Transcript
Narrator:
Welcome to 9 0 9 Exec, your source for wit and wisdom in cybersecurity and beyond. On this podcast, your host, veteran chief security officer and Cyber Aficionado Den Jones taps his vast network to bring you guests, stories, opinions, predictions and analysis you won't get anywhere else. Join us for 9 0 9 exec, episode 42 with Pieter Vaniperen.
Den:
Hey everybody, welcome to another episode of 909 Exec, your podcast and GoTo for all things executives in tech as we navigate our journey. And every week I try and bring on some amazing guests and actually this show we have a returning guest from episode 38. So Pieter Vaniperen, thank you very much. You're the CISO, CIO at AlphaSense. We had a great conversation last time, so I encourage people to check it out. But for those that haven't saw that episode yet, why don't you introduce yourself?
Pieter:
Sure. I'm the CISO and CIO at AlphaSense, which is a company that helps businesses make some of the most difficult and empowering decisions. And I spend my days keeping things secure and diving into everything from strategic decisions down to doing a one-on-one with someone on my service desk.
Den:
Brilliant. And you've got one of those blended C-I-O-C-I-S-O roles, and I think in our episode 38, we talked a little bit about this. So just real quick, a real quick, why do you think it's better that someone wears both hats?
Pieter:
Quick one-liner would be that 90% of what a CIO deals with nowadays is commoditized and everything else is security anyway. So it makes it a lot more streamlined if someone wears both hats. And ironically, I'll tell you from my teams, they're keenly interested in both sides of the house. So it actually works out really well from a team structure perspective as well.
Den:
Excellent. Yeah, maybe at one point you can share a little bit, maybe a blog actually Peter, right? Maybe you could do a blog for us where you share what would a team structure, what's a traditional one look like when you've got CIO plus A-C-I-S-O, and then when you've got the blended role, how does that change the org dynamics? I'd love to, I think that's a blog just in itself actually together. So we dug in a lot on leadership as I tried to do in the show. So one of the things I wanted to expand on is really the kind of principles of creative problem solving. You shared something where you're frequently asking yourself whether you're even tackling the right problem. Can you share a little bit about just what's your approach when it comes to the problems your team's faced with and how do you navigate and guide them through the toughest ones?
Pieter:
Yeah, I mean, I think for me, and I think this kind of comes from some of my creative background, is I like to walk outside of the box and kind of walk around it and look at all the sides of the box and kind give it a good first principles and really think to myself, is this the right problem we're solving or is this a symptom of something else? And if this isn't the right problem, then digging at it, thinking about root cause analysis and digging at the five why's and going deeper until we get to the root cause. And then once we suss out the root cause, then really starting to creatively think, okay, knowing everything we know now versus when this started, what would we do? And I like it a lot to, when I advise companies, I talk to them about making sure that you define the headache and that you have the right cure for it. You don't want to be giving someone Tylenol for brain cancer, it's not going to really do much. And so kind of taking that methodology into how I approach most problems.
Den:
And you talked about first principles a lot in the last episode, episode 38, and you share again here and then a little parallel to five whys. So how do you describe the difference between your concept of first principles and five why's?
Pieter:
Sure. So I think five why's is really incessantly asking that question why, right? I can't tell you how many companies I walked into where the first why is because we've always done it that way. Why stand decided? There was actually a great parable. One of the CEOs I worked for told about cooking pot roast, and they would always cut the ends off and they finally, it went generationally and it went all the way up to the great grandmother. And the great grandmother was like, we didn't have a pan that was big enough. So it was four generations of people thinking that cutting the ends off the pot roast make it taste better and it had nothing to do with that. And so I think really digging down and understanding is there even a reason why we're behaving this way? And often we find there isn't necessarily one.
And then I think the other side of it is the first principles, which I liken into kind of the Rube Goldberg process, which is if you're familiar with Rube Goldberg, you build all these crazy machines that would do something very simple but in a very complex way. And often when we look at automating updating, now using ai, the first instinct is to do exactly what we're doing, but try to do it faster or better. And if you're going to take the time to re-engineer something or to solve a problem, you should really figure out if knowing everything you knew today, you would still go about solving that problem that way. And so if you combine those two things and you get down to there was really no good reason, Steve just decided it one day, and then everything you know about Steve's solution that doesn't work. Now you probably want to go and dig down and actually look at the problem and process you're trying to solve and come up with something truly original to solve that. And maybe five years from now it's Peter's solution and someone's going, I don't know, Peter just said that that way, but at least it has a shot of a different level of success.
Den:
And there was a couple. Yeah, I think the biggest piece of that is, or the main point is if you can solve a problem that is crippling the business, impacting the business or whatever, then solve the problem. You're not doing it just for shits and giggles really. Right? Just because an old process doesn't necessarily means that it needs updated. Absolutely. So you're really looking for the business benefit and value. And it almost reminds me like Dyson, he didn't create the Dyson because he wanted to reinvent vacuum cleaners. He just thought there was a problem with the suction and the concept of the vacuum bag. So he set out to solve what he thought was, I guess, I don't know how many times he vacuumed in a day to feel like that was a problem that needed solved. I mean, shit, he must've been vacuuming a really messy house and then all of a sudden figured he needed need a bagless machine. It's really heavy dirt in that house. There's a lot of inventions that are created because people, especially parents of newborn children, and then something doesn't exist that they feel they need and then all of a sudden they come up with the best idea. So a lot of inventions exist because of stuff like that. I do always think of whenever we create stuff, then creating something to solve the business problem is great. I always reminded people though, if it costs more to automate it than it does to do the manual thing.
And I'll give you an example. We had a manual process that was ran by a team, a low cost region, so it was fairly inexpensive for us. Their failure rate or their success rate, their success rate was great. They'd done this thing efficiently, they'd done it well, and it didn't cost the company much money and some bright spark thought that that'd be a great candidate to automate the price of automating the thing. I think the ROI on the getting benefit was about 10 years. So not everything needs automated. One of my old bosses said that, and the cost of doing something versus doing nothing is an equation that I think all leaders should consider and especially architects. For me, I remember working at a very large company not so long ago, and I asked one of the architects if when they're architecting the new thing, they consider the cost of the implementation and the operation, and they said, no, I
Pieter:
Feel that bizarre. I think there's two things there. One I would definitely say, I always talk about, okay, what's the pen and paper solution? Often people want to bring in tools or create things because it's a cool thing or a cool tool to bring in, but do you actually have that problem and can you solve that with a pen and paper? And if so, why are you bringing in this tool? And then I think to the point of the architect, look, I think one of my mentors used to say, I making babies as the fun part. Raising them is the hard part. Everyone focuses on the fun part, and I think that's something to always remember. Every tool you bring in, every product you, you have to think of it as a liability. I remember sitting in one startup and we got some fledgling interest in a product line that we were investigating, and they were like, okay, we should go. We sign these three contracts. And I'm like, okay, these three contracts have a total a CV of 120 k, and this product costs $450,000 a year to operate, and if we don't get any other a CV, we've just taken on a liability. And then you want to sign multi-year deals with these people, you could be signing us up to lose a million dollars as a company. This is not good business.
So I take it even further that way. I think that often I'm asked, especially from my security desk, Hey, can you go get this entire new compliance audit and invest a million dollars into getting this new compliance audit? And I'm like, okay, for what customer? And then they'll hand me a $6,000 contract and I'm like, no. The answer,
Den:
I mean that they don't ask anyone. It's one thing when we coach startups and especially those ones that need help with compliance, one of the first things I say is, look, if you're losing business, you categorically got information that says that's the reason you lost a business and you're losing it because you don't have that certification. Sure, let's think about it. But the cost of doing the certification, maintaining the certification, it's really not to prove that you're more secure. It's because you're losing business or you want to be better seen in the industry than your competitors.
You mentioned the making the baby thing. I want to share something a second, but just before we do, we're going to take a quick break for this short message. Hey folks, just want to take a minute to say thanks for listening to the show, watching the show, however you engage with us. If you're liking the conversations, if you think we're adding some value, we'd love you to subscribe and share the show with your friends. If you know of anyone else that would benefit ideally for us that will help us be able to grow the show, invest more in the quality, get some more exciting guests and keep bringing you some executive goodness. Thanks everybody. Take it easy and enjoy the rest of the discussion.
So Peter, we're back and let's the making baby thing, actually you struck my comedic nerve. I do like to think I'm a bit of a comedian and when I'm on stage doing conference talks, my belief is that conference talks are not meant to be mundane and boring and last 30 minutes and you just want to put pins in your eyes. So I have a joke. Usually every slide, there's usually a joke that goes along with it. And one of the ones I use is I never get involved in projects where the project takes longer than it does to make a baby. And then I say, but not the elephant types, the human ones. And then I have elaborated on that because what my team reminded me of is the making part is pretty short. It's the growing part and birthing bit that takes the longest in that chain. And I'm like, yes, nine months. So for me, the reason behind that is because of financial reasons. When you're going through your budget cycle, if you have not delivered some business value on whatever the endeavor is within three to six months, then you're coming up against budget renewals.
And when you're trying to look for more budget for whatever that whizbang thing was, or even your next whizbang thing, you need to have demonstrated that you can deliver the shit you said before. So if you make your projects six months less than nine months, about six months or three or six months sprints for business value, then you've got the credibility to go back and ask for more money. So the whole nine month thing, I think it's a great joke, but the real premise behind it is it's all about credibility when we're asking for funding. And your bosses don't want to give you money if they think you're just going to waste it.
Pieter:
No, and I think it's great too. I think on both the side where I advise companies and in my roles as an executive, I'm asked all the time, Hey, do you have this new product? You did a two week POV, let's sign a three year deal. It's like, hold on, let's get six months, nine months under our belt, then we can talk about a three year deal. Hold on, what are we committing to here? And I think, oh, but it's cheaper. I'm like, it's only cheaper if it works out for the three years. You don't know, it could not work out in two months. And so I am right there with you. I think that I, it's actually interesting when you watch young leaders, I think they tend to under budget the value of getting results versus being busy
Den:
If that, it's funny. Do you think that for most companies nowadays, the concept of a three year deal is behind us three in five years because you would do that before because the length it would take for you to deploy their bullshit took sometimes a year or 18 months. So you've done these big mega deals, but everything, and you mentioned this, it start as well for CIOs, right? Everything's pretty much in the cloud, instant gratification. A lot of the integrations actually are better now in the kind of work. So the getting up and running piece for a lot of tech these days is like two to four weeks. So the thought of it being, let's just do one year deals and see how the thing plays out. Is that more attractive you think?
Pieter:
I think so. I think there's some kind of large critical spaces where the markets mainly commodities at this point, and I think that people moving to disrupt those places were kind of in the off cycle. And so I think there's some savings to be had there if you commit to two or three years. But in general, anything else that's kind of more an experimental emerging market, I won't commit to multi-year deals. It's very infrequent because I don't know if you're going to have the best thing in three years, and precisely your point, I don't want to be in position where I'm six months into a three year deal and something much better comes along that I can integrate in four weeks and now I'm stuck with you.
Den:
Yeah, I think the whole concept of lock in is becoming pretty kind of legacy now. I mean, obviously large enterprises, excuse me, that still buy a lot of this legacy technology and stuff. I get it. You're doing a three and five year shit and your whole business process might be based on this stuff, but I think there's just such an opportunity for us to be more nimble, even on enterprise level. So I love to see, yeah, I'd love to see enterprises move faster. What is interesting is years ago we're talking about Okta being as an example, right? Okta being this new shiny cloud native, blah, blah, blah, replace the legacy, get rid of all the old stuff. And now I'm starting to see young upstarts coming out in the market and they're like, we're going to replace your legacy Okta. It's like, holy shit. So I guess 15 years later, Okta is now the legacy or some startups would like to talk about it like that. I mean, I don't know if it necessarily is true. I still think they do a kick KS job, but I think there's a lot of room in the identity off market, the cloud auth market for more players because Okta seems to be, or Azure the only, or enter id the only one. Yeah,
Pieter:
I think that's one of those spaces that to your point, it's been kind of off cycle for a few years and I think now it's emerging. And I think that's where the tech I think needs to change. I think it comes to what really changes with the tech and whether or not something new is out there or not that can change it. I think AI is an interesting space. I think AI is changing many, many of the spaces that we're in, but I think that some of the spaces outside of what we traditionally think of as places where humans need to be in the loop that we've already settled on tech, I think are kind of the spots where for the next couple of years I would think about making a longer term commitment, if that makes sense.
Den:
Yeah. Yeah. I am going to ask you one AI question. I think I'd be dumb not to. What excites you most about emerging AI technologies?
Pieter:
The fact that we can actually for the first time see everything. I think we've done a really interesting job in the security world of providing a whole lot of technology that has provided a whole lot of noise and not a whole lot of signal. And that has made a massive big data problem for us as security teams. And I think that we're now at a point where we can use AI to filter through the noise that we've asked for when we said we don't have enough data, and now everyone's given us all the data that exists in the world, and I think we can now see everything and have AI look at everything and actually point out the signal to us. And broadly, I think that's what's going to be very category changing across many of the tools that we have the opportunity to use.
Den:
There's a lot of excitement and some fear about ai. I think how our data is managed on AI platforms, I still think there's a level of scrutiny required there and what companies just pump into these AI platforms without even thinking about it. There's people that will throw a lot of information in there, which I would say is probably dangerous if it gets when that company gets compromised. I mean, we have to assume one of these big AI companies, their database will be backdoored at some point. And I'll look forward to seeing that in the news just for shits and giggles. Alright, now, so when you're not working, so, and I think you and I we're starting to jump into a whole conversation about when we're not working, what do we do for fun? So let's jump into the Peter, you've shut that laptop down, you're now starting to do something for fun. What's your,
Pieter:
I mean, for me it's a combination of kids outdoor time and probably music or something creative. I think those are probably the three things I lack the most in having the laptop open. And so on balance, I think being able to spend time with the kids and just being in the world of a six and 8-year-old for some period of time and then some sort of creative outlet. And then I like being outside. I also am a swimmer. I like being in the pool. I like just the quiet and there's nothing else to focus on. And I think that's the same too with a lot of the creative. I think more than anything, the difference between myself and I know we've talked a little bit about rising up into leadership. I think one of the differences that people understand about being a leader versus being an independent contributor is as an independent contributor you get a lot of flow time, you get a lot of time to just live in your zone of genius, whatever that might be. Whether it's thinking about a marketing problem, it's developing, it's figuring out and writing a security document or something like that. As a leader, you spend most of your day in kind of like a hyper context switch mode, just catching different people's problems and trying to quickly point and facilitate in the right directions. And so I think having that kind of flow is something that's really important in that off time.
Den:
And I think in my height of leadership, I mean I don't consider what I'm doing now really leadership because it's a nice small little business that we're building. But when you're 300 people in my team, 60 million a year budget, in the height of leadership, we're probably about 12, 14 meetings a day. And there's all these little 30 minute, 30 minute, 30 minute, and they're all different topics. So for me it was like that context switching was just, I mean, I enjoyed it. What I don't enjoy is people's bullshit. So when you say six and 8-year-old, I'm like, wait a minute, people at my work behaved like that too. See, that gives it an appropriate lens, right? Sorry, I was going to say creativity, right? So as a creative professional, how do you think that benefits your professional life? Because you and I both love music, play music, so in that sense, how do you feel that that benefits your professional life?
Pieter:
I think it's the ability to, creativity and problem solving are very parallel skills. And I think the ability to take music, hear a couple of notes and think through different ways to complete the sequence of notes that you heard and how that would mechanically work. And there's a number of things that kind of unconsciously go on in your brain when you're trained that way. And I think that's not dissimilar to what we do when we problem solve. I also think it's really creepy for those out there who know a little bit more about how attention and AI and LLMs actually work that we all interact with. It's a little creepy if you think about the parallels between that kind of human auto completion that exists within creativity based on our experiences and what we've seen, the way that we problem solve as humans and what we do with pattern matching in AI to auto complete something, there is this broad parallel there that's kind of interesting.
