 90 day plan. So is there anything that you can sort of share? Because again, that goes into what we just discussed before. You want to be able to back it up so everyone can talk a big game, but how do we actually play it and actually get those outcomes? [00:30:04] Speaker A: Got it. Listen, it's so important. Like I said, I spent 15 years at Ilali, you know, as the CEO of Australia, then China, then Asia, PAC in Hong Kong, then up in Japan and then the US and so every time I moved it was 15 years, five jobs. So I kept moving roughly every three years. And every time I moved I didn't take my team with me. I didn't have that abilities, you know, to bring people with me because they were different countries and so. But I, I built up a methodology which I started writing down and say, here's my 90 day plan. Okay, here's what I'm going to be focusing on. It's one page and by the way, it's plugged in my book. It's in the book for CIS and cisos. So across people, process technology, where do I want to spend my time in my first 30 days, 60 days, 90 days? And by definition where I don't want to spend my time. Right, because you want to be very focused. So I first built this up many, many years ago. Then I wrote about it and probably see some CIO.com articles that I wrote this on. And then I, but what, what I would do is I would actually build this plan, call it a draft plan even. I'll be interviewing for a job, for example, right? Interviewing for a job. And Carissa says, hey Dave, what's your nine day plan? I said, well actually I've got plan here. Now I'm a bit cheap just because I, I don't yet know your organization well enough to know this is true or not. But here's what I want to do around, you know, different things. So I want to go and review the strategy, perhaps, you know, revise that or tweak it. I want to make sure that the stakeholder engagement is efficient. So the right input coming back and forth and Then we're getting input into our strategy. I want to look at hygiene things, things that are perhaps not quite right, that could be fixed. So there's different things you could do there. And then you also need to look at the team, right? What team do you have? Review that, figure out what DNA is missing and how do I tweak it? Because you may not be able to just sack everybody, right? So don't want to tweak it and make changes so people understand what the requirement is. And so by going and putting it in the paper, as I entered into an organization, I would actually share that in my town halls my first day and say, here's what I'm planning to do. I want to be very focused on this. So you're kind of setting a brand, which is, hey, David wants to get this stuff done. He's concerned about strategy, about resources, about hygiene, about metrics and all these different things, right? And you brand yourself, but you also start to tell them, I care about this, so therefore they should care about this. I share that same plan with my boss, my peers and, you know, and executive ranks and say, hey, as I meet with you one on one, I want to make sure that I'm, you know, fulfilling what you see is important here. Now you're going to get people suggesting, can you also add this or can you take that off? Which is, you may want to tweak that depending on your situation, but it sets you up for success. Because if you think about these jobs, CIOs maybe last four years, CISOs maybe two to three years, how do you try to be the one who lasts a little bit longer by actually starting strong and knocking out the park from day one. [00:32:51] Speaker C: So from your experience, where do you think people are spending their time? I think at the start, you said, I'm going to be focused on this, but there's also I'm going to be writing down what I'm not going to be focused on. So where would you say people are spending time on things perhaps they shouldn't be? [00:33:04] Speaker A: From your experience, the great experience, although I wish this was visual. Could I show you a slide as I'm doing the keynote? So I actually have a slide that says, this is a day in the life of a cio. Day in life for ciso. Okay. And they feature my book, too. But it then says, here's all the things you think about a CIO or a ciso. You had all these things coming at you, right? It's a board, board presentation. It's a regulatory requirement It's a transformation project. It's a, you know, some sort of portfolio reporting. It's an incident happening from the other side. It's, you know, sort of stakeholder engagement. You got 12, 15, 20 things around you in your day coming at you now. Obviously some of those things you care about more than others. Other things will just take your time because they do. And so as a leader, you got to make those choices to say, actually, you know what, I just need to not do this and this and this and just focus on this today. Because that to me is going to make a difference. That to me is going to be what I call a moment of truth, right? Where I've actually picking the right thing to focus on. And you know, when you're the CIO or CIO, there's no one coaching on this stuff, right? Anybody screaming at you and saying, I want this audit wants this. Risk guys want this. My boss wants this, my stakeholders want. How do you keep everybody happy? You can't. So how do you figure out. Actually, you know, what's really important today is I focus today on this. I'm sorry, I know your board report's important, I know this is important, but actually we have a pretty serious incident right now, so I need to focus on that. And other things will just have to slide because I can't do that. That takes a bit of courage and a bit of sort of your own decision making ability to make a quick decision and say, okay, today it's going to, it's going to define me. I'm going to do this, get this done, and if I do that, I'm doing the best thing for the organization. [00:34:43] Speaker C: So, David, I just want to quickly touch on you talk about moments of truth, survival skills. What's that? [00:34:50] Speaker A: Oh, kind of touched on that a minute ago. But look, in the day, right, is that if you're a ciso, you don't have many comfortable moments in a day. You've got a lot of stress, your team's under stress, you have incidents and issues to deal with. You've got, you know, too many projects to handle, staff risk, shortages, right? So survival skills operate at two levels. One, individually, how do I manage this stress? But don't appear to be stressed and just be able to think clearly, sensibly and make the right decisions. And, you know, that means I'm going to be open to my team's input because I want the strength of the team, but also be strong enough to make the decisions that, you know, that matter. Because at the end of the day, right? You're going to be accountable for that. So I think that's the first, the first aspect and then you want to make sure that from a survival skill standpoint that you're helping your team. Your team's, you know, if they got the religion with you, working with you, right, they get your agenda, they get your change agenda, they get that they need to be pushing on things so they, they will also create some friction. So how do you help, how do you help them with their moments of truth as well to back them up, Right. So now sometimes your team is screw up and maybe do things that create friction and noise that you might agree with the other party, but how do you then work through that with them? So you can, you know, help everybody get to the best outcome by pushing the barriers a bit and knowing, you know, this is the path. You know, we think about elasticity, right, and resilience. How do you like a rubber band, stretch back and forth somewhat but don't break. That's the important part. [00:36:18] Speaker C: So, David, do you have any sort of closing comments or final thoughts you'd like to leave our audience with today? [00:36:23] Speaker A: Look, I'm just about to go live with an announcement about a fun sort of not for profit thing I'm going to work on. So I've been working the last few years as the chairman for the FS isac, which is the financial services sort of group that works around sharing cyber intelligence. And I've just been asked to be an ambassador for the CI Critical Infrastructure ISAC group. Now we think about this, this is all around critical infrastructure. I Remember earlier there's 12 different sectors. So, you know, in the day, it's power, it's water, it's, it's networks, it's data centers, right, Hospitals, all these things we rely on to be, you know, operation resilient. As a cio, a ciso. If we don't have the power, electricity, all that stuff working, data working, then actually we can operate and doesn't matter how good our plans are and what we invest in. So there's sort of ambassador roles trying to help us to work as a. Across the silos, if we kind of call it that. How do we work across the silos to, to get intelligence and share intelligence across industries so we can actually protect Australia better than we do now. And you know, so we work in our silos and now our silos being our companies, but how we didn't operate more broadly. That's pretty exciting if we can start to do that, because things are really you know going to be a massive challenge going forward. Forward in future years around how do we protect ourselves without giving up our individual concerns? But actually more broadly, Australia as an entity will come under more attacks. I think. [00:37:49] Speaker B: This is KBCast, the voice of Cyber. [00:37:54] Speaker C: Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today. [00:38:02] Speaker B: This episode is brought to you by Mercset. Your smarter route to security talent MrKsec's executive search has helped enterprise organizations find the right people from around the world since 2012. Their on demand talent acquisition team helps startups and mid sized businesses scale faster and more efficiently. Find out [email protected] today.