Technology leaders cannot just be conversant in technical terms
This is an exclusive interview conducted by the Editor Team of CIO News with Aloysius Cheang, CSO at Huawei UAE
How did you plan your career path to be a successful technology leader?
My advice is to know what you want to do or accomplish right from the start, as early as your college years. So, once you have your career goal and objectives, you can start working towards them. So, in my case, I have set myself the target of becoming a Chief Information Security Officer (CISO), which is a technical leadership role, in ten years. So, this is how I have started.
What challenges you faced in your career path and how did you overcome them?
There were a few major obstacles when I started. The first is that in the early years of my career, cybersecurity was not mainstream and was often shrouded in secrecy because it originated from defence and national security backgrounds, where people at the time practised security through obscurity, which further reduced anyone’s interest in or understanding of this profession. Hence, there were no disciplines that directly fed into this industry—not engineering, not computer science, and not mathematics. So, I was not able to get any good career advice while in university. This is exacerbated by the industry’s requirement that anyone interested in joining this profession have at least two years of relevant experience. How can I get 2 years of relevant experience fresh out of school, and what do you mean by relevant? Was there any indicator or definition that was clear and easy to follow and comply with? And my third and last challenge was whether I could make cybersecurity a career choice. As mentioned before, the industry is shrouded in secrecy, and there are not really a lot of opportunities at that point in time.
I had to develop my own solution to address those three challenges I have highlighted above. My first and third problems are all about creating a bigger pond for myself. Turn it into a sea. So, what I did was create a community. Create a career roadmap with that community on which everyone can see themselves at various stages. Galvanized efforts by obtaining government support and transforming it into a National Infocomm Competency Framework that defines skills development and, ultimately, human capital development (capacity building), thereby resolving challenge number two. Leveraging the National Infocomm Competency Framework as a basis for the development of a National Infocomm Security Masterplan, the idea is to turn my problem into everyone’s problem and find strength in numbers by leveraging everyone to solve my little problem.
What are the challenges faced by technology leaders today while implementing digital technologies?
I think there are three challenges. The first challenge is not linking it back to business. Many technology leaders went ahead with their digital refresh exercise or digital transformation strategy without engaging business, which is thoroughly wrong! Any digital transformation is done on the back of demand from business; without any business drivers, there will not be any users, and without users, any digital transformation will be futile when it is not harnessed as a critical business advantage.
The next challenge is linked to the first one, which is how to justify it to the board, get the board’s buy-in and support, and therefore the budget. Getting the board’s buy-in depends on how well it is sold, depending on whether the proposal addresses business concerns while at the same time addressing business risk issues as well as those identified under the organization’s risk register. Thus, the technology leaders cannot just be conversant in technical terms. Besides being technical leaders, the technology leaders are also business leaders as members of the executive management team and need to speak a common language with other members of the executive management team, which is the language of risk.
Leading from the previous challenge, the last challenge is addressing the governance, risk, and compliance issues from digital transformation and speaking the language of risk. How well can the organisation address the identified business risks and regulatory compliance issues that may derail the business? How to govern any successful digital strategy, in particular the digital transformation plans, such that the entire organisation takes part in the process and owns their little pieces as business risk owners while developing and building controls that can effectively manage the effectiveness of any measures addressing the risks identified?
How can technology leaders overcome the challenges they face?
As discussed previously, technology leaders need to treat themselves not only as technical leaders but also as business leaders. As such, to integrate with other members of the executive management team, you need to align and speak the same language—and that language is the language of risk. For all technical matters, try to have an additional layer of abstraction based on risk so that others can understand where you are coming from, the issues that you want to highlight, and the solutions that you are proposing.
Any best practices, industry trends, or advice you’d give to fellow technology leaders to help them succeed professionally?
No man is an island. Be part of the cybersecurity fraternity. Take part in as many community activities as you can. This is a start. From the community activities, build your network and keep yourself up-to-date with the latest trends and solutions, which will shave off a tremendous amount of time from doing your own reading and research. Try to learn from the experience of other CISOs and see how that experience applies to your organization. Remember to give back to the community while you’re taking. Be a community leader and chaperone the younger generation. Do not feel the threat of them replacing you; rather, think of how to keep ahead of them, increase your value to your organisation and community, and make yourself indispensable. This way, you are contributing to useful capacity building and not grooming someone who is younger and cheaper who can replace you anytime you drop a gear or drop a ball.
Any other points that you would like to highlight?
Cybersecurity is a team sport. Be part of the team rather than a spectator. We are entering a golden age for CISOs. Dream big and stand tall. However, while your head is among the clouds as giants of the industry, do remember to keep your feet firmly on the ground. Fall back to solid fundamentals for resiliency to pull off any of your cybersecurity transformation plans as you plot a safe route through a hazardous route to the Metaverse.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics