By stepping beyond a functional leadership role, tech leaders can drive technology deep into the organization
This is an exclusive interview conducted by the Editor Team of CIO News with Kapil Bareja, Advisory Board Member at Cyber Security Tribe
Managing scale, building trust, and enabling the business: The modern CISO is uniquely positioned to bridge gaps across technology, processes, automation, and cybersecurity. Cyberrisks proliferate as businesses digitise and automate operations; the cybersecurity organisation can support a secure digital agenda.
How did you plan your career path to be a successful technology leader?
Paving a path as a technology leader in cybersecurity is first and foremost a matter of setting a course. It’s a long and windy road. There is no map. I didn’t know exactly how I would get there, but I started out very young in technology. I’ve done research and introspection and tried to organise my thoughts on how I’ve changed and which philosophies I’ve taken on board to enact that change, because none of it is taught to you in school or university and some of it almost feels counter-intuitive. Many of the problems you will find in progressing your career are due to smoke and mirrors. I’ve always had a passion for IT and, more specifically, the security aspects behind the technology we all use each day.
At the time, the field of cybersecurity was expanding rapidly. It encompasses standalone and networked computers, local networks and the internet, and software; private and public organizations; online and offline concerns; internal and external threats; domestic and international relations; intentional and accidental events; all forms of attack (including electronic, physical, and social); and much, much more.
Fast forward to 2023, when I was named a Global CyberRisk and Strategic Leader and nominated for Top Cyber News Magazine’s “2023 Global Cybersecurity 40 Under 40” award. By reducing risk by building trust and empowering your people with understanding and connection, we create a culture of safety and privacy. This shared experience promotes trust and moves your business forward with confidence. Consider helping to set up mentoring relationships, making yourself available as a mentor, and showcasing role models that those in the minority can identify with. There’s no one path to a career at the top of the heap. Throughout my journey, there were carefully planned job changes but many unexpected twists.
In my experience, reaching your technical leadership career objectives involves the intersection of your skills, passion, and societal (or situational) need. There are lots of insightful enterprise technology forums and events being organised in metros, which facilitate peer-to-peer knowledge exchange and keep an IT leader abreast of the latest in the industry.
“Skate to where the puck is going, not where it has been.”
What challenges you faced in your career path and how did you overcome them?
There are many bumps on the path. Sometimes they’re roadblocks. Sometimes the bridge is out entirely. But every challenge is an opportunity. New technologies have been at the centre of trends—from mobile-first consumer shopping preferences to the promise of artificial intelligence in critical decision making—that have reshaped the competitive landscape and disrupted business models.
I think the CISOs are the ones who have learned about policy and controls, but at their core, they are very strong technologists. The CISO role must evolve with the threat landscape and technologies. You must understand the technical side of cybersecurity. But information security and protecting against cyberthreats are also about people and processes, not just technology, so you have to understand all three dimensions in order to fully appreciate what you have to do to protect the firm.
Despite this pressing need, of the organizations that have pursued digitization, 79 percent of them are still in the early stages of their technology transformation. Legitimate factors are delaying progress, from the scale of the change to the mind-boggling complexity of legacy systems. I believe, however, that one of the biggest issues is that many CISOs have not accepted the degree to which their role needs to expand beyond cost and performance responsibilities in order to transform IT into a core driver of business value.
Sometimes you have to go slow to go fast. It’s the old race-car analogy. You can go really fast in a race car because you’re wearing a fireproof suit, you’re in a protective cage, you have an automatic fire-extinguishing system, and you were trained. This allows you to drive very fast.
The tech-transformation landscape is bigger than you think. Cybersecurity is the most frequently activated feature. Our experience shows that thoughtfully integrating cybersecurity into ongoing IT and engineering practises (such as embedding cybersecurity practises into the development flow in a DevSecOps approach) leads to the best outcomes.
Limit the scope of the work to something aggressive but manageable. Tech transformations are large and complex initiatives. Unless they’re scoped adequately—not so big that they become too complex to manage and not so small that their impact is negligible—progress is hard. Hitting this Goldilocks zone requires companies to select a domain (such as a complete customer journey or business function) that is sufficiently broad to account for all necessary dependencies yet discrete enough to be manageable.
What are the challenges faced by technology leaders today while implementing digital technologies?
Success with digital transformations and transformations in general, has always been hard to come by. The challenge has only become more acute over the past two years, when companies’ adoption—and the strategic importance—of digital technologies accelerated dramatically. Now, organisations are under even more stress to make consequential business decisions not only at a faster pace but also in business areas that may have no previous experience with or knowledge of digital technology or transformations.
Failing to find the right frontline tech talent is a perennial obstacle to improving companies’ digital performance. Yet it’s not just about frontline talent: tech-savvy executives play an equally, if not more, important role in today’s tech-driven business environment. It’s harder to attract and reskill tech-savvy executives than it is frontline technical talent, and it’s equally hard to integrate each group into the organization.
The third-most-cited challenge is cultural differences between traditional IT and digital teams. Traditional teams have struggled to keep up with the pace of how digital teams work.
How can technology leaders overcome the challenges faced?
Manage talent and culture modernization with the same rigour as technology modernization. Talent- and culture-related issues stand out as the top challenges for digitising organizations, and the findings highlight a critical need for retraining. But few technology organisations undertake talent transformations. To begin, they should take inventory of the skills employees possess and compare the results with the technology skills the company will need to attain its goals. Understanding the gaps can help executives direct talent-development efforts to where they will be most useful.
Strengthen the IT–business partnership with collaborative processes and structures. A digital transformation presents opportunities to establish processes for delivering business value (for example, iterative funding, up-front business cases, and pre-project tech diligence), not just code. Creating and applying these processes together with business partners can help promote ongoing collaboration. Companies can increase alignment between the technology organisation and the rest of the business not only by including the CISO in strategy discussions but also by bringing employees from IT and other business functions together on cross-functional teams that are jointly responsible for the delivery of new technology.
Measure the business value created with technology and share it broadly. Technology-performance measurement often focuses on cost and risk rather than value generation. CISOs should ensure their organisations measure and know the value they create for the business—and make sure the rest of the company knows it, too. As technology organisations shift to more agile, iterative ways of working, it’s also important to adjust how—and how often—they measure performance. Some organisations use quarterly business reviews, attended by both IT and business leadership, to highlight and pressure-test the value created by technology teams.
Any best practices, industry trends, or advice you’d give to fellow technology leaders to help them succeed professionally?
Technology leaders are being called upon to serve as kinetic leaders—a supercharged change instigator—pursuing transformation while ensuring resilience.
Distinguished by an orientation toward growth and leaders who advocate for, prioritize, and appreciate the value of technology, these leaders are at the leading edge of leveraging technology for business growth. They have different operating rhythms and strategic priorities, not just in the technology function but across the entire enterprise.
Opportunities abound for tech leaders who have the tenacity to lead across the enterprise. By stepping beyond a functional leadership role, tech leaders can drive technology deep into the organization. This requires organisations to embrace enterprise agility by rethinking their approaches to talent, learning, collaboration, and strategic technology funding practices.
The leader’s job is not to be the source of ideas but to encourage and champion them. Leaders must tap the imagination of employees at all ranks and ask inspiring questions. They also need to help their organisations incorporate diverse perspectives, which spur creative insights, and facilitate creative collaboration by, for instance, harnessing new technologies.
Whether you hold a management position or not, leadership skills are vital to workplace success. While some people think of leadership and management as one and the same, there are differences between the two. Whereas management is centered on implementing processes, leadership is more focused on the people and vision that guide change.
Networking is another critical business skill that all professionals should exercise. Whether you want ideas or advice on a specific challenge or are preparing for a career change, the people who make up your professional network can be valuable resources.
To make the most of your network, be open to opportunities to step out of your comfort zone and build new relationships. Once you have your network in place, it’s important to maintain the relationships you’ve formed and find new ways to expand your web of contacts.
Any other points that you would like to highlight?
For executives in 2023, the challenge will be not just betting on individual trends or ramping up software engineering talent but thinking about how all these technologies can create new possibilities when they’re used together—what I call combinatorial trends.
The economic uncertainty on the horizon in 2023 is going to require boards to become more thoughtful and nuanced about cybersecurity decisions. While we can expect a flattening or reduction in investment in security budgets, the bigger issue on the table for boards is how to keep energies focused on what matters for tech. This focus is important because many game-changing technologies, such as cybersecurity, AI, and cloud, are hitting tipping points for mass adoption.
That requires the board to keep the business pointed forward and prioritize budget for upgrading IT foundations that enable speed, security, resiliency, and reusability. These aren’t the sexiest things in tech, but automating processes, investing in data foundations, cleaning up technical debt, and continually renewing the security architecture are needed for the business to have a chance of taking full advantage of the new technologies coming online.
To come up to speed more quickly, cyber technology leaders may want to reach out to others with relevant expertise—for example, vendors and partners who can share best practices. In the spirit of agile development, cybersecurity teams may also want to take on these activities in “launch-review-adjust” mode. They could update threat and risk profiles in one- to six-month sprints, thereby ensuring they are responsive to the latest trends and technologies.
The C-suite and the cybersecurity function can no longer talk past one another; security must be a shared responsibility across the business units. It must be embedded in various business processes, with the overarching goal of building a culture of resilience. The companies that take steps now to build greater trust between the business and the IT organisation will find it easier to foster a resilient environment and withstand cyberthreats over the long term.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics