Because technology and the market are changing at such a rapid pace, staying focused and ahead of the curve will help you avoid losing momentum
This is an exclusive interview conducted by the Editor Team of CIO News with Fabian Weber, CEO & Founder at WHYSEC LTD
How did you plan your career path to be a successful technology leader?
“Change is constant,” as the expression goes. Everything I had planned (from becoming a CISSP in security to obtaining my master’s degree to pursuing a CIO position, among other things) changed during the process. And I feel like the intervals get shorter with growing knowledge. Therefore, I stopped “planning” my career and changed to focusing on my identity. We can plan and set goals on three different levels: action level (behavioural level), result level, and identity level. I asked myself identity-related questions:
- Who do I want to be?
- Which kind of people do I want to attract?
- How do I want to make people around me feel?
These helped me plan my career path better than just “S.M.A.R.T. goals.” Do not get me wrong, goals are important. Goals follow the vision of your desired identity. So let me give you one example. Instead of saying “I want to stop smoking on January 1, 2023” (which is results-oriented), I changed my mind to “I am a non-smoker,” which can also be included in “I live a healthy life.” So I changed my perspective on how I see myself, both professionally and personally. I think both are crucial to succeeding in what we are doing. “Believe you can, and you’re halfway there.” This phrase is also really important in every situation when you have negative implications from the outside. If you want to be successful, separate negative emotions from your actual self, and above all, do not take things personally. Realize that you are already successful with everything you have done until now.
In my case, I cannot discuss career planning without first defining my identity. And the desired identity will change again; it did already change with the experience I gained from being self-employed.
I believe that having a plan is critical to success; however, you must grow while following your path, do retrospectives, and revise what you have planned. One big topic I learned when I tried to plan my career is that I should not listen to people who are not where I want to be or how I want to be. Family, friends, professors, loved ones—whoever it is, it does not matter. It sounds hard, but it is simple. Identify who you want to be for yourself; common advice will not help you because everybody gives advice from their own perspective (the same as I currently do in this interview). This information manipulates you somehow; therefore, you need to outline your own way.
In summary, I had a career plan based on what I was taught and what I learned from my surroundings. This plan changed quite often, and then I changed how to set up a career plan with the focus on my own identity.
What challenges you faced in your career path and how did you overcome them?
- The first point was very early. After school, I did not know what to do. In fact, I had not yet discovered my strengths. The grading system tends to show us what we can’t do. We are not necessarily promoted for what we would like to do or what we are supposedly good at. So I had to help myself, and a rough plan was made. I understood that no one will do it for me; I have to figure it out by myself (common advice did not help, as I did not want to do the same as my circle).
- Then the second challenge appeared: I received a letter from the government and had to do my military service. Out of sight, out of mind, and receiving my first “real” salary, I extended my contract to work for the army. That was an exciting ride for me—teamwork, cooperation, and overcoming obstacles. I wanted to become an army officer, which is one of the highest grades, and you are able to study at a military university in Germany.
- Third challenge: due to a too-bad baccalaureate, I was not even invited for a job interview, and that was despite the formal accreditation I received during my service (looking back, not so bad). So I had to plan ahead. I am creative, and design-related jobs are certainly what I enjoy. But my baccalaureate wasn’t enough to get me a corresponding university place, and my mindset did not allow me to think outside the box. Since I had learned some computer and software-related topics autodidactically, the way to study computer science was the most obvious. Thus, without any further challenge, I applied to university, got accepted, and started studying. As it turned out later, the dropout rate in the first three semesters was 70%, which also explained why I was accepted with lower grades. The studies themselves went perfectly. Curiosity and freedom of choice had a great impact on my grades. However, I needed practical experience to follow my intended path, so I completed the internship semester (unlike most other students, who were focused on software development) in a classic IT department. As a youngster, incident and change management, Active Directory, and datacenter operations were all foreign words.
- Challenge number 4: in my studies, I had only learned programming in addition to mathematics. The internship semester went so well that I spent the rest of my semester working at the same company. I was able to bring about sustainable improvements, train my own successors, and am still in contact with the boss today. I was even invited to the wedding of my first mentor in this company, and we are still in touch (thanks, Martin; I really enjoyed working together with you). Some personal hints for this challenge: documentation, networking, going the extra mile, asking for new tasks, not being afraid to ask stupid questions, and showing results are crucial to evolving. I am happy that I was able to work in IT support, as I gained essential knowledge about all areas of an IT department, from gathering user requirements and solving problems to running a professional IT environment. I think these skills are mandatory for my daily work. Consultants or cybersecurity experts need to understand what impact changes due to security reasons have on employees and administrators. After that, I wrote my bachelor’s thesis about ISO 27001, and I got the following offer: “If you want to build up our ISMS, you are also responsible for our whole IT.”
- Challenge number five is accepted. I started my job entry as “everything,” including CISO, first-level support, IT admin, project manager, resetting passwords, trying to figure out how to setup companywide IT projects, and other things. I am thankful for this opportunity. It helped me grow quickly and interact with senior managers from day one. I made mistakes, and each failure was critical to my development. After five years, the IT department had grown from one person to fifteen, and we had established a perfectly organised first and second level. Then I changed hats and went from SMB to enterprise. From being audited and leading an IT team to conducting international audits and being a security architect, A more complex environment, a different role
- Challenge number 6 in my career path is the pandemic. Having an exciting audit programme in front of me ruined everything. After a short period of working from home, I realised that this would last longer. So, instead of Netflix, I tried to use the time wisely (lockdown, no business travels), and instead of Netflix, I took time to reorient myself, went for long walks, and cleaned up at home and in my mind. My final thoughts: I am ready; I need to start my side business. I loved my job, but I was also eager to learn new things outside of my regular employment, and I want to spend my free time improving my skills. Meanwhile, three years of pandemic passed quickly, and a few major events occurred:
- Within this phase, I cancelled my employment and started my business as a full-time self-employed freelancer. In parallel, I hired the first employees, and we are developing our own software (a SaaS solution to assess your Microsoft 365 security status).
- After one year, I closed the company in Germany and moved to Cyprus for personal and professional reasons.
- Challenges within the last three years? A lot and believe me, I was prepared: I talked to CEOs, I read books, I planned, I scheduled, I prototyped. However, developing a software company bootstrapped (we are now looking for an angel investor), being a freelancer, and having multiple new responsibilities in HR, finance, sales, and other roles at the same time is a challenge. And the output is great—understanding how a business works from a business owner’s perspective helped me develop new skills. And I think I have not overcome the challenges attached to this new position yet; the process is the goal. Adapting and learning at 5x speed within the last few years was great. Any hints on that challenge from my side? Yes:
- Trust your instincts (as a rational person, I had to learn this the hard way),
- Be willing to do the extra work and make decisions.
That’s what I can say about my career challenges from the beginning, how I overcame them, and what I have learned from them. I hope it helps a few people out there to go their own way.
What are the challenges faced by technology leaders today while implementing digital technologies? How can technology leaders overcome the challenges they face?
I would start with a definition of “technology leader”: Somebody who has excellence in the field, awareness of the business and technological environment, and the ability to optimise speed, quality, and resources. For me, it is somebody with a focus on the overall vision of the company, connecting technology with business processes to deliver effective solutions, and who still demonstrates technical expertise and leads by example.
In my view, challenges are:
- Having the key leadership skills (a technology expert is not a tech leader)
- Communicating effectively and reaching out to the team (from a personal standpoint) in today’s hybrid work environment (there is a big difference between coming into a room in person and communicating a vision and talking about it in a video conference)
- Delegation with only remote calls to the team
- Because technology and the market are changing at such a rapid pace, staying focused and ahead of the curve will help you avoid losing momentum.
- Stability and empathy are hard to transfer in the current hybrid work scenario, which is also challenged by the rising pressure from the current recession.
- Hiring the right people despite the current skills shortage
- Taking time away from work to be creative and recharge while being online and connected everywhere, everywhere (this is also directly related to thinking in your own bubble, as exchanging ideas with other experts, networking, and receiving feedback are all extremely valuable).If you do not take time off, you will not grow; you will be stuck in what you are doing.
The points mentioned are challenges faced by technology leaders who strive to guide a team, pursue strategic purposes, and want to extend opportunities. I derived these thoughts from what I have seen in the different startups and scaleups where I have been involved in the ISO 27001 process or consulting activities. It is really interesting to see the different leadership skills, and every leader is great in a different field, but I think all of them handle a few of the mentioned challenges in the same way:
- They understand the business and the requirements.
- They form the team and identify potential participants.
- They enable employees to exchange, align tools as well as processes, and they hire highly skilled people (also via outsourcing).
In my opinion, every technology leader needs to continuously work on his or her lacking business knowledge and leverage the soft skills for leadership positions if he has a very technical background.
Any best practices, industry trends, or advice you’d give to fellow technology leaders to help them succeed professionally?
AI is already disrupting the market. I think it is really important to observe the following topics, align the business strategy, and handle the risks:
- Is your business model at risk due to the competitiveness of AI solutions (this must not necessarily mean AI will replace your business, but somebody using AI can do things you currently do in a better or easier way with more output)?
- Is your IT environment more threatened by new attack paths (e.g., if you develop a SaaS solution and need to harden your environment)?
- How can AI help you, and in which departments (it will not do your work for you, but it will assist you and potentially leverage)?
- Are your users educated about the risks and chances of AI (this is essential for all employee-related risks and also for technical experts to give them the chance to work with new technology)?
- If you are working on AI solutions and using them, how do you implement security and on what levels?
Technology leaders can only fulfil their role if they identify potential trends and enable the team to provide the information that is needed to guide the company through this phase (from an investor, customer, and internal perspective).
Another one is information security and compliance (no matter if we talk about frameworks like ISO 27001, SOC2, NIST, or TISAX). With the current threat scenario and the risks of supply chain attacks, as well as the ongoing cyberwar, compliance is more important than ever. Technology leaders need to understand that compliance enables their organisation to secure their processes and secure their organisation from irreparable damage. Technology leaders should have short communication paths with their CISOs and vice versa. You better start implementing the right infosec processes and controls right now. They will be required from external stakeholders (customers, the legislator, VCs), and they are mandatory to reduce the blast radius of attacks, protect your workplace, customer data, and thus the entire company. A technology leader who does not understand how technology, business, and compliance integrate is not a technology leader.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics