"To Infinity Paradigm and Beyond", a community driven podcast series by the industry veterans that you trust. Stay for the revealing interviews, expertise and education. Enjoy the light hearted conversations about life in and out and of the industry.
Feb 11, 2020
Episode 2 - A conversation with Jothi Dugar
Jothi Dugar is a multidimensional executive, business owner, author, international public speaker, and entrepreneur, whose diverse career has included senior leadership roles in Cybersecurity, IT, Project management, Training, and Engineering. A pioneer in her field, and one of the few leading women across the globe in the Healthcare Cyber Industry, she is the Chief Information Security Officer for Information Technology, at the National Institutes of Health, Office of the Director, located in Bethesda, MD.
- Episode Transcript
Share this episode:
Jan 14, 2020
Episode 1 - A conversation with Kevin Jackson
Kevin L. Jackson is an American business executive and writer. He served in the US Navy for fifteen years, before becoming a senior business executive in the computer industry. Jackson is currently the CEO & Founder, GovCloud Network, a consultancy formed to assist agencies and businesses leverage the parallel and global nature of cloud computing.
- Episode Transcript
Share this episode:
Sept 10, 2019
Episode 18 - A conversation with Evan Kirstel
Evan Kirstel is a B2B thought leader and top technology ”influencer” with a direct social media following of more than 400,000 (280K Twitter, 55K LinkedIn and 95K Instagram followers). With an organic reach in the tens of millions and a network of fellow Influencers at InfluencerSQUARED, Evan is helping B2B tech brands like AT&T Business, Samsung and Intel achieve massive visibility and scale across the social media landscape in areas like mobile, blockchain, cloud, 5G, HealthTech, IoT, AI, Digital Health, crypto, AR, VR, Big Data, Analytics and CyberSecurity.
- Episode Transcript
Share this episode:
Aug 13, 2019
Episode 17 - A Conversation with Yves Boudreau
Yves Boudreau is a 20 year veteran of the Digital, Telecom and Cable TV industries. From modest beginnings of one of the first cable broadband ISPs in Canada to the fast paced technology hub of Silicon Valley, Yves joined Ericsson in 2011 as Vice President of Technical Sales Support. He is currently the CMO & VP of Partnerships and Ecosystem Strategy for Edge Gravity by Ericsson who operators the global UDN Network.
- Episode Transcript
Share this episode:
July 9, 2019
Episode 16 - A Conversation with Ben Haines
Ben Haines is the Chief Information Officer of Verizon Media. Previously he was the Enterprise CIO of Yahoo where he led a team of over 400 people, ensuring all Yahoo workers are productive, from all corporate applications to the help desk. Before that Ben was the CIO at Pabst Brewing Co. as well as the former CIO at Box. He is an enterprise IT and business professional with over 18 years IT leadership experience. This visionary strategic executive has a focus on short-term execution for immediate results while developing a wide-ranging point-of-view the challenges and opportunities of today's IT fast-moving IT environments. Ben understands how to embrace new technologies responsibly while managing large budgets, executive expectations, and shifting end-user needs.
- Episode Transcript
Share this episode:
June 11, 2019
Episode 15 - A Conversation with Jonathan Feldman
Jonathan Feldman is an award winning CIO, speaker, and writer. He is often quoted in the media about IT innovation, was named a top CIO to follow by the Huffington Post, and honored with a Frost & Sullivan CIO Impact Award. Jonathan has spent his career turning around troubled IT organizations as a CIO, a consultant, and an organizational coach. Forbes has called his efforts “IT done right.” Jonathan is an pioneer in cloud computing, digital business transformation, and high performance IT leadership. His column with InformationWeek magazine, which won an American Society of Business Publication Editors award, started many industry conversations about how IT can better serve business.
- Episode Transcript
Share this episode:
May 14, 2019
Episode 14 - A Conversation with Ralph Loura
Chief Technology Officer of Lumentum with a record of driving business outcomes in large and mid-sized enterprises. He is a business leader with significant business transformation and technology enablement experience in driving growth and productivity improvements in both large and mid-sized enterprises. He has broad experience across Tech, e-Commerce and CPG business models. Ralph has a strong record of success in creating robust Technology organizations and has proven ability in adapting/maturing technology organizations to solve business issues while managing costs and risks.
- Episode Transcript
Share this episode:
Apr 9, 2019
Episode 13 - A Conversation with Jeff Sussna
Founder and CEO of Sussna Associates, Jeff Sussna has a unique ability to help clients integrate Agile, DevOps and Design Thinking into continuous learning loops. He teaches organizations how to continuously improve efficiency and quality by building user-centered experimentation into the service delivery life cycle.
- Episode Transcript
Share this episode:
Mar 5, 2019
Episode 12 - A Conversation with Jay Ferro
Transformational executive leader with nearly 25 years of proven success delivering strategies that achieve enterprise goals, Jay Ferro has extensive experience in nearly all aspects of technology strategy and operations. He is currently the is the CIO at Quikrete, the largest manufacturer of packaged concrete and cement mixes in the United States and Canada. Jay is a frequent guest speaker worldwide. He’s been featured in multiple publications, including Forbes, Wall Street Journal, Harvard Business Review and CIO Magazine.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA to Infinity Paradigm and beyond podcast where we will bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, cloud, data centers, infrastructure, and IT leadership. On today's podcast I'd like to welcome Jay Ferro CIO at Quikrete. He has a long history with several CIO level roles in the technology space and I'd like to thank him for joining us today. Jay, welcome to the show.
Jay Ferro: Thank you Mark.
Mark: Can you give the audience your 30 second update on what you're working on these days?
Jay: Absolutely. I'm excited to be the CIO for Quikrete. We're the largest manufacturer of concrete and cement products in North America and you know, it's not an industry that screams digital transformation right out of the gate, but I think you know as well as I do every industry is ripe for transformation on some level.
Mark: Yeah, I would totally agree. I mean I think we hinted at that before we started the program, but I don't think that any company is exempt from the opportunity to create a platform for itself, for how it works more effectively with others, both internal and external, from customers to partners to even potentially competitors. So I agree with you 100%.
Jay: It's interesting and I told folks I was joining the organization and the first thought was man, cement and concrete and all these other products that Quikrete does, and it goes straight to your point that I think any industry is ripe for a platform. I think there's opportunity in any industry. You've been part of a number of digital transformations I have to in prior lives. AIG, the American Cancer Society, Earthlink and a number of other companies. And if it's one thing I've learned, in every industry and every organization there's opportunity. And so I'm trying to apply that here.
Mark: I'm looking forward to diving into that discussion a little bit more about the best way to actually identify what that future could look like and helping the business part of the organization understand how to create the right target for IT to follow. Right? I think that's outstanding. So before we get into the rest of the technical discussion, tell us a little bit about what Jay likes to do on the weekend or when he's not doing CIO stuff.
Jay: Well you know, I have 3 sons. I am a widower, I lost my wife to cancer in 2007 and I think a lot of people who know me know that. So I'm a single dad and we've been on our own for about 12 years and so they keep me hopping. I have a Junior at the University of Georgia, I have a rising freshman in college and who's currently about to graduate in May. Connor and My oldest is Trey. And then my quote unquote little guy who is not little at all is 15 and is a sophomore. They keep me hopping. We like to travel, we like to eat. being a household of men, if there's a sport, we've played it. So a lot of testosterone, a lot of food. So that keeps me busy.
Mark: Nice. No kidding. That's is a lot of work though. But congratulations on the three boys.
Jay: Oh thank you.
Mark: So you know in talking about digital transformation we even had this conversation before the program started about the idea that, there are a huge number of themes that you could go into in any major trend or topic area in the IT space. And at the highest level there's the theme of is digital transformation really business transformation or is it digital transformation? And I think knowing you I would say that digital transformation is the byproduct of business transformation. Right? I mean for the layman and the folks that don't know that much about the idea of business transformation, about the idea of turning your business into a platform or something akin to that it seems odd to talk about digital transformation. It's like, what aren't you guys using printers? Don't you have PC's at your desk? Isn't your office networked? Don't you have a major ERP system in a data center somewhere? How could you possibly not be digital? Right? And I think that kind of opens the discussion up for us on why technology independent of the business is less than everything by a long shot. Right? So, you know, let's take Jay up to 30,000 feet and he's able to wave a magic wand down on a Quikrete. You know how do you help the business identify what that target is? What are you looking for? What are the things that that the business could be doing differently that would allow them to not only use more technology but use the technology they have more effectively?
Jay: It's a terrific question and I'm a big believer and I know you agree with this, I'm a big believer in setting aspirational targets, setting north stars, thinking big, starting small, and then scaling fast. I think a lot of CIO's get into trouble when they walk into an organization in the first 90 to 120 days and they start spouting off at the mouth with big giant visions. When the on a one to 10 the organization maturity level is probably a one or a two maybe at the 25th or 30th percentile and they are just laying down, laying it on thick fur to achieve a nine or 10 I have no problem with kind of painting that vision for the organization, but for an organization that's a little earlier on in the journey, I think it starts there. There's another aspect of it, digitization and a power of technology and a credibility aspect. So a big part of my job right now is even showing the organization on a day to day basis the art of the possible while at the same time using it that that success as quick wins that you're building to set the stage for what the future could hold. Cause you know when CIO's get in, you're the new guy on one hand you are anointed the savior of the organization because there's usually a reason you're there and it's usually not. The prior guy did a great job. in many cases there wasn't a CIO or maybe if there was he or she retired or moved on and you're there to maybe take the organization to the next level. For me here, the organization has grown very quickly. IT in many ways is thought of still in parts of the organization given the nature of what we do as a service or as a utility. However, I will say that more and more folks are beginning to realize that in order to compete in the market, in order to continue to retain our customers, we have an opportunity to deliver our products and service in a more seamless, intelligent way. Right; and a lot of that starts with the fundamentals, in the back office. I don't know anybody who's ever been successful building a platform for external attracting and retaining customers when their back office is still 100% paper or 80% paper and people are still walking around with Manila envelopes and signing them left and right using routing, internal wrapping. So you have to do both. So that's the approach I'm taking primarily.
Mark: You made a lot of great points and I want to pull one of them out and talk about that a little bit. and that's the the notion of although you didn't specifically say building trust, I'm taking from a part of what you described there as it's kind of building trust, right? In order for you to convince somebody that, you can do brain surgery on them, it's probably a good idea for them to know that you've got some prior surgical experience. It's a good way to put it. Right? I think what you're saying is right on in the sense that you don't want to go in, while I agree that many of us would love to go in and paint this grand picture and begin to move all the pieces right away, without knowing whether we're working on a flat earth or a round one and whether the pieces are gonna fall off or fall apart. I think your approach is is right on. It's building trust and helping the organization understand that IT can follow through, IT can deliver. And then using that trust to catapult into more aggressive, change, both in culture and in technology utilization.
Jay: Right. Oh, I think you nailed it. I think you absolutely nailed it. It's it well said. You know, and also when you're a brand new CIO in an organization, and even if you've done it before, you've never done it here. And yes, the fundamentals I think of being in our role, are easily transferable. I've yet to being in an organization where a majority of what we do isn't transferrable. IT is IT is IT in many organizations. That said, you know, when you're in a brand new industry, there's a lot of listening that has to take place. Partly because you literally don't know the industry and you're learning, the players, learning the corporate culture, the nuances, how things get done, where the bodies are buried, so to speak. but also partially because, look, people want to be heard. They want to look at you and say, you're this brand new guy and if you come in and just start barking orders and go, hey, don't worry your pretty little head about it. I've done this before. You're going to burn bridges right out of the gate. And so a lot of that listening and trust building happens right from the get go and along with that comes the credibility of removing thorns from paws and quick wins and all of those things to your point, building trust right out of the gate.
Mark: Right, I think that's excellent. I'm going to just steal from what you just said again and maybe you add to it and then add ask for you to expand on it. You mentioned culture a couple of times and and the ability to get people's heads wrapped around a new idea. I want to break down culture a little bit and is there kind of a method to the madness for Jay Ferro when he comes in? Cause I've done some things in my past I've had success for the most part but I've come in with the notion I don't have to trust you or you don't have to build trust with me first. I'm the new guy. I have to build trust with you first. Right? As my customers or as my new team, I have to get you to trust me because I'm the new guy. And, you know, giving a little background on Mark, helps me not only become human to the new team, but also, you know, let them know that I'm there as part of the team. I'm not there as some new raining prince or king that's there to tell them all the stuff they've been doing wrong and why they all suck and why I can make them better. Right? I made that mistake once and luckily I had somebody come up and tell me how stupid I was. and I've never forgotten her in a positive sense. This is Like 20 plus years ago while I was still at HP 25 years ago almost somebody came up to me after a big meeting and said, basically spelled out to me how ridiculous what I said was and how terrible it felt as a listener to how I expressed it and I learned a hard lesson that day and, have done it differently ever since. So you know for you, what are some of the things you did initially from a people culture standpoint to both learn what you had, right? Because knowing what you have and again I don't want to put words in your mouth, but from my perspective, knowing what you have helps you to determine where and how can I move forward? what assumptions can I make about leveraging certain technologies are moving at speed or whatever along with how do I ascertain the existing culture of fear or hesitation or reward systems, etc...
Jay: No I think we've all learned those hard lessons like you did and those are the best ones to learn and they've shaped generally my approach and I think there's a balance to strike when you're new, right? You want to be accepted, you want them to know that you're human, you want them to know that you're listening, but you also want to show them that you're a new voice and that you're just not going to get sucked down into maybe the culture where they feel will it just going to be the same old ham and eggs. This guy is just going to kind of get sucked into the to the quick sand, no pun intended and it's going to be the the same old IT right? So you have to find a way to show the team and show the organization that you are listening, that you do want to be here and not just, Hey, I'm showing up and like you said, telling you guys how stupid you are because they're not but look also that I'm here. I'm part of the team. I'm excited. I'm a Quikrete man or I'm an XYZ corporation man, but I'm also here for a reason and I have a job to do, right? So I'm willing to make the tough choices that I need to for somebody that's in my role. And so right out of the gate, you try to take the hippocratic oath first do no harm, right? You don't want to come in and make knee jerk reactions because generally there's context. There's context to a decisions that were made. Now I will say this, there's an expiration date on history lessons to me, right? When you join as a new CIO or an executive, you can only take, well, we did that because … For so long before you say you know what? I'm not here to judge we're here to move forward. The history lesson is interesting, but I think there's a declining curve on the knowledge that you're going to be gaining from those history lessons after 90 120, 150 days or whatever. Now you're hearing recurring themes. I think as seasoned executives, you hear recurring themes right out of the gate. So, you know, to build trust with IT, to let them know that you're here to help, you're here to support them. Get involved with the organization. I mean every company has norms and events in a way of doing things. Here, for example it's an older school company where there's a lot of terrific traditions, like celebrating birthdays and not a lot of companies do that, but they make it a very big deal once a month to celebrate birthdays, celebrate company anniversaries. I show up at everything. I've shown up for retirement people that I've never worked for and I bring food to potlucks. I, all of those things where (A) first of all I really enjoy them because I enjoy people but (B) you know, yeah, you want to demonstrate that no I'm just not going to disappear at five o'clock or six o'clock and I'm just a name plate on the wall. I'm here to get involved. I'm here to be part of this company. So I think that really helps and you know and a lot of it, and I know you and I see eye to eye on here. CIO's are IT leaders have to get up, get their butts out of their chair, walk around, talk, shake hands, look people in the eye talk sports, find some common ground that has nothing to do with technology or digital transformation or project timelines and just connect on a human level because when you do want to sit down and have a conversation, it's a whole lot easier to do it when you have that foundation, that contract. So I work with a number of guys here in our operations center that went to my school. They're big Georgia bulldog fans. And right out of the gate you walk into their office and you see a Mug or you see a banner or something like that, immediately there's a connection. But you try to find that with a lot of people. When you do find opportunities to make a change out of the gate, and that might be in people process technology or to shake something loose, you have to seize it because I think a lot of people will just fall into analysis paralysis. They'll look up, six months have gone and they're like, what does that guy really done other than attend a lot of meetings and produce status reports that really don't really show much progress. So you've gotta be able to make some of those quick decisions out of the gate too.
Mark: Gosh, I'm struggling at the moment not because I don't have something to ask, but because I'm trying to pick up on many points that you've made and the answer. Like the first one that came to mind, it's about, pulling away from, although you didn't specifically say it, you hinted at it being able to pull away from the fire and be able to look at the organization anew, right? And to be able to make change without, as you say, getting sucked into same as it ever was. Right? To take the quote from the talking heads. And the other piece was really again there were several, but the other one that I glommed onto is the management by walking around ( MBWA ) which is I cannot speaking to you, but then speaking to the audience as well, I cannot overemphasize the importance of, in fact, we even had this discussion recently, I think you might've been a part of it. Where both of us were in the same discussion about things like MBWA and about the traditional one on one. And how I think most, or maybe I shouldn't say most, maybe I shouldn't condemn so many people, but many leaders and managers make the mistake of using one-on-ones, for nothing more than what could be accomplished with an email exchange or an update on sharepoint or something like that and that's just not valuable, right? It is just not a good use of your time. And by MBWA doing the things you were just talking about, and having those personal conversations, not only do you learn things about the organization both inside and outside of IT that you otherwise wouldn't have learned, but you create that comfort level with people that you work with that allow them to share things with you that they would otherwise never share. Because if I worked for Jay Ferro and I'm slightly intimidated by the C level tag that's associated with his name, and I'm a Sysadmin or a storage admin or network engineer or something like that, or even a line manager who occasionally gets a chance to have a one on one with you once a month, whatever it is, I'm likely going to be very worried about making sure that Jay knows everything I accomplished from the last time we talked. Right? And I'm going to go in and I'm going to be nervous and I'm going to show you all the stuff I did and I'm going to hope Jay doesn't find something wrong with what I've updated or I didn't miss something he finds important and then I'm going to walk away and nowhere in that conversation is going to be that osmosis learning opportunity for you and that person that I think is the most valuable part of that transaction, right? So huge believer in that. And then, you know, the talking about the MBWA thing and pulling away from firefighting, you know, all of what we're talking about relates back to the ability and the opportunity associated with doing digital transformation. But give me your 2 cents, without me trying to give my answer first. Give me your 2 cents on the importance of being able to as an organization to step above what is the regular noise in your email inbox and in your slack channel and everything else, in order to make the kind of change that a business transformation and digital transformation required.
Jay: Wow. It's a terrific question. Like I think you and I both agree, it all starts with trust and a safety and a transparency. Right? To me when I join an organization, I want my team and I want everybody in the organization. When I say my team, I certainly just mean, I don't just mean IT, I mean the larger organization to recognize that I have an open door. I had one gentleman test me on this at a former company. He literally, I mean, I said open doors so many times that I think we named my newsletter Jay's open door or something like that. I mean there was a newsletter and it was a monthly kind of thing from me just about what I thought was going on in the industry because we had a highly distributed IT team. We did, it was a multipronged communication plan, but part of it was just this kind of opinion thing that I did once a month, which was kind of fun to do. And we eventually morphed it into webcasts and all that stuff. But anyway, so there's this guy standing at my door, I look up and his guy is in my doorway and I said and I had never seen this individual before. I said, can I help you? And he goes, "I'm so and so" and I recognize the name. And I said, oh, Oklahoma City. He goes, yeah. And he goes, I said, yeah, I recognize your name, what you do in town. He's "Oh, I'm here for the blah, blah, blah." I say that's great. I said, what can I do for you? He goes "well, you said you always had an open door." And I said, I did. And he goes, "I'm not sure I believed you. And now I really don't have anything to say." So I started laughing. I go, you were testing me. And he goes yeaah. He goes, "is that a bad thing to say?" I go, yeah, you're fired. No, I'm just kidding. So he sat down and I said, come on. And we talked for 30 minutes and you know, I got to know him and five years later we still laughed about that story. He became one of my most valuable developers and you know, we built a really solid relationship. But getting back to your question, it's showing the organization that you're open minded, that there are no wrong answers. There may be some things that are not possible or feasible, but no idea's bad that you're willing to listen to disparate and diverse opinions.
Jay: And that they feel safe calling each other out in a professional way. To me the fundamentals of digital transformation all start with people and you've heard me say this before, it's people, process, technology in that order. It's always in that order. And so for digital transformation to be successful, and you and I are having these really advanced discussions about platforms and about cloud and about multi cloud, hybrid cloud and all of these other things, orchestration layers, that's all fun stuff. We love it. It's all I've ever done in my career. I’m a lifelong IT guy. But without people and without the kool aid and without them believing that I have their back and they have my back and without all of us rallied together, all of that will fail miserably because when I need somebody to go above and beyond when I need the truth, when I need someone to give me 10% more, when I need someone to pull the team together and when times get tough you rely then on, on human connection and when they feel they can come to you and say, you know what, Jay's open minded, he's going to listen to this even when it means calling me out. Right? Which by the way I want people to do and say, Jay, I've got some concerns about the direction and here's what they are. My only challenge with that is always feel free to come in and tell me if you have a differing opinion, but come with ideas. Don't just point out what's wrong. Come with two or three options and say this is wrong and here's why I think this and here's what I think we could probably do instead. So to me that's a big part of my philosophy on how we step outside ourselves. Cause I want people to feel safe that, you know, and I want them to say, look, I've read about this too. I'm a smart guy. I'm a lifetime engineer or whatever. I got ideas. Part of it is more fundamental basic stuff, getting them off site, bringing in third parties who maybe have done it before, challenging them, maybe getting other CIO's, maybe, you know, sending them articles, podcasts, etc.... you know like yours etc.... And say, hey, listen to Mark talk about this. You don't know him. I do. He's got some really neat ideas. Listen to his podcast and come back to me with two or three things that we can take away. Just challenging them and when they realize they can raise their hand and not have a blown off, because we've all been part of companies where, Mr Ferro I have an idea. Bam.
Mark: It's funny, I learned, two things, one very positive, from my long period of HP and one that was relatively negative during the same time. And it's funny because they're so related. I was in a meeting with the staff, and the CIO and the pretty large organization about 450, maybe 500 IT people. And I represented one of about 10 direct reports to the CIO at the time, and I'm not going to name names, but my boss was also in the room even though I was reporting to the CIO, I was not a direct line report to the CIO at the time. I was still a relatively junior, probably the equivalent of a new director ish type thing from a scale and scope standpoint. Anyway we're in this meeting and it's sort of a middle of the second half of the 1990s, so somewhere around 96, maybe 97. And and we're talking about bleeding people and everybody kept talking about, nobody talked about why we were bleeding people. Everybody talked about what we could do to hire more people quickly. And so stupid ignorant Mark, just raised his hand and said, aren't we kind of missing the point? Wouldn't it be better to fix the bucket instead of finding ways to put more water in it all the time.
Jay: Truth to power Baby.
Mark: Oh Man. And I just got shot down by the CIO and so he was pissed and I was pissed because he shot me down in public and of course he was pissed because I embarrassed him in public. Then I still wasn't in the mood to talk to him or be anywhere near him, but my office had to walk right by his every time I went to anywhere else in the building.
Mark: So about an hour later I'm walking by his office and he says, Hey, Mark come here for a second I'm going, Oh shit.
Jay: Here we go.
Mark: Yeah. and he goes, so what you were saying in there, do you really think that we could save some of our people? And one of the people in question, I won't give her last name. She works at Vmware now. She's fantastic gal. And her first name was a Anisha, still relatively young engineer at the time. And he said do you think we could save Anisha if we talked to her? And I said, I can't guarantee that we can save her, but what I can tell you is that we're not going to learn why she left and we're not going to have a chance of saving or if we don't give it a shot. And sure enough that afternoon he talked to her and she stayed and she stayed on with Agilent after HP and Agilent Split for another few years. So here we are, managed to keep someone who I believe is, you know, it would always be in the top 10 of any organization, and for another five or six years in the company that would have just walked out the door without a second thought if somebody hadn't even tried. Right.
Jay: And that is a perfect example of when people stop becoming lines on a spreadsheet and become human beings. Right? I mean we’ve all seen the human resource reports or the Harvard Business Review reports or whatever that talk about the number one reason people leave an organization is because of who they work for. Yup. And that might mean direct line or that might mean on up the food chain. But it always comes down to leadership or some aspect of leadership. Look I always remember my mentors, whether they were the CIO and I reported directly to them on up to the CEO or even when I was much earlier in my career, when I got that 5, 10 minutes. And usually I showed my rear end more than more often than I didn't. Cause when you're in your 20s you, you tend to see things black and white versus gray. I was lucky enough to have enough people to put me in my place in a professional way that I learned very, very quickly. But I also learned the power of the human connection when guys are, you know, and I say guys in the gender neutral sense, but when leaders look you in the eye and our present, how much that means to you, because there are, I'm sure you could name three or four people that you've worked for in your career that you would follow into the breach. Right. Even though you are a leader now and people would likely follow you into the breach and I'll never forget one of them who's the CIO at AIG, very large division and I happy to take his name in vain. He's retired now, but his name's Mike Long. And Mike, I haven't worked for Mike since 2007 maybe. To this day, I still call him boss. We only see each other on Facebook or on the off chance he makes it to Atlanta or I make it to wherever he is. And, still fundamentally just one of the best guys I've ever worked for and I don't know that he ever appreciated how much I've watched him later in life. I've had the opportunity to tell him, but the way he treated me with respect and your example is a perfect example of that where she felt valued, the CIO had a conversation and felt valued. That person will follow you into the breach and when you do need ideas and they feel safe they're going to step up to the plate for you.
Mark: No, absolutely, and like you said, I only have a few leaders in my history where I would happily work with them again and do almost anything. And one of them was a gentleman by the name of Scott Anderson who still works at HP to this day but he was my boss for most of my time at HP proper, because I say HB proper because I split my time between a company that was acquired by HP and another nine years at HP, after the acquisition. And during that probably eight out of those nine years, I worked directly for him. In fact, I use a quote from him. Well, first of all, he was a big fan of MBWA, which is a, an old Bill and Dave process. and if you ever look at their book Bill Hewlett and Dave Packard's book, of course then you know MBWA is featured heavily in their, very much, you know, open door policy kind of guy, and lived it. But, one of the most important things he ever said to me for my career there and I think as a value add to the organization was, I was basically working myself out of a job and I trusted him well enough to say I don't know what I'd be doing next. I'm kind of making this job kind of go away. And he goes, well, you work yourself out of a job, I'll find you a better one. Yeah, and that's what I did for the next nine years. I moved into ever more senior jobs on us on a clip of about every 15 to 18 months. Got rid of process and functions that were unnecessary and, and using his principal I did the same thing with the people that were working for me. I was told to centralize and then outsource the help desk function. But because of the training work and integration efforts we'd done with the help desk staff, a group of about 15 to 20 people, I was able to immediately get all of them jobs in the larger organization, not a single person had to leave the company. And those things are very, very powerful and they give you, as you've already pointed out, they give you the leader so much more, not only energy but real gas to make change in an organization, that would otherwise be like trying to work through quicksand.
Jay: Oh i absolutely agree agree. I think you're spot on. Look, no digital transformation is easy and I know you well enough to know that you and I could sit in a room and talk about bits and bytes and boxes and wires and cloud and everything else and Edge computing and I get as energized about that as the next person. But when you're trying to put in fundamental change or introduce new business models to an organization with a strong digital component you know you need resiliency. You know you need open minded people. You know you need people with no pride of ownership. They want to own, in other words, they believe the company. But if that means to your point, they work themselves out of a job, they have to look at you and go, I trust you. You've got my back. I know we are either digitizing or fundamentally transforming a function that will likely mean I'm out of a job in my current role that I have your back and that is powerful stuff.
Jay: And that is as much, and again, as much as I love the technology and I do, and you and I both participate in enough tweet chats, we both know what we're talking about and we understand all of those things. The leadership component of transformation, digital or not is by far my favorite part of what we do by far. I love taking people who are cynical, who I was told were a lost cause that you know, and now often this is, you know, sometimes it doesn't happen. Sometimes the bus leaves and they refuse to get on even though they've had a chance or two because we were paid to make tough decisions, but the bus or the train is leaving the station one time. And you know, if you can't change people, you have to change people. That said, I love taking people and from meeting folks and watching, people find a gear that they never even knew they had. And it's not because of Jay Ferro is magic or whatever. Often it's because you listen to them and you trust them and you look at them and you say, I know you've got this. Keep me informed and I'm here whenever you want to meet and go forth.
Mark: No, I totally agree. And I'm going to just say one more thing and then I'm going to get us to do a quick wrap up question. But, you know my wife loves to use analogies of caring for plants and how that relates to humans. One of the things I'm taking from what you just said was that a leader isn't responsible for whether an employee can feel good about their job or be motivated. A leader, like a gardener is responsible for ensuring that the plant, the human has everything they need to grow to be the best they can be or want to be in that organization, but their motivation and everything else comes from them, right? And our opportunity is really, how do we get pardon my french, but how do we get the F out of the way and how do we, as you also pointed out earlier, how do we let them know that whether they fall off the bleachers or fall backwards from the floor, that there's always going to be four or five people there catching them when they fall. and how do we, how do we better enable the organization by doing that? and, and then everything else happens from the employee. Sometimes leaders take too much credit for thinking -I believe they take too much credit for thinking they can motivate - Well, yeah. a buggy driver can motivate his horse by whipping. But I'm sure the horse doesn't go home saying, boy, my boss is really Motivating.
Jay: He's like my ass hurts is what he is gonna say and I agree with you 100%. I'm a big believer in servant leadership. One of my role models is my father and always has been one of my hero and he modeled the aspects of servant leadership. I don't know early in his career he even knew what those two words meant when put together. But just the way he conducted himself as a senior executive, he always put his team in his organization first. Yet he was a strong leader. People hear servant leadership and they may be think soft incorrectly. I couldn't be more opposed to people thinking that’s soft. It's actually to me to a position of strength because you're willing to trust people, you're willing to look them in the eye, you're willing to course correct. But going back to your wife's analogy, which I think is a very good one, sometimes you do have to remove weeds from the garden and and a servant will do that. A servant will tend that garden, like you said, provide everything the plants need to grow? But that includes making tough decisions about which plants need to go and how big we're going to make the garden and all of those things. So I think it's a perfect analogy.
Mark: Yeah. Awesome. All right, so let's, let's try to take something that you have, I have seen you say a few times on Twitter and that's the of people process technology. And what I'd like for you to do is tie something associated with the digital transformation to people, process and technology in that order. Does that make sense from a question standpoint?
Jay: Yeah. I'll probably get it wrong, but yeah, I can take away. From a people perspective, when it comes to digital transformation, making sure that you have the right skills and that you have an environment of trust from a process perspective to me it's all around the right amount of process, the right process that are there to accomplish the right things. People hear that word in there like, oh God, that sounds like red tape. That sounds like a whole bunch of spreadsheets and PowerPoint presentations and a lot of one on ones. Going back to your point about one on one meetings, how do I make the best use of process? How amend with the most efficient and effective with those processes. In other words, that whether it's a meeting whether it's a report, whether it's literally a business process or anything like that. How do I maximize efficiency and effectiveness? And then lastly, technology. How am I taking a look at emerging technologies, calling my technical debt out so that I do have more resource and that I am able to take advantage of newer technology keeping my finger on that pulse. And it's nearly impossible to do if you're constantly fighting fires against technology, debt, duplicative systems. Your legacy isnt in order or just even the fundamentals to the organization will take things like email or your ERP if literally that's taking 80, 90% of your kit low, you keep the lights on, you're never ever going to have the ability to capture emerging technologies, whether it's the Buzzword Azure, you know, Blockchain, Edge computing, Hybrid cloud or whatever it is. You have got to free up mindshare and timeshare to take advantage of those things. So those are really kind of the three that I would aim at.
Mark: Yeah, and I think those are great. And you know, I'll just add a quick note to the last one. the technical debt thing, and it did reminds me, of the strategy of the typical credit card, right? You've got a $30,000 debt on your credit card with 14 or 21% interest and they're asking you to pay $200 a month or $250 a month. And Lo and behold, four years later, you've still got the $30,000 debt on your credit card. That's very much technical debt and your points I believe are hugely important in the ability to say look guys we may have to accept some pain in the near term, and have a lower standard of service or discontinue some systems even though some people are using them or some combination of the above. But if we don't step away from this noise, we're never going to get to the other side.
Jay: That's exactly right. You nailed it. You nailed it. That's where a lot of that credibility that you and I talked about at the beginning of the show comes into place. If the organization knows that you're there for the betterment of the company and that you're there to fundamentally change things, transform, but they know that you have the company's best interest in mind and you've proven, you've proven that through execution. Like a sports team, winning cures all ills. Nobody really cared. I mean, if you're winning, as long as you're following the rules, nobody really cares too much about how you're doing it. I think the same thing with the CIO. If you're winning and by winning you're delivering, believe me you're going to have that credibility. And they say, well, Jay, you know, I really really like word perfect five for docs and I, but I trust you. that word might be a better way to go. That's right. God, it's a blast from the past, isn't it? It shows your age. Sorry.
Mark: That's all right. I mean I can still remember using freelance, lotus and omni pro to try and make one document. Yep. So, no worries. I'm an old dude. All right. Well, Jay, thank you very much. This has been entertaining for me. Hopefully it was an entertaining and informative for the audience. This is the first time you and I have had a chance to have a talk that wasn't over Twitter in a long time and I appreciate that. Hopefully we get a chance to catch up in person at some point. but, really appreciate you taking the time to be on the podcast with me today. Thank you.
Jay: Oh, you got it. Mark was absolutely my pleasure. and as we Twitter, every time that you and I chat, it's always entertaining and I end up smarter than when I joined, which, you know, the bar is pretty low for me to start with, so don't let that go to your head, but no, I had a blast man before the next time.
Mark: No, I appreciate that. Thank you very much. And same here. All right, so folks join us next time we're going to have a surprise guest next time. Really excited about him joining the show. lastly, if you'd like to nominate a guest for our podcast, email us at [email protected] Thank you to Jay and thanks for listening and, see you next time.
Share this episode:
Feb 5, 2019
Episode 11 - A Conversation with Dr. Rebecca Wynn
Named 2017 Cybersecurity Professional of the Year - Cybersecurity Excellence Awards, Chief Privacy Officer (CPO) SC Magazine, Global Privacy and Security by Design (GPSbyDesign) International Council Member, SC Magazine’s List of “Women in IT Security - Top Influencers for 2018, and finalist Women in Technology Business Role Model of the Year 2018 - Dr. Rebecca Wynn is lauded as a “game-changer who is ten steps ahead in developing and enforcing cybersecurity and privacy best practices and policies." She is a “big picture” thinker who brings nearly 20 years of experience in Information Security, Assurance & Technology.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA to Infinity Paradigm and beyond podcast, where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, cloud, data protection, data centers, big data, infrastructure in IT and more. This time I'm joined by Dr. Rebecca Wynn head of Information Security and Data Protection officer of Matrix medical network. Rebecca welcome. Thank you for joining us today.
Dr. Rebecca Wynn: Thank you for having me. It's an honor and a pleasure to be here with you today.
Mark: Back at you. Thank you very much. And happy new year by the way.
Rebecca: Happy 2019!
Mark: No kidding. We'll see how this goes, so before I get into our Geek speak, tell us a little bit about Rebecca, maybe what you did over the holidays, or what would you like to do for fun, or what was the last book you read or a movie you liked?
Rebecca: Be more than happy to do so. I do want to take a moment and remind everybody out there who's listening that all the discussions I have here, my viewpoints on my own and it shouldn't be inferred that therefore, any prior companies or current companies or future companies that I may work for. Over the holidays I actually rested and relaxed. It's been a long year. Matrix Medical Network had two wonderful acquisitions this year. But as with the acquisition there's a lot of work. So I really Netflix. I actually Netflixed NCIS. I'm sorry NCIS I have never watched you. They were in their 16th or 17th season. So I actually watched like the first six seasons and then just relaxed. So I wish it was something more exciting than that, but that's what I did. My whole plan was just to recuperate and eat well and give my body the rest that it needed.
Mark: That is so critical. It's ironic but I travel, I imagine you travel on occasion for your work and I travel pretty significantly. I'm working for a company with businesses in 180 countries, where the headquarters is in Stockholm and I live in Las Vegas. I don't even live near any office between speaking events, customer visits, partner visits and visits to one or more of our offices. I'm on the road for somewhere around a quarter of a million miles a year. Of course, what did I do during the break? I got back from a trip to Shanghai and a day and a half later I got on a plane with my wife to go to New York to visit with my daughter and see my niece sing on stage at the Beacon Theater in New York. After two nights there flew from there to San Francisco and spent four nights in San Francisco visiting friends and family and then came back to Vegas where we proceeded to accept a whole bunch of other people into the house and have a big pre new years day breakfast and went out to dinner and all that stuff. And so I did just the opposite. I should have sat around and watch my stomach expand in private and instead I had my stomach expand while I stayed busy.
Rebecca: It sounds like you had an excellent time and it must have been an excellent experience for your daughter being onstage in New York city.
Mark: Well, actually not my daughter. I mean she's not immune to the whole stage thing and if I can brag for a second about my daughter she's actually in law school in New York at Fordham, but she's no slouch of a singer herself and even sings or has sung the national anthem at basketball and baseball games said to her former her alma mater now USC, but no, we went to actually see my niece who is outstanding singer as part of an acapella group. Her and her new group open for Pentatonix, which is probably the globally most recognized acapella group right now. Yeah, just a fantastic show. So it was a lot of fun.
Rebecca: Yeah. if you haven't looked at their Christmas song with Kelly Clarkson, Kelly Clarkson always nails every performance she does it seems like. Her and Pentatonix they did a wonderful Christmas song and I recommend everyone do that. I myself actively play Trombone. I play actively here in the ballet at play in the only Arizona Latin jazz group. We play a jazz clubs here as well. I play in another jazz group which is strict jazz. I play in Scottsdale concert group as well, which is 40 years strong. So I love the music vibe as well. And I did sing and during college, singing acapella and other groups as well too. So keeping those both sides of your brain going is great and if you're singing or you're playing trombone and it gives you a break from work a little bit as well, and you get to make them happy for the time that you're performing. So I think that's great.
Mark: No, I do too. I think that's fantastic. Well, one of these days I'll have to see you perform. I'm a huge fan of jazz, although I'm more of a fan of the older jazz. I do like Latin jazz. I'm not as much of a technical instrumental jazz fan as I probably should be, but I'm a huge fan of some of the old crooners, you know, from Sarah Vaughn to Bessie Smith and Billie holiday and Ella Fitzgerald and Coltrane and well not coltrane for voice, but Coltrane for jazz and you know a lot of those that are just to me if I really don't know what I want to, to or if I really just need to relax. That's what I've got playing in the house. Yeah.
Rebecca: No, that's awesome. And then I play a lot of Latin jazz, big band. Oh, neat. Which definitely can't lose this Latin jazz, big band. I dare anybody just to kind of sit in a concert and not move, that never happens.
Mark: Yeah. I would agree. All right, well I guess we should get to work. so, you know, we talked before we got started, Rebecca and we decided to start and use the Infinity Paradigm kind of as an entry way into our discussion today and you took some time to look over the Infinity Paradigm and I'm obviously a fan as chairman for the technical committee that's working on the Infinity Paradigm and you know, my perspective on the document is fairly well known in the community. Otherwise I wouldn't be spending so much time volunteering to help design and build it, but, you know, after taking a quick look at it, other than the effort to get through because it's a big and difficult or at least time consuming document. Let's talk a little bit about how you see that the themes in that document, the message or the frameworks in that document applying to the kind of work that you do on a daily basis or that, an enterprise IT organization might be concerned with relative to data protection or business continuity, etc…
Rebecca: Thank you for that. It's a great question and it's one of the things is that I'm actually super impressed with this whole framework and you're right, the the white paper on it's 37 pages for the audience out there and you can actually look at it directly online as well and you do have to take it in bites. I do recommend that you read it not once, not twice but three times, maybe about four times where you start settling in because there is different terminology and different ways to see things. I love that the framework not only looks at or used to doing what a service organizational controls, we look at availability, confidentiality, integrity, and that's the type of reports that we’re used to seeing from data centers. This one I would take some ability to look at not only availability but let's look at the efficiency of that. Let's look at the security, but let's look at also the capacity in that operation and how are they in innovation and resilience. So you know, I'd love that because it allows us to have a better, more formal communication to not only our chief information officer, but executive board on why are we choosing the data centers and we'd choose, why are we choosing to be an organization that doesn't maybe have our own data center, but we're choosing someone else's data center or co-location or why did we choose to have a hybrid and how is that going to help us to better deliver our products to wherever our customers are based. Too long Technology is for our technically perspective. I look things from is it secure? From a physical security standpoint. I personally had been one who's done personal models where I’d looked at the risk metrics of something. I look at every data that goes through every single server and then I'll look to see what the risk of this organization. This framework tries to do it similarly but looking from an operational standpoint, can you actually deliver in a timely fashion? And what I've noticed about technology from a lot of people they just want to see the servers that I currently have in my data center. Can I throw them in someone else's data center that's not looking at holistically for budgets, cost and operational effectiveness, and we've had to, from an IT perspective, we have different chief information security officer perspective. We have to change our discussion. We have to look at the efficiencies, we have to look at better being able to communicate if we can actually deliver a business model that our CEO's are on the clock to whoever’s are our partners out there so I love this model because it actually takes that into consideration and pushes you that way. So even if you're not looking at moving your data center, if you have it in the cloud or your have it in a colo location which is great model for you to make sure things are done right, you could actually apply this actually to your information technology infrastructure, your applications inside and actually look at your efficiencies so this whole framework is way more beyond data centers. Don't let it fool you that is only about data centers, it's the technology [sic] that they help you as a technology professional. Try to better communicate with your chief information officer or chief information officer giving you a framework to try and better communicate with the CEO and executive boards. I think this framework is excellent and that we just need to work together, and get more input to the framework developers as they ask us to so we can develop this over a period of time to actually better catalyst communications up and down the vertical [sic]. It's excellent its been around 2017 and it should get a lot more publicity and people out there should be adopting this for their organization in my opinion really spending some time reading through this one by point. Excellent.
Mark: Awesome. Well thank you very much for that. Great feedback. Alright, so Rebecca, you just gave some outstanding feedback on the Infinity Paradigm and that framework and like you, I'm a fan as, as I've already indicated. So when you think about, you know as we talked about at the beginning, we want to provide some takeaways to the folks that might be listening here. So before I go into another question about how that might be applied or how it might apply to the kind of work that you do specifically, if you had to ask or tell someone to consider one thing relative to the Paradigm and applying it in today's world would you focus on security? Would you focus on kind of an overall ownership strategy? Would you try to push the idea that, the increasing complexity of it ownership from hybrid cloud ownership models, multi cloud ownership models, potentially having data center capacity in three to four different varieties of data center footprints from private data center to colocation to managed services to cloud and everything in between. What would you say kind of as a takeaway where there's an opportunity to get some real value, even if a customer only tried something like the Infinity Paradigm to focus on that one aspect?
Rebecca: Well one of the things is, I know is when people look at data centers, the first thing that comes up is cost. They look at cost and they look at the location of the data center, but what they fail to look at it is, does this meet our capacity and our operational needs long term. And that's the one thing that I really liked about the framework. It gets people to focus on the data centers that you're choosing, what you're choosing to put in the data center. Is it going to get you operationally to where your strategic plan as is in three and five years? That is a paradigm shift for people to think about. It makes you think about that, It's not only about the costs, it's not only about the location, it's not only that they have a SOC3 certification, but can it actually meet the future capability and operational needs, that your strategic plan ask for you and that allows you to measure it with this paradigm, first time I've ever seen that.
Mark: Yeah, I appreciate that and I agree with you. Its ability to really help provide clarity on why you should be making the choices you're making or why you should be adapting differently than you have been, how you should be even operationally training staff etc. To me it provides that kind of well for lack of a better word, framework that has, for the most part been nonexistent. I mean, and maybe you could speak to this a little bit too. I mean historically again and you mentioned this before we even get started. This is not a pure data center document. This is really a top down application ecosystem environment. It just so happens that data centers play a big part in a company's costs and risk but when I first was thinking about the framework, or when I say when I first got introduced to the idea of the framework, I was asked the question, what do you see as the biggest problem in IT today Mark? And of course I was talking to Mehdi who is a CEO and founder for IDCA. IDCA stands for International Data Center Authority. So I made the mistake of staying in the box and I responded from a data center perspective and I said well one of the biggest problems that I see in the industry is not that just that we still use raised floors or that we still don't trust a modern technology to provide us greater efficiencies or that we don't think about it data center design in alignment with application design or corporate need. But that in fact, when someone wants to go out and expand their data center capacity or build a data center for themselves, there is no flow chart they can follow that matches their need, their company and their need and their spend and their current risk level to a strategy for the development and deployment. And I really think that, the Infinity Paradigm is something that could help with that. What do you think about that? and if you don't want to relate it to data centers, take that same way of thinking and maybe apply it to how someone looks at their data governance or their security profile. How do you, you know, would you agree with that? and how would you, how would you take it?
Rebecca: No, I agree with you, and what I think the problem with IT as a whole and Information Security as a whole is there's really a lack of properly trained people in the workforce. We have a lot of people who go through universities and they get educated, but a lot of times they're not taught the cutting edge stuff, stuff that is going on today and to bring them into the future. And that's the one thing that I've noticed quite frequently when companies are not hiring the best in the industry or they're not hiring people who, as we talked even earlier before the podcast about people who are constant life learners. They're really getting hard. When you start looking at Chief Information Security officers or even CIOs or CTOs is coming at work. We have to be good towards our budget and we're not getting unlimited budget and every year we're asking to be better with our budget. So with that we do strategic partner with more and more companies. We do more and more youtube publications. We do go ahead and work with people on business continuity and disaster recovery. Things on those lines but what we do is we get these new tools, new ways of thinking on our end. We do not always have the staff, it's like our staff is our weakest link because they are not legacy. So people who are out there listening to podcasts and if you are not actively learning weekly new things, new way to do things, you know what, you're making yourself a legacy system and you're going to be out of a job. I hate to be the one to tell you that. It's amazing how many people do not even spending five hours a week trying to keep up on new technologies, new ways of thinking. And so that's the one thing I think not only looking to see how you're going to move in the IT organization be it data center or not, but it's actually your IT staff. One of the things is that there's two great case studies that were at the end of this white paper and someone brought that to our attention is that the IT staff was te only legacy system they were not capable to actually go ahead and take the company to the next level and a lot of cases that were not trainable to take the company to the next level of excellence. Companies want to get some next level of excellence. It is not only about how efficient you are with your IT and applications, but it's also with the staff. Do you have the proper staff? That's one thing for more users out there make yourself always the best asset. Always keep yourself in the know. Look at cutting edge technologies. What are the new things that you can learn. Basically do not sit back on your heels because the company that you're working for if they're moving forward, you probably not going to be part of that moving forward. You'll need to go to another company so you can help them get to the level that your prior company had been if that makes sense.
Mark: I think it does. I would just say that from a simple layman's comparison, that your career in IT should be considered very much like the notion of would you put your money only in a bank account that trailed, or barely kept up with inflation, right? When you think about the requirements of IT and the continually inflated from a correlation to finances, the inflated, ongoing inflated need to know more. The last thing you want to do is put your money in a bank account where 10 years from now it'll actually be worth less than it was when you put it in.
Rebecca: Correct. Absolutely. And one thing I've always tell people when they've asked me who I've even even hired for staff, obviously companies have a requirement at times to see that someone who has had a college degree, but not having a college degree has never stopped me from hiring somebody. Having somebody who has a certification is not ever been my only saying on hiring somebody. I've hired people who are lifelong learners, who people can actually take what they learn and actually put them into practice. That is what the big skill set today. It's being able to pivot but a fluid be a fully asset to the company showing that you can literally have the wherewithal at times to get through a college degree.
Rebecca: That's what that test is for. To see that you can actually go ahead and do things because you got to do them. There are other ways we can test for that and not solely just because you've got a degree on your wall. I've met too many people and I have a lot of degrees and I have a lot of certifications and I earned every one of them. But it’s all about proving your worth now and that's why I tell people out there who they're like but I don't have a degree or I don't have a certification. You're going to talk to someone like me and I'm going to go ahead and have a discussion with you and see if you're going to be able to be a true asset to me. I can always go ahead and help you get a Degree down the road. I can always help you get a certification, but I need to have people who are doers and people who are implementing meaning. People who would get us to the next step. Don't ever hold yourself back because you did not have the money or could that go into debt to get a degree and constantly be that lifelong learner. There's a lot of open universities and places along those lines. You know what I mean? See the library and things like that that you can actually show that you did the work and then get on with a company who can actually help augment that. Maybe give you some money to be get a degree if that's important to you, but don't ever think that you being able to do is never going to be an asset. I will take somebody who can do over 25 degrees and 25 certifications any day of the week on my team.
Mark: No, I totally agree with that. I mean my LinkedIn profile isn't littered with certifications or degrees, but if it were littered with something, it'd be littered with all of the books that I've read and the hands on experience I've had on and the classes I've taken online just because I'm looking for just in time, real education that will help me today and tomorrow, and or education that will help me be a better overall citizen for my company rather than just being able to code in a specific language a little bit better or work on hardware a little bit faster. But rather, you know, how do I fit into the larger picture and how does the work I do for the company, expand the overall opportunity of the company and you know those are things that are, that are hard to learn in hard to master. But I think as you've said, it is critical as if that's the only takeaway that people take from, from this conversation we're having is find that time if your boss won't give it to you, find it for yourself, but to spend a, at least a few hours a week reading journals and and downloading podcasts and or reading a taking courses from some of the online universities that are offering them for free or for a few hundred dollars each, you know it's a worthy investment.
Rebecca: Exactly the thing is there's vendor management areas out there you can go to. I go to Symantec, I'm not putting out Symantec, but Symantec. You say, Hey, what is the latest operating system out there? And you're like, right, it's on their website. They have their own videos. You can train yourself up on that by watching those videos or if it's McAfee, or Verts, Oracle, whatever, one of those sites. That's what people want to do, when they go on interviews with you they want to see that you are learning. Read the freaking manual, yes read the manual. Always in an interview you can tell who knows her stuff and not knowing themselves by that. And those of you who are going in my resume doesn't show that, you list that.
Rebecca: You didn't have the money to go to college, but what did you do when you went to open university. You went to the Library. You went ahead and recorded these podcasts. We will see that those are educational. I don't miss a part there. This shows that you are personally are trying to become better in your field, daily. We're not talking about that you need 20 or 30 or 40 or 50 or $60,000 for a degree. We're talking about lifelong learners and people who want to be learned in the industry and that you are committed to the industry and you will do whatever you can to find the information. Guess what, as soon as you come through our doors, what are we doing? You're going to the vendor sites and you listening to podcasts and listening to webinars and that's what you're doing to get more education. That's what we do inside the office you do the same thing out there.
Rebecca: Yup. I agree. So this question probably gets asked of you a lot when you're out speaking in public or getting interviewed I have to admit I almost feel bad having to ask it, but I still think it's important to ask in this day and age, you by virtue of your sex in your line of work are a rarity unfortunately in the market today. Tell you know fo the audience members that are either trying to recruit into security roles or data protection roles or even IT in general and/or are trying to attain roles that might be similar to yours. What nuggets of advice would you provide them?
Rebecca: The biggest lesson I've learned and I've learned it by hard knocks, I will tell you, if there's a way to screw things up, muck things up, I'm the queen of it, the thing is that I do fail I fail often, but I fail forward, right? That is best way to learn in life, unfortunately is by failure and you've learned this as well as through your career one thing is is that consistently see this, and it can be from newbies, to anybody CXO, means like CFO, CIO, CTO, just put x in the middle when they first come into a company or forced to have a conversation instead of seeking first to understand, they seek first to try and impress you, and I've done this numerous times myself, it fails guys and you know this as well. It fails, what you want to do is you want to seek first to understand. Let the other person talk in their point of view, see what the companies about, how they feel, how their policies or procedures are and what's going on and see where you can be an asset to that company in that mind frame. That's a big problem out there and I've done it myself and it's, it's probably hampered me and my career by doing that as being a female. Females out there. We're getting better. But it's true the last several CISO jobs that I've applied to I've lost every single time to a male, male or female, but every time it's a male. and I, you know, when I've interviewed over there, I usually get in the top two, top three and they always had, they go guy. It's consistent. I've never yet in my career to my knowledge, ever lost a position to another female. One of the things that I see across my desk is now that I am speaking a lot more. I was doing government work before here. So I've been on LinkedIn for two years. I've only had a social profile for 2 years which shocks people when I have over thousnad followers. One of the things I tell females, females will only apply to a position if they read the job description of the position and they feel that they have about 85 percent of the job requirements and they can literally say that they know super, super, super, super well but guys would just apply for it. So for the females out there, but why? If I see you, I will tell you, I'll wrap myself out. If I see if a female out there even close to the qualifications, I will talk to her. Even if she might not fit but I can encourage her out I will put up that interview and then all the time and they have a lot more qualifications and they even realized that they had that their listing and I have the same common to use to women out there. You have to apply now. Guys out there [sic] in the industry are short is a number one thing is I tell you, they've always been my star and rock stars. They Were there always type people are who are perfectionists. They want to please, they are stickler for details and they want to get the information right and accurate, which is critical for our industry. The regulations we have, [sic] we have got to be able to prove where we were. We started from baseline where we got to now and how we went ahead and made sure that was actually done right and that we understand where we are and where we're going. You need people, whether it's male or female people have to be able to be better communicators and that is one thing I do to support is [sic]. They have to be able to communicate reports. The last people who I've given the gift of goodbye, often in my team have always been people that have not been good communicators. They haven't been able to write a sentence for some reason. When you get to get an office, they can't seem to write a writer report and they can write a sentence and can't communicate their needs and they haven't been giving attention to detail. Especially in security is attention to detail. We have to be able to prove that if there was ever a breach operate we have to be able to prove that. If there was an audit that we went ahead and we know that there was no breach on that day, that we know that, that no one actually trying to infiltrate. We have to be able to prove it that we have to be able to prove that we did our due diligence. You have to have those critical skills and that's one thing that I see. Females go out there apply for positions. If you do not know how to use excel or word or you can't do a powerpoint or you can't put a sentence together, go to Toastmasters, go to some places like that that will get you out of your comfort zone and actually have you start speaking, You need to have those critical skills. It's back to the basic social skills that you really need to be really good in the industry. And that doesn't matter. It doesn't matter what you're talking in the industry is becoming more and more critical.
Mark: Well I mean you bring up a lot of great points and kind of a supporting point to all of that is that, or maybe an underlying theme is more accurate, is that it really doesn't matter how smart you are or how good you are, how hard you work. If you can't communicate or market it, then you're not going to be as much as you'd like to be. And it may seem many of us, especially in the IT space, immediately think of anything associated with direct sales or marketing as practically the devil's work. And it's unfortunate because without marketing, you don't know what a company has to offer you, who's product you're interested in buying. Without a good salesperson, you have no direct ability in theory of correlating what that company is offering to a problem that you're experiencing today and why it might solve that problem for you. And so it's odd that knowing that to largely be true, most of us in IT are still very bad about that. And so I wholly support what you just suggested and say that, you know, if, if anyone takes any takeaways from what you just said, is that being able to market yourself through good communication, through good writing, is, if not the most important skill you neen, certainly it's right up there because most of the other skills will go wasted or at least atrophy if you're not doing good marketing.
Rebecca: Absolutely your brand ambassador is you. And then when you have teams that work for you, you have to be able to communicate to someone like me. What is the change that you see that I need to be able to make you want to raise even that you have to be able to communicate on why I should be giving you the raise. So it's interesting because people haven't thought that way, but you have to be able to do it, in today's world, if you need more equipment, you need better X, Y, or Z. You have to be able to communicate that need. I always have to be able to justify the cost is it capital expense, operational expense what's going on here. Why do we need it? I have to be able to justify that. So you need to be able to get something more that "I just want it" that doesn't work. You know I tell people if you think about your families, if you have families or kids and if your kid goes to you and says I want it. You asking him those questions? Same communication skills that you need to go ahead and bring to the workfront. It's funny how we compartmentalize and we don't need to tie it in together.
Mark: Yep. Absolutely. Well, I have to admit that the time has gone by a lot faster than I thought it would. And this has been a terrific conversation and my only real disappointment other than the fact that time is running out on us is the fact that this is the first time I've had a chance to speak at length with you. I hope to remedy that in the future with more conversations. If not, the ability to listen in on some of your music. But before we wrap up, you know, I, we obviously both centered, the beginning of the conversation on the notion that applying something like the Infinity Paradigm or the Application Ecosystem framework to some or all of your IT organization and IT products and services is a critical opportunity and a critical opportunity for a number of reasons, including making sure that you have enough of what you need and making sure that you have what you need in the right places and the right resiliency and that you've applied appropriate security measures and metrics to the appropriate workloads and environments. and so that one I think is a pretty clear takeaway. If, you provided another takeaway either on the subject we were just or on a earlier topic, we covered, what would you want to the audience or listeners to take away?
Rebecca: Oh, I'm going to give three quick ones. For those of you who are in leadership positions for technology or Chief Information Security Officer, you have to change the conversation when you're dealing with Chief Information Officers or Chief Financial Officers or if you have to deal with the CEO, you have to change your conversation to operations and how that is actually going to affect the business moving forward. You have to speak their language to make changes. They're not going to change to speak your language and this paradigm will help you be able to do that too. Two If you're a woman out there, go for it. Go for it. Go for it. And then last thing is that be a constant lifelong learner and you will go places and will do well in life. Mark: Yeah. So those are perfect. And you know, it's funny I'm only a man and I have all the associated weaknesses. But one of those weaknesses, you briefly covered early in the conversation and so this is just kind of a learning opportunity for those who haven't done some of the stumbling that it sounds like you and I both have done, but I took over a fairly large job late in my time at HP, went from managing about 60 people in two or three states in four or five countries to managing an extended group of almost 600, in half a dozen countries and a half a dozen states. And I, went to one of the largest groups and had one of my traditional kind of get to know Mark meetings and I had been told ahead of time that this group had problems and that there were performance issues and everything and I neglected to approach the problem the right way. So I went to this talk that I was going to give and I talked about how basically without saying the words, I basically said you guys are kind of screwed up and I'm here to save the day and I didn't say it exactly like that, but that's the way it came across and lucky for me and I mean really lucky for me because I took an enormous learning from this, this tiny gal, probably my age now, so she was in her late fifties then, a Vietnamese lady who had only recently maybe 10 years or so, migrated to the United States came up to me, very slowly but came into my office and asked if she could talk to me and explained to me how she felt after the talk; And I was just devastated. I was devastated at first because I thought wow, I'm so great how could somebody be telling me how bad I am? But then I was devastated at the impact that I had left on so many of these people. And so the important takeaway there to me at the time was you know it's not about you, it's about the team and it's not about what someone did wrong or didn't do wrong, but rather what can be done and, so that, you know, a couple of themes there stumbling over your own tongue, communicating effectively with the right message at the right time, are all things that are so vital; And from that point forward, one of the things that I used to do and I still do on occasion was if I had an important message to give to folks in the broader organization, I would let some of the people that reported to me review it before I send it out because the last thing I wanted was to accidentally throw somebody under the bus because I had forgotten something or I misinterpreted an update or whatever. And it has saved me a few times since then.
Rebecca: No, I agree and that one thing out there to people, you're going to fail. You don't know but you are going to fail. Pick yourself up and move forward, and if people did go ahead and misunderstand your intentions, go ahead and talk with them and ask forgiveness sooner versus later because they will always remember that you did go ahead and apologize for the insult, but they will also remember that you were man enough or woman enough to immediately go and apologize to make right. They will remember that and you will have good relationships so when you're working in the world, think about human relationships. We're not taught that in school. You're taught to go read and remember, this is about relationships for your company, try be best citizen for world and the best citizen for your company and the best citizen for your family that you possibly can.
Mark: Yeah, absolutely. Great words to live by. And with that, Rebecca. Thank you very much for joining me today. I really appreciated the conversation. Very enlightening. and as I said before my only sorrow is that we didn't get a chance to do something like this sooner in our lives, at least from my perspective. I hope the audience has managed to take something away from Dr. Rebecca Wynn sage advice please join us next time when we'll be joined by Jeff Sussna leading industry consultant on DevOps. This guy is amazing. I've actually recommended him to a few people to help with them as they make their transition to a more DevOps oriented work strategy. If you'd like to nominate anyone to join me on a future podcast, email us at [email protected]. Until next time, I'm Mark Theile and you can find me on twitter at @mthiele10. And Dr Wynn, where can we find you online?
Rebecca: Best way to connect with me is at Linkedin.
Mark: Great. All right, well again Dr Wynn. Thank you very much. Enjoy the rest of your week and I really appreciate your contributions today.
Rebecca: Thank you it's my honor and privilege.
Share this episode:
Jan 8, 2019
Episode 10 - A Conversation with Mike Kail
CTO at Everest.org, Mike has more than 25 years of IT Operations experience with a focus on highly-scalable architectures. He has been widely recognized widely for his insightful industry commentary on social media Twitter, and was recently named by the Huffington Post as one of the “Top 100 Most Social CIOs on Twitter.
- Episode Transcript
Mark Thiele: Mike Kail, welcome to the show.
Mike Kail: Thanks for having me Mark. Always great to catch up with you.
Mark: Awesome. Well, I'm going to introduce us really quickly and then we're just going to jump right in if that's alright with you.
Mark: Hello and welcome to another edition of the IDCA to Infinity Paradigm and beyond podcast where we bring the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, cloud, cyber security, data centers, infrastructure and more. This time as you've already heard, I'm joined by Mike D. Kail, former CIO and CTO, and currently CTO of Everest.org. Mike before we get into the technical part of the discussion, I always like to get a personal comment on the life of the people that I'm talking to. Tell me a little bit about, it's unfair for me because I'm fairly familiar with what you like to do with your free time but the audience probably isn't. So tell me a little bit about what you like to do when you're not working.
Mike: Sure. So I'm married with two boys, ages 10 and 7, so I spend a lot of time on the soccer pitch with our oldest son, trading or at his matches. Personally I like to stay reasonably healthy so I have a Peloton spin bike in my home office. So I try to work out daily and keep up with that, that ever growing community and amazing business that John Foley has built. Then just some nontechnical reading every now and then and as well as obviously spending time with my wife so we can keep the family together. So between that and Everest it's definitely a full challenging schedule.
Mark: No, I believe it and I see the pictures and what I was just realizing that I know that Peloton has been a bigger part of your exercise regimen recently. Are you not running as much as you were before?
Mike: I would classify myself as a hobby jogger or everything I always said I would never become back when I was somewhat fast at running at a low level of competition that, I never would run slower than seven minutes per mile at that time and now it's like a seven minute would be a great race. So getting old is not friendly to anyone.
Mark: It's not for the weak of heart, I'm telling you, literally it is not for the weak of heart.
Mike: So as one of my friends said right now I'm using the Peloton because it's a great workout and I'm just trying to slow down the slowing down process.
Mark: Yeah, exactly. Well and that's one of the reasons why we got a pool, besides the fact that, it's hot as the surface of the sun here for three months out of the year in Vegas. But the pool gives me a kind of a no excuses way to get to a low impact, but high value workout on a fairly regular basis. So the pool has become my backup gym for lack of a better description.
Mark: So today we decided to talk a little bit about security and certainly the recent Marriott security breach has been on everybody's mind only because it's one of the most recent. I just heard another one, I think it was this morning about 52 million people's identity information being released by Google+. I don't know if you saw that yet. So unfortunately this kind of story is very much on people's minds. Thinking about what you're doing now, what you've done in the past. let's talk a little bit about one of the comments you made in our back and forth earlier about centralized versus decentralized and concepts such as self sovereign identity. Let's get into that. Just just start wherever you feel you'd like to.
Mike: So at first I did see the Google+ additional breach news due to API security issues, which is I guess not surprising in today's day and age. I think unfortunately we've all become numb to the number of identities or the amount of data loss. I think at this point you have to unfortunately deal with the fact that your personal data and identity is out there and it's been lost and we have to flip the paradigm on its head and as I was chatting with Jeremiah Grossman on twitter yesterday, we need to take a zero trust approach to this. So assume bad guys have your data. What can we in other companies do to protect that?
Mark: That’s a great question.
Mike: And it's obvious from the Marriot issues and breach to Equifax to all of the other ones that have happened in the past that a centralized approach and storing of data is not working whether they have an encryption or not. It doesn't seem like people manage encryption keys properly or have proper hygiene around how they approach encryption and then they have no mechanism of detecting when the breach happens and how long had occurred and actually how much data was really lost. So the concept that is driven in part by the technology that is ubiquitously known as Blockchain, which is a broad level term is about decentralization; and so I think about moving away from centralized databases or stores of identity and your personal data to decentralization and you actually owning your own personal data, which is the concept of self sovereign identity that I'm personally responsible for and own it; and if you look at regulations such as GDPR that I have the right to erase your and the right to be forgotten; and so now I put the responsibility in each person's hands to maintain their identity data and the security thereof; and I'm not saying that will be a perfect world. We will still have the challenges around managing encryption keys; and I think Ben Seref of talked about this at the Constellation event the other day, like the biggest challenge will be around key management, which is very similar to password management or the hygiene problems we've had with that.
Mark: Yeah,just the idea. I apologize if you weren't quite done yet. I'm just cutting in here. So I feel even though security is not my first line of expertise, from an IT standpoint, probably not even my 10th, I'm more of an interested observer than an expert on security, but I've always thought that the opportunity associated with blockchain from the earliest days, assuming it was realized as a truly deployable, usable, manageable technology was on a personal identification because it seems to me, and I am going back to your point about self sovereign and distributed, it seems to me that, I really would love your feedback, you can tell me I'm stupid, I'm used to it. But it really seems to me that blockchain potentially provides that opportunity not only for that distributed, and self sovereign ownership of your ID, but in a sense it almost makes it worthless for someone who isn't you to have your traditional methods or formats of identification. Does that make sense?
Mike: It does. I think blockchain is one component of a defense in depth strategy and the approach that we're taking at Everest, around self sovereign identity is we're not storing your personal data on chain and we're for those who understand blockchain, we're the permission Etherium chain with the proof of authority consensus, which means there's no mining, you have authority nodes that handle the ceiling and that you still have some challenges around that, but you remove, the transaction per second problem of proof of stake or proof of work consensus algorithms, but back to the data, we're storing, what we call the datagram, which is your biometric data as well as your demographic data, picture, government ID, health card, anything else in an encrypted store in IPFS, which is InterPlanetary File System which is once again distributed and can be owned and operated by different entities outside of just us at Everest. So in order to access your data, I have to figure out how to steal your biometric authentication and we're doing layers, facial and fingerprint to start with and looking at palm and voice to layer in plus then I have to know where the IPFS cluster is located and have your private key to be able to decrypt it. So there's multiple steps so somebody can't go to whoever's hosting and IPFS cluster steal a server or a set of disks and figure out how to decrypt that and figure out whose data is that. So it becomes much more daunting and much less valuable than the centralized approach is where I take everything and it's all stored together. So that's the distributed decentralized approach, which will still have security challenges as everything does, but I feel like it's steps above what we're doing today.
Mark: Yeah, it's always been disconcerting to me that pieces of identification that have no relationship to you other than the fact that they are in theory, accurate records of who you are. but otherwise have no direct connection. They don't cause blood to flow if they're used, they don't make your eyes spin. I'm being stupid, but they are effectively online, no different than if somebody had stolen your old social security card in the 1950s and used it as an ID. Right? And nobody had any way to validate whether that person carrying that social security number was actually the right person; and so what you're talking about, I mean I'm trying to make it sound simpler than it probably is, but in effect, what you're saying is that from a layman's point of view, if I was to come across the border with the passport that I had somehow magically managed to put your passport and I've managed to put my face on it, the ability for the border security to catch me is because they matched that passport regardless of what the picture is to a set of fingerprints or something like that; and so what you're saying in effect is, to be able to do that with the ID almost all the time in real time. Right?
Mike: Exactly; and going back to your 1950 social security card example, we're not that much better today.
Mark: I know. it scares me. That's what scares me, dude.
Mike: I mean not to play a fear, uncertainty and doubt story here. But if you think about, if somebody steals your identity, how do you prove you're actually you? Like how many of us still have original social security card, which is no picture ID on it doesn't really matter. Your birth certificate doesn't have any real biometric data attached to it. but I think I may have a copy somewhere. so then you have your driver's license or real ID or passport and then some other data. But if somebody's clones that and has successful civil attack, how do I regain control of my identity? That's actually a real problem. Like the adastation challenge is real and I'm glad it hasn't been more prevalent than it is but I think those days are coming.
Mark: Well I've read enough stories about how the biggest part of the problem in many cases for someone whose ID has been stolen is that they can spend months just attempting to prove that the other me wasn't me; and in the meantime, the other me is still spending your money and still racking up debts or bankruptcies and there's nothing you can do about it and it's just crazy, right? It really is. I'm with you generally speaking, I'm one of the people that liked to go out and remove fear, uncertainty and doubt; and both of us in our writings have done that a number of times in blogs and in other formats. But really, I don't think you can overplay how traditional security as most of us do it today from a personal security standpoint online is just next to being worthless as far as a protection mechanism is concerned. That's really unfortunate. So taking that and realizing that a majority of the people that might be listening to this podcast or thinking about it from an enterprise perspective, how do we relate this to some of the common problems that IT organizations and their greater business have worried about for years, which is the notion of supplying access to applications, doing it across countries, managing the integration of new people and or temporary people. How does what you're working on or the risks you see in the modern security strategy, how do they play into that concern?
Mike: So in general security and identity have two components, the well known authentication piece and the less than thought about authorization component. So I think a lot of enterprises understand authentication and grant users or roles or systems, unfettered authentication to other components. Without having an authorization strategy, meaning can you or something access what you're trying to access and moving to a finer level of granularity; and that's difficult to maintain; and think about multiple layers and back to the old firewall days, somebody always put in the, the rule of allow any any because something wasn't working and they needed it to work; and that was the easy fix. The same goes with providing identity access to systems or data. It's like, okay, Mark needs access to this critical database he has got a deadline or this deals is falling apart. So let's just give them unfettered access. Mark leaves the company, that accounts still exists, somebody gets his credentials and no one notices. Yup. Then you have Equifax or Marriott or the like. So I think you have to take a continuous of view about authorization and audits need to be a continuous exercise, not a quarterly compliance check box; and I think this somewhat fits in with IDCA's Infinity Paradigm.
Mark: Oh, Well I appreciate you bringing that up because if you hadn't I would've. But I would like to just add on to that a little bit. So when you think about the complexity associated with managing modern IT in general. If we were to go back even 20 years, security would seem like a cakewalk as compared to how we have to worry about security today, just as a division of responsibility within the it sphere and the overall corporate sphere of governance. security is so much more of a burden than it was in the past. One of the reasons I joined the Infinity Paradigm effort as the chairman for the technical committee was this notion that I always have believed, maybe not always, but certainly for the majority of my career, that we don't do a very good job of owning IT. Right? We were very good at putting things in. We're very good at identifying problem solving opportunities and reasonably good at putting the actual solution in place, but we're very poor generally speaking of owning those solutions and I'll describe what I mean by owning, and then overall owning all of IT. To kind of help position that a little bit more. When I think of owning, I think of a puppy. Well, you could get a puppy and, and you could bring it home and you could have it and you could not feed it. You could not take it outside, you could not take it to the vet and you'd have a stinky house and a dead puppy in about 10 days. but if you own the puppy, you're feeding it, you're grooming it, you're taking it for walks, you're cleaning up after it, you're taking it to the vet, etc..; and that's owning and I'd love to get your feedback in general and I think it goes to the the point because I've made several firewall examples myself in the past, but it goes to the point of this ownership idea, right? To me Infinity Paradigm helps the customer really value what they have in IT as it relates to the business and as it relates to what the business actually needs at that time and how to measure and manage it; and so in thinking about that in my long winded explanation, how do you see that as being important to the role of security today?
Mike: Well, first it goes back to what we talked about, your pool or my peloton. You could install the pool and never use it. So then you're not gaining any benefit of fitness and hygiene, health hygiene, right? The same goes for IT and security, you can deploy a firewall or some solution it or security, but if you don't have pride in ownership and maintain that continuously and do the care and feeding, you're gonna have issues and then you'll build up the “technical debt or security debt”; and then keep layering on other solutions onto a very shaky foundation; and then as that topples over. I think it results in the mega breaches that we've seen or just mega outages even.
Mark: Yeah. I think that's hugely important. We've talked about that in other venues as well, I wouldn't say it's orthogonal to our conversation. I would say it's actually kind of an underlying core theme and that's this notion that we already do a poor job of owning the solutions we have and then we do an even poorer job of determining how a new system a potentially impacts the old system or affects our ability to monitor and manage the older systems or define issues relative to the new complexity. Thinking about that it's easy for me to talk about it. It's frankly, it's easy for you to talk about that, but realistically, if you and I were to give five seconds of advice on how to try to avoid that other than saying you need to go out and get the Infinity Paradigm you need to follow it to the letter, which is likely to be helpful. What would you tell someone because you and I have both been through the same problem and admittedly one of the organizations you worked with for awhile was UltraMod in the way I dealt with IT, but for the vast majority of us, it seems like almost everything we do is just in time, right? Just in time with just a minimum amount of appropriate resources and kind of the way the government builds new highways. They get funding for the new lanes and they don't get funding to support the new lanes that they've put in. how do you see IT organizations trying to fight through that.
Mike: I think as we've had several twitter chats about you have to get away from the tactical how into this strategic why and tie it to both business initiatives, current and future and outcomes and measure and report upon those in a continuous manner. Otherwise IT becomes somewhat apologetic and beaten down; and then you have morale problems and people are not incentivized to have strategic solutions; and so the leadershIp needs to continually communicate that about why you're doing something and that it's not ever done. It's always a continuous evolution. Like you're never 100% secure or 100% resilient. There's always places to improve the automation and better insights; and I think winning hearts and minds and convincing hearts and minds has to take that approach.
Mark: Yeah. I agree. Again, this may not be perfect analogy or comparison or situational information, but it just seems to me that most of what we do in IT historically, speaking of the broader we in IT is treating symptoms and we're rarely ever getting to the root and you mentioned the why and obviously we've had those conversations and we're both supporters of the idea of getting to the why before you make a major investment in time or effort for something new. But it's also this problem that whether it's from a leadership messaging standpoint or a technology adoption and use strategy standpoint or lack of a strategy, which is I guess a strategy in and of itself that this notion that we're most often treating the visible symptoms rather than the underlying for lack of a better term rot that's occurring, seems to be a big part of the problem. Would you agree with that? I mean, any suggestions?
Mike: If you're running around trying to put fingers into the whole spouting the dike, you only have 10 fingers and there will certainly be more than 10 holes; and then you let something go. It goes back to what I said about if you start building on a shaky foundation, it will topple over at some point, right? So then you have to step back; and while I'm not a fan of the term, there's some bimodality to this where you have to maintain your current revenue generating systems while you determine where you want to get to and how do you have a strategy to bridge across that onto the new, more resilient solution.
Mark: Yeah, it's a hard thing to do and I've done it twice, at least from a major move standpoint of twice in my career as an it leader where I've literally gone to my executive team and said, folks I need your support. We're going to be doing this, this and this over the next three to four months, and I need your support, at the customer level, internal customer level, and I need your support for the fact that we are likely to not be as responsive to certain traditional issues that you might normally think we would be running to your office for. All of this is under the promise that on the other side of that three or four months we'll be doing more, we'll be doing it faster and we'll be doing it with more resilience and improved customer experience; and admittedly that messaging and building this strategy that supports the success of that messaging is no easy feat. I can remember several times during the course of one of those two activities where I thought do I really want to do this again because this is a lot of freaking work. But it's that kind of honesty and open effort to get cooperation from the executive team that I think is the only way to get past the whole firefighting thing as you described because one of the directors that had come in through an acquisition and I had been moved up to a different position after the acquisition and she'd taken over a lot of the stuff that I was doing from an infrastructure standpoint and I stopped her in the hall one day and I said, I won't use her real name we'll just call her Debbie. I said Debbie it really seems like we've been chasing our tails a lot recently. There's been a lot of running around, but we're not making progress on the real activity of integrating the two companies at infrastructure level; and she goes, I'm too busy right now fighting fires. I can't talk to you about this stuff. That was her answer. I just told her, you're fighting fires too much; and her answer was, I'm too busy to talk to you about fighting fires because I'm fighting fires; and I was dumbfounded.
Mike: Yeah. I don't have an eloquent not safe for work response to that one. Yeah. But I think what I was talking about is that cultural aspect. I think IT in general has to get out of this redheaded stepchild mentality and this us versus them and I think the culture of DevOps has helped that a bit in progressive companies; and I think that needs to even continually evolve; and we've talked in the past about DevSecOps and that IT needs to be completely meshed into the entire business. It's not some orb that you go to when you need something and you place an order and they fulfill it, right? Technology is ingrained in everyone's lives, whether they're a technologist or not now. IT needs to take the same approach and frankly, stop feeling sorry for themselves; and this "I'm too busy fighting fires they have too much on my plate" is just an easy sound bite to not actually do something right? Which is why we have to measure Performance and I'm not talking about stack ranking and KPI. It's like initiatives versus outcomes and where are we falling short and what do we need to do versus blaming people or initiatives.
Mark: Yeah, totally agree. So, with that Mike I'm just going to give you one last opportunity. If you have a parting shot in a positive sense for someone worried about security or someone worried about risk tfor he CIO of a company that might be listening, what would you tell them?
Mike: I honestly believe there's tremendous upside to improve the state of security, whether it's overall or at your company or enterprise; and I think there's some very simple things you can do from starting to view risk as elastic, not static and in working with the audit and compliance and other teams to implement strategies, not tactics to view it that way; and then measure improvements. So then you get the associated morale boost as well as improved security and improved performance across the board.
Mark: Yeah, I agree with that. So with that Mike, it's always a pleasure talking. I mean the 40 minutes almost that we've been on a has gone by in a flash. We should do this whether we need to do a podcast or not because I certainly learned something every time we have a chance to talk. So thank you very much for spending the time with me today.
Mike: Thanks for having me; and the feeling is definitely mutual.
Mark: I appreciate that; and so with that folks, I want to thank you for listening and again, thanks Mike D. Kail for joining me on this episode; and Mike, before I wrap up with my own little soundbite, where can people find you if they want to follow you on Twitter or Linkedin or something like that?
Mike: So twitter is probably the best or most engaging medium @mdkail is my twitter handle; and then if you're interested in what we're doing at Everest, it's at everest.org.
Mark: Excellent. Appreciate it; and folks, coming up as our next guest, we have Rebecca Wynn, who is head of information security and the data protection officer for Matrix Medical Network. carrying on this line of discussion around security and IT, in fact, if I'd had one more question to ask Mike I would have said does better security have to mean, diminished customer satisfaction and I'll just leave that out there hanging. But, if you'd like to nominate anyone to join me in a future podcast, email us at [email protected]; and until next time I'm Mark Thiele and you can find me on twitter at @mthiele10 or markthiele Linkedin. Thank you very much; and again, thanks Mike.
Share this episode:
Dec 11, 2018
Episode 9 - A Conversation with Rebecca Wanta
Ranked 4th in the Top 50 Female CIOs and 12th in the top 200 CIOs by Exec Ranking. Over her remarkable career, Rebecca Wanta’s experience includes the roles of SVP/CIO of MGM Resorts International, Chief Information Officer and Senior Vice President for the largest worker’s compensation insurance company in California, State Compensation Insurance Company; Senior Vice President and Chief Information Officer for Best Buy, Global Chief Technology Officer for PepsiCo, Executive Vice President and Chief Technology Officer for Wells Fargo, and Chief Technology Officer and Deputy Chief Information Officer for The Money Store/First Union.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA to Infinity Paradigm and Beyond podcast where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to Digital Transformation, Cloud, Data Centers, Infrastructure, and IT leadership. This time I'm joined by Rebecca Wynn former CIO, CTO of several fortune 50 companies. Becky, thanks for joining the show today.
Rebecca Wanta: Thanks Mark. Thanks for inviting me.
Mark: This should be a lot of fun and before we get into the technical stuff, tell me a little bit about Becky. What consumes you when you're not working or what are some of the hobbies or books you've read recently?
Becky: Oh Gosh. I have two types of reading I like to do, right? One is, there's a little bit more on the technical side, some of these different technologies and where they're headed. But then I also have what I call the mindless reading that's just kind of takes you out of your element. And so those are gonna be more probably kind of intellectually challenging only in the sense that they're puzzling out deep into the book as to what's really going on, what are the subplots and stuff like that. So that's just my mindless reading, but I still like to stay current to my craft as you know. There's just so much change continue to happen in tech that you gotta do whatever you need to do to stay current. And that's my worry always in the CIO roles as you know.
Mark: Yep it's absolutely true.I mean if that were a theme for a conversation all by itself, it would be enough. And that's the need for continuous learning for anyone in IT, right? CIO or otherwise it makes no difference. Right?
Becky: Well Mark when you get to the levels that I've had, it's very easy to get comfortable and kind of rest back because no matter how insignificant the changes that you may want to roll out from a tech perspective, there's still a pain of change associated with it and it's easier to do nothing and for me that's a dereliction of responsibilities and it puzzles me when I see a lot of CIO's trying to focus only on data center operations when that's table stakes, but that's not what's going to drive a business forward. That's just an expectation that that needs to be dialed in the way it needs to be dialed in, but you got to deliver business value. Are you going to disintermediate it. And rightfully so.
Mark: Pretty much yeah. I mean we certainly agree on that among so many other things. So thinking about that and thinking about being disintermediated or conversely attempting to be a big part of what makes your business competitive and valuable in the years to come. Some of the conversations we've had would lead me to believe that we both very much agree on the notion that digital transformation is a key opportunity for IT leadership and the IT team as a whole to play a bigger part in what happens in the enterprise. Because again I love your feedback on this as potentially multiple answers in the same vein, but the digital transformation cannocates the idea that this is an IT thing, but really realistically it's a business thing. So talk to me a little bit about how you see that happening and what the average IT leader needs to be thinking as we head into this era of digital transformation.
Becky: I think the most important piece on the digital transformation is just what you said "it's a unity of the business." I mean how many times does IT get accused of being technology out looking for a problem? And Mark you know my background, so I've never had a job, right? Because I love what I do. And I do it around the world, so when I get typically recruited in, whether it's Pepsi, Southwest Airlines, Wells Fargo, MGM Resorts International, it's at a time and the maturation of the company where they're so irritated with their IT organization, they're ready to just jettison it. right? And why is that? Because of the cost and value returned. And so we now call it digital transformation, but you and I have been at this a long time and it's always transformation and the key that's transforming is, well I've been blessed in the sense that my companies have all been number one in their markets and when you're number one, there's only one direction to go. And they took that very seriously; and so what I would say in that process is that the technology, the core infrastructure of the stuff under the covers needs to be there. It needs to be put together in a fashion that's going to be living and continue to evolve. But you're also the chief innovation officer in the company, right? You're the one that has to learn to get deep into what the value of the businesses is and you should be coming there with your business partners, your senior executive team that you're part of a seat at the table that you have to earn every time you turn around, but you should be helping them understand how to go into other markets so they can increase their brand because that's what IT will do. IT is that innovation engine and some of the leadership teams in these companies and so forth haven't had the benefit of that and that's why, you know you and I have talked about this before, that's why I really believe it's a leadership play. You have to be technical because you got to know what needs to happen and how to do it because you've got to execute. There's no excuse for non executing and I get worried because now we've got labels around it. We call it digital transformation. We've been calling this transformation forever in the sense that the business is in a place and you've seen those same studies that says "is your company going to be one of the ones it's alive 50 years from now." And I take that very seriously. I want my companies that I lead to be there.
Mark: These are all excellent points and so, riffing on those points a little bit. I heard in your answer or something that I've used as a term for a company, and again, we can riff on that term and what it means to you and I. I'm sure I'm not the first one to think of it this way, but I think of digital transformation as helping to make a company not more effective at printing or not printing, not more effective at having computers connected or more effective at using a website or ERP. All of those things are ongoing table stakes for IT. What's really important is how do you take a combination of the appropriate technology solutions with organizational design and corporate vision and create a company platform, right? So let's talk about that. To me when I think about a company as a platform, I think about the relationship to an IT platform. If I have a good well architected IT platform, some of the minimum benefits, minimum viable product benefits of that platform is the ability to add and remove things relatively quickly, to seamlessly see value. So from a business perspective, do you see any difference there? Or do you see that really as kind of the goal of digital transformation?
Becky: I think that to me is the goal of digital transformation. That's because think about Mark, it is just like you said, one thing about companies and one thing about their architectures, those have to stay living viable entities. And so if all of a sudden you can’t embrace new technologies because by the time you integrated into your back-end, you've lost 18 to 36 months and the business has changed so many times you're not going to be a going concern for the foreseeable future. It's easy sometimes just to focus on the data center operations and optimizing and doing cost takeouts and all that kind of stuff that a lot of your CFO centered people think is the only value that IT can bring. But the reality is, it is our job. We have to not only translate, but we've also got to be able to do just what you said, be able to put in place that kind of an architecture infrastructure that's going to allow us to innovate and drive our businesses forward and capitalize on more market share and in some cases disrupt it completely and own it, right? Own those new lines of business and so forth.
Mark: Right, absolutely. It's funny I just want to comment on your point about the CFO centric and I've used this line before but I'm going to use it again because it seems so appt here and that's that IT was not invented to help reduce the cost of IT. And unfortunately, so many of us look at it that way. It's like why would a company have marketing and why would a company that's hurting reduce expenses on marketing, now don't get me wrong, there could be situations where a company turnaround involves a dramatic change in product or the marketing message is so bad that continuing to spend money on it is a bad idea, but generically speaking, whether it's marketing or IT, if you're cutting back on real capability and opportunity in either one of those areas as opposed to just managing effectively, which every department head has to do. If you're really cutting back on operational opportunity with either one of those capabilities or business areas, you're reducing the potential effectiveness and opportunity for the company and I don't see any other way to look at it.
Becky: I think you're right because there's two other things to think about. When I am transforming a company. I do several things, but there's two things that are kind of top of mind from a decisioning. Just to play to your point a little bit deeper. When I'm transforming the first thing I'm deciding, and again I've always run technology in companies that could be their competitive advantage, not a technology company. And so having said that as a backdrop, I know it can be the competitive advantage. So the first thing I'm looking at from my IT organization is what's core? And for me core isn't data center operations. That's table stakes. Somebody else that that is their core. I want them to be my partner to provide those services to me. Core for me in those none technology companies that I've led is around the information, the technology, the design aspects, things that are intellectual capital elements in the technology space that continue to enrich my partnership with the business and drive the value that I feel we have. The second thing is is I look at the cost model and 80% of your budget inside of IT is spoken for in terms of licensed labor and maintenance. So if you're going to create a transformation and disruption, you've got to get your indirect and direct spin changed, changed into a point where when I go back to my comment about strategic partnerships, I'm never going to be able to build a level five data center inside of my businesses because they're not going to have the capital to drive more revenue versus building another data center. It's going to go to more revenue. So you're always going to end up with maybe a level three or level four data center and I'm using the uptime kind of metric as a way to kind of scope that. But the point being is that if all of a sudden I can change where instead of 80% of my costs are already spoken for in terms of licensed labor and maintenance and I can move that down to around 40 or 50, it frees up 40 to 60% into innovation. And that's how I'm going to be able to do more with less and do things to hire more efficiently. And what I think is so fascinating is this notion of this cost takeout, I mean, I'm always looking at ways to reduce costs and optimize performance and efficiencies, but here's the reality too, you can continue to treat this as though as a cash cow way to rip costs out of your organization, but guess what's coming? What's coming is a balloon payment because at some point after you've mothballed your infrastructure so severely, you're going to have to bring it back up to certain rev levels in order to drive the innovation efficiency we're talking about. That's a natural expectation to do digital transformation.
Mark: Right. I totally agree. Taking that set of points that we've covered in the last couple of minutes, and taking it a step further, when I see the opportunity associated with digital transformation, what I see is sort of the opportunity of taking a Bank and turning it into PayPal, right? Taking a blockbuster and turning it into a Netflix. Those may not be perfect examples, but they're relatively speaking they are on the same page and so if you're a CIO for an organization that's looking to make that change, do you want to be the CIO that continues to own what becomes a more and more minor portion of the technology ownership of that company? Or do you want to be the CIO that takes a leadership position of turning IT into the equivalent of engineering? Because with the interesting separator that we come up with when we talk about a company like a PayPal or Netflix is that we talk about engineering and we talk about IT. Well I'm sorry, but Google is nothing but one giant IT organization that has become so big, it has to have official marketing and official sales and official finance and official HR. But it is nothing but a giant IT organization. So you can call PayPal's engineering group, engineering if you want, but it really is more IT that just happens to belong to maybe the CTO. So doesn't it make sense that, if a CIO plays his or her cards correctly, that they could be a bigger part of that future of the organization?
Becky: That's the thing Mark, my belief is that if that CIO doesn't see that and isn't doing that, that's the wrong person in the job. Because it's exactly why companies start to really question whether or not they want to CIO and I mean most all the presidents and CEO's of all the tech companies in today whether it's Oracle or Cisco, they've literally gotten hundreds of millions of dollars from me over my career because they've sold parts of my puzzle as I was putting in and in one of the conversations I still get a chuckle out is one that, John Chambers and I would always have because he goes to your point, he used to say that because Cisco and his definition, clearly he thinks its an engineering company and he used to send me Becky, I don't need a CIO. Now we have Rebecca over there, Jacoby and she's awesome and so forth, but he really always believed he relegated the CIO function as a more of a non technical non engineering function and dealing with off the side of nation data center operations, none of that stuff's moving the needle in terms of revenue. It's interesting, but it's a call to action to for CIO's right Mark? Because if you're being relegated into that and you're not being seen as that innovator, the chief innovation officer, does it go the other way where, some say CIO stands for Career Is Over. I always laugh too when I hear about companies that go out and put in place a chief digital officer. If the CIO is the chief digital officer, then what in the heck are they doing in those roles? Right, Mark?
Mark: Right. I agree. Speaking to that, I mean you think about a company like Cisco and the fact that who's buying a majority of Cisco gear? It's an IT leader somewhere. Whether it's a line manager or network manager or CIO, they are buying Cisco gear. And so what audience does Cisco need to represent itself to most effectively? The IT community. What better way to do that than to have a CIO that exemplifies the best possible use case models and innovation models for networking and the things above networking in the organization. And if the CIO can't reference and represent those things, I think you're missing an enormous opportunity both as the for the growth of the CIO itself and for the opportunity for the enterprise.
Becky: Exactly. You raise a good point too because this is something I don't know how many different sales teams I've spoken to over the years for these different companies, whether it's Cisco, Oracle or whatever. It fascinates me though, Mark, is they really don't know how to come in and have a conversation with the CIO. They want to talk about, bits and bytes and colors of servers and bare metal versus this or the other thing. At the end of the day, that's not the conversation you're going to have with the CIO. You might go to sell that into one of their VPs of infrastructure, but that's not the kind of conversation I would want my sales team's having with somebody like me. Right? Because, and I always use the MGM example, right? The MGM Resorts example, every time somebody finds out if I'm in a meeting or in a conference or something, they've always got the second coming. It's going to solve everything. And I always tell them, "here, I'll give you an example. Let's just take MGM Resorts International. So it's the biggest employer in Nevada as you know, it pays the tax payer and all the properties pretty much on the strip except for a few. And it's a lot better than MGM Grand Las Vegas which has 200 properties." And I'd say, "okay, well tell me how your little widget here (to these tech companies). Tell me how your widget is going to improve the check in experience at Bellagio" but that's a harder question, right Mark? Because then it means the sales teams have to do some due diligence to figure out what top of mind problems are for a CIO and connect the dots.
Mark: Yep absolutely. To that point, it takes you back to the sales teams can do that better if IT plays a more in depth role across the company, especially if you're already a technology company, it just makes sense; and to that point I think we would both agree based on the conversation so far that a digital transformation in effect means whether you call it digital transformation or not that in effect means that every company needs to be a technology company. There's no two ways around it, so when I think about beyond the whole platform idea, the ability to integrate companies and partners and new solutions and create new business models, enter new markets more effectively as far as part of the platform, to me one of the best themes, most important themes about many of the technology trends that are occurring today, some of those trends help enable a more effective digital transformation. Things like Edge Computing or AR and VR or AL and ML , etc. etc. but, underlying all those things, it seems to me that customer experience and customer intimacy are the two most important kind of overarching umbrella themes across almost every one of those technologies. How do you see the opportunity of digital transformation to take a company and be more effective at understanding their customers and being involved in a non intrusive, non kind of peeking over your bedside table kind of way, more involved in your customers' lives?
Becky: Well, I think you hit on it. Apple kinda hit us between the eyes and I use this point all the time just to kind of illustrate what I mean by UI versus UX and I'm not an Apple phone person at all but what I appreciate about that is the experience with those devices. I'm just using them as an example, but it really to me illustrates what the differences between UX and UI is. In my view, the future is UX, it is experiential, it is learning and adapting to the individual level. And what happens a lot of times is you still have your, when we're doing development and stuff like that, we're still kind of building it from a UI perspective. It's not learning, it's not adapting realtime. It's forcing the experience with a brand one way and this is the first time in the history of our nation. We have seven demographics in the buying workspace and in the workspace in general. So the interactions with the brands for these companies is changing and I believe that technology is going to be the only way and it's going to become more experiential, highly adaptive. And I also think from a tech perspective, a lot of what we're chasing, when you have the culmination and call it the connected world, call it IoT, call it whatever you want, but the point is, is that so much stimulation is going on. It has to be dealt with in the moment. After the fact is not going to happen and be as effective tool brand in order to create the kind of revenues, the kind of disruption that I believe that these companies are going to need. Pick whatever company you're saying, but at least the brands that I lead, I believe that that's how they're going to be hugely successful, but how do you do that in pieces in a way that makes it able to scale and that's where, like you said, ML, AL, DL and the Edge Computing, a lot of those different techniques to be able to call out what's relevant and action on it real time. That's and in and not in an intrusive non creepy way.
Mark: Yep, it's great that you mentioned the real time because it's funny. I was just gonna ask you a question about real time and the importance of it. Going back to the importance of this being an organizational, top down activity for transformation rather than just an IT transformation because I mean, how many times in your career - I've got to believe it's happened at least a few times - has somebody come to you and said, “I need real time intelligence on this” and you know the whole time that, okay, “I'm going to bust my ass. I'm going to spend extra money, I'm going to create something that will give them real time intelligence, and yet they have an organizational model that means that their response time did that intelligence will probably run anywhere from one to five weeks”. Right?
Becky: Well, it's like breaches. It's like security breaches. I mean the technology right now tell you might've been breached, , six, seven, eight months ago. Great. What am I supposed to do with what happened then? I mean I'll give you the other side of that too Mark. When I led the transformation of PepsiCo, the goal with Pepsi was to take them from five companies, PepsiCo, Tropicana, Gatorade, Quaker Oats, Frito Lay into PepsiCo and I put together to do that. We were on Oracle ERP train. I broke that down. We took it to SAP because ERP isn't a competitive advantage. It's table stakes, but we ran. So we were on this customized build out the way Oracle wants to kind of make it really tailored to you, which is a time to market delay if you're a pretty established manufacturer, like in four of our five units and Pepsi were that way. One is not and we didn't role SAP to it, but the point the matter was, as I said to indra and I love her death. I think she's the best that ever was. I said, don't you want to know before our orchards or on a hurricane glidepath before they were obliterated, since it takes eight years for our orchards to yield fruit, when you want to know upfront that that's happening so that you can setup your contingency procurements, and you don't jeopardize the manufacturing ecosystem. And she said, yeah. And I said, well, SAP doesn't do that. This is real time data it will get hooked into the weather channel and do all these things. And I sent him. But see, here's a business that was just like you said, Mark, they, they've never had the data real time.So they their model, their practices and stuff were set on established manufacturing schedules, just using as an example. There's lots of those kinds of examples in any of the ecosystems and the companies that I've led and so forth. But we're changing the model. I mean they don't realize. I can go back to the mgm one 43 million people come here as a tourist every year to Vegas. Well, if you're already back in your car and in your plane, I've lost money not knowing your on premise, obviously that's why life changed for the MGM brand, but it's the same idea. They haven't had it or they don't know how to adopt it into their operating fabric. And so there's a lot of money left on the table and lost opportunity in my view. And that's part of what I changed. That's part of what digital transformation should be an expectation of.
Mark: Right. Totally agree and so bringing it to because I'd be remiss if I didn't bring up IDCA at some point considering that this is an IDCA podcast -
Becky: I’m a big fan of that. Mark: Yeah, go ahead.
Becky: I was going to say the reason I'm a big fan of that framework and I've studied it in length and obviously on your advisory board, but the reason I'm excited about it is because it starts to address in a manageable way how you can bring in new innovations without a rip and replace because that's not an option. It's never going to be an option. And so you can take aspects of that framework and you can develop a path forward and that's what's key. You don't have to start with a science project or a white sheet of paper. You take that framework apart and you deal with like, okay, maybe I want to do data center consolidations or maybe I want to move more and more workloads into the cloud. I can tease that out through your framework, through the IDCA framework. And be able to make that a real - even if I separate different workloads and cross platform, I can do that with that framework. That's to me, that's a path forward. That's why I'm a fan of it.
Mark: Well, I appreciate that. So you've pretty much answered my question and I'm a fan of it for much of the same reasons and more and it seems that, when you consider the complexity in the life of the average IT person today, not only in attempting to move forward off of their 80 to 90 percent keep the lights on cost of living environments, but also trying to adopt and integrate new capabilities that a framework like the Infinity Paradigm becomes even more important. To maybe this is a lame example, but I like to think of the ability to address opportunity quickly as being sort of like a DevOps organization. Right? What's the point of DevOps? The point of DevOps is not that you have a bunch of people that can say yes because they know the process and because they've memorized something. The point, the opportunity of DevOps is to automate and ensure repeatability in its simplest form is to automate and ensure repeatability of some of the critical factors that make putting something into production, a risk or an opportunity for the company, and if your IT organization can make changes to all of IT with the same sort of thinking because of using the framework, being able to deploy, make changes, add training, remove application environments, make bigger investments in the ones they already have. Whatever it is. With that kind of same DevOps mentality. The irony of that, which is something that it's only irony because it seems counterintuitive, is that you're actually liable to make better changes faster. Right?
Becky: I totally agree, I was just going to say, I think that the notion of DevOps, what I like about it, I call it a fusion point because, and you this this Mark, I'd have my head of development on one side of the argument and my head of operations on the other side. They hate each other, right? And the reason they hate each other's cause we develop we develop, we develop, we don't worry about production, so much DevOps and the operation side always ends up and trying to get this thing in operation and then, make sure it's up 24 by seven by 365 depending on the application. So on and so forth. Here now with the fusion point is a culpability on both sides. it's no longer okay to develop without production of mine even though I've never allowed that on my watch anyway, but there's still the developers that an architects that will over architect or over develop something they're more enamored with the stitching things together than an application that will run flawlessly and production. And to me that's the metric of success. So what I like about this, I see DevOps as a fusion point. I see it also as not as easy as most people think to implement because there's a lot of changes going on and I use the Amazon example. In my world best case it might be rolling a new release on different applications, weekly or monthly and usually using December is a dark time. If you take the whole CIC deconstructs inside of a true DevOps core, you could be releasing continuously. I mean AWS is structured. I'm just using them as an example because I think they're really good example to demonstrate the value that can be seen in DevOps. When you've got continuous development going around the world now and you're being able to release continuously without clobbering somebody's code. You could do 10,000 releases a day, which is just hardly my bob was a mind and you're not going to do that with humans. You're going to do that with machines in the way that you just described it Mark, because that's where your efficiencies are going to come in and you're going to be able to continue to deliver new capability ahead of your competition and that better be top of mind for everybody.
Mark: Yup. Totally agree. This has been fantastic and that's sort of the end of the official questions, considering what we've covered so far, is there any one last point you'd like to leave somebody with? Like if you want to give somebody a takeaway.
Becky: I think the takeaway that I would I want them to have is, to get serious and own digital transformation and make it a success for the company or walk away because you're not doing your company fair. You're not the center of a company. You have a responsibility and this is vital to the success of the company you lead and so it needs to become everybody's responsibility. And the ability to sell that in is the CIOs as well.
Mark: Yes. I couldn't agree more and my only little add onto that is that, as we discussed earlier in the conversation that digital transformation is much more than technology. It's maybe helping turning your company into a technology company, but all the technology you have is meaningless if you don't have the right organizational fortitude and vision. And not only is that organizational alignment on our point, it's organizational alignment and putting the right leaders in the right places and not forgetting that in the end, everything we do, it rolls back to how effective our leadership is. That leadership isn't just a leadership of the CIO or the CTO. Those are obviously critical, but it's, it's how we take ownership, and how we lead. Because otherwise we're mostly just dealing with the symptoms.
Becky: Exactly. The other piece of that is it's not for the weak of heart because one thing about digital transformation to make the transformation really move hearts and minds, it'll take three and a half years. That does not mean it takes three and a half years to get to success. You should be able to carve your strategy out to where you're delivering value every 30, 60, 90 days because you're going to have to keep that velocity in order to keep your parties interested at all levels in the organization.
Mark: Yeah. As a former project manager in my life gone by I couldn't agree more. There's nothing worse than having a year long projects where half the team is forgotten your name by the time you get into six months and have found other priorities. Yep. Well, Becky again, thank you very much.
Becky: Thank you for inviting me.
Mark: Oh no. It was my pleasure and with that folks I just want to thank you for listening and thank Becky for joining me for this episode. Join us next time when we're joined by Mike D. Kail, former CIO and current CTO at everest.org, and if you'd like to nominate anyone to join me in a future podcast, email us at [email protected]. Until next time, I'm mark and you can find me on twitter at @mthiele10. Becky, where can we find you online?
Mark: Awesome. Great. Well again Becky, thank you very much.
Becky: Thank you, Mark. Thank you everyone.
Share this episode:
Nov 27, 2018
A conversation with Jo Peterson & Charles Johnson
Jo Peterson is the VP of Cloud Services for Clarify360. As an engineer and leading industry expert, Jo sources net new technology footprints, and is an expert at optimizing and benchmarking existing environments. Jo is a 20-year veteran in the technology field with tenure at MCI, Intermedia/Digex Communications, Qwest Communications, now CenturyLink/Savvis in both pre-sales technical and selling roles.
Charles Johnson is an 18 year IT veteran wholly focused on ensuring organizations large and small are enabled to protect their data and infrastructure from malicious activity. Charles began his career in InfoSec securing communications for the Joint Chiefs of Staff and Joint Communications in the United States Navy. Prior to joining Alert Logic, Charles spent 4 years working as a consulting engineer and solutions architect helping organizations measure and address risk and operationalize investments in information systems security resources.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA to Infinity Paradigm and beyond podcast where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, cloud, data centers, AI, Security, Infrastructure, general IT and more. This time I am joined by Jo Peterson and Charles Johnson. Jo and then Charles why don't you say a little bit about yourself. What you're doing today and what are you finding exciting?
Jo Peterson: Charles, you please?
Charles Johnson: Most certainly. I usually go for ladies first. My name is Charles Johnson and I am the vice president of sales engineering and solution architecture for Alert Logic. I am having a lot of fun watching the maturation of teams globally moved from what we call traditional architectures to more distributed and highly scalable architectures and helping them actually get all of those applications that they're delivering on behalf of their internal, external customers secure. It's been an amazing ride both in my career over the last 20 years and certainly the last three and a half at Alert Logic. And I'm looking forward to seeing what comes next.
Mark: Nice, Thanks. Jo?
Jo: Hi, I'm Jo Peterson. I'm the vice president of Cloud Services for Clarify360. We're a boutique consultancy. I have been working in the cloud space since 2009. And I completely agree with Charles. We've gone from really baby steps to watching cloud mature. And I think that we're maybe in the preteen years right now.
Mark: I would agree with that. I think it's ironic and both of you having been around the space for a little while, might feel the same way I do, but, I can remember thinking that, why aren't we mature and it's like 2010, 2011, right? And then realizing again in 2016 starting of 2017 that the market was actually beginning to show signs of maturity; and that maturity is still blossoming. We're still not there, but it's actually really amazing to me that it took a full 10 years from when people first started using S3 instances on Amazon to today to get us to the point where I would say a simple majority of the IT population have some common understanding of what cloud can mean to them and to the business. And that's pretty remarkable actually, that it took 10 years.
Mark: So today's topic is almost all around security and security in the cloud and the two of you obviously have significant experience there and I think it's really important topic for a number of reasons and some of those reasons we talked about before we even started the podcast. But I just wanted to say for those listening that I'm excited about this particular discussion because I feel like this will help someone put a little bit of a wrapper. It may not be a full wrapper. It may not be ready to give to your loved one as an anniversary gift wrapper, but it's a little bit of a wrapper around the idea of what it means to actually own the idea of security and the capabilities associated in the cloud world and too many of us get little bits of what we think cloud security is or could be about what ownership for ourselves, what responsibility for ourselves and our organization means versus the vendor or the partners in between. I think this conversation will go a long way towards helping in some of those discussions. So again Jo and Charles, thanks for joining.
Charles: Thank you.
Jo: Thanks for having us.
Mark: Absolutely. So let's just jump right in. So question one, Charles let's start with you. What's your working definition of cloud security?
Charles: I would say the working definition would have to be understanding that there is infrastructure that you're leveraging to execute your business, but that infrastructure is basically something that remains outside of your physical control. So we're all very familiar with having data centers on premise. We're all very familiar with having data centers and colocated facilities and this is the next step, in that sort of maturing process, getting that in a highly scalable environment, but the trade off for having that highly scalable environment means that you don't physically control the assets with which you leveraged it to deliver your business. When we define cloud as something that's something that's really outside of your control, you also have to look at security as augmenting your internal and external business practices to make sure that you are limiting risk in that very different environment.
Mark: That makes a lot of sense. Jo what would you add to that?
Jo: Yeah, I guess in my brain I think of it as a Raci document, right? And I see it as a framework and I see sort of takes input, right? So who's responsible for what you've got to have as an organization and as an enterprise, you've got to have your own sets of policies, technologies, and controls that you've gotten in place and deploy to protect your data and your applications and your associated infrastructure. You just can't set it and forget it. It doesn't work that way.
Mark: Yeah, absolutely great points. So moving on from that theory and having to carry the idea of understanding what your security responsibilities remained to be in this new environment. Who in the organization is responsible for cloud security? Jo Let's start with you this time. how do you see the traditional roles fitting or do we need someone new assigned.
Jo: See, that's kind of a tricky question. I think it's still a working progress and companies are sorting it out. So here's what I've come to and I don't know what Charles has got to say, but the CISO is a trusted peer of the CIO but still reports to the CIO right? So ultimately the cloud security buck stops with the CIO.
Charles: I understand why Jo would say that and this is going to be one of the few times that I would disagree. That is definitely the way it plays out of your chart. But functionally what we've seen, especially in cloud practices, is that the purview of the CIO tends not to really span over all the business units in a functional way. And we see this in the form of, developers coming in with the marketing team, for example, to build out a new website for a strategy that they're going to go to market with very soon they're going to do that very rapidly. And the CIO is largely unaware of the strokes that are associated with that. It's one of the reasons why they say it has to be the CEO. At some point somebody has to take ultimate responsibility for the state of that organization. The risk, the revenue and all of the fallout associated with making poor decisions for all of the department heads associated with that organization. That has to be the CEO. I think what we're going to see increasingly is that boards are becoming more aware because of the risk associated with their investments, are going to be holding the CEO more accountable for the decisions. I think functionally you still will see the CIO have lots of that responsibility, but I don't think there's a way that CEO's can escape, owning at least the business portion of the risk associated with cybersecurity.
Mark: I truthfully mostly agree with both of you and maybe have a slightly different take, but you guys are definitely the experts as compared to me. And I would only caution that in general almost any organization can be made to work, right? And many of us have seen that in our IT organizations or in any other organization you can make any organizational design work. It's just about how much of the care and feeding is there, or how much care and feeding is needed and whether or not you have the right responsibilities and results outlined so that you can point the stick as it were, as much as, we generally try not to use the stick anymore than we have to use the carrot as much as possible, but you have to be able to point the stick at someone. Right? And coming from my side of the equation the data center, where I've spent so much more time than specifically on security, I've had security report to me a couple of times, but coming from the data center side, similar problem is that the vast majority of IT organizations today, might have a data center, but there's actually no one person in the organization that is responsible for everything data center. The CIO thinks he or she is responsible for what happens inside the data center. The facilities team thinks they're responsible for what happens on the outside of the data center and Finances independent and corporate sustainability is independent and so on and so forth and that creates problems for the ability to measure and I think to measure and monitor for efficiency and business appropriate spend, et cetera. And I think that ownership needs to be outlined for security one way or the other in the organization and I would probably lean towards the idea that whether it fell under the CIO's overall umbrella or not, that in the end like finances when the CEO signs off on something that is SOX regulated he's basically saying that this is correct and I'm putting my signature to that effect. And I think that same rule probably applies to security as well. Or should anyway. So when you think about how this concern over data exposure made cloud security a priority and you guys can feel free to relate it back to the previous question if you want or answer it however you see as appropriate. how do we handle that? How do we think about data exposure in the cloud world? we'll start with Charles this time.
Charles: This one is a sticky one because when you look at the terms of service for any cloud provider and you can trace that back to even data center providers, colocation facilities for example, they rarely ever take responsibility no matter how you leverage their services for the data that's contained within. This is the same paradigm if you pull into a shopping mall and park in their parking lot, they say that we're not responsible for what happens to your car so that sort of model leaves quite a bit of ambiguity for people that are leaning on those same providers to provide them with a fair marketable service. I think when we relate it back to the original question, as you're engaging with those organizations, no matter what service there happened to be providing, you need to make certain that before you executed an agreement, it is very clear. going back to Jo's comment about [sic] what they will deliver to you, what they will consult you on, what they will inform you on and the terms in which they will do that. This is certainly skewed, especially with the ignorance of most organizations today toward the providers and we need to make sure that we're doing the due diligence for our external internal customers to make sure that we're getting everything that we need out of those providers.
Mark: Right, and what's your take on that Jo? Joe  Well, I agree with Charles when organizations decide to move their data to the cloud, many assume that the responsibility for securing that data moves with it to the cloud provider and that seems like a fair assumption. But it's just that, assumption. Despite great guidance from the hypercloud providers, customer negligence is still a thing. 4 years ago security from Rapid7 highlighted the problem in the survey of over 12,000 Amazon S3 Buckets, and I thought this was interesting. The research found that almost one in six, one in six were left accessible to the public, and that exposed more than a 126 million files, many of which contains sensitive info. Right? So everybody's got to be on board. I mean the cloud provider responsible. They set up security on S3 Buckets and guess what folks leave them open because it's easier.
Mark: No it is a critical problem and it's not only in just basic understanding and acceptance that responsibility can and does fall on both parties, but even when you could identify a clear risk has been generated by the cloud service provider. There is absolutely no way that a cloud service provider without some form of insurance that would probably make cloud operations too expensive for anyone to use as compared to doing it in your own facility. There's no way that they could if for instance, I was running the cloud for eBay or Paypal doesn't make any difference pick any large company and and I lost operations for that business for a day. And that was an occurrence that could happen to any one of 500 or so companies over the course of a calendar year, imagine what that would mean to profit and loss if I had to actually cover a perceived loss, assumed loss due to missed orders or whatever for each of those companies. I mean the cloud companies wouldn't be able to stay in business. And this is a problem that has been existing in the network space, when you buying connectivity from level three or AboveNet or any one of those providers. The same thing applies. I've lost connectivity in my businesses that I report to have lost millions of dollars in opportunity and I'll be lucky to get some prorated value of my month's cost of networking back. Right? So those kind of SLA returns are meaningless really in the long run in anything other than something that attempts to keep the vendor honest. But again, this is something that you have to go into with eyes wide open, right? And you and you have to make plans in order to safeguard your company the best way you can and keep in mind that generically speaking, you're probably more likely to have that security threat occur on your own property that you are if you're doing things correctly, to have that same security threat occur with the cloud provider.
Jo: Right, I agree. Mark Yup. So going to the next step, has the challenge become one of balancing the organization's need for agility, while improving security of applications and securing the data as it moves between various clouds. I mean, how do we balance that, Charles?
Charles: I think what we need to get to is a point of recognizing that we need to protect two things for cloud security. One is data. We need to make sure that we have governance at every stage of usage around governance of data and that will basically determine how you build out your application and the infrastructure that goes around with that. In kind we also need to make sure that we're protecting identity. And I think that's really the next wave of marketing and buzz, we've gone through the AI and machine learning waves of noise from the market and identity I think is really the next frontier because the only way that you can truly protect data, no matter who's using it or where it happens to be, is to make sure that you understand the idea of the person that's actually accessing that unit of data. And those two things together I think where we really where we need to focus. It's really gonna help justify spend and it's really going to help us identify where our weaknesses are moving forward.
Mark: Right. and Jo, I'd love to get your feedback on that as well. But it sounds to me, I might've misheard Charles, but it sounds to me like you said, blockchain, blockchain, blockchain, blah, blah, blah. Is that what you heard Jo? Just kidding but go ahead. what's your take on that question?
Jo: Well I'm starting to see a couple things happen in tandem. I agree with Charles, that we're in a situation where it's just dawning on folks, why is it just dawning on them? I don't know, but it's just dawning on them that hey we're borderless and that means that, because we've changed, we've gone to the cloud, our security posture has changed because it's changed things, how we address things, right? So we're starting to see folks get the idea of, "Oh hey, I need some stuff in place, like I need identity and access management because I didn't have that before and I need endpoint security." So you're starting to see elements getting hardened right around the cloud, which is great. And then you're also seeing teams start to think about, well, "hey, maybe we need a DevOps security guy because it's not okay to put the security, the bow on security after we got to think about, sort of baking in the chocolate chips to the recipe. Right?" And then thirdly from the security vendors, if they realized that folks are using multicloud and you're seeing security firms starting to pitch centralized management schemes as a way of reducing complexity and then addressing the disconnect that's going on around the security of the data. So you've kind of got three things happening at once.
Mark: Yeah, that makes a lot of sense. Obviously highlights the point of the initial reason for this conversation is that this is a complex issue that requires a lot of thought. And I liked the theme of the answer to in the sense that, so many of us when we have discussions about security, talk about what we believe is the risk in the environment that people think of security as a bolt on rather than something that should be built from ground up and I think if I read you correctly, Jo, that's kinda what you're saying, right, is that this is not something that you can just bolt on after the fact. You don't go buy a bunch of stuff and then say, how do I apply a security? Great answer. so let's talk about the different types of clouds and how that type of cloud affects your responsibility, right? This could be any number of cloud platforms. So it could be from an internal cloud or external cloud, cloud that you're using for one specific business process or compliance need or it could be a cloud that is actually doesn't really matter that it's a cloud, but you're using cloud because it's offering you some form of SAS solution. Charles, how do you see that?
Charles: I think we've become very mature at handling private clouds, if you will. If we're going to use that as our base moniker for that. Our ability to manage what comes in and goes out of data centers and colocation facilities is quite mature. I think though that the challenge that we have is that we haven't been able to get those same controls because we can't control the physical space inside of the public cloud so there's a very natural difference between the two there. I think that the real thing that people haven't gotten their brains wrapped around is a difference between infrastructure and platform as a service. And really when we talk about AWS or Microsoft Azure with the virtual machines and things like that, we're really looking at a mix of both infrastructure and platform and the best developers are actually gonna aside toward the platform because there's a lower cost operationally associated with that and there's higher scale associated with that. So there's a piece there and then there's also sort of this back office, if you will, or our office in general usage of the cloud where you have Office 365 and you have Identity Management via Azure, which comes at a very different layer, still a platform but not managing in much the same way as the, as the other two services. So there really has to be a baseline of understanding for what you're actually consuming before you really define which of the clouds that you're actually offering. But I think that if you look at that, there's actually a myriad of ways that people are consuming services that they don't manage themselves.
Mark: Yeah, totally agree. Jo, what's your take on that?
Jo: Man I went to the white board on this one. It was great question. And then what I ended up with was exactly what Charles said. I ended up with sort of like a diagram of where stuff crossed over and then who owned it and I got to tell you that I walked away looking at the same going "man, Okay. So who exactly does own the security around Office 365 because it's a Microsoft product, but it's not owned by the infrastructure team, I mean who is owning that? Right." So I was confused when I walked away because this stuff gets managed by different groups in the organization.
Mark: Right, well it's so true. That is very problematic. I wish there were easy answers to some of these things.
Charles: I think the easy answer will always come in with expertise on the team and much for with The Infinity Paradigm sort of works to address is that there's always tribal knowledge associated with these organizations and there tends to be one or two guys who were really strong and serves as to point toward the North Star for making sure that things are configured and secured properly.
Mark: I appreciate you bringing up The Infinity Paradigm. Really quickly just a question for both of you and Charles, since you brought it up. I'll start with you. I mean, do you see the complexity of modern IT ownership, that includes things like multi-cloud and distributed data sets and complex partner relationships, combination of SaS delivered apps and custom apps and rapidly changing business models as a time where something like the Infinity Paradigm is more important than ever.
Charles: Oh, for certain I grew up in a time where the ITSM was sort of your rule for most mature organizations and even that as a rule is broken with this hybrid state that we're all basically working to govern that the paradigm does address that in a way that makes sense. But I think you really need to take a step back and hold no sacred cows if you will, as you're working to implement the Paradigm in full. I think it's the right thing to do.
Mark: Yeah and Jo, any thoughts on that?
Jo: Yeah, I think what the Paradigm does is as I went through it first. It was super well laid out, but I thought, here's something that you could give to a CEO or a CIO as sort of a roadmap to follow and help empowering and powerful was that, it just addressed everything and it was a playbook. I thought it was cool.
Mark: No, I appreciate that. That's kinda of how Mehdi the founder of the organization actually got me excited about joining was that we were having that very discussion about the fact that it's very hard to find a playbook, especially a playbook that isn't just one really smart coders idea of the only way to code to solve a particular problem or one server builders opinion of the only way to create the architecture for a high performance hardware stack or one data center operators idea of what the best data center is, but rather, or what's the best of all of those things specifically for your business and what's the right way to own them. Right. There is today, no playbook that gets you even one of those categories, let alone all of the categories of ownership that involves the ecosystem of applications that make up IT. And so to your point, Jo and Charles that's really why I jumped on board to try to help with this initiative. So I appreciate the comments. Thank you very much. Mark: So generally speaking, I'm not a huge fan. I shouldn't say I'm not a huge fan, I'm actually a fan of Gartner, but I use Gartner in ways that Gartner probably wouldn't appreciate it and that's the sense that I find them a trailing indicator more often than a leading indicator. In many of their, about how things will play out into the future. Many of them have not come true, at least been close. And this next question is that Gartner suggests that through 2020, 95% percent of cloud security failures will likely be the customer's fault. Charles, what's your take on that? I mean, do you see that as relatively close?
Charles: I tell you that it's probably closer to 100% and the only reason why Gartner didn't say 100%, nobody's going to believe that. We pretty much encapsulated at a high level all of the complexities around managing a hybrid architectures and at the rate of change that we're working through, there's absolutely no way that you can get your arms wrapped around it. So as a trailing indicator, yes, this is probably true, but I think this is probably an indicator that we need to be having this conversation a little bit differently.
Mark: Charles still there? Oh, there you go. Now I can hear you. I don't know whether I went out or you went out, but I couldn't hear you for a second. Maybe you could just repeat your last comment there real quick.
Charles: Certainly I think that this is probably an indicator that we need to take a look at this conversation a little bit differently. Certainly if somebody breaks into your house as a homeowner, you can take responsibility for that but what are the compensating controls that I really need to be implementing? and how do I need to govern my business so that I'm impervious to attack versus a largely susceptible to it that's really the conversation that we need to have versus the statistic, if you will, that at one point I have definitely will be under attack.
Mark: Yeah. Jo, anything you'd like to add to that?
Jo: Oh yeah. I mean, we're all wildly aware of the problem, but what's the answer? And I think the answer is training and I think that a CIO that says, great, we have the cloud, how many of you guys are going to go get trained this year? How many CISSP do we have on staff? And who wants to go for training for that? What are you doing to prepare your teams to deal with this problem? Because education is power. Knowledge is power.
Mark: Yeah. So again, I could add more there, but I'm just wasting our listeners' time because I agree with both of you. Good stuff and so taking that complexity of ownership point and the fact that we all generally agree that some something north of 90% of the security problems will likely originate with the customer. I would reiterate for the listeners that a point that Jo made about training is hugely critical and this is not just training for the people in your organization that have a hand in affecting your security posture directly, either response to security threats or preparing applications and infrastructure to avoid security threats, but also to the people that are using your environments. It's a huge missed opportunity in many organizations to just give some form of simple training to the average customer to help the average end user to help them avoid creating additional risk for the organization. We talked a lot about the complexity. We talked a little bit about multiple cloud or multi-cloud and the fact that organizations are getting more complex. How does a correlating data across multiple clouds, the introduction of containers and others layers of complexity, change or add to the security equation. Jo, you want to take that one to start?
Jo: Yeah, it made me do a little research and I found this really cool study that Barracuda networks released in 2017. They talked to 300 IT decision makers and the study found that 77% of those polled said the public cloud providers are responsible for securing customer data in the cloud. Meanwhile, 68% of executives said that the cloud providers are responsible for application security. I was kinda surprised. Really? Okay, but it also found that enterprises were using on average of three public cloud providers and I think that the answer becomes it sort of that three way thing that we talked about earlier. It's going to have to be a bit of a change in education on the side of the customer and it's also going to have to be providers coming to the table and say, look, we're going to help you try to make this a little easier as well. It's going to take everybody getting in the pot and making the soup.
Mark: Yeah. Charles how would you add to that?
Charles: I will tell you that as of the recording, we're very close to Thanksgiving and for me, that marks a lot of eating and it also marked the time where we're getting ready to go to AWS re:Invent. The wonderful thing about being at AWS re:Invent. It's a gigantic show. Lots of people show up and they're looking for what's coming next on the bleeding edge with the promise that's going to be everything that they need. And that's the theme for every year. Everything that you need is here in AWS practically. It's just not true. And I don't think we'll ever get to a point where you can build your entire business model running an AWS. They would love it, but I don't think it's really true that the strength that Google has, for example, on data analytics is never going to be matched by any other provider. The operational strength and really the business model that Microsoft brings with Azure is something that back offices are always going to enjoy. So you really have to get away from this thinking that there's going be a one size fit all cloud solution, which means that there's never going to be a one size fit all security solution for the cloud. You really need to get back to understanding where your data flows are, what your identities are for those data flows, and making sure that you're spreading that across your entire infrastructure. I think that's really the mindset that we need to get to. Training is very important in that because now instead of running on a single platform where we can get our entire business wrapped around it, I have three. So we need to understand that those are tools, very expensive tools, but we need to know how to leverage those and secure those appropriately.
Mark: So if, again, if I'm interpreting you correctly Charles, it sounds like you said I can't just go out and buy a security blanket with an AWS label on it and lie underneath it and be protected.
Charles: You might enjoy what you get from it, but I think you might be cold in the middle of the night.
Mark: All right, so by 2018, the estimate is that 60% of enterprises that implement appropriate cloud visibility and control tools will experience one third fewer security failures. How does, in your mind, both of you, how does, visibility change the equation? Jo, we'll start with you again.
Jo: Well, first of all, let me comment on what Charles said last. One of the reasons I enjoy interacting with Charles is while he's always respectful, he just doesn't hold back. He tells the truth. Right? So that's a pleasure. I think we're getting better at visibility, right? But I guess I think about Charles, I'd love to hear your thoughts here, but it's like a log file. If you don't know what you're reading, what does it matter?
Charles: 100% correct. I'll dig a little bit deeper than that. Let's assume that you understood the context of every log that was generated from a log file perspective it's after the fact. So you're always playing catch up. So that's one. I'll ignore the volume of the log, but there's so many ways that data can be used and data is always being reused by different entities, whether internal or external. It is almost impossible to stay in front of that, from a log perspective, which is why SIM is broken. The visibility that we need is really going to be understanding the normal usage of our data in our platform and then trying to identify very quickly where the deviations from that normal usage are and I think we're getting to a way, and this is a pleasant nod toward AWS. I think we're getting to a place where this is possible, but it's really going to demand that people understand their own applications a lot better, their own normal usage better and not relying on reactive mechanisms for visibility. They've really got to get in front of that and that has to be built into the application itself.
Mark: Yeah Agreed. That's some great points and worth considering for pretty much everyone. So next question guys and maybe this might be the last official question before I begin wrapping up, but we'll see how that goes according to cybersecurity insiders, the biggest threats to cloud security, misconfiguration of cloud platforms as number one, and this is followed by unauthorized access through misuse of employee credentials and improper access control. So which is like 55% and then insecure interfaces of 50%. Do you agree with these statistics? what would you add? let's start with you Charles.
Charles: I think I agree with the statistics. I think what's impossible with all of these measures is sort of where the reporting is and how much of that is truly reportable in a way that we can run analytics on it. So I would caution there, but it probably is going to be a little bit higher than that. What I can tell you though from from my purview at Alert Logic, I would say almost nine times out of 10 it's going to be some sort of configuration issue, whether it's latent misconfiguration, as in I left security groups open and I was ignorant about that, or I'm downloading a dependency in my application and I didn't do the due diligence to understand what that opened me up to from a vulnerability standpoint. So there a myriad of ways, for that to take place. I think that if anybody's looking forward to getting their arms wrapped around that, don't do it on your own. You really do need a strong partner, which is why I like playing with Jo to help walk you through where some of those pitfalls are so that you can intelligently get your arms wrapped around that risk.
Mark: Yeah. It makes sense. Jo, what would you add to that?
Jo: Yeah, I mean, we're dancing on this, but we're starting to see the enlightened organizations think about security more as a business imperative and less as a tech imperative. And that means that there's gotta be some security awareness training and that the company from a top down has to say, yeah, this is sort of important and everybody needs to be aware of how important this data that we have because it affects lots of things including our business revenue.
Mark: Yeah. And I think this is maybe not a little bit off topic, but related certainly in and you guys can feel free to comment if you want. But one of the single biggest problems that I faced in virtually every organization where I had a major responsibility in IT was in information management from a corporate strategy and ownership / risk standpoint. It's people used to try to buy expensive tools like documentum and others and try to classify [sic] well certain process when they created a new document and almost in no case except for those cases where literally every step you take is being overlooked by the NSA or the Pentagon or something, did any of the companies, were any of the companies able to follow through with matching their ideal to people's daily work effort and it seems that one of the biggest problems we face in security risk introduction and evaluation of risk in flight is the fact that we as companies often do such a poor job at making determinations of what's valuable, why it's valuable and how it should be owned and managed at that value level. Do you guys care to comment on that at all?
Charles: There's an old adage that says best laid plans, right? Yeah. I think that you have to be realistic about, sort of your goals. I've seen plenty of people spend millions of dollars on cyber security programs and still suffer the embarrassment after not setting expectations properly. Start small, but start important, make sure that you understand where the crown jewels are and work backward from there and you'll find maturation as you diligently work to protect the most important parts and I think you'll find success a lot easier that way.
Mark: Yeah. Agreed. Jo, any final word on that?
Jo: Yeah, I agree. It's interesting to me, everybody thinks that everybody's gone to the cloud and that's just not true, right? Not true. And I think about it as, when I sit down with the team and I say, okay, let's look at this application rationalization we want to do, same thing, why don't we put things in buckets. They haven't even put things in buckets yet. So to Charles's point, if you don't know what you're going to focus on, why are you spending any money on security at all if you don't have a phone?
Mark: Right. you need to define the why and what the end result ought to be for that "why". Mark: Well guys, I really appreciate the time today. This has been enlightening for me and I hope that whoever listens will find it enlightening as well. This is a critical topic and we only scratched the surface of the opportunity. I think all of us, we're hoping that we would get through, even more material than we did today but again, thank you very much for joining. I appreciate the time and with that folks, I'd like to say that please tune in for the next episode probably sometime in the middle of December. I don't know the exact date. We'll have Mike Kale former CIO and current CTO for Everest.org. And if you'd like to nominate anyone a future podcast, please email us at [email protected] . And in the meantime, Jo and Charles, how do people find you online? Charles, you first.
Charles: You can find me most easily on LinkedIn. My name is Charles K Johnson (cjohnsoninfosec), and if you look for me, I think it's probably best, there's quite a few of us, to go to Alert Logic first and you'll find me there. I'm happy to reach out. You'll find all of my personal information, and some of my projects there as well.
Mark: Awesome. And Jo, what about you? I know that people can find you on twitter. You're, you're always pestering me.
Jo: Oh nice, oh nice. You can find me on twitter @digitalcloudgal, and there's a great group of people that are active around cloud conversations. I'd encourage you to join the conversation. People are from all over the world and have different points of view and it's always fresh and current.
Mark: I appreciate that. So again, thanks folks, and until next time.
Jo: Okay sir, thanks for having us. Thank you. Bye.
Share this episode:
Nov 6, 2018
A conversation with Rob Hirschfeld
Rob Hirschfeld is the Founder and CEO of RackN. Rob has a background in Scale Computing, Mechanical and Systems Engineering and specializes in large scale complex systems that are integrated with the physical environment. He is able to break long range technical vision into meaningful tactical steps. Rob has executive experience at both start-ups and big companies where he is a strong advocate for Lean/Agile processes.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA to Infinity Paradigm and Beyond Podcast, where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, cloud, Iot, data centers, AI, big data infrastructure, open source, and more. This time I'm joined by Rob Hirschfeld, CEO and founder of RackN and just long time industry thought leader. Rob, welcome to the show.
Rob Hirschfeld: Mark It's a pleasure to be here.
Mark: Rob, I always like to start these shows, giving the audience a little bit of perspective on where the speaker comes from and how they got to where they are. Tell me a little bit about rob in his free time and what Rob was doing to get him to where he is today at RackN.
Rob: Oh boy. How long do we have? It's actually funny, one of my free time activities has been using a Vive VR gaming. My son left it when he went to college and I've secretly adopted it and have a lot of fun exploring the travel. We have an empty room and I can travel wherever I want to in it. That's been really neat. and my wife and I finished War and Peace. You can do it 1 chapter a day over a year. And it was surprisingly good. It's not scary. It's fun drama. Watching the BBC show. So that's a little of my free time.
Mark: Nice. So how did you get to where you are with RackN? What were you doing before you decided to found RackN?
Rob: My Co founder and I were at Dell, Solving pretty much the same problems, RackN very briefly, fixes the physical data center underlay problems. So we try to make data centers more repeatable and automated and less manual. And we were at Dell, doing that same thing in the early OpenStack and Hadoop days. We were on the board at OpenStack for 4 years. We were the first OpenStack installer and realized that things were going to be bad because data centers were not managed in a consistent way and so any work we did to try and make data center operators lives better was compounded by the fact that no two data centers were operated in the same way. And so we saw a real problem. My career goes way back in data centers before that I was actually a early founder of a cloud startup first virtualized cloud infrastructures, 2001, believe it or not.
Mark: So Rob talking about the RackN. I've obviously been a big fan of what you guys are doing and you and I have had conversations in the past about the importance of creating a much more mailable, or as the common term is today, much more infrastructure is code type of environment for deployment of new capacity in your data centers. You and I have had those conversations for a long time. We're obviously on the same page, but for the audience, give us a little bit of your thought on why you see as being so important today and how you guys maybe are solving it a little differently than most.
Rob: Wow. It's a huge challenge and opportunity. The idea that people can write code for running their infrastructure should be like a no brainer. It's super hard to. So when people do it, they end up doing it just for themselves. So it's not just a question of whether you can automate your data center. The thing that really motivates us is how you do it in a way that other people don't have to reinvent the wheel in every data center they come to and that they can reuse things and so when we looked at this problem, there were couple of specific things that we felt like we had to address. One of them is the actual physical automation layer problem without needing specialized gear. Like we've seen people solve this with special servers, like single vendor solutions. We felt like we have solved it using a standard gear, right? Standard protocols, nothing, no magic, no specialize, only this vendor. That was really important to us. the other thing that was really important though is this concept of composability, which I feel like is really overlooked, which says that I can give you a piece of automation Bios setting, Kubernetes install a safe key injection, little pieces and then you can reuse that and if you find a bug, I can fix that one piece and everybody else who's using that piece can get the benefit.
Mark: Rob, the definition you just provided gives me a feeling, I'm probably off base, but it gives me the feeling that you're trying to say that you're enabling infrastructure management in almost a microservices kind of way. Is that on course?
Rob: It's on course in that it's the same idea, right? We're talking about decomposing big jobs into much smaller ones so that you can get reuse and people can redo it. It's just like object oriented programming. The mistake somebody might make to think that we're creating a whole bunch of microservices and then running the services. That's not what we're doing. There's components that we do like that, but the real strategy here is the composability piece that you get from microservices where you can connect a whole bunch of things together and then critically version them separately. So the benefit of a microservice over a monolith is that you can say I'm fixing this one service and all the other services around it don't have to be fixed, changed, balanced, right? You can create the separations and then you can take a service master, something like that and actually create an automation platform around it so that you have protections and circuit breakers and all sorts of cool patterns.
Mark: So, Rob, we've gone back and forth a little bit, you know I'm a fan of what you're doing. As I've already said, we've been talking about the importance of this as it relates to trends in the industry and in a kind of seems to be a simple problem of recognition but is a real difficult problem for people to grasp. I think a lot of it is because of, we're set in our ways. I like how David Linthicum referenced it in my last podcast where he referenced it as the folded arm gang from an IT standpoint as one potential holdup. But I think the other holdup is that so much of what happens in IT is incremental right? There are few organizations that go from being a bank to becoming Paypal over the course of 18 months. Right? That's a real rarity and it's not so much the scale that I'm talking about as it is, the difference in how technology must be delivered in order to satisfy the new way that you're interacting with your customers. I know you and I have talked about this before, but it seems to me that that's one of the single most important aspects of getting your platform in place and getting the right combination of infrastructure platforms, components in place because more of us will have to act like a Netflix or a Paypal or an EBay as we move forward because of these trends. At least that's my perspective. How would you add to that? Let's riff on that.
Rob: The David Linthicum podcast was really good. One of the things that I left that one with - people should definitely go listen to it. The idea of leaving slack in your schedule for innovation. And you'll see why this is growing because as a startup we have a very hard time having people disrupt their process, to embrace new things. The reason banks don't become Ebay is because you have to tear apart so much of the process and people infrastructure let alone the tech. It's one of the things that we see with huge projects that have a ton of momentum and so there are people who want want to transform the duck into a goose. It's much harder to make those transitions than it is to actually fix the problems that you have and technology is especially like that, right? The idea that, you haven't considered something that, in a containerized universe and form fitting containers back into it is really hard, right? We have a lot of discussions around that in the industry, “can I containerize on my whole thing”. It's like you can but containerize the new stuff first because you're going to build for that model. I watched that go on. There's layers of things around open source, and challenges that we've been seeing in open source, The Reddis and Mongo licensed challenges where people aren't making money. The idea that people no longer think that they can run their own infrastructure, which to me is hugely problematic. I'm sort of going through this crisis. You create this huge space for me to try and fill and I need to pull back. We can drill on one thing that I think you and I see very much eye to eye on which is this idea that people are no longer good at doing things. Amazon myth promoted in a lot of cases by the idea that there's so much going on that companies can't do it all. They have to focus on their core strengths. You sort of teed up this idea of your core strength is better be doing technology well, as part of it because you can't really advocate that, right? Amazon is already priced into the market. You better be able to do that better. So I get very frustrated when I see people assume that everybody's going to run to the cloud and then that's the end game. It's table stakes. and I say that not from the way David Linthicum was saying it, where it's like, you should do everything in cloud because you have to. The benefits that people get from doing infrastructure as code and Api driven infrastructure and things like that and see ICD Infrastructures and things like that. You have to build those into yourself. But then you better be able to say "Oh, now that I've gotten those skills, it's not that hard for me to then translate that back into running my own infrastructure or owning more of those processes." Because if you're doing machine learning, you teed up that at the beginning of the show. If I'm doing machine learning and AI and things like that, those are really expensive infrastructures to rent today. And you're gonna find that at scale, having your own ability to run a 100 or 200 servers. We see this a lot with customers. That's not a big number right now. You'd better be good at that because renting that's going to be expensive, it just is, now maybe it'll get or Amazon will keep doing a good job, are you ready to compete with Amazon?
Mark: I think you raise couple of good points there. One of them is that the assumption that there is an end answer to anything in IT ever. I usually would argue is wrong, right? Just because well logic would say that no one will come around and compete with Amazon or Microsoft or Google anytime soon and they're probably correct. The ingenuity and variability of the component, it's the makeup, anything IT related mean that something could be invented tomorrow to leverage what is already existing in ways that Amazon or Google could never do; and so it was just the idea that we should sell away without any ability to manage to right placement and manage to expanding where we want to expand, when we need to expand and to do that in a similar fashion, that is where I see as being both a cultural and an architectural decision at the highest levels in an IT organization.
Rob: Yeah, I think you're right. I think that the idea that Amazon and Google and Microsoft don't have significant competition or won't be disrupted is very naive because of the amount of work we're doing on edge, right? I do a lot, leaning into edge and edge infrastructure and edge automation and application development and that is so different and the use cases are so different from traditional cloud where these incumbents have their footprints that all is going to take is somebody to get a augmented reality goggles right or phone generation to have some better high bandwidth interconnect need, for us to flip into this edge data center infrastructure where we're talking about a very different model. And that'll flip over. Unfortunately, I don't think that the phone companies or cable companies who have an opportunity in front of them with this are as innovative as I'd like to see. I know that your day job with Ericsson has some really interesting positions on this and software coming up, it's going to be a huge problem, a huge challenge to fix this stuff. People should be watching this space.
Mark: Absolutely. I, there are a lot of things I would like to say here, but at risk of, of giving away what I think there may be some secret sauce that we're working on with Ericsson. I'm not going to make too many overall comments other than to say that you are 100 percent correct in my view on the notion that edge can be defined in any one of, from a location / opportunity / demand driver / deployment strategy edge could easily be defined in five or six different ways, right? There is edge for an instance of Azure, on somebody's factory floor, there is edge for somebody running drones out in the middle of the country where there's no populated states and there are many other examples, but one of the most common that I think about is this notion that the edge is made up of an incredible amount of opportunity to deliver a vastly improved and differentiated customer experience to some degree workloads, not necessarily the actual workload as coded, but workload as problem that needs to be solved and new opportunity for customer experience and that edge to me is a combination of all of them, but in reality it boils down to “I need to be able to get my app that may only have five seconds of influence on Rob Hirschfeld Day on an average week, but I need to get that out to 100 million people or 500 million people around the world on anybody's network” and to be able to enable them to use whatever development strategy they’re customarily or they're familiar with using for deployment of apps. Right? And to me that edge is just an enormous opportunity, but it is not an edge that will be defined by another Pokemon APP that drives investment of $20 Billion in the market overnight.
Rob: This is why I think Pokemon App is not necessarily key thing. I totally agree, right? It's this, the APP paradigms can't be totally new and I want to talk about proprietary versus open platforms, but first the thing that makes edge interesting is not the traditional game interaction app like you're thinking it's the edge to edge interaction App. And this is where I've been frustrated because people have trouble thinking about this in today's mindset. The thing that that is going to make edge applications really compelling is when you have physical devices and beacons and sensors and cameras and microphones and smart whatever's and your phone and your headset. Those needed to be interacting with each other and people are like thinking edge. And then they assume that you're going to of one of the guests in our podcast, which I co host I talked about is "tromboning" which I love that phrase. In that one, you're not going to trombone all this local data. It's got to be reconciled locally, and that is the thing that edge does distinctly different. The application paradigms are different. The data sharing is different because you might have 10 different or 100 different vendors in this case, which then tees up the open source versus proprietary a problem. Can we solve this with open source or should we solve this with those open source?
Mark: Yeah that's the key question, right? And you and I started the conversation before we started recording about open source, specifically on OpenStack and I want to, before we get involved in, dive deep into the nether regions of openstack, I want it to just make a statement for myself, if not for both of us and that, RackN’s is supported by an open source tool and there are many open source tools on the market today that offer terrific value to the consumer of that tool. But one strategy does not solve problems in every space of IT, and I think, based on our initial conversation, and I'll let you get started, there's some agreement from both of us on where OpenStack may have actually, at least in some parts of what we do and how we do it and how we grow the market may have hurt us more than helped us.
Rob: And that's, I've come to that conclusion and I was deeply involved in OpenStack and the formation of it and trying to try to figure this out. But we get into a case where people have become "I must use openstack" "I only use open stack" right? They think they make the mistake in comment that it has millions of contributors and huge development innovation pace, which is not true. And I know OpenStack people are going to rise up and they're shaking their fists at me right now, but it's this huge project. Individual components do not have high velocity and they are beholden to the whole project. So unlike a small project that's very focused, they solve problems for the whole, they're tied into that whole thing that's all integrated together and so their pace of development is limited. There are a lot of committees, a lot of people architecting things, discussing things. I’ve been watching their edge people have discussions where every six months they groundhog day on what is edge, you need those definitions and people and discussions and you need a community behind you. It's really helpful. At the same time, there's places where a small group of people understanding the problem and solving a problem can do it very quickly.
Mark: That's actually an excellent point. It's a point I made in an email with my brothers talking about a different issue brought up by Sam Harris about the future of AI, but I think I'd love to get you talking about a little bit more, but I think that is a potentially a core problem is that the vast majority of real change that's happened, whether it's in drug discovery or whether it's a new inventions have not been made by committee. They have not been made by thousands of people who somehow add up to a greater whole. They are made by a very small group and oftentimes even just one person who's willing to challenge the way things have been done in the past in a way that no one had thought of. And so I agree with the direction you're heading in this conversation around Openstack. And it actually needs me to be concerned. I was thinking about this in the car and I don't remember what brought it up. I mentioned it to you before we started recording, I got this strange thought that has the creation of OpenStack actually done more harm than good to enabling private ownership of cloud infrastructure. And I realized that for the average listener, for the average player in the OpenStack space, you and I right now are bringing blood into a church and drawing pentagrams right?
Rob: Not as much as you think.
Mark: I see the issue where we have builders of OpenStack distros that aren't in fact creating open source anymore. They are creating proprietary stacks. There's no way you could share what you bought it with something else that you bought from another organization or that you built yourself. If you build for a specific capability ahead of time and then OpenStack catches up to it, you have to worry about all new APIs; and you have to make a decision about whether or not you continue to develop against that going forward. How often will the community have your priorities in mind as you build forward? Whether they're too aggressive or not aggressive enough with building for those. The fact that if you have three distros that could all look similar, but if they're at all different, you can't treat them as if they're one cloud in three locations. These are real issues that, again, it's maybe blasphemy even to many of the people that I work with and love every single day that four or five private cloud builders who owned soup to nuts, how this worked for a company at least at a minimum when you bought that solution you could in theory have a sense of belief that that platform would work no matter when you bought it. And no matter where you installed it in your larger organization. Am I off base?
Rob: There's two issues here and you're bringing up in one of the ones which I find very differentiating, which is open source as a, you maintain it thing versus a product. One of the problems with open source in general is that, some projects in order to maintain, the way they evolve is as a consulting player or services play. OpenStack never created the vendor ecosystem where the community incentive was to create a production benefit because they had so many vendors. So the vendors would say "I am making the better OpenStack install experience or upgrade error or appliance or whatever." And the community just fractured on that and we never created a really sustainable, maintainable OpenStack. Single vendor projects have a tendency or smaller communities have a tendency to really focus on the operability. You had a great series on in LinkedIn called customer experience and Openstack’s customer experience from a user versus operator perspective didn't really get that much focus. But I think there's something different, right? We created this monolith. We're doing the same thing with Kubernetes and it's risky, where everybody's like, I've got to be part of this community and we've got a whole bunch of stakeholders to serve in how the software gets built and like with open stack on day one, I'm literally on day one. We were, how do we cram in Hyper V and Xen and KVM and VM is gotta be able to come into and oh my goodness, we started on day one diluting the usability of the platform, which some people with an evil laugh might actually say, oh that was intentional. OpenStack hurt the industry in the same way that VMware hurt the premises industry too by the way because they never created the operational experience to displace the vmware on premises and it didn't create the API compatibility and momentum to challenge Amazon and it literally ended up walking the worst of both worlds here where it didn't create critical mass on premises. Telcos are still struggling with how to upgrade, manage and maintain it. It was never built that way, so it wasn't built for them. They have a need, for network function virtualization or NFV and software to find networking. Those are real problems, but OpenStack wasn't built to solve those problems. It was built to be sort of an Amazon competitive, sort of a VMware competitor and you're right, if we had led different systems come about that were function fit for that we might have moved a lot faster and people might feel like they had IT Alternatives on premises that were interesting and competitive. And there's a huge industry problem. It's very simple one, because I see ISVs dying. You and I talked about this months ago. Independent Software Vendors are becoming as a service providers, cloud infrastructure people, which in some ways it makes it easy for adoption. But the pace of innovation in those platforms, I don't feel like is as strong. When you have these independent vendors who can go to hundreds of thousands of environments solving one on one problems, we actually get a lot more, much faster pace of innovation in the market than you see with, oh, I'm going to have something that on an Amazon service or an anytime Json service and Amazon is going to crush it and I'm going to be out of business. The idea that we have this highly diverse, lots of churn, really new ideas, pulling all things together in an environment is a good thing, it's reasonable. It's the same reason I don't think that we're going to have one hardware vendor who's going to create this dominant effect in our space people talk about Redfish and how Redfish is going to be amazing. And it's just a 2N problem. We had IPMI and it was a mess. Now we have Redfish and it has vendor extensions. Instead of getting upset about the vendor extensions, just realize that that is innovation and don't act like everybody has to remora into the everything else. I wish I had a dollar for every time somebody told me that my project should become part of the open source project and it would be so much better if it was governed under the OpenStack model because that would make it easier for them to participate. But wow. it's hard. Mark Yes, It is really hard. Another way I've looked at this particular problem, and it's not like I am an expert here. I've had a considerable amount of personal experience that I leveraged, but I'm not necessarily an expert on the life span and opportunity associated with open source products. I've seen what I've seen and it leaves me with an impact and I relate it back to projects and activities that I've done from an IT standpoint. And I see the from a product standpoint, if we think of openstack as a product, it's like going back to let's say pre iPhone days and we get everybody in the phone industry together to create an open source phone. We would have gotten a slightly better blackberry.
Rob: That's right.
Mark: We would not have gotten the apple iPhone. Right? My big concern here, and I think it mirrors what you were saying in many pieces is that we are in effect, we're doing that. Instead of taking some visionary folks, a small group of visionary folks who see the future that we should be building for. We instead are creating something that will be incrementally improved on based on consensus and how many of us in leadership positions, if we know anything about being a leader and running a company, how many of us in leadership positions would say that all of our decisions should go through a complete consensus model?
Mark: Well and even worse go for a consensus model where the sunk cost paradigm is not factored. This was a big debate that I was leading in OpenStack when I was in the community was the conversation between a way to do something and the way to do something. It's very hard for organizations internally and then projects, to say "oh we have two ways to do something" One's going to be, instead we have a tendency to say "oh this is the way to do it, participate or go away." That mentality to me was harmful in when I looked at the community because the community got so big; and I think this is challenging internally to accompany to. You can be careful. This is the mode one, mode two thing with the Gardner that drives me nuts also, where, what we're saying is that to be innovative, you have to give your organization time to experiment. They can't always be rushing to get their job done and 110 percent committed because they don't have time to think or breathe. And you have to be able to say, we're gonna do things a couple of different ways to see if one of them is better and allow that to happen. and say no that's good. It could be that this new thing disrupts our old thing. and that's part but we have to be modeling that. and some of the times we get these open source communities and these IP communities who sort of say "oh as long as we keep doing it this way, we're being innovative or we're doing the right thing." and that can be really risky.
Mark: I totally agree. I'm just thinking through everything you've said there and we're referencing what was mentioned in my last podcast a couple of times now, but it is an incredibly important point and something that we've also talked about in Mile’s CIO chat a couple of times. And that's really, it's impossible for someone to innovate if on a daily basis they're shaving off things that they know they should be doing because there's too many things they know they have to do and I've had so many people work for me and I've been that person for a good portion of my IT career where, yeah, I should write that procedure but I also need to keep the system running. I need to deploy these other servers. Yes, I should break down the recovery of this problem in manageable chunks and get the right group cause analysis out of it. But I've got too much pressure to solve it because I can't, not only am I getting pressured to not have too much downtime, but I've got pressure to get onto the next thing once I've recovered. And so that ability to provide that 10 percent extra time during the course of a week, 10 percent, 15 percent, whatever it is, where you're not in the middle of the fire and you're thinking about, the overall protection of the forest management of the forest is when you have the real opportunity. And in fact, one of the reasons why many of my teams hated me going to events is that when I was in an event and I was in a less than thrilling talk, my mind had a chance to wander about what we could be doing differently. And so I would come home with all these new ideas for what we could be doing differently. It's a double edge sword, but it is, it is hugely critical. And the OpenStack example I think is a great one, but it's also true that it applies to everything.
Rob: It's one of the things that, to me is the first lesson out of the Google SRE book, even if you don't subscribe to that philosophy, is they said, in order for us to keep up with the future, we have to spend 50 percent of our time automating. The math is actually very very simple, if you're not constantly making your day to day to day work less, it will swamp you very quickly. It's an exponential problem so you have to do that. The thing that drives me nuts from a RackN perspective is we have technology that's demonstrably 10 times faster to learn which is important and to manage and then it actually works faster than traditional processes and yet the people who need to make that decision and get involved in and just trying it, you don't have enough time to get that benefit. and literally, if it was only a 20 percent benefit, people wouldn't even bother with that, right? And so we're in this funny world where it's so hard to get somebody's attention to make their job better and it feels like a out of control spiral to me.
Mark: Yeah and I would agree, and I'm going to use this as a segway into a point that I like to bring into almost all of my podcasts and that's a reference to what I'm working on with the TechXact and IDCA folks and that's the Infinity Paradigm or Application Ecosystem. I think that what you just said plays into what we're doing there very well, and it's one of the things that you mentioned was about 10 x improvement and the associated issues of people still not necessarily seeing the opportunity and what through my mind when you were saying that was one of the reasons that people don't see that opportunity is because people see the opportunity in the data center opportunity or risk piecemeal, right? There isn't a Rob or a Mark that's responsible for determining whether or not the data center as it is today is the data center that my company will need tomorrow when my company is a new company tomorrow. And how do I measure that? How do I get the most out of my team in order to deploy effectively? How do I ensure that the amount of infrastructure I have is the right amount of infrastructure, how to make sure that I'm not over complicating when I don't need to but I am recognizing the complications that are required to accommodate potentially a more distributed framework for application deployment and ownership across multi clouds or across multi regions to better suit customer demand or even to prepare for what might be an accelerated deployment schedule based on turning the company into a platform and / or attempting to address net new markets like the edge. Right? These are all things that that I think can be helped if not solved, can be seriously helped by deploying a strategy similar to what we're attempting to accomplish with the Infinity Paradigm and I know you read a little bit about it.
Rob: I read the documents from start to finish because I think especially this one of those documents that you need to read to the end because the case studies are really helpful. The thing that jumped out to me when you read the first page on the Infinity Paradigm and you see this classic devops loop and my eyes glaze over and I'm like "ah, yeah, yeah, yeah, it's all connected. We know, we know." but when you go down further into it, there's actually an analysis of competence to grids and interconnections and giving up competency in one area in order to build competency where you need it and what the real cost is. Right? So, one of the biggest problems that you get and what you were alluding to is these false optimization problems. I'm a big Goldratt’s Theory of constraints. You can spend a lot of IT budget fixing a problem that is in the middle of a stack or at the top of the stack and is not actually your constraint or we see this in what we do is there's times when if you rethink your model in a more abstract way, you could actually change the whole system. I can give a very specific example out of what RackN does that will be useful in this. So the IDCA Infinity diagrams are based on sort of the stack up of all the way down to silicon and up or power actually an up, which is amazing. and optimizing from that perspective, one of the things that we've been able to do is take a server, reprovisioning times down into the minutes. Most companies do it in months. It's crazy. But when you change the time it takes you to do a fundamental task, it rewires everything around it, which is a Goldratt Theory of Constraints thing, and we see this over and over again in IT, there's times when you take a task that used to take hours or months or weeks, turn it into design that took minutes. and then all of the cost model that you built stacking around it have to be reevaluated, which the paradigm helps you do. That's the point. You want to look at the grid, not just say, oh, if we improved deficiency here at 10%, went from five degrees of five nines to three nines, it would [sic]. Yeah, you do want to do that, but even more you can say "what if we transform this box so that it eliminated this cost or eliminated the time?" and you can look at that same grid and say where we actually transform our operation by stepping back? And it's important.
Mark: I think it's an incredibly good point. Another point that I wouldn't mind getting your quick feedback on is when you think about that kind of change, it brings up to me was an example I had, and I won't name the company, I don't want to embarrass anyone, but I went to a well known software company that was just in the throes of beginning their transformation to putting more things in cloud, determining whether to keep on premise, sort of to move more of their services to be delivered via one of the cloud providers, etc. And this is fairly early. I mean this is like 2011. So it's from any companies that would have been considered early. And I went in and they said, yeah, we've looked at everything and it'll be a lot cheaper if we do it, and faster if we do it in the public cloud. And I said "okay well generally speaking I can understand where you get to that. Just tell me the math" And they told me the math and this is where I'm relating back to what you were just saying, but from a slightly different angle is that their math was “we continue to do everything the wrong way, like we've been historically been doing it or we put it in public cloud and the delta is the benefit”, right? So it's a false comparison. A real comparison is if we fricking got our ducks together and put them in a row and did this correctly, what's the delta then? And now I have a much more accurate perspective of okay, not only am I doing right placement but I'm doing right placement in combination with monetary return on investment. Right?
Rob: And this is the inertia problem and I see a lot of companies in this challenge of they move to the cloud, not because it's better, but because fixing what they have is too arduous, requires too many hard conversations requires too much disruption. As much as I was cuckooing on mode one, mode two from Gardner earlier, that is actually part of the building and organizational skill set that allows you to then do things, sort of leave behind the legacy pieces. I'll tell you, I actually think that there's a degree of laziness in that, in part because we worked really hard in order to make legacy protocols work and things like that. And you can do it and I think it's worth the investment because it actually ultimately accelerate you so you're not bouncing all over the place. But that's one of the things that takes, it takes time for you and it's hard. It's hard as a leadership, as a leadership team to invest in bridges instead of burning boats. Vendors do this to keep you from moving and I think it's ultimately a self defeating strategy, right? We need to find ways to say these current protocols work. They're actually pretty good. This is gonna sound totally contrary to me talking about architectural requirements for edge and so right there, there isn't an easy thing at some. Sometimes there's an architectural reason that you need to say jump and sometimes there's a time when you want to build bridges and connect things over. It's one of those things you sort of have to look at - now I feel totally hypocritical. I do think we have to struggle with finding ways to build bridges and connect things forward. so we solve problems and then realize when we can actually make a transformative difference and jump.
Mark: I agree. And it is hard spot and I would say that going back to a point that we touched on early on in the recording is that much of that actually starts at the operation and not even the operation, the organization as in culture rather than any particular tool. I think the appropriate tools can be acquired to help facilitate similar to, you can acquire tools to make DevOps more efficient, but if you don't have the organizational alignment to make DevOps work in the first place and the appropriate goals and settings, etc in place, then all the tools in the world won't make you DevOps ready and just like now, you will not transform because you've moved to cloud. You will not transform because you've bought a great tool, but you will transform if you've got the appropriate culture and organizational alignment to make that kind of change.
Rob: I would also advocate, look for tools that encourage a positive feedback cycles and behavior and training and things like that. So that's one of the things for us when we try to look at the whole picture, the people process and the tech. Part of what we we want to do is have the tooling that we design encourages people process improvements just as much. Our problem in the data center, you want to go all the way back to our opening was that everyone was different and that's not a tech problem of course there's tech problems sprinkled in that but that's the harder problem to solve.
Mark: Yeah, I totally agree. I know speaking from experience that you and I could go on these topics for easily another couple of hours, but we're going to have to bring it to a close. And so I wanted to just say a couple things about today's session and then Rob, feel free to add something at the end if you like or provide us a take away. But I just want to urge folks that are listening to take a few takeaways from this. First of all, Rob knows the space up and down. So I'm talking to the audience here Rob. Rob knows this space up and down and he's got lots of great experience and many of the examples that he provides are examples provided from a direct exposure and direct experience in those circumstances in working with enterprise IT groups and, inside his own company and they align very well with the thinking I have relative to IT. So if there's two things that you take away from today's event, one of them should be that you need to find time within your organization to step outside of the fire, to step off of the whirligig or whatever spinning object you have to be near and take a bigger look at what it is you're doing with IT and what you're doing for your company and maybe something like the Infinity Paradigm can help you there. And so if you think it could go take a look at https:/www.idc-a.org and check it out. But beyond that it's that the crowd isn't always right. That's a hard one right? I mean, that's a hard one, especially, in today's days of battling over a public news, like political agendas and stuff like that and trying to say you have numbers and that makes you right. When I'm in the numbers and the numbers agree with me, then I want to agree with the numbers, but the fact is, is that numbers don't always make it right. And we've got a lot of numbers behind some projects in the industry today that don't necessarily add up to a guaranteed success. In fact, I would argue that few companies have deployed, OpenStack few traditional enterprise companies have deployed OpenStack in the time period and with the success, at the cost that they originally assumed would be true and if I'm wrong, I would be happy to hear about them. But those are the two things that I would suggest you take away from this. Rob, anything you'd like to add?
Rob: I do. I suspect there's some OpenStack people that are going to send you off the air quote FanMail on that statement. But we give the benefit of the doubt to, and I struggle with this to technologies and projects that we think are getting very positive statements and so there are times when learning is a struggle and you need to go through a process and improve and learn and there's times when you assume that you're a one person island struggling on something that's actually not going to work or are much harder than it should be and it's impossible to know the difference between those things. That's not actually. No, it's not impossible at all. I think that we should like you're suggesting, question some of the conventional wisdom on what it takes for us to be personally successful and not assume that just because we're struggling with something means that it's our fault or that we haven't understood something. In a lot of cases if you're struggling with something, it's because it's not all the way there. There's something not right and I think that's true in technology. I think it's been true in some of the open source technologies that have gotten huge reviews and positive feedback. I think it's true in our life. I've watched like John Willis does some really great things about, a self shaming, self doubt, imposter syndrome, reaching out and asking for help and people should recognize they're not alone. and use this as a call to ask for help and then if something's not working, stop trying. Find another way to do it.
Mark: Yeah, totally agree. in fact it's funny but I end probably a third of my blogs, maybe more going back as far as five or six years, with a statement that mirrors what you just said. Don't assume that this problem is something that you should attempt to address on your own. Look for partners, get help, but be smart about what it is you are trying to get. Another good reference, and I first talked about this reference with the famous John Willis many years ago and that's go take a quick listen in that 10 percent time you've allocated now to investing in your thought process and your innovation for your company. Take one of those open windows and listen to Simon Sinek’s piece on "Determining the why". That is so important to any activity that you do, but incredibly important to activities that have a lasting footprint, impact on an organization like a large IT project does.
Mark: All right, well folks, thank you very much for listening and Rob thank you very much for an entertaining probably close to an hour we've spent now even with the intermittent stops and I really appreciate it and I hope that I can get you on the show again sometime in the future.
Rob: You and I need to script it because this is two podcasts.
Mark: Yeah It's true. Well I just want to wrap up with that again and say thank you to Rob. Thank you for everyone for listening. And please join me for the next episode. I actually, next episode is likely to be a surprise guest. I've got two different people that I'm negotiating with for coming on next week and so you'll just have to be surprised when I announce next week. But one gentleman from NIST (National Institute of Standards and Technology ) potentially will be on. Another one is making an AI software for data centers. So it could be one or more of those too. until next time I'm Mark Thiele and you can find me on twitter at @mthiele10. you can find my blogs on my LinkedIn profile. Rob how can people find you if they're looking for you?
Rob: I am Rob Hirschfeld pretty easy to Google RackN. My twitter handle is @zehicle. Most everything I do goes out through that and I'd have to get into a good twitter war so.
Mark: Yeah, same here and we probably just created a couple on this call. All Right Rob, thank you very much and we'll talk to you again soon.
Rob: Thanks Mark. Great discussion.
Share this episode:
Oct 18, 2018
A conversation with David Linthicum
David Linthicum is the Chief Cloud Strategy Officer at Deloitte Consulting, and was just named the #1 cloud influencer via a recent major report by Apollo Research. David is a cloud computing thought leader, executive, consultant, author, and speaker. David has been a CTO five times for both public and private companies, and a CEO two times in the last 25 years.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA To Infinity Paradigm and Beyond podcast, where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, Cloud, IoT, data centers, AI, big data, infrastructure, IT, and more. Many of the most pressing topics that are hitting the IT organization and the industry as a whole these days. Today's session, we have with us David Linthicum, Chief Cloud Strategy Officer at Deloitte Consulting. And those few of you who don't know David, David has got to be with people like Werner Vogels and Adrian Cockcroft and a few others, one of the most recognized voices in the cloud computing space, and I like to say a long time occasional sharer of tweets and blogs over the last eight to 10 years. David, thanks for joining us.
David Linthicum: It's great to be here. Thanks for having me.
Mark: Absolutely. So before we get into the more industry focused discussion, I always like to get started with something personal. and not that personal, but tell me a little bit about David, what are some of the things you like doing when you're not at work or maybe what's the, what's the best book you've read recently?
David: Well I don't read fiction. That's at least something. What I like to do is pretty, is pretty geeky, lazy. Watch netflix and and even watch Ted talks and just kind of relax. I’ve been into bourbon recently. So it's getting some cool bourbons and trying those other than that, going to the gym, working out, motorcycles I ride around and I've managed not to crash those anytime soon. Just the normal geeky lifestyle around my 80 hour work week.
Mark: Yeah, that's the problem is the work week. I think I have a short work week when I only put in 55 or 60 hours and that's unfortunate. But, it comes with actually liking what you do, I guess.
David: Yeah. I love what I do, I have a passion for it, I just enjoy waking up every morning and getting into my computer and start writing and start learning and start thinking about different things. I think that's what gets you motivated. And I love technology just because it changes all the time.
Mark: Oh yeah, it just doesn't sit still. There are so many different ways to skin the cat on any given day. That's what's kept me excited about it as well. So, thinking about, kind of carrying on from that last comment about how fast changes occurring, I'm gonna probably ask you a few questions about where we are today and how those trends are impacting, the use of IT and the IT organization in general, but you had been for a long time working for Cloud Technology Partners and only recently joined the Deloitte. How's that change going and what are the kinds of the different things you're involved in or is it sort of the same role, just new company?
David: Well, it's very much the same role in terms of doing the thought leadership stuff, we call it eminence here at Deloitte but it's just basically having the tools and the support to go faster. So Cloud Technology Partners, we obviously a small company and therefore, everybody did everything, writing proposals, getting things done as far as making sure deliverables, managing HR and all those sorts of things where it's kind of an automagic process at Deloitte so I can kind of abstract myself away from some of the ops related stuff and then focus on the thought leadership and talking to clients and speaking at conferences and doing all the things that I like to do but when you work for a small boutique company, you're more connected to everybody else in the company. Deloitte is obviously huge so you can't know everybody in the firm. As far as what I do day to day, it's pretty consistent with what I did it to Cloud Technology Partners specifically in the last couple of years around before we were bought by HP.
Mark: Nice. Well that's good, it only makes sense to see this kind of role develop in a company like Deloitte or accenture and others. Personally I think it's great because I can say that during the first few years working with many of the consulting organizations or even talking to people that worked at some of the bigger consulting firms that for the most part they felt that this was an area of need. Before I think management may be realized that it was an opportunity. So it's nice to see Deloitte making this kind of move, so congratulations.
David: Oh, thank you. I think there's lots of people in the organization who have very similar skills. I'm not alone in that. There's lots of folks who are what I would consider thought leadership, thought leadership types, that kind of figured out where the balls being kicked and things like, and you have to within a consulting company because you're in essence advising clients on where they should place investments and IT resources and human resources and capital resources to figure out where things are going in the future and be able to kind of look into the future as to what specific factors are going to be closing in on them coming forward and be able to advise them on making things happen. I love doing that. I love doing the trusted advisory kinds of things.
Mark: It's funny, but, that's always been the part of my role that I've appreciated the most. And putting yourself in a position from a trust and from an information sharing standpoint over the years to where people begin to automatically assume that that's your role. Whether you're telling them that you're a trusted advisor because you really can't. That's like telling people to respect you. It's nice when you have that connection with a customer where they do treat you as the trusted advisor and it's something certainly I've enjoyed as part of every job I've had for the last 10 years, probably so that's great.
David: You have to earn it and the only way to earn it is through long relationships that are very successful and mutually beneficial.
Mark: Yeah, absolutely. So you've been writing, as I mentioned earlier on, we've shared some ideas back and forth and had the occasional debate, although I don't really remember us getting into a deep argument anywhere. Not that would be bad, but, we've had the occasional minor debate about private cloud this or public cloud that or speed to this or speed to that, but thinking back through the last eight to 10 years and then putting on your hat today, if you had to pick one thing, what's the one thing that's happening today that's new for you or putting on another hat that it should be considered new for the customer?
David: Yeah, I think it's kind of an ugly problem looming, it's almost like integration was back in the 1990s when I wrote the book on enterprise application integration where we're seeing this cloud complexity starting to creep up. And so, in other words, we're migrating as quickly as we can to the cloud. Typically doing lift and shift where leaving lots of things still on premise. And so we're adding additions to the systems that are under management. We're running ops into different dimensions. We’re leveraging managed service providers as part of that as well. So long and short of it, we're getting into this kind of crisis of complexity because we're hitting a tipping point with the number of cloud services applications under management databases, under management, all these sorts of things where they exist in cloud or on premise or on a managed service provider or at a Colo, have to be managed by IT and we're getting to a point where that's almost unmanageable. So we're thinking a lot about the automation, the tools, the ability to kind of abstract ourselves away from that complexity and do it better, specifically as we're starting to hit a tipping point, going forward. And I think, most of the enterprises are moving to the cloud, are going to see that tipping points show up in 2019 - 2020 and you've got to be proactively prepared to figure out how to manage that effectively. I think that's been my focus for the last year, year and a half or so is just really trying to figure out what are the best tools, technologies, approaches, best practices in making that a better experience. And so we end up moving to cloud and it actually becomes a value to us is not necessarily hindering growth because of the fact that we're getting into more complex environments and if you remember, growing up in the 1980s and 1990s, also we've made things more complex then. We added PCs and of course the addition to the Internet in the late 90s. Things like that. Well, the cloud is coming as something that's incredibly valuable that allows people to take their environments to the next level, but can also be incredibly disruptive and destructive if you don't necessarily figure out ways to manage the complexity of those environments. And I think that's my focus now.
Mark: Yeah. Well, and I can't imagine a more important one. I've spoken about a similar topic a couple of times, even just recently. spoken in an event in Singapore where I talked to at length about that relative to cloud ownership and data center strategy and thinking about data centers as manufacturing and it's like, it seems to me maybe, that's too soft of a word, I would say it's almost self evident to me, that the complexity of ownership that we have to assume as we move forward, whether you consider it a transition or not, as you already accurately pointed out, that transition is always happening, right? Whether you're transitioning from mainframe to minis or minis to towers or towers to blades and VMs and so on and so forth; or transitioning from, owning one data center and your own infrastructure to owning your data center in cloud or your data center colo in cloud, etc… There will always be a transition period. And so when you think about that, do you have a couple of thoughts for the listeners from an organizational standpoint that would help them manage that more effectively? Because maybe you haven't seen the same thing I've seen, but I feel like almost at every major transition period as the company begins to go through it, that it's almost like it's a surprise. Like we've never acquired a company. Now we're acquiring a company again. Even though we just acquired a company three years ago. Are you seeing that? And if so, what advice do you have?
David: Yeah. Boy, that's a great question and it's something I see as a systemic problem out there in the global 2000 companies. And so there has to be a culture of change and embracing change within IT in general and also within the company as a whole. And I think the reality is that lots of changes are gonna occur in the marketplace at an increasing pace. We're seeing that now with all the disruptive stuff that's going on. Seeing driverless cars and Airbnbs and Netflix, Amazon's of the world. Things like that are disrupting the marketplace. Your ability to embrace change inside the company and leverage enabling technologies is kind of a force multiplier to allow you to change, will ultimately be the success of the business. And so if you look at this holistically, I think a lot of those organization problems are going to take care of itself because I think in 10 years a lot of the brands that are not necessarily keeping up with the change in the marketplace, keeping up to the disruptors are going to end up going away. They're not going to go bankrupt. What I think are going to get bought and acquired by other companies. We're going to see lots of major brands that have been around for hundreds of years suddenly disappear. The companies that are able to change the culture where they're able to embrace change and adopt innovation and think creatively and innovatively about things are the ones that are going to remain. And so how do you change your culture around creativity and innovation? And I actually spoke to a company last month about that because they were really not necessarily about technology, which is a different deal for me. They were trying to figure out how are you going to be creative and innovative going forward how are you going to change the culture? And it really becomes something that has to occur in getting people excited about a goal and objective and kind of understand number one, that this is something it's not going away. This is going to be ongoing in terms of our ability to be agile and ability to accept a business change and manage your ability to change quickly is really going to be the imperative to winning. That's how people are measured and then say we're hiring people and eventually the culture changes. But the hard thing is taking what I call the comojincom cultures out there... Trying to get the marching at a different direction. There's only a couple of ways you can do it. Number one, you can fire people and control their budgets and that doesn't seem to be very effective and so I do think it's going to be a crisis of HR departments around the world trying to figure out to get the right people into the organization where the wrong people have been there for the last 30 years. There's no easy way around that. I'm not a psychologist and I'm not a human resource professional so I can really state the problem and hope someone figures out a way to solve it. But it's tough.
Mark: Yeah, obviously, from the point of the question, to begin with, I completely agree with everything you just said and see it as a huge problem. I guess one of the reasons why I even talk about it beyond the fact that everyone should be aware of it, is that, it's just never too soon to begin having those discussions. Right? And to try to figure out who can we save and who can we not save? And what's our best process for getting from here to where we need to be in the next, year or 18 months. But I see the same thing as far as the timeline. I mean, I've even come so far as to say in recent presentations during talks that I've done that companies that don't have a plan either well underway or already executed for becoming platform companies in the next five years are likely not to be independent companies or working companies within the next seven. And so whether that timeline matches what you're thinking or not. I think we're probably on the same page relative to that existential risks that the average company faces today.
David: Yeah. I think we're pretty close in alignment on the timing on that. And I think it really doesn't matter. I mean the core messages, if you're not going to accept change, adopt change, become creative and innovative in the marketplace. You become a disruptive entity unto yourself. Even if you're a global 2000 company, you're not long for the world and just the way in which the market is changing around you is what caused it. It's not necessarily any kind of internal failings within the organization. We just can't keep doing the same things year after year after year and expect the same results. This is not going to occur.
Mark: Yeah, absolutely. We could do a whole another podcast on just what should a CEO look for in a CIO and what should a CIO say no to and so on and so forth. Maybe we'll figure out to do that again at some point in the future. So thinking about that, thinking about the complexity and to some degree, they are really chicken in the egg so much as they're of same problem or opportunity and that's that, we're getting a lot of change and we're forcing a lot of change. But some of that change is being driven on us in another cases we are driving for the change because of the opportunity. So when you think about some of the trends that are the most noisy in the technology space today, trends like AI and ML and edge computing and automation and drones and robotics and IoT, etc… First I guess I want to break this down kind of in two question areas. And the first question area is a from of big picture perspective. I'm going to tell you how I see those playing into IT. Not That my opinion is important to the audience, but then I want to get you to tell me why I'm wrong or tell me what you would add to what I said. And then I want to talk a little bit about it, from going back to our earlier part of our discussion, how does that affect the strategy from an IT standpoint. But maybe this time we can talk about it more from a technology adoption strategy or trial and error strategy and how people need to think about that. So my first impression on all of these trends occurring, and it's not an accurate per say to every one of the trends, but when I think about things like edge computing and some of the things that are both enabling edge and some of the things that edge is being enabled in order to gain benefit from like a AI and MI at the edge or augmented reality at the edge or IoT at the edge, etc... I see kind of the biggest unifying trend around all of those things as being customer experience and customer connection from a loyalty and from a business improvement standpoint, do you think that's on target? Would you pick that apart and how?
David: No I think you nailed it. If you look at the patterns and why would we use these enabling technologies, AI, edge computing, automation, drones, IoT and whatever kind of cool technology is going to come down the line and we're going to identify two or three of these things each and every year. It's what we do. But it's about the ability to make human beings life easier, which is good for business, the drones in terms of delivering stuff in a matter of minutes versus a matter of days. The ability to push some of the computing out to the edge. The AI capabilities so we can, in essence have things make decisions for us that are intelligent, that are actually assisting us versus us having to actively think and how we're going to manage these devices correctly. Some of the stuff that's showing up in automobiles for instance it's just absolutely amazing. Versus what we saw just a few years ago. And also the ability to bring this to a business, the ability to automate factory floors and ways in which the maintenance is going to be an afterthought because it's done automatically with these various artificially intelligent systems that are bound to edge computing and the IoT based systems going forward in order to be able to push a lot of computing power out toward the machines, versus having to do it in the cloud. And the ability to leverage data in such ways that, we're able to anticipate things, just because the information we have, which is meaningless unto itself is innocuous information is combined and analyzed in certain patterns and certain ways and bounds in machine learning, they're able to come up with all sorts of conclusions that we didn't think of before. So the ability to kind of help humans, in the business side and the consumer side is what all these things kind of relate to. And I think that's absolutely spot on the way you put it, as really kind of spotting the value and how this stuff works. And I always asked myself with technology as it comes up, how does it help a human?
Mark: Right. well first of all, I appreciate that. And yeah, in the end, it's funny, I'm sure you see it happen to yourself. I see it happen to myself all the time that somebody makes a problem statement. And the first thing I started doing is jumping to answers as opposed to saying, well, why did the problem occur and who's asking for it and what exactly is the problem is supposed to solve at what opportunity or cost and it is the technical nature of the jobs we do that it seems like we all too often IT folks a succumb to trying to solve the technical part of the problem before they solve the business or human side of the equation, which I think is unfortunate for all of us.
David: Yeah, But there's so many of you said about that playing around with technology that may not have a purpose yet. I think that's how a lot of things are discovered and we eventually find a purpose and if we'd done the technology goes away, but you're asking the right questions.
Mark: Yeah. It's funny that you mentioned that I never know how to gauge the value or benefit and even when I've consulted with folks as friends that are doing IT in other businesses, about trying to create more of an innovation culture or an entrepreneur in residence type of culture for IT is, how do you build that, how do you define an opportunity to create something new when oftentimes the business won't even support discussion unless they've already found what's broken and are telling you to figure out how to fix it. Right? And that really goes to the point you just made, that sometimes technology for technology's sake is not such a bad thing. It's just finding the right balance.
David: Yeah. And if you look at the big disruptors out there, the people who are kind of making markets unto themselves, they're allowing people in groups of people with time to drain, the art of the possible, so to speak as to what they can do. And I think those things have to be fostered. It can't be your sole focus because you have to make money at what you're looking to do, but if you're trying to differentiate yourself in the market, then what technology or enabling technology one can create, looking out there testing it is going to add value to your stuff. And I think the point is kind of links back to the previous point we made in terms of a lot of businesses unable to change around some of the disruption that's going on in the marketplace and that will enable them to change if we're able to kind of foster that culture. Most don't. But you get a benefit if you do.
Mark: Yeah totally agree. So now thinking about the opportunity backwards a little bit, obviously there are potentially hundreds, but if you had to pick three to five top areas of opportunity from a technology strategy for attempting to exploit this new complexity, right? The fact that you might be not only deploying a certain type of compute in your private data center and in the colocation and in a public cloud and maybe in multiple public clouds to support different use case models. but now you may be considering an entirely new design and management paradigm for running things at the edge. Who do you buy it from? Do you build it yourself? How many partners do you need? Those kinds of things. What do you see as some of the hurdles for IT getting there?
David: I think number one is having the courage to adopt the technology and leverage it. It sounds like people are already doing it and if you read the tech press and I always call it, this factor of managing by magazine where people kind of have this view of the market that's going on in the technology publications and I write for most of those. And so I know you're always writing about what's cool and unique and what's next generation, but the ability to kind of get people marching and quite what I call it courageous direction, were they rae taking chances is really going to be the kind of the hardest thing to do. And I think once you're able to move in that direction, it's the ability to kind of come up with the ways and the way in which we look at this kind of a new enabling technology disruptors, so to speak, AI, Machine Learning, everything we're talking about that is able to layer into your particular systems and understanding what value they're going to be able to have and really kind of funding some of the prototypes and proof of concepts and making that stuff work. Nothing really is effective as success. People have a tendency in organizations to get behind things that are successful. And I think it's really about that, working some small tactical battles to take some of your existing core systems to the next level. Giving them different enabling technologies that are able to, allow them to do their job better, the ability, for example, track buying behaviors of customers if you're a retailer, so to speak the ability to an essence return better financial results based on AI and Machine Learning technology to manage portfolios and these are discussions that should be going on now. They seem tactical in nature, but it's going to be the 100 bet-one-win-one battles that are going to win the war here.
Mark: Right, I would totally agree. And I'm using a very simplified analogy/comparison here. But, it's like the old question of how do you eat an elephant, right one bite at a time. It's funny because I was, at this event speaking, just recently, in Australia, or sorry, not Australia, Mexico City. And, a person in the audience asked me the question of how do I approach, getting the technologies I need for the edge. And I said, well, the first thing you do is identify a small area of opportunity or problem that you need to fix and then you go out and take a look at the technologies or solutions or partners that can help you solve for that and then go start building the rest. If you look at the whole problem and attempt to solve for all of it from day one, you're likely to still be asking this question two or three years from now. So is that, does that make sense to you at all? Or do you see this, how people should approach the edge market, or even transformation as any different from that?
David: No it makes perfect sense. I mean, I've never been successful in approaching a problem holistically, I'm trying to boil the ocean. It's about solving micro problems that lead to solving the macro problems. And it's your ability to kind of break things down into functional tasks and then build them up again into a solution. It really is the mark of someone who's going to be creative and innovative and successful in this space and the ability to kind of go out there and talk about concepts and all these sorts of things. And take these swings for the fences without having an understanding of who you're going to partner with, who's your enabling technology. Who you can leverage what enabling technology can leverage and what business problem you're looking to solve here. You're going to hit failure. And by the way, if you look at patterns of failure versus patterns of success. Pattern success are people who are able to break things down into two sub tasks and then build them up into larger solutions, versus people who are trying to do too much with too little talents and not the right technology. And I think if you, if you do that, you're going to fail every time.
Mark: Yeah. I learned that the hard way as a program participant for a set of HP divisions in the early 1990s. That was attempting to do a full replacement of their homegrown cognos based ERP system. We spent almost two years just mapping processes that were occurring as they were done today back then to try and build them into the replacement solution. Four years later we ended up rolling out an application that was barely any better than the application that already existed with the exception that now we were paying a lot more money for it. And, it's a perfect example of trying to bite off too much and as you say, boil the ocean and, I learned a hard lesson from that and not only how I design projects, but, how much time I give a piece of a project before I call that a win and then move onto the next piece. So great advice. So you had a chance of a little while ago to take a quick look at something that's near and dear to my heart and in fact it is the sponsorship for doing this podcast from the sense that they have all the technical resource for getting the podcast up and running and posted and all that stuff. And I'm just a volunteer talking head. But, this IDCA Infinity Paradigm, and you think if you think through, even just part of the discussion we've been having in the and the notion of complexity and how IT should be measuring both itself and how maybe the business should be measuring the value being driven from IT, do you see this, the benefits of something like the Infinity Paradigm being even more important today than ever?
David: Yeah I was reading through it. I just think it's kind of spot on and thinking the fact that we need to think about our enterprises more conceptually now and then break those down into domains and break those domains down into the sub domains and break those subdomains down into technologies just to understand what the heck is going on. I mean, the problem that we have with the way in which IT is built things in the last 30 years and I'm old enough to have watched that process go forward. They're not necessarily thinking about simplicity or the ability to change the infrastructure. They're just thinking about solving tactical problems as quickly as they can with whatever enabling technology was cool at the time. And so that's why you have the Java based system, C++ based systems, it's almost like layers of a tree, across sections of a tree. And so the ability to kind of take a look at it and kind of put it into categories and have some sort of a logical order around how these things are functioning within the enterprise allows you to have an understanding and you're not going to be able to actually fix things until you have that understanding. And so, and if you read my AI books and my B-2-B books and all this stuff like that. I'll always get down into kind of common enterprise models and common enterprise architecture and common patterns in terms of how we're to look at holistically at what's going on. And once you have that understanding what's going on, common semantics of how to categorize these various systems, then breaking it apart, down to a sub components should be a fairly easy thing to do. I just think there's not enough thinking here because we're thinking tactically and maybe it's the whole movement to agile, which I wholly embrace and certainly DevOps wholly embrace. But the ability to kind of do things in short sprints and not necessarily think of it as domains. There seems to be a cultural thing that's probably a step backwards. Where 30 years ago we used to think about enterprise architecture. We had the discipline, we didn't do it very well, and those parts weren’t really empowered to make any changes within the organization. There should be some discipline in terms of how we conceptually look at what's going on within IT. And I think this concept does a great job in doing now.
Mark: Yeah I appreciate that. It's been a lot of work and as we talked about a little bit before we started the podcast, I think it's rather lofty goal, but I think even if even if we get to the 70 or 80 percentile completion for our total package, I think it'll be potentially a balloon for organizations as they look to try to, manage their way forward and define an ownership strategy for their technology, including the organization and their operations and all that stuff that is best fit for their business. I've got to believe you see this on a regular basis from a consulting and discussion standpoint with IT teams.
Mark: But it's frustrating to me how many areas of IT are still answered by licking your finger and sticking it in the air and seeing which way the wind's blowing. Right. How much risk do we have for this? Oh, I don't know, we've got earthquakes happen once in awhile. We have technology change that occurs. I think the risk justifies doing tripple of everything, right? That kind of thing. And it's there is no uniform strategy and some of your books from the passages that I've read would help people think about that. I think this Infinity Paradigm, if people employ it correctly, gives them a path to help them manage risk and and spend more effectively.
David: Yeah. I would look at a lot of enterprises to take a look at this as kind of a jumping off point to getting things back under control. I think everybody's thinking tactically now and cloud cloud cloud and AI AI and machine learning, machine learning and it has to kind of back up as to what holistically you are trying to accomplish. How is this aligned to the business and how will the new enabling technologies, which by the way should be used and embraced and certainly DevOps and agile and things like that, work into this larger concept of our enterprise IT solution and how are we going to manage it going forward. I just think it's lacking within most of the companies out there and I think it's something that a company should re-embrace and look at. Let's put it this way. I think we're going to have to. We talked about the complexity crisis that's coming. I think that's gonna drive a lot of, a reemergence of these sorts of paradigms and concepts to kind of attempt to get things under control. I think you have to do it.
Mark: Yeah I appreciate that. And we are rapidly approaching the end of our show. if you had one takeaway based on everything we've talked about or even something we haven't talked about, something that you think everyone should be considering at some level, whether it's a technology or an organizational strategy or some combination of the above, what would you leave for people?
David: I think it's a matter of thinking about how we're going to line technology to creativity and innovation going forward. I think that's the biggest missing link out there. So even if you worked for a startup or even a tire factory in Akron, I mean the ability to kind of understand that we're heading into an economy where people who are innovative and creative are going to get a lot more traction than he did in the past. you should be thinking constantly about how that's going to occur. And so what's going to be the is in the five year, 10 year period of time in terms of, people that are in essence getting into your market and doing things you never anticipated them doing and being able to either follow them or stay ahead of them or keep up with them. it's probably the most important conversation to have these days.
Mark: I think that's great advice. I couldn't agree more so, folks, that's it for today's show. I really want to thank David for joining us. This was a really fun episode and I know that he wouldn't want to, but I would love to keep talking for another hour because there's so much to discuss in this space and frankly, we haven't talked in a long time. so we'll have to figure out a chance to catch up in person. So again, David, thank you very much.
David: My pleasure.
Mark: And folks join us next time where we'll have Scott Noteboom a longtime data center guru, Founder and CEO of Litbit a company that's advancing the use of AI in the data center space, which I think is critical from a data center ownership standpoint, an efficiency standpoint. And if you would like to nominate anyone else to join me on a future podcast, please email us at [email protected]. And until next time I'm
Mark: Thiele and you can find me on twitter at @mthiele10. And David, what about you? Where can people find you? Your blog, your twitter handle?
David: You can find me on Linkedin or twitter at David Linthicum. All one word @davidlinthicum.
Mark: Awesome. And again, thanks for joining us folks. And David, it was a pleasure having you on. Thank you.
Share this episode:
Aug 29, 2018
A conversation with Kelly Ireland
One of the top entrepreneurs in the IT business, Kelly Ireland is a role model for next-generation business leaders. She has built CB Technologies -- the recipient of HP’s Solution Partner of the Year Cloud award -- into one of the most innovative and respected solution providers in the country. CB Technologies is driving business transformation around cloud, infrastructure management, big data and high-performance computing for some of the largest and most admired companies in the world. Among CB Technologies’ breakthroughs: HPC as a service for top oil/gas companies and SaaS “connected vehicle” tracking/information management for utility companies.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA To Infinity Paradigm and Beyond podcast, where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, Cloud, IoT, diversity in the workplace, data centers, big data, infrastructure, and more. This time I'm joined by Kelly Ireland, CEO of CB Technologies, adviser, founder and investor. Kelly welcome to the show.
Kelly Ireland: Thank you Mark. So happy to be here.
Mark: No, it's great to have you on. I wish we could have done it sooner, but understanding your schedule and my schedule I'm glad we were able to make it happen at all. So before we get started in kind of the work part of the discussion, tell us a little bit about Kelly, what are some of the things that you do when you're not running a rapidly growing business and selling geek products and services to a lot of big companies?
Kelly: Well, you're not going to believe this, but I've been a competitor all my life. My father was a football coach at the university level and there were seven kids and we were all thrown into sport, so I've always been competitive and I've competed throughout my life, but at my riple age of retirement, I decided to do Formula One lights, powerboat racing in the NGK Powerboat Championship series. We have one race left. I've podiumed twice. I won the second race because it was rough water and I happened to be able to drive boats in rough water and most of the other guys, which is mostly all guys are setup for speed more for speed in the flat courses. And so I had an advantage there. And then I ended up third in Pittsburgh a few weeks back. So one more. I'm going for rookie of the year. I'm in second right now by just a couple points. So I'm having the time of my life.
Mark: I can imagine, that sounds like so much fun. That's awesome and congratulations.
Kelly: Thank you.
Mark: I mean, as a person who really respects and appreciates speed I can only imagine, the fun and entertainment associated with what you're doing. So that's fantastic. As I hinted at before we actually started the podcast, I wanted to ask you that question that I'm hoping a few years from now we don't have to ask anymore and whether a few years is two years, five years or 10 years, I don't know, hopefully sooner rather than later. But it's the question of diversity and certainly specifically and being female in this industry and finding new ways to get more female participation in the industry either through education at the beginning or doing the right things as somebody looking to hire or doing the right things as someone looking to educate. Tell me a little bit about what you've gone through. You said you're competitive. I imagine that has something to do with where you are today, tell me, tell me a little bit about what you've seen. I mean what you've been through. You've created a very successful business in an extremely male heavy industry. You're growing like crazy and what did you go through to get to where you are?
Kelly: I started young because I was a math science kid and right out of high school I actually went into programming and this was way back in the 1970s. So as you can imagine being an IBM RPG II and III programmer and I don't remember feeling different back then and I've been asked several times, Kelly, how did you get through all this? And I think I actually kind of put blinders up, because my dad always raised us that we were competitors etc. So I didn't look at male female, but as I came up through the industry, I can tell you there was for certain that there was a dismissal of females in IT, you kind of got relegated to order takers or Admin or something along that line, just there wasn't the belief that you can be technical and there weren't very many of us to be candid, there really weren't that many of us that were technical. So kind of coming up through the ranks. I think what I did the most is realize I finally got to a point where the switch flipped and I went, I can do the same as anybody else. I can do this, I am technical, I can learn, I can support the client. And I think it really took that switch. And that's along with what I will call in what we call an industry now He for She, you always have female mentors. You always have mentors that can help you but what I keep telling to younger women in the industry is don't think it's just women that are going to uplift you. It's not, it's men and I had so many mentors along the way, so many male champions that helped get me through what I needed to go through. But I also had to learn myself that I had to have the confidence. And that's something that as women's groups now, that we're supporting females in the industry, it's about empowering them. It's not about showing you're better than men or going up against men. That's not it at all. It's just about uplifting them themselves to know that they should be in this industry. They might, they still, I'm sorry, but we're still going to have to do a little more work to make it even. It's not even, but it's so much better than it was before Mark and I see so many more of the He's for, she's and we bank the women's Business Enterprise National Council. It's a national organization that is responsible for certifying women owned companies and it not only has women owned companies and members, but it's got corporations as members and these are the whos who of corporations, this is fortune 500 stuff or fortunate 250 stuff and they each have a diversity person and in many instances it's male and they're He for She, they get recognized every year for uplifting and helping women owned companies, across the spectrum. Not just IT, but helping them uplift their companies and see where they can work together and get into more opportunities where they would not have had that without this support.
Mark: Yeah well that's fantastic. I think that's a great idea in the sense that there may be unique opportunity and experience to be gained from another female who's gone through what you're attempting to go through. The last thing you'd want to do is position someone to be doing the reverse or, the same thing from the other side that they're fighting against. Right? That's outstanding. It's sad aside to the early days and I know that there are tens of millions of examples that people could pull out, but one of the ones that affected me indirectly because it wasn't me, it was my girlfriend at the time, but it was early eighties and my girlfriend had just graduated from college and had a business degree, well engineering degree, and she was going out to get a job at Livermore Labs and I was living in California at the time. We were both living in livermore and she went through the application process and got approved and came in for testing, which was like the last thing before getting hired and the testing they went through had two classes. That are testing for the men and the testing for the women and the testing for the women included what speed they could type at. And that was the early 1980s. I mean it's easy for us to look back and go, oh, those 50s, those 60s. Right? 80s weren't really that long ago and that's a pretty stark demonstration of what they think the value of this new hire is just because she's female. It’s like “we can add somebody else to take notes or to write reports or whatever it is, but she's not going to probably be doing real work, that's the guy's job.” So very unfortunate. So before we get off this subject, one more thing, I know you're involved in a couple of different industry things as am I, we share one in particular. If you had to give, and you can pick the candidate, you could pick a hiring manager, you could pick a school teacher, you could pick a parent or you could pick all three, but what are four or five things you think that can be done to help level the playing field? Because it's like we could be talking about racism in America and the same thing would be true is that a lot of people look at it and go, well, why don't you just work hard and get it because everyone can work hard and get it. And while that may be true, there's also where did I get to start from versus everyone else and anybody that looks at any real history, you could see that women and minorities have actually had throughout history legislation, not just attitudes, but legislation that puts them behind the curve from the day they're born. Right? So keeping that in mind, what are some of the suggestions you might have for helping people to keep the momentum right now, not just do it because we're short on employees and it's a strong hiring season, but what can we do to really make change?
Kelly: I think it's paramount in my industry right now, and it's paramount in the women's business organizations because we see it across the board, but my feeling is, I also am very much into philanthropy and education side of the house, especially when it comes to developing IT workforce. What I see is that I believe we should all be embracing and supporting the education changes that need to come about because we have all seen it. We've all seen our schools are pretty much decimated other than reading, writing and arithmetic, and it doesn't matter when you look at stem / steam, they're taking out everything that is creative that contributes to what we need to learn in IT. So what we've been doing is working with nonprofit organizations that are focused on developing. I'll tell you one in one case that I'm working on right now. I'm on the board of "Generation Yes". They called then Gen Yes. It's an organization out of Olympia, Washington. It's been in business for 21 or 22 years now. It's a very small shop. It's Dr Dennis Harper, who has spent his life all about education and getting IT into classrooms. His organization, what they do is they develop student tech leaders. So think about this. Every school, think about how many kids we have in those schools that are tech savvy and we all know the number is huge and it's both boys and girls. It's obviously probably more boys, but it's certainly we're seeing a real influx of girls as well. This program takes them from third or fourth grade up to twelfth grade and what it's about is taking a couple of students, a couple of teachers so that you have support staff in to turning these kids into the student tech leaders that can be dispatched out to support a teacher or another student or an administrator that can help with the IT department and what they're finding in the schools where this is brought in and it becomes full blown, you end up having students. You end up having classrooms of these STLs that depending on sponsorship from different companies, whether it's Cisco or HP or anybody else, if they sponsor some of this, they're taking online certification classes when they're not dispatched out, so not only are you resolving the issues that we don't have enough tech support within schools. Schools can't embrace technology because they don't have the money to support it. You now have the children that unknowing are able to support it and do it extremely well, but they're getting educated with capabilities and knowledge that they can take either into college or community college or trade or right into the workforce where they have examples of kids qualifying. I mean graduating high school as Cisco certified engineers. I don't see any better fit than that right there. And I know Dennis is now starting to be embraced by Google and several other corporations that are starting to see this and go, wait a minute we ourselves implemented it in Albuquerque Public School district. So we did 17 schools in Albuquerque public school district, which is actually, I think like the fifth largest in the nation. Took these 17 schools working with New Mexico Public Education Department and the CTO Paul Romero and implemented it. Not only are we now seeing that they can do that within the classrooms, which in New Mexico, there's not a whole lot of opportunity sometimes, especially when it comes to higher ed and being able to afford it. But what else we noticed is this is changing lives and children because these children who the one that came and got trained was bilingual, extremely shy, I believe homeless, living with her mother in a car and somehow there was a teacher that knew that this child was bright and could do this. She came back as the superstar of the entire bootcamp and is now the center of being the lead student tech leader in her school, feeling like she has purpose and capabilities and we just see her blossoming from there. Just think if you could replicate that in every school across the United States while developing IT workforce.
Mark: Yeah. That's fantastic. And just to add onto that this takes on a couple of themes that I've written about and talked about in the past. And one of them is that sustainability is a lot more than just whether or not you're using too much fuel or wasting too much water sustainability is in keeping your company successful, keeping the country successful, is populating us with the right kind of people with the right kind of experience and the ability to contribute. And so what you're talking about leads directly into what can I do as an employee of an existing company or an education facility or something to help improve the sustainability of our workforce, and that's just perfect. It actually takes me back to subject I haven't talked about for awhile now, and that was, when I was at HP, I got introduced by my manager at the time to a program that was being run from some San Jose schools called East Side Academy. And the idea behind the program was to get kids that were at risk. So similar to the kid you were just talking about kids that might not graduate high school. Usually we would get them when they were sophomores, occasionally we got freshmen, but usually they were sophomores or juniors at risk of not graduating or dropping out of school and we would get them in and hook them up with folks in our groups. And I ran the program for my group of about 40 people at the time. I personally, over the course of the next eight or nine years with HP had 10 kids come in under my arm as it were to work over the summer and occasionally, to do part time work, at other parts of the year. And it's like these are 10 kids, just specifically kids that I worried about. There were obviously other kids in the department that had probably had similar or maybe even better experience than the ones with me. But of those 10 kids, it's probably safe to say that some significant portion of those 10 kids would have fallen out of society the way we think of society today. They wouldn't be going into Higher Ed. They wouldn't be getting into the kind of opportunities that a place like the Bay Area has to offer and instead of the kids that went through the program with me, I don't know the exact number, I think it was eight or nine, went on to college, not just finished high school. They all finished high school. Eight or nine of them went onto to actually get a degree in school. Something I never actually did. Many of them are still Linked in with me and contact me on a semi regular basis and just catch up with what they're doing and where they're working in. To me if that's not an indicator of two things that are themes of what you talked about. One is the helping to create a more sustainable workforce. And two is the fact that, to use a really old saying "you can't judge a book by its cover." And there are millions of kids every year that get missed because they don't learn the same way other kids do or because they didn't mature at the same rate as another kid did or because they don't have the same focus at home because of other problems that are beyond their control. And it's really easy for someone like you or me to say, well, I don't understand what the problem is because when we think of home, we think they come home, they've got a parent or parents that are there, they've got a good food everyday. They don't have to worry about, they don't have someone leaving a drug needles in the front yard or shooting in the neighborhood and those conditions make your choices considerably more difficult than most of us face. So anyway, great stuff.
Kelly: And Mark just like you, I'd never got a college degree either because I was a techie at heart. I jumped right into programming and I did some college, but it was just like, why am I learning all this stuff that I don't really care about? And I never finished my college degree and we've even had discussions. I was making a presentation at "CRN, women are the channel" and I got up on stage and it's the first time I admitted to everybody, and this was maybe three years ago, I don't have a college degree because everybody talks about their degree and their master's and their doctorate and blah blah blah. And I was like, school hard knocks. I learned a ton, but it just wasn't for me. I wanted to do this technology. And back in the 1970s, late 70s, that wasn’t integrated into college. There was a little bit, but it might've been a class or two. You had to take that outside. So that's the path I took. And I think we're seeing that more now, where, they're pulling back a little bit where it's like you don't have to go get a degree. I know with Boeing, I think it's the first time in forever that they don't require a college education in many, many jobs where they used to. People are pulling back going, especially the trades. When you look at IT, it's just, it's not a requirement anymore in some cases.
Mark: Right, well, and It's obviously something that's been a pet peeve of mine. I've been rejected for positions even as recently as three or four years ago, after being told that I was the key candidate to only to be saying, well, we got your resume but it doesn't indicate your education on there. And when I replied back with the fact that I don't have a college degree, the line goes cold and it's like nothing else. Nothing else that I told them my 30 years of experience, all the things they'd heard about from other people made no difference anymore. It was all about that degree. And then I really think that's unfortunate. In fact, it's one of the reasons why I work with IDCA the sponsor of this particular podcast. Sponsor in the sense that they give me the tools. I'm unpaid and it's a voluntary position that I'm in as chairman of the Technical Committee. But they offer a number of programs that allow for folks who are on the edge but want to get deeper into the technology space and can't see themselves stopping life for four or six years to get a college degree to get a general capability but would rather find a way to get, into the industry now and their kind of training programs as you've been talking about are ideal for helping people do just that. And it is such a tough time to fill those roles. And so we all have so much to do in widening our net and again building on sustainability for how we keep our employment up and keep good candidates in the pipeline.
Kelly: And I think something else and I know you're seeing this too, is kind of a new breed of school where not only do they not want to take the four years, they don't want the debt. And not focus specifically on what they're doing. So we're seeing new schools crop up that are just focused on developers and coding, different things like that where you have 18 months and a much smaller bill that in many cases could be deferred and you pay back your tuition once you get a job. So I think we're gonna see more and more of that come up as well.
Mark: Yeah, I think that's great. So onto a new topic maybe. I'm interested specifically, and I hope my audience is, but there are a tremendous number of major trends occurring in IT today, more than in any time, when you think of trends, it's real easy to pick a trend or two or three at any time in IT history, but it seems like today it's hard to remember because there are so many major trends that are occurring, whether it's Edge Computing or AI or ML or the combination of the two or Big Data or IoT or drones or autonomous vehicles. There are so many major trends and all could have a major impact on how we work, you notice that I didn't even mention cloud anymore as if it's a de facto assumption, right? But all of these are still trends making major change and considering that you've done the incredible thing of taking a, what is it, 17 year old company now and growing 50 percent? Tell us a little bit about what you're seeing and beyond just running a strong business and I know that you're focused on customer, which to me that's like a minimum foundation for being successful anywhere. But beyond that, what are the things that are driving business for you? What are you seeing happening in companies today?
Kelly: Yep. I'm seeing a big trend and it actually embraces everything you've talked, but the one thing is we are all about the customer and we've been that from day one. Well I'm going to say it's twofold. I'm all about my employees and I'm all about my customers, so having a healthy workforce that is happy, keeps your customers happy. I think that's paramount. And I call that corporate responsibility and I see more and more, I feel better, I just went to Fortune magazine's brainstorm Tech and was just delighted to see CEO's up there saying it's not all just about the money, it's about delivering a product to our customers. Kind of a change of mind frame, which was really refreshing. But what I'm also seeing, and this is what embraces all those technologies you talked about, what I've seen in the last year we've started about four years ago, bringing on more Technologists, bringing on Engineers, SMEs, CTEs that could help build a solution. What is happened in the last nine months or so, or year to nine months is that the expectation of customers as well as the expectation is of us delivering solutions is that it will be a consortium or an ecosystem of partners. It's not going to be some big company that just goes in there and does it and I've even had fortune 50 customers tell me, Kelly, if somebody comes in here and says they can do this whole thing by themselves, we don't even listen to them because they can't. Because as you said, there's this sensor over here and this software over here and this product over here and this infrastructure. What we're doing right now is one of our major projects has been 18 months of working with Deloitte, Intel, HP, PTC ThingWorx, OSISoft, National Instruments, you name it. There's like 15 consortium members and we are all bringing to the industry refinery of the future, which is making a smart refinery or chemical plant, which could basically be a smart facility. It can be x, it doesn't matter, but what we're doing is we're doing it all together and we've chopped it up into viable use cases. We're demoing how the use cases can either be integrated or a customer could say, I just want this. We're priming three of them, which are all about asset integrity, connected worker and worker safety and it's taking things like Realwear, GuardHat, PTC, taking all the different elements bringing it together, using real production information to showcase that we can do hands free connected worker. That they could pull up asset information, right there from being out in the middle of the plant. But what's really paramount about it is, I can go to a customer now and I can't tell you how happy they are to go, "wow, you're not only showcasing that the hardware, software, services, etc all work together, you're showcasing that you can work with these five or six other companies in one use case. You all get along, you all can work together. You all make sure the solution can be delivered and you're doing it real time.” I mean, they're so excited about it and they see that it's walking away from doing point POCs, I'm going to test this product, I'm going to test that. Well that tests the product. It doesn't test the integration into the system. This is saying, no, we're doing all that testing for you and then I can tell you in the last 18 months we have learned a ton. We have a book that's all about lessons learned of deploying wireless in a chemical plant and deploying micro data centers and what has to go along with that. All kinds of different information and working together with those ecosystem partners because you know, you have partners that you never thought would be in IT are all of a sudden in IT. Who would've thought they were, now they are. Because with IoT, everything is connected. So everybody's going to be involved in this. But I have to tell you that's the paramount thing I see right now is just the fact that the consortium of groups working together.
Mark: Yeah. Well, it's the reason I snickered earlier, and I apologize I didn't mean to try to make you stumble, but I snickered because it literally just a couple of days ago, I made a short update and I actually made the update, I did it incorrectly for some reason, the actual blog that I was going to reference in my update on Linkedin didn't take. And so only my headline to focus on the importance of the blog ended up in my linkedin profile. And basically I said, I'm paraphrasing myself without going to linkedin and trying to read it word for word, is that it takes a village. There is no single and I was specifically talking about the edge, but I agree with you that it applies in so many different areas across the industry today and within any one business as far as solutions are concerned. But I've been working heavily at the edge recently, certainly with Ericsson. A working reality is that Kelly or Mark can't walk up to a storefront somewhere inside and say I’d like a little bit of Edge and I'd like it to solve this problem or I'd like it to solve that problem. Now realistically one could argue, no, I can solve edge, I can go call Lacoma and yeah, you can, that's assuming that you've got an existing application that does what you needed to do and all you need is more information or data to be cached more closely to the specific set of customers. And that's been an Edge opportunity for decades now. But I think in the more complex opportunities associated with enabling Edge and enabling really potentially millions of net new business models and application opportunities, there is no single place to go and say, oh look, I bought Edge. It just doesn't exist. And so any company attempting to approach that with customers and thinking that they should attempt to address all of that opportunity on their own, I think are going to lose out to people like you frankly.
Kelly: Yeah. And it's just like Big Data. Okay. So yeah, you're going to go analyze your data. Then what? Do you even know if you're analyzing the correct data? The whole story that we've had before. Okay. Yeah. You think you're going to go analyze it, but there are best practices. There are certain things you need to look at because guess what, if you gave them the wrong insights, that's really not good for you. Right? Getting the right insights, just like this consortium of doing it the right way, the first time, you ramp quicker, your payback is quicker, your ROI, and you get the correct information. You get what you need to build sales and build profit, whatever it is that your goals are, this is it.
Mark: Right, totally agree. It's funny because another question which sort of links to your point earlier about pleasing customers and working from the employee outward, one of the things that I think is the quarterly announcement is the bane of, right. It's really the wrong measure for companies to use, but when you think about the customer experience, the Edge is a whole new way for any enterprise to not just offer new business solutions and new use cases that maybe couldn't have been adopted because of the limitations of technology or the cost of improving performance. But the real opportunity of saying, well, I'm going to improve business just by making customers happier with the tools they're already using by leveraging the Edge more effectively. Right? And so in the end, as you say, it really is all about the customer and anyone that can win with the customer has a good chance of winning as a company.
Kelly: And the other thing I'm seeing, and I think you probably are seeing this exact same thing is OT versus IT. I was at one of our large customers supplier conference and I mentioned, that that's what I was seeing. It was an IoT breakout and the gal that was standing there was just laughing. She goes, Kelly, are you saying that IT needs to speak with OT, and the whole crowd started laughing because we've even found to the point where in, some very minute cases, but in a couple of cases OT has kicked IT out and said you have failed to deliver what we need. We're going to go get it ourselves. And they reaching out to us to help them with that. We tried to help IT and OT work together because that's the ultimate win. But there are many cases where OT is winning. They're coming in saying, no, we were not given because it wasn't doing the due diligence of really seeing what OT needed.
Mark: Right, that's a common subject for some of the discussions that I have regularly online via twitter, etc. Is this whole notion that, we can talk about the redefining of the CIO. We can talk about whether the CIO is needed or not, but what I think, and maybe this is really dumbed down and it's overly simplified but in the end what it really boils down to our people executing their function effectively and the responsibility for the function of IT isn't just with the CIO. It's not just with his or her leaders. It also boils down to what was I as the CEO or CFO or COO, what was I hiring for and what are my expectations? If my expectations are that the CIO just doesn't break things and that they manage costs with Oracle and whoever else that I buy large software packages from then I'm not going to get that kind of business integration, the innovation and things that might actually help move IT back into the forefront of helping a business innovate rather than just being a cost of doing business.
Mark: So as we come close to wrapping up here, I dont want to keep you here too long, considering what we've just been talking about and the changes that you've seen are there three or four bullets that you'd like to leave the audience with as far as, let's say where the audience is IT leadership in this case or even somebody working in the data center. What kind of tips would you give for them to help them prepare for what you're seeing, what's coming and how to be successful?
Kelly: I think one of the things is and as fast as we're getting fed this information, fire hose, there still has to be the due diligence of seeing what's going on out there. And I know I get up in the morning look online and go, oh my goodness more. I'm waiting for the tipping point because I know there's got to be a tipping point where there's too much technology. We are too connected. I don't know when that's coming, but in the meantime, I think doing your due diligence of whatever your job is or wherever you're located, what you need to keep up on. The other thing, I think in regards to what I've seen with my company and with individuals, I call it "be squeaky" with everything that's going on and the pace of life and work right now, no matter how many times you go and tell somebody what you do, what your job is or what your company does, it's in one ear and out the other. Not facetiously, but because there's so much going on. So that's something I reiterate my company over and over again and I do it myself. It's like we have to keep telling people what we do, how we do it, why we do it. why it makes sense for them to work with us and this can be individually you as a worker in your company, it's get your story out there, let them know who you are and continue that conversation because to me, I think that's really, really, really critical and I think the final thing is, I wasn't involved in nonprofits or patients for education or helping support different areas like the one you talked about, the one I talked about. There's a lot of them out there, but I think it's our responsibility to support those in some way, somehow. I can tell you my interaction with major corporations, every single one of them now when I go in and have conversations about what CBT does. Its split in half. It's about what we do in the technology and the solutions that we are bringing and they love it, but I instantly change into what I'm doing to support education, IT workforce development and that continues for another half of the conversation. They are very enthralled with it. They want to help. They know what's coming up. They know we're gonna have, we aren't having an influx of IT workers, we need to do everything we can to nurture that and they are behind it a thousand percent. So now I'm going in arm in arm with corporations to help uplift these organizations and make sure we get these kids educated, keep them in IT, keep them somehow related in stem and steam and give them those opportunities to become productive workers for all of us.
Mark: Right. That's fantastic. Certainly couldn't agree more with everything you just said. I could add my own diatribe to that but in the effort to try to keep this to 45 minutes or less, I'm going to just leave that comment, those sets of comments with you, which again, I think are fantastic. So before I make a closing statement, what can I expect from Kelly? And you can reference Kelly specifically or you can talk about CB Technologies. What can we expect from you over the next five years? More companies, more industry involvement?
Kelly: No, Kelly's getting near retirement age, so I would like to see a little more vacation, a little less being on an airplane. I've reached the max on two airlines in the same year, so I know I'm traveling way too much. I think what you're going to see, I know what you're going to see from CBT is a staunch partnership with industry leaders of delivering solutions to clients the way that IT is changing and the way procurement is changing. We see it, we're well ahead of it. and we're excited because we're having a blast. We really, all of us geeky nerds, we're all having fun because all this technology and being able to create a solution real time and go deliver it. So I think you'll see the growing of that. Not that I want this giant company. I think we'll grow in bits and pieces, but like I said, we're on a 50 percent growth rate this year, which is extremely exciting and that's not counting, some of these solutions that could come to fruition in the next five months. So exciting times for us.
Mark: No, it's amazing and just congratulations, I'm really happy for you and I love what you guys do and I've always respected your work and so I'm really happy for you guys. So with that folks I just want to say thank you for listening. and I really want to thank Kelly Ireland for joining us on the episode and taking some time out of her obviously busy schedule. I thought I traveled too much. Please join us next time when we should be joined by Scott Noteboom. A long time data center guru and Founder and CEO of Litbit. if you'd like to nominate anyone to join me on a future podcast, email us at [email protected]. Until next time, I'm Mark Thiele and you can find me on twitter at @mthiele10. Thank you very much.
Share this episode:
July 10, 2018
A conversation with Ryan Fay
Ryan is the Global CIO, currently leading ACI Specialty Benefits global business and technology strategy across 170 countries in over 180 languages via multidisciplinary technology teams radically disrupting the corporate benefits experience leveraging decentralized applications, blockchain, and smart contracts.
- Episode Transcript
Mark Thiele: Hello and welcome to another edition of the IDCA to Infinity Paradigm and Beyond where we bring to the most organized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to digital transformation, cloud, IoT, Edge Computing, Data Centers, Big Data, Infrastructure, and more. This time I am joined by Ryan Fay, CIO for ACI Specialty Benefits and a 30 under 30 top CIO’s in Forbes. Ryan, welcome to the show.
Ryan Fay: Thanks so much for having me. I appreciate it.
Mark: I'm really happy to have you on. You guys are doing some really exciting stuff and I think our listeners will gain a lot from the experience you have, not only in rapidly growing a business, integrating other companies into your business, but successfully bridging the gap between what most companies have in the form of IT and Engineering into one larger value ad technology organization that's helping you approach some serious problems both at the Edge, and through digital transformation, etc. But before we get into the tech stuff, tell us a little bit about Ryan. What do you like doing on the weekend? Where did you come from? How'd you get into IT?
Ryan: Yeah, absolutely. So on the weekends, I'm not sure what that is. So I mean, running a global organization is quite the challenge and I think a lot of times... I really enjoy what I'm doing, you know, from a technology perspective.. I mean I love technology. I love learning about new technology. I love implementing technology, but beyond all that I just love business and I've always just been drawn to how businesses scale and how they're able to do what they do. So for me, a lot of times, outside of my day to day operations of my job, I am on a lot of different startup boards, helping different startups be able to understand, scale effectively use both public and private cloud technologies. I am married. So whenever my wife and I do get some time together, we love to go out to good restaurants, we love eating, we love traveling. So we try to travel as much as possible. Beyond that, it's really just being able to, share some time with friends and family and have the ability to unwind a bit and then let the mind rest a bit so that way you can kind of disengage from a lot of different mobile devices and being able to have time to reconnect. How I got into the space, my father was the president of AVNET, so they're a pretty big company and I grew up in a space surrounded by hardware, hardware, hardware. In fact I would never get a gaming console or anything I wanted. It was always hardware, build your own console, do this. And there was a paradigm shift, when I started going to college and my father said, hardware was great, but software is going to rule the world so you really should be looking to software. So I really focused a lot of my efforts on the software aspect side of that, which has paid off quite well. For my first job, I was a network administrator, started where a lot of folks start in the industry. I was pulling and running cables, doing a lot of drops, understanding the whole infrastructure side, the networking side, and then from there I just kept evolving and I realized I really loved the business side of the operations. So I was able to shift over to more of a business role and then from there now it's just leading a global business and technology strategy for essentially a company that we're growing at roughly 30 percent per year. So it's been a really fun and exciting roadmap for what I've been working on, but it's also just been a really exciting time to be a technology expert in the space.
Mark: You've managed in a 10 or so year period of your primary career to encompass what most IT organizations take 30 years to go through. And I think it's not only an amazing story, but an incredible goal post for other companies that are struggling with many of the big decisions that IT and businesses face today in moving forward and trying to become a platform or going through digitization. And frankly I know one of the topics we're considering talking about today is Edge Computing and I'm just gonna jump right into that Edge role and you think about one of the things that I've noticed relative to a modern companies that are attempting to be global and trying to be really in every country, not just have a name in every country and when they're in every country and building something that is accessible and usable uniquely in maybe what somebody would call an Edge compute to type of format, it requires a much more comprehensive ability to address the norms and requirements of each specific country. Whether it's around data protection, whether it's around network access, whether it's around working with local telcos, whatever it is. So what have you done from an Edge compute standpoint? Thinking about Where ACI Specialty is going, what have you guys done to try to accommodate that? I mean, I'm sure you're not trying to build 10 person teams in every country to handle Edge infrastructure questions and stuff. How do you work that?
Ryan: So Edge Computing was something that we started looking at last couple of years here and we had a lot of these centralized data centers and we have a lot of storage repositories, but we're also using a lot of different CDNs, content delivery networks through GCP and AWS to cache a lot of these low balancing for HTTPS, we had Edge points that were distributed on presence. So we're trying to figure out was what's the best way for us to be able to deliver strategy that was streamlined, effective and efficient, but also to ensure that we had the ability to, if needed, scale out, a mesh network, if you would, of micro data centers that'd be able to help us with latency, help us to ensure that we had the right repositories in place and that we're able to deliver devices that were may have ranged from IoT devices all the way to increasing the user experience when it came to Edge local processing from a multi-cloud strategy. You have to process that and be able to process a lot of different high intensity data that was coming in from wearable devices because you don't want to push a lot of this very highly latent sensitive data throughout entire workflow you had throughout your network. Because as soon as you do that, as you know, the IO capacity, it's going to be able to have a lower output which is going to increase your cloud costs if you're using cloud technologies. It's also going to slow down the pipelines depending on what you have going on. So we created a fog network that essentially will be able to have, information spread between multiple different connected Edge devices. So that way we could focus on creating the best use case for each one of our client experiences. So if someone came in one of our clients and they were able to deploy something, we wanted it to be deployed as close as possible to where they were coming from. So obviously having geographic location and the same region for compliance and regulations. Being able to make sure that the data is being stored in the right area, maybe it's being stored as close as possible to where it's being gathered for compliance and regulatory issues, but also to create the best user experience possible when it comes to security. So part of this is really around, the Edge security and how do you make sure that you have the right fundamentals. Is it the Edge devices, the Edge itself, the gateway to the clients, there's so many different aspects. And as you create a lot of these mini data centers that you're rolling out, it's very difficult because things becoming more converged and systems are becoming more storage based. So if you're using stuff like Snowball from AWS for example, you can employ that on Edge, in real time. But as soon as you start looking at, different use cases around 5G scenarios, obviously that built out, it's going to change and need to figure out, okay, what devices in my collecting this data from and how can I optimize that collection to ensure that we have the best user experience as possible possible.
Mark: It's such a big problem to solve. One of the things that I go back and forth on and I think I even covered it in one or two of the blogs that I wrote about Edge recently is the thinking ahead of time for some of the challenges that trying to do not only massive scale in small bites, but geographically distributed infrastructure and applications. What you have to solve ahead of time so that you're not setting yourself up to effectively say, every time I add five new locations, wherever those locations are or a thousand new devices, etc... I've got to add this many new people or this many new skillsets or whatever the case may be. So how did you guys approach that from the beginning to try to make sure that what you put out there, you could have completely manage without putting yourself in them?
Ryan: Yes. We actually did it probably in a different way than most companies are deploying Edge. We looked at it from more of a data governance perspective. So we figured out, first of all, where do you want this data to be stored and if we this data to always be stored in this geographic location at all times for regulatory issues and we're looking from a data gravity perspective to have this data stored, you know at x, y, z, whatever it may be, and let's build out a network here and then we can kind of get rid of what we're using before, which was a content delivery network that was essentially pieced together by multiple globally distributed Edge points; and then we could get rid of the caching issue that we were having, thus we could increase the throughput which would decrease latency and would increase our user experience for our customers worldwide. So that's how we first went about it, it was what areas are we having the biggest issues right now when it comes to caching content on Edge. And then from there we initially partnered with companies like Google Cloud Platform and we've partnered with AWS, Amazon Web Services, and we essentially decided to say, okay, we can look at what they’re doing, we can leverage from the technology that they're using potentially, but they didn't want to solve the root issue and even if you're using the technology, it's what use cases is actually going to give you long term storage and how you're going to be having local Edge compute systems that can compile and make sure that they're doing what they need to do in real time. So as you start building out more and more Edge, for lack of a better word, networks, you know, you start creating more fog computing, which is then connecting all these Edge devices together and then you're having more complexity. So for us it was more just about trying to create the simplest network as possible in areas that we needed to keep data secure. We needed data to be stored or maintained for regulatory issues and then from there we work backwards to creating what we refer to as our Edge-first Compute; and then from there we did focus on Mobile Edge Compute, and then now we're partnering with telecom providers to have 5G scenarios, connectivity to then build out even faster, better Edge compute systems.
Mark: That's awesome. It's obvious you guys put a lot of thought into how you were going to address the market rather than just attempting to throw something into the market. When I've thought about Edge Computing in general I see for the average company trying to approach new product or [inaudible] Edge, uh, trying to refine their deliverable, their total cost of ownership and their customer experience requirements against what is a literally a define-as-you-go set of technology capabilities. It seems like an almost overwhelming problem for some. Did you use any kind of way to break down the problem with your team to try to really focus on addressing individual core requirements first rather than saying, wow, thIs is a big, painful picture, how do we approach it?
Ryan: Yes we were actually probably pretty uniquely positioned to attack this problem. So one of the areas that we actually had a competitive advantage in is that we actually would house employees, our employees, onsite at corporations and they would give us a small area where we would have essentially, our employees to be able to be have offices in or they'd have access to networks. So what we started doing was that we started scaling out essentially one by one, these small, almost micro data centers that we'd have onsite at the firm that we were servicing so we hire our employees but they act and feel like they're employees at the company that they're working for because they had drive engagement, but then we have access to their networks which gives us the ability to create our own mesh network with them essentially. The use case that we had was, a lot of it was due to latency. So if you're trying to store data in real time, pass the data that was coming from a client back to us, it's much faster to cache it on point, “at the Edge”. Then we wouldn't have any kind of data locality issues when it comes to actually reducing, you know, backhaul traffic or we wouldn't have to worry about repositories where we had distributed. So from there that was kind of the first use case is just network connectivity, giving the smallest possible and then trying to centralize as much of the processing or storage repository as possible to ensure we had almost like a colo that we created ad-hoc. Then from there we realized this is such a great use case and we were saving about 60 percent total cost ownership when it came to savings, what we were actually creating. And then the global economy just kind of took off when it came to creating huge opportunities for us. Because we were managing, not only US companies now, but international companies and through acquisition we expanded to over 15 million lives. Now that we cover worldwide, so for us we had the opportunity to now go into even more areas I guess you could say, or geographic locations. You software-define those data center environments and then from there we just started to manage this huge data we had from wearable both medical and nonmedical devices and then we slowly built it out from there and then we created a fog network to be able to manage all those networks we had and now we're kind of where we're at today. But a lot of it is due to compliance and it was due to latency Issues we're having. That's kinda how it started.
Mark: Outstanding. First of all, just as a fellow practitioner, I would say congratulations on your efforts so far. One of the things we talked about before we even got started on the call, which I thought was kind of too bad we can’t include it in the in the overall podcast, but I'll try to bring up some of it again. What you just explained to whoever's listening is how the CIO in combination with his team has deployed what for most organizations would be considered external customer facing applications and for an organization that's attempting to really make themselves a platform for their customers and partners, that oftentimes ends up being an engineering organization or what's euphemistically called an engineering organization that might be under a CTO or something else. How did manage that and what kind of struggles have you had trying to maintain your focus on the external customer while still delivering the traditional IT requirements that your internal ACI Specialty Benefits employees require?
Ryan: Yeah, it's a great question. So I think what happened is we had a paradigm shift in the marketplace where we were going towards a route of having engineering folks being able to deploy up to a more central CTO type person to be able to deliver technology. What we realized very quickly is by doing that, we're losing touch of the business applications use cases and overall desire of the business to be able to scale out and deploy. So what we started doing instead, and it worked actually really well for us, is we included a lot of these dev ops, sec ops, engineering folks, all the way down to data scientists e have to pretty much anybody that falls under more of the technology umbrella, to be able to understand the business use case first. We pass it through business. So sitting in some of our executive meetings or board director meetings or whatever it is, we'll get a problem and nine times out of ten it's actually not a technology problem. It's actually a training problem. And if you're passing things directly through to engineering, they're going to try to engineer it to be better, faster and more resilient while maybe creating a better user experience in the process. But I wanted to ensure whatever we were doing created the App. So the best user experience. So that's where we start. And then only starts with business units, stakeholders to ensure that we understand the use case 100 percent and oftentimes we don't even when we feel like we do, so we're constantly iterating to ensure we're having a better user experience. So that's kinda where we started and we realized that engineering, a lot of the folks that are doing data operations, they really don't care about the big picture operating. What they really care about is their siloed area of what they want to create. This app connects to this area. This connects to this different operation or this cloud native product or that it's localized for this area, you know, for whatever it may be. And that's great. If you want to run a siloed organization. We're trying to break down as many silos as possible and create a more flat organization. So for me it's really challenging or folks who say, why are we doing what we're doing? How can we do thIs better and what do you think we're doing wrong? And as soon as you ask those questions, at least in my experience, what I've seen is people they want to go above and beyond and make it an even better experience. So we've kind of got out of that whole mentality of engineering under engineering and now engineering is kind of spread throughout the whole entire organization. We're slowly turning into technology company. What's happening is, you know, everybody needs to be somewhat tech savvy and it helps us to then make sure we're ensuring the product and the entire comprehensive core competencies that we deliver are not only efficient, but we're hoping they go above and beyond to create the absolute best user experience as possible.
Mark: Thinking about what you just talked about Ryan and the importance of thinking from the business perspective, and I'm going to throw you a little bit of a softball question relative to what I'm working on with IDCA as chairman of the technical committee there and the application framework in which you and I talked about that a little bit. What's your perspective on the importance as you go through this kind of major transformation of your company and thinking really about how technology is and should be driven from the business first and how the application is what's important from an IT perspective, not specifically the data center or air conditioning or server type or OS type. What do you see as the importance of being able to use something like the application framework to really better understand what you have, how to build it to a why you're building it and how to measure it.
Ryan: Yes, absolutely. So I think IDCA obviously hit the nail on the ahead by being able to say you need to be able to find, promote and essentially be able to have a centric nature when it comes to the entire technology stack. And I think you all were the first one to actually formally recognize this. So this is definitely something that's becoming more and more important and I would say it's definitely becoming almost the center of the business is having application centric ability to not only have an ecosystem that essentially defines what's going on, but the whole entire workflow, the process, and just the overall outlined procedure that you all have. I think it's an instrumental when it comes to defining both infrastructure portion and also being able to have a framework as you spoke to it earlier that makes sure that you are focusing on what actually matters. Each layer is gonna be different aspect that matters more and more. And if you're not aligning those from the getgo and having good fundamentals, it's becoming harder and harder to align those as time goes on. It's almost like when you shoot a rocket into space if you're off your trajectory by so much at land, it becomes even more by order of magnitudes as you get further and further out because of the way that you're trying to hit moving target, then that's the way I look at this as if you're not get on from the ground level, you're going to get worse and worse as you’re trying to move to your target.
Mark: I obviously agree with that. When I first started working with Mehdi Paryavi, the founder and president for Techxact and the founder for IDCA who's sponsoring my efforts where I volunteer on the Technical Committee. It really was that top down perspective that gave me hope. I see it as a very lofty goal. But, one that IT industry as a whole has been lacking for the most part. And that shows up in everything from failure to make proper transitions to failed architecture over time to buying too much or buying too little, or not having the right contracts with partners and maybe even not even having the right people in the organization for the transitions or changes that you're planning. So I see it as very critical. I appreciate your perspective on it. Going beyond that a little bit and you hinted at it this next question I'm going ask, when we were talking about your efforts with Edge and your work to try to combine what would be considered engineering in a company like Yelp or ebay or Paypal or something like that within the larger technology delivery scheme of IT. Talk a little bit about what you see as the importance of having a top down from a leadership standpoint. Having a top down and I'm not talking about just the IT leadership, but I'm talking about leadership in the entire company, having a top down focus on what this transformation means what approaching a net new strategy for market access and really trying to turn your company into a platform. What does that mean? Because to me, and I know you agree with this, but I'm going to ask it anyway. To me it's not so much a technology transformation as it is a company transformation that's supported by technology.
Ryan: Absolutely. I mean, you couldn't have said it better. The technology is actually the easiest part of the transformation. It's the culture. It's the understanding of what you're doing. It's the right sizing. Everyone likes to use the term right sizing of technology. I think it's the right sizing the entire organization. How is leadership making sure that we're setting a strategy and that we're able to execute on strategy, but also how are we making sure that we're confident that we're going to be able to hit these different milestones, KPIs, SLAs that we're promising our clients we're going to be able to hit because we're taking suicide calls, we're doing a lot of stuff around regulations, compliance. So for us, if we're not right, it's not a matter of oh we had an outage, it can be a matter of life or death literally for us because that's the kind of calls we're taking in from an EAP perspective. So for us we need to be 110 percent certain is it going to work and that that's kind of the message I've been really trying to relay and over the last eight years that I’m at the company is that we can't just be sure it's gonna work. We need to be certain it's going to work and then we need to quality assure that it's going to work and from there then we can tell our clients that this will work, but I think as you said, it's got to be top down approach because what's happening is if you try to trickle from the bottom, you know it's obviously not going to work because there's such thing as gravity unfortunately. And when it comes to data gravity, and I think it’s the same thing when it comes to leadership gravity. How are you ensuring the right teams have the right access to the right folks at the very top to ensure that we're having pragmatic change that's sustainable. Anybody can go through a digital transformation. That's the easy part. The hard part is what do you do after that and how do you sustain that momentum, that culture, that environment to ensure you don't have to go through another one in three years because only thing worse than going into the transformation is going through multiple digital transformations because you want to make sure that whatever you're creating or whatever standards are in place, is something that can actually scale out as well. Just like the technology.
Mark: I realize I'm over simplifying sometimes, but to me attempting to do a digital transformation from the technology side first is almost like saying I don't have a company, but I'm going to build an IT organization and then I'm going to put a company on top of it, right? I mean that it just obviously in separation from actual work effort. That sounds ridiculous. Nobody would do that. But we find all too often that IT organizations get themselves into position, whether it's something as fascinating and new as approaching Edge or approaching digital transformation or as old and perceived as boring as disaster recovery. All too often it seems like there's a lack of momentum from the top and push from IT to educate to the top and in the end people are demanding technology solutions for an ill defined or even completely undefined vision of the future. And it sounds like you guys have really solved that problem.
Ryan: You know, we're trying. It is a battle every day and I think part of the process was I was just explaining to our board and our executive team that we can't have a 10 year strategy for technology because what was happening 10 years ago in technology. We are in a completely different place but marketing and finance every department is expected to have these long roadmaps. So I think it's explaining we can have incremental bite size change and that's the best way to go about it is to have these we refer to as sprints we're very agile and we have multiple sprints going on, multiple different environment from multiple business units and of multiple different engineering groups and we'll do different from a high level of even leadership sprints. So I think most people think sprints as a dev ops thing, I think almost as a mindset. So even from a leadership team, we're having many sprints, at each of our executive meetings where we're trying to solve these issues and we're trying to break down barriers because at the end of the day, [inaudible] break down barriers and ensure that you have pragmatic scalability. So I think it's that fundamental mindset from the top up and that then translate all the way down. Unfortunately all the way down means normally infrastructure level and then we're able to architecture out and right size that functionality because we've already right sized the business. And then from there it's just connecting the dots which sounds easy but it's still difficult but a much more easy to connect the dots and it is to find the dots. So that's what we're strategizing for 2020 is being able to have this master roadmap that's actually not even a roadmap. Maybe it's just a list of maps that we've used in the past that then when we want to go another one of these endeavors, we were able to then look back and say, oh we made a pit stop here. That was a good idea or we really should have sprinted a little harder here or we went too far here. So it's truly that just making sure you have sustainability and a framework to go back to [inaudible]. So ensure that you know what you know, because unfortunately you don't know what you don't know. And that is really what hurts most organizations the most because they dont know everything, right?
Mark: Absolutely. As we get towards the end of this podcast, and I wish we could just keep talking. I know how busy you are and the reality is nobody can afford to listen to it two hours podcast. This is such fun stuff. And where you are and what you're doing is so interesting to me and I'm sure it's interesting to pretty much everyone that would listen. But if you could do one takeaway or three takeaways, whatever you feel comfortable with. As we close this out what would you tell folks, some of the things that I think about and you can decide whether to play off of this or come up with your own answers, but how do you incent the people in your organization the right way? How do you get them to not succumb to following what is the easy route for most technologists? The easy route is head down at the monitor had down on their phone, not going out and exploring the business, not looking at how, as you even mentioned earlier, their technology is influenced by or influences other parts of the organization or other parts of the infrastructure, etc. etc. Again, pick whatever you want, but I'm looking for some tidbits to take away that might help other people that are attempting to go through the same thing that you are.
Ryan: Yeah. I think the highest tip, it's just gonna be proofs in the actual deliverable that you are able to deliver. So for me when it comes down to is a lot of folks in my team, they don't want to be in meetings and presenting their ideas and taking credit for what they're doing, you know, in reality they really want to be able to keep their head down as you said and be at the monitor and be able to get work done. So it's taking everybody out of their comfort zone, which at first is very difficult, but then showing them there is value, because that's the main key. There's no value, no one's gonna want to do what they're doing, but there's value to be able to be showing what you're working on, how you're working on it, coming in and presenting. And I think what happens is there's a shift then in both the ideology but also in just the fundamental, I would say, culture of the company where if you can get technical folks talking about non-technical folks and you're solving problems that may or may not be related technology, the outcome in my opinion, is always going to be something that's gonna be greater than if you had just two technology folks talking or just two business folks talking. So for me it's trying to connect again the dots of the two different folks that can really solve the root problem, you know? So that's, that's the first thing. The second thing is make sure you understand the business problem better than you think you do. And what I mean by that is everybody thinks they understand the problem that they're having from business perspective. Nine times out of ten we spend so much time and energy trying to understand from technology perspective and how we can fix that. That really the problem is around training. So I think training is a huge area that almost every organization can improve on, is having built in functionality for help files, built in functionality for frequently asked questions, built in functionality when it comes to anything that may be related to training aspect. And then lastly, encourage your team to, I wouldn't say fail, but encourage your team to learn. Learning sometimes involves failing. So I hate saying, you know, we encourage people to fail because I don't think anybody ever wants to fail, but we encourage you to learn and if you happen to fail while you're learning, then that's great, but now let's help other people in the organization not have to learn the same lessons you've learned so they don't fail. And we can ensure that we have an organization that is creating a 1 + 1 = 3 relationship which is at the end day where everyone's trying to create. They want to go to a place that is exciting, that they feel like they're adding to the bottom line. But also people feel like they can actually have a say and that what they say goes. So it's involving stakeholders early on and you're going to do the exact same thing that you were going to do without their input. Asking for input is a very valuable lesson for a lot of folks and even if you don't take their feedback and putting in the end product in the final production environment, it's still making people feel like they have a say in what's going on and a part of the bigger picture.
Mark: Right.I couldn't agree more. I think that's great advice for anyone that's listening. there are a lot of nuggets in what you described there and this is a complex time. I just want to say congratulations to the work you're guys are doing I certainly for one hope that we can stay in contact and I can follow your progress as you continue to move forward and really, expand on what you started turning ACI Specialty Benefits into a platform company as opposed to a product or just a traditional service company. And I think it's fantastic and really you are becoming in my mind anyway, you're becoming one of the bellwethers for the companies that need to make that transition. And I've been known to say that the companies that don't make that transition over the next five years are likely to not be in business anymore. I think it's vital that if you're not on that path already, you should take some of the advice that that Ryan has passed along today and, and use it to your benefit. So, Ryan, anything you’d like to say in closing.
Ryan: Before we wrap up. A couple of things. First off Mark I appreciate the opportunity to speak and talk about some of this really exciting stuff that's happening right now. Also, I want to say thank you again. I mean I follow you on a lot of social platforms, so you always share knowledge. You're always going above and beyond. You're always answering questions that people have and you partake in a lot of different groups on both twitter and linkedin. It's folks like you that really encourage other folks and you definitely encouraged me in the past. I definitely appreciate you going above and beyond to help explain a lot of these complex problems and a lot of these complex strategies. So I wish there was more people like you in the world. So thanks again for sharing your knowledge.
Mark: Oh man, you are too kind. And the check is in the mail buddy.
Ryan: Absolutely. Thank you very much. I appreciate it.
Mark: Alright, so again, folks wrapping up today with this fantastic call with Ryan Fay I'd like to thank Ryan again for joining me on the episode and join us next time where we are joined by Scott. Noteboom, longtime data center guru and founder and CEO of Litbit. If you'd like to nominate anyone to join me in a future podcast, please email [email protected]. Until next time, I'm Mark Thiele and you can find me on twitter at @mthiele10. And Ryan, as we wrap up where can folks find you online? because you gave me all kinds of compliments about my online activity but you're no slouch yourself.
Ryan: : Well, I appreciate that. Thank you. Yeah. So I'm on twitter and my handle is just @ryancfay, and I'm on linkedin under ryancfay. Yeah, those are the main two areas that I like chat to other folks in industry. So I appreciate it. Thanks so much Mark.
Mark: : Yeah, absolutely. And folks, if you haven't already started following Ryan, you absolutely should because he gives out fantastic advice and is always business focused, which I think no matter how many times we tell ourselves that we need to be more business focused, we almost always fall back on the easy part, which is technology. So follow him and keep yourself reminded that that's where we need to start and end our day as IT folks. Ryan, thanks again and I appreciate it.
Ryan: : I appreciate it. Thanks so much.
Share this episode:
June 13, 2018
A conversation with Mehdi Paryavi
Mehdi is the Founder & Chairman of IDCA. He is the inventor of Application Ecosystem concepts and methodologies and the author of Infinity Paradigm AE360 Standards Framework. He actively promotes genuine specialization across industry verticals suited to the precise application needs. His initiatives and notions have formed strong pillars for the information technology industry and reshaped the way our industry foresees its future.
- Episode Transcript
Mark Thiele:: Hello and welcome to another edition of the IDCA to Infinity Paradigm and Beyond Podcast where we bring in the most recognized faces and thought leaders of the technology industry and have candid discussions on topics pertaining to cloud IoT, data centers, AI, Big Data, Infrastructure, and IT among other things. This time I am joined by Mehdi Paryavi, Chairman and founder of IDCA. Mehdi, it's a pleasure to have you.
Mehdi Paryavi: Pleasure is all mine.
Mark: It's funny that you and I have been working together for awhile now and this is the first time we're doing something that approaches an official interview and I think it'll be fun. I'm hoping that I'm going to learn something new about you even after all the discussions we've had, even occasionally over a game of ping pong. Well, watching the game of ping pong.
Mehdi: I hope so, just take the questions easy on me.
Mark: You're the founder and chairman of IDCA among other things, and we could chat the whole time about your work accomplishments and their impact on our industry. But before we get all businessy, tell the audience a little bit about Mehdi. What does Mehdi do when he is not trying to influence the direction of the technology industry?
Mehdi: Well Mark, I come from an immigrant family. While I was born in the US, I spend most of my childhood abroad. When I came back to the US at the age of 14, I could hardly speak a word of English. Regardless, I advanced, fairly quickly, academically and I graduated at a very early age with double degree in Finance and Information Systems. Towards the end of college I was kind of bored. I felt that I'm not quenching my thirst for knowledge enough. The knowledge that I was looking for was too basic and I wanted a way out. So I started working outside, but because I was a finisher, I finished college, with awesome grades of course. But as soon as I finished my school, I landed my first full time job and then living and breathing Information Technology since then. I'm happily married for 20 years. I'm a father of three, brilliant college kids. I'm a world traveler. There is hardly a country on the map that I haven't been to. And when I travel, I don't just pass through the streets to do my business. I'm an observer. I try to stay a couple of days before and after my meeting to live and experience different cultures, societies, and learn from people, the details of life and secrets of this universe. At Least I try. Due to our family’s involved with technology and my personal interests, all my life, I've lived and breath Information Technology and then worked in diverse, but focused, areas of IT. I consider myself a good table tennis player. I've done martial arts, soccer, archery, and horseback riding. I read a lot, but I spend more time digesting than actually reading. Nature and history are my top two favorite destinations. And... I'm not too fond of our politics and way of life these days.
Mark: It's funny you mentioned all those things and I did know most of those things about you. But you mentioned at least four maybe five things that are very aligned with me which must be part of why we get along so well. I'm also not very excited about current politics. I've also been married for 20 plus years and have a daughter in college. As my passions, I mean we both obviously share a passion for the technology industry, but my passions outside of technology are also about history.
Mehdi: This is why you and I spend a lot of time talking about everything. Solving the world’s problems...
Mark: Yup. Everything. And it doesn't have to be about data centers or routers. That's right, that begs the question. I'd love to start just hammering you on a IDCA and what the goals and objectives are and stuff. But before we start that one more philosophical question. I know you are a very philosophical person based on our conversations, and pick something that you would like to share. It could be philosophy as you see it relative to our industry, philosophy as you see it relative to your travels. Is there something common about humanity, or our industry. Pick something that you interested in that you think our audience would be interested in as well.
Mehdi: What I can do is I can give you my perspective on IT, as someone who is an IT guy himself, but with a philosophical perspective on its impact to our families and our society. So basically, my best time, even though I've lived this industry to its fullest, my best hours of my life is when I'm away from phone and I am sitting on my terrace or in my library pondering upon philosophical, sociological, economical, religious topics. That's my gig of the day. My kids, for example, were not allowed to have phones until they were 16. Because I believe there's so much in life you need to learn and observe before you get into IT, cause once you get exposed to IT, your world is constrained by your selection of apps and media. So I wanted my kids to have a more unbiased, naked-eye and up-close perspective of the earth before the world of gadgets put upon them. You see Mark, today we have abundance of information but a severe shortage of thinkers. You can pretty much google everything, I mean anything. However, because of that abundance, because of such huge amount of knowledge wondering around and feeding us with with our every breath, there isn't simply enough people out there that think and try to make sense of everything that's surrounding us. A lot of it is due to the fact that we're constantly being fed with data and information. Therefore, we hardly have time to take a step back and digest them in order to find their application or relevance in our lives. So a lot of things we read on daily basis or the things we do are just routines. We don't have to have those routines, but we do. We can go on and talk about this stuff...
Mark: Yeah. I'll just end by my short to paraphrase because I largely agree with everything you just said. My short paraphrase of that when I talked to other people about this same subject is that although I don't get a newspaper to my home anymore, one of the things I regret about not reading the newspaper everyday, is with the newspaper when you open it, you're not predisposed to the content, to your point about what you're fed based on your choices, via the web, via your Google news feed or your Yahoo News feed or whatever it is that you use, your flipboard, etc.... I would read about anything that affected our lives as opposed to the only those things that I found or already believed to be industry.
Mehdi: We are all boxed in today. We choose what we want to read, and that by itself automatically blocks any opposing opinions and therefore we lack diversity and we lack comprehension of opposing views.
Mark: Yeah. It's another good reason to champion the phrase of challenge your assumptions on a regular basis.
Mark: Okay, so now we'll get onto the more technical aspects of the conversation or at least the more industry specific aspects. And tell me how did you actually start the whole IDCA campaign, what got into you and, what made you get it going?
Mehdi: I basically felt the need. I’ve found us driven by forces of supply. I, actually, wrote a blog about this: “supply and demand”. You would learn in school that demand governs and drives supply. Whatever you guys are demanding is what us suppliers will supply to you. But in our world today, I think supply is brainwashing the demand. By that I mean, there's less people using their creativity and power of imagination to foresee what they would need than people looking at nice brochures and say, “oh, this is what I want for my infrastructure”. So this is why we tend to go the extremes at times. You know, you remember the days where everybody was putting all their eggs in one basket with absolute redundancy and high-maintenance facilities, and then times when people wanted cheap facilities and now that the ultimate goal is to just outsource everything. And all of these notions have been the flagships of our industry in their own days. There was no common core. There was no common understanding. There was no simplified definition or outline metrics of usefulness of anything that's out there. So, I felt the ambiguity and I don't like vagueness. I like everything to be crystal clear. And I think having those clarities embedded in our industry is important in order to set the pillars for what's coming because what's coming is much greater than what's already amazing us. We are the players in the biggest industry mankind has ever created. We're impacting trillions of dollars in terms of currency. We're impacting billions of people in terms of lives and citizens. We're impacting everything. Our politics are affected by it, our healthcare is affected by it, our oil and gas is affected by it. Everything is affected by information technology, by data, and by data centers and by the platforms that run and facilitate applications.
Mehdi: Therefore, it's important that we clarify everything and set things clear and create outlines, create policies, create the right procedures, create common understandings. When people move from Amazon to Apple to Google to Microsoft, they shouldn't have to go learn a whole new field. We've seen too many times, you and I have seen it so many times, that people in times of panic or emergency, subconsciously they do what they did in their previous job or whatever they have been doing the most. So if, I don't know, pink was the color of upload or red was a color of something else, that's what they would unplug, even things as simple as a coloring schemes in the data center, if they are not universal, they can cause problems. That all sparked the idea of the IDCA project. So the way we went about it was we start with education. I believe that you cannot make a great impact without having an educated audience. So we spent years educating the industry. We trained thousands of professionals around the world. We spend a lot of time addressing the modern issues, the modern topics of our industry to the professionals who have attended our programs and obviously our ultimate goal was to get into the standardization and, you know, provide clear-cut venues for people to understand and make sense of things. And this is what we're doing today.
Mark: Yeah. Obviously from our very first conversation about joining in and helping out with the technical committee, you know that I feel the same way about the need to be able to process what IT is and process it more effectively and be able to react and respond to the business more effectively and efficiently. All of those are, along with everything you just said, are key to, understanding what you have and understanding what you're building and why you're building it so that you're building what the business needs and building something that you can continue to support and ideally building it from the perspective of being able to do the same thing somewhere else, at least in technical capability, if not in perfect alignment from a strategy standpoint. So you know, when you first got this going, did you find it difficult? I mean, raising the idea in the industry, did you face resistance from folks?
Mehdi: Whatever it was, it was normal. It was expected. You know we are making history for our industry, just like Carnegie and Rockefeller and JP Morgan pioneered theirs. We’re paving the way for people to come after us for our industry. With every new wave there has always been historically some resistance. Fortunately, our industry is one of the most educated out there. Therefore, we're blessed to have a tuned audience. Of course, some people said, “we like what you guys are doing, let’s see where you guys ending up in a decade or so.” Some said, “no way you cannot go against the status quo”, and some were neutral. But when people saw the progression of our message, the consistency of work and the successive developments, they came in flocks. And we're blessed by it.
Mark: Yeah I agree. I found, even in the time that I've been a part of the program, that more and more when I’m out and about speaking at events or talking to folks even with other companies and I'm getting asked about how people can participate. And so I realized that half of that is awareness to begin with, but it’s also to some degree an awareness of the deeper opportunity associated with the goals, so that's fantastic. When you think about, of course we talked about the training, etc. but let's dive a little bit more specifically into the Application Ecosystem, otherwise known as the Infinity Paradigm. Could you tell the audience a little bit about what sparked the idea specifically around building that and calling it the Application Ecosystem and then maybe we can go onto a more detailed question about how you see this directly helping certain parts of an organization.
Mehdi: What sparked the Application Ecosystem was the lack of practical effectiveness of everything else that existed before it. We basically failed to address the modern issues of our industry. The “data” center industry is supposed to be belonging not only to the power and cooling people, nor the cabling nor any specific group. In reality the term “data center” refers to the fact that the most important commodity in your data center is that is the data itself and everything that deals with data. So your application, your platform, your compute, cloud analytics, all the way down to your physical IT gear, routers, switches, SAN, blades and so forth are your top priority. They are the driving force that define how a data center should look like where it should be and what it should deliver in terms of levels of capacity, efficiency, security, resilience, and so forth. At some point of time, we got things reversed and our industry looked at things upside down. So definitions were a polluted and the people could not make sense of what they were doing. If you had a data center that was led by someone with heavy electrical background, you could see it walking into the data center that this data center is electrically-heavy. If you walked into the center who's architect was someone with cooling background, you felt it coming in. Whereas, data center is an infrastructure that supports the application ecosystems. In an ecosystem you cannot say which component is more important than the other. They're all as important and they all have to work in harmony and they all have to be unified and they all have to be bundled in a way that the business or the institution that is the stakeholder of the application or the data benefits from it in an optimum way. That was not there before.
Mehdi: People thought, okay, we will just build a shelter, we put a ceiling on our heads and put a bunch of racks, some cabling and some power, cooling, generators and UPS and we have a data center. That's not how it works and it hasn't worked in the past years to nobody's surprise and that's why we came up with the Application Ecosystem notion. By that we're emphasizing that if you're a cable technician or a UPS technician or a data center manager or NOC technician, you're all as important. You're all part of one team, not separate teams, you all have one mission, not multiple missions, and you are all part of one ecosystem that fulfills your organizations promise. Having that mindset and having that educated background, walking into a facility, walking into a data center, sitting behind a computer, gives you a sense of purpose and gives the organization a way to quantify things that need to be measured that haven't been measured before.
Mark: Right. Absolutely. You bring up so many good points and I know that outside of this podcast, we've had some of these conversations already, but I think it begs repeating. One of the things that drove me and my interest in what you were trying to do with the Application Ecosystem, was, some of my experience just specifically in the data center considering the definition you’ve just provided for data center saying just the data center seems pretty stupid. But it was in the sense when I was out to build a data center. I'd owned and operated several data centers in the past. I'd refurbished a couple of small data centers when I was at HP, but at Gilead, in around 2003 I think, was the first time I was building a significantly sized data center from scratch to a particular tier standard to a particular business requirement, etc. as opposed to just trying to modify or add on to something I already owned. And what I found, which I found was fairly distressing, was that there was no single place to go. There was no place to go that told me how to own what I was trying to build, right? And when you think about owning, right? You talk about a puppy, you can talk about a pool, but if you're going to own a pool, then you have to realize that you're going to probably need a fence around the property based on local law. You're going to need insurance. You're going to need to think about how you keep it clean and what kind of maintenance you do and so on and so forth. And those are all part of owning a pool. Anybody can have a pool, but own owning it requires those things. I couldn't find anything even at that simple what appears now to be a very simple thing. I couldn't find anything that helped me understand what it meant to actually own a data center. And what we had was we had facilities people that thought they knew what they were doing. We had different parts of IT that thought they knew what they were doing. We had a business who have no clue and no understanding about the importance of what we were building to what they wanted for their future as far as technical capability was concerned, and that was a recipe for disaster.
Mehdi: So Mark, without a Bible you would have no church. So the lack of content was evident. We didn't have content to go by. This industry lacked it. None of the prevailing standards at the time talked about cloud, talked about Big Data, AI. None of the modern topics were addressed by the so called data center standards. That was a big gap. It was a gap that needed to be addressed, which sparked our enthusiasm for the work and for the effort and what we're doing here is bringing everybody together. We're trying to bridge the gaps by not diminishing anybody's role. On the contrary, by emphasizing on the importance of everyone's role and giving them a further purpose into the bottom line of the organization. And this by itself, that the notion of the Application Ecosystem alone, just that terminology, is such an eye-opening phrase that if you think about it, it gives you a peace of mind, when you talk about data centers.
Mark: I agree. I mean it's the closest thing to thinking about it from the pure customer perspective and I think that's fantastic.
Mehdi: One other thing that it does is, as an end user, whether you're outsourcing your actual facility or not, you are part of the Application Ecosystem still. You are the stakeholder of this ecosystem, so whether you choose to outsource a part of it or do everything yourself, you are still maintaining the ecosystem. You're just outsourcing different segments or different components. But you see the big picture. And the big picture is what was missing.
Mark: That's right. You may not have grown the tomato, but you're still responsible for how lunch tastes.
Mehdi: Exactly. I remember somebody one day commented that if you can build anything that flies and call it an airplane, why would you need a standard for airplanes. We're not making a standard for airplanes. We're making a standard for the aviation industry, if I want to make a comparison. The Application Ecosystem. It's not about how do you run a UPS? It's about how do you run your Application Ecosystem and people could read up on that and understand what we're talking about here in further details.
Mark: Yeah and I’ll maybe make a link available for folks and certainly they can go to the IDCA website, and look for the Infinity Paradigm there to get to more detail on this, but you know speaking and raising the level of discussion a little bit higher from a consumption standpoint, you know, if you were to talk to a CIO or a CEO in business terms about why the Infinity Paradigm might be important to their business, and you could pick a particular business if that makes it easier. But you know, what are two or three of the things that you would tell them to help them to understand?
Mehdi: Well what we're doing here helps everybody far and wide. In short, I guess the biggest take you can have from all of this is being able to analyze and address the bottom line, which can only be achieved by translating the magnitudes of intangible facets to an Application Ecosystem that must be quantified and touched. Remember, you can't measure something that you can't manage. A lot of CIO’s out there, a lot of government institutions and a lot of conglomerates are managing things without being able to measure their full effectiveness, without being able to measure all the detail that is involved in their ecosystem or without having an integrated model for measuring them, or monitoring them. So one of the issues with segmenting your work by having facilities and IT and virtualization and cloud, all different groups and different monitoring systems is that you will never be able to come up with a bottom line that makes sense to the organization. I remember in one of the speeches I made, I had a USB stick in my hand. I said, what is this? Everybody said USB stick. I said, no, this is a data center. A data center could be as small as a usb stick if you have critical information on it. Or it could be as big as a Facebook data center. So we don't measure data centers based by its size or square foot. If it's holding data it is a data center. So when people's view about data center is a UPS center or a chiller center or the CRACs center or a structured cabling center, obviously a USB is just a USB. But when a USB to you becomes a data center, then from a point of view of CIO, you have to think about the ROI of that USB, the security of data on it and the movement of files and the connectivities and so forth. How you plan to host the data or transmit the data or facilitate the data, that's a different story. But the definition of data center is very clear. It has to become clear to everybody so that we don't end up with all these security hacks and all these inefficiencies at work and all these expensive bills that we pay for, for facilities that we don't even consider data center, but we are praying for them regardless.
Mark: Yeah, absolutely. Okay, so that’s a pretty compelling from my perspective. and again that's part of why I joined up in the cause, but you've also spoken about the digital economy in general. And you've done that pretty regularly and you've even mentored institutions on what the digital economy would mean to them and what it means in general. Can you tell us a little bit from your perspective what you see there and maybe elaborjate on how you started the conversation earlier about how technology is pervasive everywhere. How do you see those being aligned and what do you see as coming next?
Mehdi: Well, mark, I came up with the term digital economy when I looked around myself and realized that our traditional wheels of economy are not churning our economy as they used to. What’s fueling our economy today is the digital fusion. It’s the likes of Googles, Apples, Facebooks, Microsofts. So it's kind of hard to not realize that we are living and operating the world's largest digital economy. So why not capitalize on it? Why not share our experiences with the rest of the world? Humanity, historically speaking, started with the agriculture economy, then the industrial boom, then the post industrial stage and in my belief, we are in the digital stage right now. So there is no reason for emerging nations or developing countries to go through all four stages of economical evolution before addressing the merits of digital economy. Therefore, I believe we stand on crucial grounds. What we do and how we do it can shape and greatly impact the lives of billions and leave a social-economical impact that are far beyond anybody's comprehension today. So digital economy should be this country's flagship in my opinion. If I was the chief marketing officer of this nation, I would walk around with brochures of digital economy success stories. And that would be our number one, that is our number one source of economic lucrativeness today. It will be our national pride and it would be our number one export. So, how we capitalize on it and how we address it and how we help other nations achieve it, is I think a business that's up for grabs.
Mark: Yeah. I think that makes sense. I know I'm frustrated on occasion when we don't recognize the importance and value of science and the appropriate use of technology in getting us to where we are today and how to farm as it were to use a baseball term. How do you create the farm team that we're going to need for the next 10, 20 in 100 years and right now I think we're doing an okay job, but certainly not doing everything that we could. I totally agree. So when I first joined you had only just recently opened up the Technical Committee to a group of outsiders as it were and instead of trying to own this application framework yourself and just pay people to create what you wanted them to create. What, what made you decide to try to pull in a wide range of industry folks to create this new paradigm?
Mehdi: We opened up Mark because we know better. Because this is not an undertaking that can bear fruit without everybody's involvement. You need to bring in diverse experiences from diverse industries and pull their insights to ensure you address the issues that they're concerned about and mitigate them for the years to come. This is what should have been done before, but it wasn't done from the beginning. Whoever did it with the right message, would have been successful. So we did it and we were successful and we were fortunate enough to receive the excellent reception that with we’ve received. I mean without having this vision that you need to bring in all the stakeholders, especially end-users, the people who run the cloud, the people who run data centers, the people who run a infrastructure that is important to them and to the rest of the world and coming from different norms, different cultures, different backgrounds, different industries, you cannot build something that's universally acceptable nor something that can sustain the evolutions of technology and be dynamic enough to address the changes of time. One of the best decisions we ever made was opening up and allowing the greater community to be part of this. We're blessed to have a community that's so passionate and exerting efforts and what we're trying to accomplish. But we couldn't do it before because you have to have something in place because before you could invite others to come and join you. So we had to create the foundations and we had to put the concepts and the notions in place and once we opened up it was just a no brainer and everybody was coming in.
Mark: Yeah. that's awesome and it's certainly, been fun to help put together the team. So as we get close to wrapping up our discussion, but if you were to pick a few things as advice for practitioners in the industry what would you tell them? Whether they were someone racking and stacking in a data center or a determining the typology for a new cloud oriented application or something in between. What would you tell them?
Mehdi: Honestly? ...I will say, go to any IDCA education venue and read up into Infinity Paradigm A360. I think the combination of the two will open a lot of doors for you to stay ahead of the curve.
Mark: Yeah. Well, I think that's good advice. I would recommend the same. So where do we expect it to be in the next five years?
Mehdi: You don't mind if I keep that as a surprise?
Mark: Well, no. Isn’t that that like you're supposed to tell everybody the room you were in at the hotel after you get married, right? Isn't that the same thing?
Mehdi: I don't know. Honestly, I enjoy planning my life and planning my business and planning everything I do. But I've learned through experience that nothing you ever plan will ever turn out to be exactly as you planned it. In my case, it has always been better than what I planned. I've been blessed by meeting fortunate events that have always evolved and elevated even my own visions. So, we're ambitious to have an industry that is fertile enough to absorb everybody and to elevate the lives of everybody that's a stakeholder within it. Our mission is truly to impact the lives of people who are putting effort into building not only the standards or educational material, but also racking and stacking, designing, architecting applications and cloud and virtualization, people who are in charge of our national security, people who are governing our day-to-day use of apps and data, all of these people, they deserve an industry that can sustain them and their families. Our goal is really to make that more and more available and make it more and more sustainable. Where I'll be in that ballgame is something that, we'll have to wait and see.
Mark: Yeah. Well, I think that's fair. I've certainly found, I mean, one of the, it's less personal, but the same thing applies and I'm always surprised when somebody comes to me and says, let's work on the three year business plan. I always tell them, I said, okay, I'm happy to help you with your three year business plan, but let's keep in mind that this is a guideline. This is not anything written in stone. If you think this is written in stone, then we might as well not start now.
Mehdi: That's a good thing about having a target in mind or a guideline or an outline or a mission statement is that at least you have something to work towards, where do you end up, can be very far from where you aimed that from the beginning. Something people always tell us you are the International Data Center Authority, you guys deal with data center. What do you guys have to do with cloud and Information Technology. And we're like, “well data in quotation marks.” It's data center and we deal with everything that deals with data and information and everybody evolves from that.
Mark: Agreed. Well Mehdi this has been fantastic and I appreciate you taking the time. I mean, I know how busy you are and I appreciate you taking the time today to talk with us.
Mehdi: Thank you very much Mark. It was a pleasure.
Mark: Hopefully we'll get a chance to do it again sometime. Maybe pick something more esoteric and chat for half an hour or so about it but again, thank you and folks this is it. I want to thank you for listening and thank you for joining me on this episode. Join us next time where we are joined by young star Ryan Fay 30 under 30 top CIO's in the world. And if you'd like to nominate anyone to join me on a future podcast, email us at [email protected]. Until next time I am Mark Thiele and you can find me on twitter @mthiele10. Thank you very much.
Share this episode:
May 23, 2018
A conversation with Derek Collison
Derek is an industry veteran, entrepreneur and pioneer in large-scale distributed systems and cloud computing. He founded Synadia Communications and Apcera, and has held executive positions at Google, VMware, and TIBCO Software. He is also an active angel investor and a technology futurist around Artificial Intelligence, Machine Learning, IOT and Cloud Computing.
- Episode Transcript
Mark Thiele: Hi folks and welcome to the second edition of IDCA industry luminary podcast, otherwise known as “To Infinity Paradigm and Beyond”, and this time with Derek Collison. Derek, welcome to the show.
Derek Collison: Thanks mark. Great to be here.
Mark: I appreciate you taking the time. I know that you're a busy guy between travel and your love is outside of work and the work that you do, which you seem to always be finding something interesting to do. But before we get into the geek speak, tell us a little bit about what Derek's been doing for fun lately.
Derek: Oh, well, I don't know about fun per se, but I still love travel, obviously. I was just in Rome for a conference on human longevity, which is a great topic that I love to explore and tinker with a little bit. Living in San Francisco and L.A. Starting to really enjoy the L.A. life and decided to get a boat. I have enough cars so I got a boat and I'm really enjoying it.
Mark: Nice! Alright, well one of these times I'm going to have to talk to you more about the boat itself. But Human longevity thing is interesting. I know you and I have had conference or discussions in the past about A.I. and the influence on humans in the future and you know all the different impacts on potential human life and a longevity conference sounds interesting. Was there anything in particular that you pulled out of it to that you've found new?
Derek: Well, I'll be honest with you. I really think that the overarching theme which might sound funny is don't die stupid in the next 10 years. I think the advancements are coming so fast in terms of genetic modification with CRISPR technologies around mRNA, which actually is the worker bees inside your body that actually are replicating the hard DNA usually isn't doing that. It's telling the mRNA how to do that. And we got access to some folks in companies that are just on the brink, and stage two clinical trials to solve all degenerative diseases to solve cancer or to do some things that are really mind blowing and I think most people feel will take 10 to 20 years to come and I think there'll be here in two to five.
Mark: Oh, that's, that's really good news. I mean, we've all had those, friends and relations that have gone through difficulties with terrible diseases, cancer being one of them and watching them struggle with that and the idea that we might actually now in real terms be close at hand to solving that at scale, across the wide spectrum of cancer types as an example is awesome. You know its testament certainly to advancements in tech research and A.I. among other things I would imagine.
Derek: Yeah. You and I have known each other for some time and you know that I'm an eternal optimist, but even I was short-sighted in the timeframes where some of these technologies will be ready to be used in humans and like you said, affect people's lives in profound ways. So I would imagine now all of your listeners know someone that has gone through something like this or lost a loved one. And so it was great to be there and to see it first-hand. And so I do a lot of that, try to make sure I think outside the box or outside my day to day subject matter.
Mark: Yes, I think it's important. I mean it's funny, I was just talking to a friend the other day when I was in San Francisco, we met for lunch and we were talking about the value of hitting topics outside what would be considered the norm for a bunch of geeks to hit. It never hurts to have influence on your thinking from areas that you wouldn't normally consider as you worry about what to do with your technology next door. The technologies around you. Good stuff.
Mark: One of the reasons we got you on is because you've got a really impressive career in the tech space and you're one of the people that could effectively say, have left a mark on the industry that a wide portion of industry participants would know about. One of the most obvious ones are of course, is starting a couple of companies “Apcera” and now Synadia. But before that, even some of the things you did at TIBCO and then Google and then the founding of Cloud Foundry. Anything during that period, what are some of the most important things from your perspective that happened to you during that period and how do they relate to what you're doing now or what you're seeing now?
Derek: That's a great question. I think as you get on later in life, you start to reflect a lot on the things that influenced you and sometimes you see things that you didn't necessarily see in the moment. So one of the very earliest things that ever happened to me was my grandmother, I think it was like in 1980, got me a Commodore 64 and no one in my household knew what a computer was. No one had ever gone to college. And my grandmother had the foresight to actually get this for me. And kind of peeked my curiosity at playing with these things.
Derek: Fast forward to getting out of college. I was in the applied physics lab at Johns Hopkins University and probably one of the most profound things happened to me, which is I got selected by the second best physicist at the lab, not the first best and the reason that it was such a profound moment in my life and career was that the top physicists got all the supercomputer time and my physicist had 12 spark pizza boxes that they then looked at me and said, you figure out how to make those things do the same thing as a supercomputer. And at the time, I mean, it sounds very kind of general, of course you could do that. But back in the day, 1990, it was always scale up - vertical scaling, not horizontal scaling. And so I was kind of at a whim thrown into, you know, distributed computing when that wasn't a thing. And I wanted to do, you know, artificial intelligence, visual representation, graphics types of things with my career. And I continually just kept running into distributed computing problems. Even when I moved to Silicon Valley in 91, the first job I had, I immediately was confronted with the same problem and so I'm a little slow sometimes, so it took me about three years to realize that maybe this is what I should be concentrating on. But it was a huge opportunity for me that I probably didn't realize as much as I do now looking back, but getting early on into how you scale out horizontally and utilize lots of computers to complete tasks is obviously kind of at the forefront of infrastructure technologies and cloud infrastructure for sure. But in 1990 people were like I'm so sorry you have to do that. We will just keep going up with our supercomputers.
Mark: That's huge. I mean realistically to some degree you could argue that was a foundation for the reason why I joined your company Apsera in 2016 was ostensibly really helping people. I mean to extrapolate from where you started in 1990, to extrapolate from there a more efficient use of distributed compute capacity. Right. I mean, I’m really simplifying, a very amazing tool that the team created, but still in the end, that's what we were doing, right?
Derek: Yeah exactly. When I moved to Silicon Valley, I was trying to do advanced, large data analytics and visualization for a medical trial, right? FDA medical trial for a health startup. And I was very excited about that. And again, like we were talking about, I got run into just distributed computing problem. And kind of said, okay, fine, someone's trying to tell me something. But since 1992-93, my whole career has been spent on essentially horizontal computing; either how they communicate with time at TIBCO, what types of systems can be put together that are extremely resilient, but based on a lot of lossy type systems, again, at TIBCO and then at Google. Vmware was cloud foundry, which is, “hey, if we want to deploy these things into production, it's kind of hard to do right now with lots of moving pieces. How can we make this easier?” And of course all of those trends have continued and had gone well beyond anything I probably could have come up with or figured out. And that's a testament to the industry. But yeah, since 1992 I've been working on essentially the same technology area and that's quite a bit of time.
Mark: Yeah, no kidding. That's awesome. That's funny because you know, 1992 is when I first started in client-server. Before that I was working on a mainframe in an old data center. I kind of restarted my career in 1992, just coincidentally. Extending from there, let’s talk a little bit about your newest, love and startup. Synadia Communications came out of the NATS.io project which is now part of CNCF. Right. So, uh, what do you guys do in there?
Derek: Yeah, exactly. So for the listeners that might not be aware of NATS is a low level messaging system that allows digital software and systems and services to communicate. It's very different from the things I've designed in the 90s and 2000s. It goes back to a very simplistic model of at most once delivery and protecting itself, kind of like a utility, right? So if you think of a utility like electricity, obviously the electric company's job is to keep your lights on, but one of its other jobs is to make sure that any one bad actor doesn't take down the utility for everyone else. And I was seeing a trend in an enterprise messaging systems where they were trying to do so much for any individual client that a lot of times the system could become unavailable for the majority of the users.
Derek: So NATS was created actually as an underpinning for Cloud Foundry, which was a platform as a service effort that I had designed and created at VMware, which is now extremely successful. So NATS is actually new to some people, but it's been around for about 7 years. We built Cloud Foundry with it. We built Apcera’s platform technology with it. Again as a underlying substrate to do command and control discovery, location, addressing and things like that. And so Synadia was essentially an opportunity coming out of Apcera that I wanted to push the envelope a little bit on where I think NATS as a technology might be able to serve a larger population, a greater good. And where that comes down to is that if you look at open source in general, there are some challenges around the way it's commercialized, especially if you're not a very large company that has other sources of revenue.
Derek: So startups trying to be in the information technology and the cloud infrastructure space are mostly forced into open source and then you're running into a consumer bias that has to be free. That's a difficult place for the market to be in but that's where we are. So I thought quite a bit about NATS and a technology offering that that might be different, might be ambitious, but might capture the attention of both myself and some of the early team members and hopefully a larger market. And then that's essentially to connect everything. So every digital systems, service device, a single URL that will work in any cloud provider, any ego cloud or edge is secure by default, right? So we don't have to wait like we did with the Internet for the green lock to appear after 10 to 15 years. Promotes a sharing of data, but also gives you very strict and proper, you know, cryptographic abilities to do account isolation.
Derek: But again, just ubiquitous single URL dial tone just works, right. And we think that there's an interesting angle to making this decentralized. So a global utility that's decentralized by design. So I think blockchain is getting a lot of news and press, but I think there's two different versions, right? There's the cryptocurrency fiat ICO type of conversations where I think there's some challenges there and I think you're going to see a lot of regulatory involvement from state agencies and such going forward, but there's something I think very appealing to the notion of decentralized architecture, meaning there is no one owner of a global utility. It's actually a decentralized managed system that has both a notion of command and control that's on a public blockchain, but also provides for a transparent reputation system to allow other people to put resources into this global utility.
Derek: The way it works on the back end is that it's a utility, meaning you have to pay for it, like electricity, water, all that kind of stuff. But Synadia doesn't take all of that revenue. That revenue is actually put out on the blockchain and immediately redistributed in three big buckets, right? Eighty percent goes to the operators and of course that's divided up by how much traffic and how many people you're serving. Ten percent will go to publishers who are sharing data that the network finds extremely useful. Meaning there's a very large fan out and 10 percent will go back into the OSS community, again, Mark and I have known each other for awhile and he knows I feel that OSS is both a great thing, but it's also presenting some very interesting challenges that I don't think the market and the community will really understand until a decade later.
Derek: But I think there are challenges that, as much as I can as one person in one company try to show a path that might be a little bit different way of thinking about OSS instead of charity or as a support contract tax from big companies. That 10 percent, is kind of like a tax on all of the collected revenue from the consumers of the utility that always goes back right into the OSS community. And so if the global utility launches a no one uses it, obviously there's no money to be distributed. But as that gets larger and larger, I'm sure we will have made mistakes and have to autocorrect a little bit on our path, but I'm really interested to see if it could show a new way of actually showing that if OSS drives value, it should be driven back into the OSS in terms of incentivizing the innovation that takes place.
Mark: Yeah, couldn't agree more. I really feel like you've made a significant headway in the thought process because I know, I had many of these conversations with you and I'm not nearly as smart about it as you are, but I saw the struggle you are making in trying to find the right balance between making something and praying that somebody will give you money for it even though it's technically free. And making something that is really effectively integrated into the underpinnings of the web or as you put it, the new electricity or the new phone service. I think that's a really interesting approach and worth a significant amount of discussion all by itself. I mean, I was gonna ask you a question about the opportunity around Edge and certainly much more distributed compute, much more use of functions as a service, potentially even one of the conversations you and I had about multitenancy with IoT and data segregation or data governance at the Edge and it seems like depending on the situation, there may be a lot of opportunity for a product like yours to help manage that.
Derek: Yeah, I'm not sure if listeners are aware of, but I've been very big on the potential for Edge Computing as a massive opportunity. Now some of the lessons that I've tried to glean from Abcera, which was trying to do kind of an all in one multi-cloud platform technology that was actually mostly proprietary - there were some open source components obviously, but it's proprietary. One is that throughout my career, which is coming up on 30 years, we've ebbed in flow between different states like client server to centralize, client server to distributed. One of the other ones that we've vacillated back and forth between, at least in my opinion, is IT professionals looking for more of an all in one, one company, one throat to choke, so to speak, versus “no, just give me a whole bunch of different tools in my toolbox and I'll put something together myself.”
Derek: And I made a bet, which was wrong, that the market was swinging back to more of an all in one. And I think where I missed the boat, is that because there's so many new technologies being introduced at such a rapid fashion. I mean, think about it. We went from VMs, which were kind of really new and exciting to all of a sudden this notion of platform as a service and infrastructure as a service, cloud. Then we went to, you know, things like Kubernetes and, Serverless and Docker. All of these things have come in a pretty rapid successions and so I think IT professionals are mostly looking at trying to cultivate and prune out certain technologies to put in their toolbox and the three big areas that I think they look for are, when we're talking about cloud vs edge is how do I do compute at the edge, how do I do storage at the edge and how do I do communication at the edge? And so Synadia is trying to solve that one specific problem be that one, hopefully great toolbox technology that says, “Hey, if you want to communicate between things very easily, very, very performant and efficiently, but know secure by default, no matter where you are in the world” we want what we're trying to do it at Synadia to be that, that technology and that offering.
Mark: Yeah, it makes a lot of sense. Lessons learned to some degree and you know, I'm hoping for both of our sakes because I know that my forward looking, thoughts on the future of IT arent nearly as clear as yours are. But hoping that our recent experiences in struggling through proprietary vs open source questions will give us pause on how to approach the next phase. And it certainly sounds like it's given you pause on how to approach the Synadia. So good stuff.
Derek: And I think, one of the things at least for myself and I think a lot of people there, including you is that we always operated with a really high sense of integrity. We built an amazing culture within Apcera, which is something I'm most proud of. I figured out as I've gotten a little older that even if you make the right guess, meaning you know where things are going, timing is everything and timing is the hardest thing to predict. And it's the number one risk factor for any startup. Even given the situation we're in, I think we develop some amazing technology, got some amazing customers and I really do believe that we did the right thing, in terms of allowing a Ericsson to grab the technology and really purposely slotted in for the Telco vertical that they obviously are most interested in.
Derek: I tried to hold my head high. You know, it's tough to say, “hey, this isn't going the way we want.” But I think cloud infrastructure and platform infrastructure, those markets, they’re in a tough spot right now. It's really hard to make a business model that's something beyond support or professional services training or education. And I'm not saying that those companies can't be useful, they can. but I don't think you're going to see VCs keep investing lots of, of their capital, even though they have a lot of it in companies that at best can return maybe a 3x multiple, on a fairly limited based on working a human capital revenue stream. And so it'll be interesting to see, we've got so many things accelerating at such an amazing pace, from just base technology to a couple of trends that I started talking about a couple of years ago, which at the time sounded really funny, but I said, you know, everyone keeps telling me everything's going to software like software is eating the world and everything's going to cloud and I said, actually, I think we've already reversed and I think everything is going to go back out towards the Edge and everything is going to be either generalized hardware but more specifically specialized hardware at the edges and even inside of the cloud. And I think in those two years for the most part you saw CPUs and maybe some GPUs in cloud. And now of course we got CPU GPU,FPGA, TPU, which the new one, by the way is eight times faster than the one that just released last year, liquid Cool. So the pace of innovation is going so fast, but if you're watching some of these trends, things are moving from software back into hardware or firmware and I don't think you're going to see a lot of things moving to the cloud. I think you're going to see a lot of the technologies that you interact with on a daily basis as both an individual and a consumer and as a business are going to keep getting closer to you. Right? So metro offices, central offices, base stations, and then inside of buildings in terms of services and features that are delivered wirelessly but are localized. So I think those trends are going the way A.I. is still moving at such a rapid pace. There's going to be some amazing opportunities that if people can see the right combination, kind of the modern version of an Uber moment where, we've got smartphones, we've got maps, we get GPS, “hey, we can disrupt an industry” that, for the most part, taxis just didn't have a great satisfaction rating. So to speak, nobody jumped out of a taxi and said, “man, I love that. I can't wait to get back into one of those” and I think the way technologies are going and the ability access these technologies at scale for relatively speaking almost no cost as what it was even 10 years ago are going to present some opportunities that are going to be mind blowing. And, one last thing I'll throw in there is I suspect that most of these mindblowing opportunities, these combination of technologies to be put together are going to be coming from outside Silicon Valley to be honest with you. I think Silicon Valley - and I'm still part of that crowd - at least 20% these days going up and down the coast, has a bias. We're biased not to think out of the box. And I know a lot of people will kind of react to that and challenge me on that. That's totally fair. But Silicon Valley has a very biased way of thinking about how technology should be started, funded, matured, grow, all of other stuff. And I think you're going to see some of these developing countries or even different pockets within inside an already developed countries, get access to these technologies and see patterns and combinations that people with that bias, - even though you always want to say I'm not biased, everyone is - aren't going to see. So I think there's going to be some amazing innovations in the next five to 10 years. I think mind blowingly so compared to the last 100, to be honest with you.
Mark: I fully support that. Even some of the things that I've written about recently, on my blog and, and, uh, from discussions and even the presentations that I gave at a recent conference in New York. I would argue that that's true and that I'm more and more people are beginning to accept that. You mentioned Uber and as it relates to taxis and indirectly or maybe directly, but just not directly enough for my little brain to catch entirely. It sounded like a, you're effectively saying that the VC community as we've all known and loved it or fought with it, depending on your perspective is to some degree, right? For that same kind of disruption.
Derek: I have a lot of great friends in the VC community and I have the utmost respect for them and the VC community in terms of it probably being the single most important thing to why Silicon Valley exists and of course people are trying to recreate this throughout the world for sure. But I think most people looking at the VC industry who look at it at all, have also recognized that they are about to be disrupted in. And most people would say they're already being disrupted by ICO’s and of course regulatory things might slow that down. But access to capital is probably at an all time high and people are just looking for different ways to access that capital without having to give up so much in terms of either equity percentage of their company or whatever it be. And so I think VCs are smart enough to realize this and they are going to adapt. But I think there'll be disrupted for sure.
Mark: No, I think so too. I mean, I don't see the opportunity for them going away as much as I do believe that there's some opportunity for improvement in how the interaction occurs and how the influences is absorbed. But taking from those comments, a lot of comments and threads throughout this conversation, like the rapid change of tech, the increased impact on life, the increased impact on how we run our businesses, the potentially huge dramatic move away from, if not away from centralization, certainly in addition to centralization out to the edge and the potential complexity that gives to the average enterprise IT organization. Thinking about that and thinking about what I'm working on with the International Data Center Authority Technical Committee Team, The Infinity Paradigm itself, or what we might call an Application Ecosystem framework. We shared a couple of notes on that framework before the call, what are your thoughts about something like that? Something that gives the average owner of it infrastructure a better model for a viewing and operating and measuring either the effectiveness or the risks about the systems.
Derek: The IT world, the IT landscape, the enterprise IT departments, their complexity will never be simpler than it is today. Meaning tomorrow it's gonna be more complex than it is today and it's going to keep going. And the ability for people to be able to understand the effectiveness, the RTI, the cost is something that there's whole markets that have been created around, nuances around how do we actually kind of figure this out and it's going to keep becoming a more important part of the ecosystem in my opinion. Even in terms of what do you pay and human capital just to monitor systems. Everyone says: “well, you know, power and cooling for on premise resources is probably a large operating expense that we could maybe trade and get better at it, if we go to the cloud”. I would argue it's “what's the human capital and operating expense for running these things”. And I'm not saying that the only answer is moving to the cloud. I'm saying that's one area where I think a lot of people struggle at properly articulating it or accounting for it in terms of cost proposition.
Mark: No, I would agree. There are a lot of different ways that I look at it. One of the reasons why I got interested in the idea in the first place when I was approached by Mehdi Paryavi of IDCA, was just this basic notion of really giving the IT organization something closer to an ownership strategy for their technology use. Right? It's not about whether they can build bigger and badder or whether they have a better data center or whether they have faster networks. But rather a better ownership strategy for their IT as a whole and to some degree, again, a part of the theme that we've been talking about or some of the themes that we've been talking about through this entire conversation around the notion of, it's not about how much you have in one place or whether you did it or somebody else did it, but rather how do you effectively own your capacity to deliver services that are generated from IT. And whether that IT is servers in your data center servers in a Colo, servers in a data center that belongs to a cloud company, whether it's managed, or whether it's delivered via containers or whether it's a distributed app or a legacy ERP APP. There are appropriate ownership protocols in order to be able to deliver that service and those combinations of services to the enterprise that many of us frankly fail at, and the tools we've used in the past like CMDBs and charts on the wall last about as long as it takes to save them and distribute them, at which point they're out of date again. It's a lofty, lofty goal.
Derek: Why I do too, and I think it parallels a lot of ways at least at a high level what the CNCF is trying to do. Maybe not exactly, but CNCF is trying to give a cultivated list of technologies that could be effective in that IT toolbox that I was talking about, I think from at least talking with you and I could have this wrong, IDCA is going to look at, “okay, now that you've curated a bunch of tools and you put them together in some sort of combination, we want to present an Application Ecosystem Framework that can kind of give you feedback on how effective that is at solving a problem you want.
Mark: That's right. Yep. That's exactly right. I mean, at very high level, that's exactly right. And we want to be able to do that from top to bottom, it's not just about an application and it's not a dictate on how to design an application, but rather what to look for and how to build that Application Ecosystem that was the right way for the company that, it's meant to serve so far. So good stuff. We're coming up on 37 or 38 minutes and I wanted to get a little bit more from Derek Collison before we left. And what do you see if you had to pick something that you're most interested in, maybe other than increasing lifespan or..-
Derek: At least in terms of professional or the technology landscape It's A.I. I mean I studied A.I. in school, of course we went into, I think the second A.I. winter right after I got out of school. Luckily as we talked earlier, I got the second best physicist which put me on a different track, but the speed at which we're going, is mind boggling. So even to the listeners, if you want to get a sense of it, Google put a documentary movie together about Alpha Go and what you see is a couple things going on there. You see one, the first competition that they did where they won, but they lost like a game I think, which is part of that documentary. They had never even disclosed that they trained these models in the cloud, that they were running them on TPU’s that they had designed a specialized hardware, but it took up a whole room or so, it was very large and then they came back less than a year later and they trounced the number one player in the world and it was the size of a mini fridge apparently, I'm pretty close. I could be a little bit off, but it was two orders of magnitude smaller hardware footprint. It did everything faster and it just obliterated this guy, right. Then they came out with Alpha Go which had, no pre training whatsoever about how go is played. It goes back and whips the previous three generations of Alpha Go and it can run on two TPUs and those were the slow ones, not the fast ones they just announced today. And so when you look at it, we're looking at lots of data, lots of compute, even if it's specialized like FPGA A6 or keep using for training in the cloud to train these models. But these models are gonna come all the way out to your home to something that you're wearing within probably 2 to 3 years and they'll be able to execute these models instantaneously, zero latency, right for you in terms of speech translation, you know, dictation, all kinds of things. And so for me, I'm watching that and I'm saying: okay, the basic building blocks of the way we believe the brain kind of works. Some of that cutting edge theory isn't even close to what we're doing with deep learning, and so I think what you're going to see is you're going to see a massive proliferation of hardware, specialized hardware devices and chips to execute these models continue, but I think in the next five years you might see someone pop up and go I actually think I figured out the way individual neurons are communicating in a way that my model is going to two fold, two orders of magnitude better than the current deep neural networks that we have now that everyone is watching just get better and better at specialized tasks.
Derek: I think there's a bunch of companies now going all the way to the bottom going, okay, let's figure out this very, very low level simulate neuron, which is a very bad abstraction for the way the brain supposedly actually works. Someone's going to figure this out, a couple it with specialized hardware and we're going to have our eyes open to a world that I think people don't feel they'll see in their lifetime. I really think we're going to see it, you know, within a decade, to be honest with you. I really do.
Mark: Well one last question. Well maybe two last questions. One is, what have you read recently? What's the last book or the best book you read recently that you would suggest to somebody?
Derek: So I buy books a lot. I have not read a book in probably four years, but I have them. So if I ever do retire, I have a lot of books to read. The last book that I actually am reading now is on how to train a puppy because I'm going to get a puppy soon. So that's kind of funny, but I do read lots of research papers, lots of blogs on technology. I read probably two, four hours every single day on stuff like that, but I actually just had never read an actual book and quite a long time, but I buy them all the time. I have them stacked in bookshelves and all waiting for me to have some copious free time.
Mark: Yeah. I'm, I'm sorta similar. I do read still, but I'd probably buy four times as many books as I actually get a chance to read and that doesn't even account for the ones that people like my older brother actually send to me unrequested. So yeah, I've definitely fallen behind. But for your collection, it's actually beginning to change my thinking considerably on the future of work, etc. Look at a book called The Fourth Age.
Derek: You talk about work and what I think people may not realize is that if you zoom way out, the concept that our identity is mostly coupled to what we do for work is actually a very recent thing and it'll actually go away pretty quickly. So there's going to be a very short period of time in human existence where the first question you ask them when you meet is what you do for work and I think that's going to go away. I think A.I. will have a lot to do with that. I think A.I. will totally transform how people learn, not in terms of necessarily formal education, but I do believe that same timeframe as what we do for work also applies to how important universities and colleges are for our population. I really think when we zoom out it'll be, oh, for about 200 years, that was a really big deal that no one cared.
Derek: The reason I feel that that's applicable and again, the people listening might disagree, is about 10% of the population is very motivated. If you give them the tools they will learn and what's great about where we are at the landscape today is there's massive amounts of very high quality tools to learn whatever you want to learn starting from obviously a google search, but MIT has all of their curriculum online, at least for comp science, some of the math stuff. So I think A.I. is going to have a profound effect on, on education. And then of course the automation stuff. I invested in a company called Vicarious, which is trying to use A.I. in a novel way around robotics and automation will allow people to start self identifying with something besides work. I think there's challenges there for sure, even all the way down to the notion of what about, you know, income, do we have a basic income system, what does that look like? ButI actually think it will probably be a good thing, but it'll be a hard transition.
Mark: I would agree. I would agree a lot to see over the next 15 or 20 years for sure. Well, before we wrap up, Derek, where can folks that might be interested in keeping an eye on what you're doing, where can they find you? What's your twitter id or where would they find anything you might have? Your company? Your website?
Derek: So, @derekcollison is my twitter handle, and [email protected] is the best place to reach me. And Nats.io is a website around NATS as a technology, which is kind of the focus that we have right now. As we trying to bring online our global service will probably surface some more details about the company and our mission in this larger ecosystem. But if anyone has questions, uh, I'm usually pretty good at inbox zero, at least, uh, by the end of the day. So feel free to shoot me an email.
Mark: Oh, awesome. Well, I can't thank you enough for joining me today. This has been fabulous. It's been great. I've really enjoyed chatting.
Derek: Mark, I always enjoy our talks and I’m glad we could do it for everyone else to listen in to but we'll have to do a one on one here soon in San Francisco, thank you.
Share this episode:
May 1, 2018
A conversation with Jay Adelson
Jay Adelson is a serial entrepreneur, having built companies such as Equinix, Digg, Revision3, SimpleGeo and Opsmatic. Jay currently serves as co-founder and General Partner of Center Electric, LLC, a venture firm he started with Andy Smith in 2014.
- Episode Transcript
Mark: Hello everyone, I'd like to welcome you to the first podcast of a new series that I'll be doing with “IDCA”. IDCA is International Data Center Authority and we're working on the application ecosystem, otherwise known as the infinity Paradigm ® and as part of that work effort, we've created the technical committee, which I'm the chairman of. Part of attempting to spread the word about what's going on IT and trends technology today, we're hoping to invite industry innovators and visionaries for on a monthly basis to talk about, nuggets of wisdom and what they're seeing in the industry today. And on today's podcast, I'd like to welcome Jay Adelson. Jay has a long history in the technology space and was instrumental in defining and expanding one of the biggest sectors of our industry today. Colocation with Equinix. Jay, would you like to give the audience the long and short of where you've been and what you're doing now?
Jay: My pleasure to be here. Thanks for having me. I've spent pretty much my entire career in the internet infrastructure space, with probably a few little diversions in between for about 25 years or so. Some of my first jobs in tech in the early 90s in silicon valley where we're working for Internet companies that were just getting started before it was really commercially viable. For example, I ran that work operations at a company called Netcom, which was arguably the first free annoying disc you would pick up for free internet connectivity, before even AOL was connected to the Internet early days and I got to know a lot about that world pretty early. The benefit at the time was it was sort of coming on quickly, but there wasn't really anyone else there to receive it as it came. And so we got to learn in real time. So I went to go work for digital equipment and really that is where my journey started, which would lead to Equinix and founding that company began. the short version is that is that I was brought into the network systems laboratory in Palo Alto to work on a project called the Palo Alto Internet exchange. there were a couple-...
Mark: Yeah, I know exactly where that is in downtown.
Jay: Yeah, we were I guess the predecessor or the prototype to Equinix. There was a couple of folks there, Paul Vixie and Steven Stewart who had written a white paper and done a lot of research on whether or not you could build neutral colocation facilities that would serve as the alternative to the historical hubs of Internet traffic which were controlled by telephone companies. And, we tried it out, they brought me in to build it and operate it and make some tweaks to the model. We created the concept of the CNI or the Network Interconnect, which now every data center has, or PNI or whatever you call it. And within a about a year around 1996 to 1997 or so, we took this very inexpensive data center, took us only a few million dollars to build, filled it with, over 20 carriers and networks, realized that there was a huge demand because the internet inflection point had hit and the growth was starting to go at an exponential level and we needed to spend that model out and build something larger.
Jay: And so that's really where Equinix came in. And myself and my co founder Al Avery, we basically quit our jobs at Digital and, you know the rest is history from there. Equinix was great. I did that for five, six years. I then left a Equinix to start a number of other companies. I've actually started close to 14 tech companies, depending on whether or not you count some of the ones that never got funded or never got off the ground. But some of the ones that you might've heard of "Digg" the social news website. I was CEO of that company for quite a while for six years. I also founded a company called Revision3, which was really the first Internet television network. It's now the Discovery Channel’ digital arm.
Jay: We were doing podcasting before it was called podcasting and we had some great shows. if you ever have kids who like to watch the discovery online or discovery news, that's an example of a show that we created. So all of that kind of stuff was fun and that was my first experience building and creating content or having a large consumer oriented business. But my love has always been internet infrastructure and so I went back to companies like "SimpleGEO" and "Opsmatic" and other things that were really around the back end of scaling the Internet. I still have a love of that today.
Mark: Yeah. Well, I mean that's one we share it. It's one of the things that I was disappointed about in a positive sense, if that makes any sense at all. when I first learned that we'd be able to get you on for our first podcast is that here I am, I'm working in the industry that I love so much. I've spent time building my own environments and helping build an organization like Data Center Pulse, etc. And the two of us had never met in person, so I was glad at least we've solved the problem of meeting if not in person. And so that's outstanding. So, you know, storied career, no doubt. And before we get into, you know, more of a little bit of geeking out about what's going on in the industry right now, give the audience something about Jay. When Jay's not trying to figure out how to solve the next big internet problem or figuring out what comes after edge, or how AI might solve edge or something like that.
Mark: What does Jay and the family do on the weekend?
Jay: Well, it's a great question. sometimes I can be a little bit nerdy and I'm not gonna lie, I spent a great deal of time restoring pinball machines, which is probably not a very common pastime, but I just love doing things with my kids. I actually got into that because I have a 20, a 17 and a 15 year old kid and my son and I ( 17), we work on that project together and restoring pinball machines. So I have, I've advised a ton of companIes and so the, the key to sort of keeping things sane is really being able to shut off. And so I spend my weekends in Marin. I live about 15 minutes north of san francisco and my family and I, you know, do, do crazy stuff like, pinball machines and of course, you know, I have a ton of interest still. I actually went to school for film and broadcasting originally. And so I have people who are in the industry and are around videography or in filmmaking, and I still sort of have one toe in the water, so to speak in that world. And I love it.
Mark: That's cool. I mean, it's funny, I was not one of those growing up that knew all the director's names and knew who did the scores and stuff like that. And my daughter is, and it's great when she talks about a movie coming up or something and she can say, oh it's got to be good because Alan Sorkin wrote the script for it, that kind of thing. And I just never paid attention to that stuff before, and it is amazing. I mean, you watch something like West Wing versus a regular TV show these days and the quality of the dialogue, etc. That's fascinating stuff. So I was going to ask you what's your favorIte book is, or what's your most recent book is? But now maybe I'm going to ask what's the last movie you watched or what's your favorite movie?
Jay: I studied that and got a degree in it. I got a little obsessive about art film for awhile and I just been absolute "Stanley Kubrick" fan. I love his movies, they are just absolutely amazing. Although I watched the 2001 with my son not too long ago and he fell asleep watching the movie. You know, but I have my all time favorites. There's just so many. I have a real love of old Westerns, John Ford movies, modern films, I love these new "Star Wars" movies that have been coming out. They've been fantastic. I like everything. I even like Ready Player One.
Mark: Oh wow. I haven't seen that yet.
Jay: and that's a nerdy movie. but I liked the book even more. You know, these are in my opinion, great times for content. It's also, there's just so much of it that you can't possibly absorb it all.
Mark: That's the hard part. I mean whether it's for work or for play, the amount of available information is just staggering. Absolutely. And here we are creating some more indeed. So as I mentioned before, a very storied career, the experience you've built in building startups and helping others certainly founding a company that is now considered sort of a backbone of what the industry's doing relative to data centers and using data centers effectively. I mean because they more so than ever before, even though it grew out of the PAIX, the 'Palo Alto Internet eXchange' more so than ever before. People now are realizing that the data center is much more than just a secure building with lots of power and cooling. And to see how that has continued through companies like Equinix and how that's grown today and how different data centers you've differentiated is pretty amazing. So I imagine you're proud of being able to be a part of that.
Jay: When I see it from the outside, my mind is blown. I mean I remember in the first days when we were imagining what the maximum footprint Equinix could possibly need in order to serve 100 percent of the world's internet traffic. And we were talking maybe 15 to 20 data centers. You know, they have hundreds of them. And back then 15,000 square feet seemed like it'd be plenty.
Mark: now, it's a small room
Jay: now. It's literally the reception area, or the bathroom in a data center.
Mark: The climbing wall at somebody's data center here. That's funny.
Jay: I should've known better because I remember in the "Paolo Alto Exchange" back in 1998, we had a situation where we were running out of space and UUNET who at the time was one of the largest internet service providers wanted to expand their cage. And we took one of the bathrooms and we got rid of all the sinks and the toilets and expanded UUNET into the bathroom. So it's funny, now you're looking back at it, it's probably a bellwether for where we're going. When you start cannibalizing your bathrooms for data center space.
Mark: Well, yeah, I mean as a data center geek, every time I walked into a data center, and not only did they not have containment, but they had hot blowing on cold, right. Those are just some of the more obvious ones. But yeah I've been called back at 2 o'clock in the morning from a vacation camping up in Point Reyes for example, because one of the data center rooms we were using at the company I was at at the time happened to share a circuit with the wall out in the hallway and somebody was puffing the floors and popped the circuit and dropped five of our racks and it's just, those were the days, right?
Jay: And it changed quick, it changed very quickly.
Mark: It absolutely did. So when you think about a data centers and where they're going. I've got an either or kind of opportunity for a question here. What are your thoughts on the data center as a service space, right? In the sense of data centers being much more than just your data center in another place. Right? But more of a true service offering and I think we sort of hinted at that at the beginning of our conversation versus what do you think about the private data center market and what that might look like in five to 10 years. Do you think more people will continue to get out of the data center space? Do you think there'll be some equilibrium that we will reach in another five to 10 years where we'll have a 40, 40, 20 split or something like that? How do you feel about it?
Jay: I was talking to the Equinix people not too long ago and they kept throwing the term Hyperscalers at me and talking about the movement towards these sort of different types of data center products for different types of customers. Right? In 2005, if I built a data center, it really had to serve all the different constituents, whether you're a carrier or a network service provider or fortune 500 or somebody like amazon or google. The sense I'm getting is that we've really changed this market. I know it's not really Tiering because they're all very high quality products across all the different players out there. When you'll build a very specific type of data center for a player who has no intent of any other sub tendency where they're going to have one big space designed to maximize the CPU or "nets per square" foot and get great power efficiencies versus data centers that will never have a single type of one of those giant customers in there. There'll be lots of smaller cages. I guess from a philosophical standpoint, I believe that there should be fewer consumers of data center space. If it's not your core competency, if the product you sell, if the business you're in is not racking and stacking machines, it strikes me that you probably shouldn't need to visit a data center. Your developers should be able to do everything from the comfort of their office instead of putting out a parka and standing underneath the air handler and some data center in a cornfield someplace. I thought that was going to happen when people started moving their applications to the cloud. I thought that was going to happen much faster. And I totally understand that there are challenges around latency and proximity and security that they interfere. But I do believe that there are more data center service providers who are stepping into those markets anywhere on the spectrum from edge to core and it becomes less and less valuable for an enterprise to control their own controller and real estate.
Mark: I would largely agree with that. I don't know if the caveat to, as more of a way to get to what does that exactly mean? And from my perspective, it's pretty straightforward. I see it as, if the data center isn't really your business, and when I say it's your business, that means that you don't, once every five years identify four or five people on your team who have otherwise been doing their day to day work and say, go figure out how to build us another data center. You instead have a team that is consistently looking at where do we get power from? How do we build these most efficiently? Who do we partner with? How do these fit into the long term growth of our company? How do they fit into our desire to acquire other businesses or potentially divest businesses, etc. And if you're not looking at it that way, if you're not looking at it the way that professionals have to look at building and owning and operating data centers, it seems like that should be telling enough that it's not the business that you should be in.
Jay: That's absolutely true. Perhaps this was a little naive or maybe a little too early, I remember in the early discussions at Equinix saying to the folks who are building out these products. What are the common tasks that every one of our customers do and if we can find things that everybody is doing and then offer those as services, whether they be automated or manual, it seems to me that it's a logical direction to go as a data center company to provide those kinds of common services across. I think that in 1998 that might've been power and air conditioning, reliability or security. I think in today though with automated provisioning, SDN, other kinds of really beautiful ways to automate the rolling out of services, it seems like there's way more opportunity to go. I’d hesitate to use vertical, but basically to reduce the headache and the truck rolls for customers. There's lots of places to go there.
Mark: Yeah, totally agree. Again, to expand a little bit on what you're saying, it's things like megaport or direct connects to cloud providers or being able to share within a community of other companies that you're a part of, say from the financial industry or something like that. These are things that you can't easily do in your own private data center. Even if you own hundreds of thousands of square feet. It's just not something that's economically viable as a private data center owner. I think you just have to figure out the right ways to leverage those things. If you've got 200 megawatts worth of company proprietary stuff and you've decided to make it your profession to deliver that, then maybe it's the right answer. But for the average company, owning a data center, and I wrote about this five or six years ago, owning a data center is like trying to write a 15 year business plan and who can do that, right?
Jay: Exactly. And by the way, it's sometimes more fun to focus on your core competency and having to deal with those things. It's a quality of life issue.
Mark: Exactly. So I guess this is sort of related, but I want to ask you a question. Against what we talked about a little bit as we were preparing for doing this podcast and it's specifically about IDCA. We talked a little bit about what the framework is trying to accomplish. For the audience and as a reminder for you, the idea is to look at the technology that customer zone as an application ecosystem rather than looking at it as infrastructure or data centers and being specific about how to build or manage for them, rather it's how do you own the entire stack from site selection to application output for your customers to where data is and to how you do processes. Do you see that kind of framework as being something that's more important in today's world of rapid changes and the potential need to be able really quickly evaluate whether or not you're building what your company actually needs versus what you thought they needed five years ago Etc. Etc. Do you see that as more important today than it was 20 years ago?
Jay: Well, I do. Actually maybe a better way of putting it is, it was more important 20 years ago, but we couldn't get it. I remember back at the Network Systems lab, again dating myself back to Digital when, my bosses wanted me to go through the ISO certifications for offering data center services and it just was a square peg round hole problem trying to get those kinds of things done. And part of the reason why that stuff existed was because you wanted to be able to rapidly certify that when you're talking to your shareholders or your constituents or your customers that you are delivering a product that meets a certain standard and that frankly there's knowledge transfer, so that if at a later point there needs to be other people involved in this product or this infrastructure, there are certain expectations that you would have based on the fact that it was based on some kind of industry standard or I don't know how else to put it.
Jay: So yeah, I do think it's important. It's more important as people outsource these capabilities to others in the supply chain. It has to be consumable by someone who's not a data center engineer. So you have to create versions, sort of explaining each component for different audiences, which is hard work. We tried and failed inside of Equinix years ago to try and do things like that, you know, because we kept getting handed these requirements and so we would put our arms around some other industry standard so that we could try and use that to communicate. You know the classic example would be like in security, SAS 70 requirements. You know, I don't remember like the financial industry after 911 and where people were moving their infrastructure into our northeastern data center facilities, they wanted us to be compliant to something, they didn't care what, they just wanted to understand it. So when they talk to their bosses they could say, hey, this SAS 70 requirement or what have you. But I think it's similar. I think that it's just a little bit more since we're even more abstracted from the service delivery, I think that it needs to be pretty broad. and yeah, it's a lot of work. It's very valuable if you can do it.
Mark: Well it's funny, from my own experience, when Mehdi the president and founder of IDCA contacted me and asked me about working with the Technical Committee. One of the questions he asked me was what do you see as one of the problems in the industry? At the time I was thinking, well, it's the International Data Center Authority that called me. so I'm thinking data center. And so I thought about the data center and I said I can think of 100 really quickly, like we don't need raised floors anymore and we should have containment and we shouldn't push air up from underneath anymore. We should draw air from above and we should use outside air, etc, etc, etc. And all those things. But I said, if I had to pick really one thing, I'd say it's a better ability for the people that own and operate a data center to actually own the entire system. To be able to represent it effectively, to be able to, when they need to build more or buy more or use more cloud to be able to use a common set of practices for figuring out the right way to do that and where to go and how to capture the appropriate information about their company versus you know what it is they're trying to build. And he said, well, effectively, that's what we're trying to do. Only we're trying to do it for the whole stack. And I said, sold, right? I will still admit to anyone that's listening that I think it's a lofty goal, if we can get even 75% of the way done, I think it'll be well worth it because as you pointed out, I don't think outsourcing makes it easier, to own what you own. I think it's just the opposite when you don't have it under your care, when you can't talk to the Mark Thiele or the Jay Adelson in the hallway everyday about how things are going, you're actually putting yourself at more risk and anything you were doing wrong before it gets exacerbated. So I think it seems more important.
Jay: If you're a CIO or CTO and you're looking into moving your applications online or even to private or hybrid cloud or, or whatever, and you're going through that process and maybe maybe this is your first time you've gone through that process, but maybe you're a veteran. Part of the problem is that when you're abstracting, it's hard to know what you're buying. When I was a customer of data center services when I was operating Digg, it was funny, so here I was now finally a consumer of these services and somebody told me that it was being served out of Amazon eastern or some other cloud location. I didn't know what that meant. I didn't know what that looked like, I didn't know what the the standard unit look like from the entire delivery for the application all the way to the physical part. It was completely abstracted from me and so it was very hard for me to feel confident about it. The flip side is I didn't really have any choices anyway. There was only a couple of data center solutions and architectures right now, particularly post containerization. There's Just an absurd number of ways that you can combine all of these technologies together in the stack and you have to have some kind of set practices that you can point to. It is, it is lofty but valuable.
Mark: Thank you. Yeah, I couldn't agree more. So one more question that hints at IDCA as well, but really touches on a broader subject that seems like almost everybody that I talked to in the industry, especially the data center industry is worried about is that is the ability to get new talent and especially to get new talent that includes the appropriate and from my perspective actually beneficial diversity. And what do you think about programs like IDCA from a training and industry involvement standpoint and their value in the industry today to try to get more talent available and the right kind of talent, frankly, available to everyone that's trying to build out their IT environments or build out their data center environments.
Jay: Well, I love the idea of being able know, like when you say data center talent, there's so many different roles along the stack, and I would really like to understand when I look at a resume, what they know, I guess the analogy would be, you know, the Cisco certifications of the nineties, right? And how we wanted to understand what a network engineer could do. Cisco provided this, this sort of nomenclature for different types of certifications and there never really was that for other elements of the delivery. You know, whether it was physical operations or whether it was, you know, the application layer security and I mean there are but there was nothing so standard that I would see it on a resume. So that would be helpful. Uh, certainly some kind of training and then certification associated with it. I just don't know where I would start.
Jay: And the physical side or would you start on the application layer or...
Mark: I think as you described, I think all of it is required. Well unfortunately I have not gone through all of IDCA’s training. I think from a simple kind of external perspective relative to data center training, having an understanding of what the system of the data center is along with a deeper skill in an area of opportunity, whether how air conditioning works or how cooling works or how to manage a successful and safe and secure operations on the data center floor. There are a lot of kind of either obvious when somebody has already wrItten them down, but they're not obvious for those people who haven't thought about them a thousand times. Things like having a five minute training lesson for anyone who's going to come and work on your data center floor for the first time even if they're a contractor, rIght? Having them understand what they can and can't touch, what they can plug and unplug. Who they have to talk to before they can ask for or make a change. Things like that. Those are just little things. But from an operations standpoint, we can build the biggest, baddest, Tier 4 data center on the planet if we want to, but if we don't have good operational understanding of how to operate it on a daily basis, then it's a waste of a good iron and cement.
Jay: I agree. They're also just needs- we need to bring back the notion of apprenticeship into this industry. I feel like we're talking about talent and limitations and lack of access, you can create all the training in the world you want. But what would be incredibly practical is to be able to provide solutions that ultimately result in a certification, that are more In the apprenticeship or mentorship model. as opposed to say go sItting in a classroom offsite someplace and taking notes and taking a test, from some combination of the two. I remember in the 1990s and the 2000s and even more recently how much more effective my talent pool was that started in other jobs and then apprenticed into their new role up and down the stack. Hopefully I'll just put a plug out there, bring that back.
Mark: I think it's a great approach and in fact I know that from the IDCA guys, a lot of times they actually do training on site with folks in their own environment. I don't think it can get much better than that, if I could pull a nugget out of what you just said assuming I wasn't reading too much into it. I totally agree that the opportunity to expand someone's ability to contribute is not just to get them to become the best air conditioning specialists in the world, but rather it's for them to understand how not only their air conditioning works, but how it fits into the larger environment. And so that the training you talked about, whether it's knowing a little bit of code or having worked on helping some teams build server environments on the data center floor or some combination of the above are things I think can really help drive a larger team to be more successful even if only being more successful in how they communicate with each other. Right?
Jay: Totally. I mean, the best talent were all the people who can answer the question why. When you blindly architected some element of your facility based on some ancient standard, that's what you tended to do when you were - we used to joke that when we first had IBM as a customer at Equinix, they sent the people that invented electricity to evaluate their first product and they were just so used to data center, the same sort of data center model that existed for 20 or 30 years. And so to continue to innovate, you absolutely have to be able to answer the question why. Why do we believe - back to your air conditioning example - why do we care how cold it is and, and let's constantly readdress that question and ask that question again so that as the technologies change and the talent pool changes too that we're doing the right things.
Mark: Excellent. Excellent points. And I couldn't agree more so I've kept you for quite a while already. and I appreciate the time. Thank you very much. As we wrap up, one more shot at Jay, five years from now, are you still going to be fixing pinball machines on the weekend and starting or managing new companies, or are you going to be playIng golf?
Jay: I could guarantee I won't be playing golf. I played that game twice. My goal honestly over the next three, four or five years is to find excellent teams that, that need me on at a strategic level. I love serving on boards and I'm always looking for really good organizations that really could benefit from my experience. That gets me, that keeps me frosty, it keeps me in the business enough to sort of see what's going on. But yeah, and then also doing a pinball machine or two on the side.
Mark: Yeah. Sounds good. One of these days I'm going to have to find a way to share a drink and play on one of your pinball machines. I am not a pinball wizard, but I do enjoy the game.
Jay: Yeah. You don't have to be good at it to really enjoy it. That's what's really great about it.
Mark: Especially when you don't have to keep dropping quarters into it. Well with that, to the audience, please join us next time where we're going to have a Derek Collison of Initially Cloud Foundry and most recently Apcera and now he has his own startup that I'll let him talk more about, on the cast. And lastly, if you'd like to nominate a guest for our podcast, email us at [email protected] Thank you very much to Jay and thanks for listening and we'll see you next time.
Jay: Thank you so much for having me.
Mark: Thanks Jay. Take care.
Share this episode:
A conversation with Rene Sorra
Rene is a Facility Protection EMP Consultant with thirty years of career experience. He has a well-balanced technical and managerial skills with over 18 years experience directing teams of contractors and technical specialists under private and government contracts. Background in engineering design, construction, and information systems to consistently integrate and deliver major projects. Represented large private organizations and Fortune 100 companies. A skilled communicator and innovator in managing projects and business operations through careful budget management, scheduling and planning. Effective team player and leader of multi-disciplinary teams in functional and matrix organizations.