Everything You Need to Know About CIOs, CTOs, and Cybersecurity
Kumud Kalia has been a CIO in a number of different industries. Today, he’s working with Cylance in cybersecurity, which is at the cutting edge of using A.I. to prevent threats and attacks.
Kumud Kalia (LinkedIn) is the Chief Information & Technology Officer at Cylance, responsible for the strategy, implementation, and management of the infrastructure and applications that support Cylance’s business processes.
On this episode, he and Ian talk all things AI, including how Cylance is using AI to protect everything under the sun, and the challenge of finding the right way to use technology to achieve business outcomes.
Topics Discussed: Cybersecurity, AI, machine learning, CIOs, relationship building, business outcomes.
Introducing Kumud — (1:15)
- Kumud is a multiple-time CIO and is now both CIO and CTO at Cylance.
- Has a few references on LinkedIn as an “IT Guy,” which, 30 years ago was a catchall phrase and described an atmosphere when there was just one IT person in a company who was able to do everything necessary to run IT for an entire company.
- “Back in the day, you could pretty much know all you needed to know about IT just as a single individual. But now there are so many specialized disciplines you can create a whole career in a single discipline.”
How the role of CIO and the IT world has changed — (3:40)
- “When you’ve been trying to do the role of CIO for as long as I have, eventually you’ll get it right.”
- Every time Kumud moved into a different CIO role, he changed industries as well. That meant that the problems were always different but the goal was the same: to help the company grow.
- Everything the CIO does is to improve business outcomes.
Why become a dual CIO/CTO — (5:30)
- In a tech company, the CTO is the executive that sets the strategy in terms of what tech is being used and built. It’s a technology role but it’s market-facing. The CIO role is usually internally facing and is trying to run the enterprise and business operations of a company.
- His boss floated the idea of him doing both roles and in a start-up environment, you have the freedom to take on many different roles.
Kumud’s history doing customer support — (7:15)
- Tech companies often sell to CIOs, so there’s some logic to having the person selling to the CIO having a say in what products are going to serve the market.
- “If you’re responsible for business outcomes, and you own more of the business, you’ll become more of a stakeholder in the success of the company. That makes you much more pragmatic about making the tradeoffs you need.”
Advice for CIOs looking to be more pragmatic — (10:15)
- “People often don’t care what you’ve done in the past. It’s all about here and now, and there’s a lot of urgency about the now.”
- There are common sense things any leader should be doing, the first of which is getting along with your peers and understanding their challenges.
- CIOs need to be in the conversations that have to do with business outcomes and not solely focused on the technology. “If they’re not in those conversations they aren’t really the CIO, they’re just a senior technology guy.”
How Kumud has built relationships with other CIOs — (11:45)
- There are a ton of events and networking opportunities that provide chances for you to meet and connect with your peers.
- You can also take it upon yourself to reach out, invite individuals for coffee and adapt your meeting to their style.
- “It’s like dating. You get to know the person, get to know what they need, start delivering on that and build some trust. Once you’ve got trust — which you build through reliable execution — then you can do some interesting things because you don’t have to persuade them anymore.”
Early mistakes Kumud has learned from — (13:00)
- “Sometimes if you characterize something as a mistake it’s a tactic. If you tell people the truth upfront they would never buy into what you’re saying.”
- There’s a way to unveil things in stages that has been helpful. If you tell someone that a thing won’t be ready for two years, they might never agree to do it. But if you tell them you can have a certain part of the thing ready this quarter, and then keep delivering more and more parts, there is a greater likelihood that your partnership will last because your project looks realizable.
What were the business wins Kumud tried to achieve early on? — (15:10)
- “In a start-up, it’s all about now and what have you done for me lately? So there’s always the pressure of the urgency of now.”
- You have to fulfill the promises of the people you have made wait. But you have to make tradeoffs because you have limited time and resources. That’s where you need patience from your team.
Kumud’s past with acquisitions and integrating into larger companies — (16:40)
- Usually, Kumud has been in the acquiring position.
- He was on the other side as well, and it felt really new to him. Even though he knew all the steps and how acquisition and integration happen because he had run those operations before, it was an odd experience being on the other side being asked the questions he usually was asking others.
- “If you’re one step removed from the people collecting the data, you don’t see how annoying it is and how disruptive it can be.”
- Business pragmatism can trump acquiring the best technology. Sometimes it’s better to be in-market now than wait two years for the newer bigger thing. There are consequences to that choice, but the business goals need to lead your acquisition strategy.
- “At times, the technology part of me can be ashamed to accept the outcome, but it’s the right business outcome.”
What Blackberry Cylance is building and the problems they are attempting to solve — (22:10)
- Cylance was founded based on the mission to protect all people, devices and things, including computers, IoT things and everything under the sun. It was built as an AI-based platform that predicts threats.
- Cylance’s customers have been protected by a lot of threats and attacks that have hit others hard.
What made Kumud excited to join the team — (25:15)
- Kumud left the energy business to go into tech and security.
- “I could see the wave, the threat landscape changing and thought this could be a interesting space to get into. There is a lot of fear and ignorance about the space and I thought this was a good space to get into the make society better and safer.”
- Kumud also wanted to try the start-up world.
- “In a start-up, you have to do a lot more yourself and rely on yourself a lot more. But you have the ability to influence a lot more and you can have a bigger impact on the whole company.”
- In a small, fast-growing company, you can see the problems people are going to have before they even experience said problems, which give you a chance to proactively improve a company rather than doing the cleanup, which a lot of CIOs need to do when they join large companies.
- There are pressures on startups to put products out and that can create a lot of technical debt and problems that you need to deal with later.
Cybersecurity as a subscription service — (30:00)
- For many companies, cybersecurity solutions still often have the snake oil salesmen problem. CIOs are scratching their heads because they add money to the security budget but they don’t really know if they’re any safer.
- It’s hard for people to know where to draw the line and decide how much security is enough.
- Most board members do not have experience in cybersecurity so they don’t have the knowledge they need to make the right decisions.
- “You have to treat security like anything else — talk about business outcomes and show people what value you’re adding.”
- If you want to persuade people, you have to establish what you’re going for. Most people think breaches are inevitable, so you have to make the person you’re persuading believe that prevention is possible.
How machine learning is enhancing the world of cybersecurity — (36:40)
- “The security profession is known for being a very reactive profession. They usually wait for something to happen and then they think the fastest they can respond will limit the damage that can be done. That’s not prevention, that’s rapid response to an emerging situation.”
- There is a way to use AI to just stop or prevent events from happening, rather than alerting you to events already in progress.
- CISOs should be saying we should be spending less and thinking “we need to do the most with the least.”
- “You should reward the people doing the most with the least because they’re the ones creating the most shareholder value.”
What Kumud wishes he got asked more — (44:15)
- “Nobody ever wants to know how stuff works, they just want to get it done. Sometimes a bit of curiosity is good.”
- “There is an iceberg effect of technology. Only the smallest part of IT is visible and in the biggest part, where all the smart stuff is happening, people don’t care.”
- Digital transformation is the responsibility of everyone in the company.
- “CIOs should see their jobs as removing friction for their employees and removing barriers that are preventing you from accomplishing business goals.”
Lightning Round — (49:10)
- Kumud enjoys the Kindle app.
- Freakonomics, Revisionist History
- Recently read Sapiens
- Half Moon Bay is a great one-day getaway.
- Got to fly in a fighter jet a couple of months ago.
- Working with a company called Espressive on a new kind of AI.
- Advice: “Be careful what you wish for. Being a CIO is like a mental affliction. You’ve got to be a particular kind of individual to be a CIO, and just loving technology is not enough. You have to be okay with giving your ideas away. You have to be okay with not getting thanked but getting blamed. You have to have a high tolerance for pain.”