And I think that that creativity produces the best results. And I actually think that it's very interesting. Now, there's a lot of complaint about hallucinations being someone who's been in big data and machine learning for the better part of a decade now, in one way or another, the earlier complaints prior to the attention solves and some of the other breakthroughs that happened in large language models was that AI was essentially not creative enough that the solutions it would bring were too predictable and too matchy. And I think that's a key unlock to ai. It's also key unlock to leadership. It's a key unlock to creativity. And I actually having the interesting varied experience I have in my life and actually having gone half of my schooling was for creative outlet of theater and film direction. I remember a professor basically talking about the different years and it's something that stuck with me. And it was like year one, you're taught to creatively vomit. Year two, you're taught to clean up the vomit. Year three, you make the vomit look pretty. And year four you figure out how to present the vomit.
But that sticks with me because that's a lot of what leadership and problem solving is, right? You may not have the solution right away, but you come up with a whole bunch of solutions, you narrow it down, you refine, you find out all the problems with it. And it's the same thing when you create a piece of music or write a book or anything else. It's a process of dumping it all out, refining it down, editing, and then coming to the final thing. That process is something that's repeatable. I find that the most skilled people that I hire tend to come from that kind of background.
Den:
Yeah. Well, I think that for me is interesting because it reminds me of two, there's two things. One is I remember before COVID, and this may just opened a can of worms, but before COVID, my teams would always be like, oh, we should do a team offite, team offsite, team offsite. And I'm like, well, why is that? Why do you want to bring your team to San Jose or whatever they want it to go? And the answer you got back then was because when we're all in the room together, our creativity, our whiteboarding, our problem solving, our strategizing is all much better. And then you got COVID and the all went home and shipped, and companies last their travel budget, they recognized it could save some money there. And then what happens is then you get these certain leaders that I know and won't name, they're like, oh, love this, working from home.
I don't need to be in the office and this is much better. And I'm like, well wait a minute. Before COVID it wasn't much better. And after COVID, it's much better. I still think I'm on the mindset that having the cooler talk in the kitchen, the whiteboard and stuff together, I am still of the opinion that is way more productive and creative and does something that you don't get over video like this. So I'm still a huge fan of that. So the whole go back to work business for me, I'm like, I think that'd be awesome for most companies, a benefit. Otherwise, I think every quarter you should be finding ways to bring your team together. I love nothing more than sitting in a room whiteboarding with people as we're talking about architectures and strategies and problems. So anyway, I don't know if that was a question or just a straight out statement.
Pieter:
I think there is definitely a benefit to being able to work from home.
Den:
The timer goes off as well. The Shawn are now baked. That does
Pieter:
Happen. But I do think it's also a benefit to your point, I think there is something about creativity that flows. It's kind of jamming with a band when you're in a room together, there is a natural kinetic energy that occurs. I think what happens most often with these kind of return to work mandates is that there is no structure around them. No one is saying, okay, we're all going to come in on this day and this is brainstorming day, or this is the day to spend time with your team and do one-on-ones or things like that that benefit from FaceTime. And so I think it's a balance. I think to your point, yes, everyone whiteboarding together benefit everyone coming in and going on their own Zoom calls next to each other, probably not really benefiting. And so I think that's where companies have lost the thread a bit. But I agree with you, there is a natural tendency in that shoulder to shoulder environment be more open and less structured in how you're collaborating, which creates some pretty interesting things.
Den:
Yeah, no, I think you're right. There also needs to be more tolerance for and thought given to just doing phone calls over the phone so I can walk the trail while I can be on the phone at the same time. I mean, I think it's almost a case of companies should think about all this stuff start to finish. I know you and I, we both are voice passionate about burnout and making sure people thrive and you're not just treading water and trying not to drown and stuff. And I think it's upon companies that get a little creative and say, Hey, how do we do things now? Because after COVID or during COVID, most people said, screw this. I don't live to work. Well, I don't only work to live, but I need to enjoy my life too. So there's a blend.
Pieter:
I think it's interesting. I think there's a handful of reasons why people have, for instance, camera on policies and things like that. And I understand it, but a lot of the time, to me, I'm kind of like, people don't want to instinctively turn on their camera. There's probably a cultural issue. Or that person really wasn't able to attend that meeting but didn't feel like they had a choice or that person has so much work, they feel like they have to go and try to answer slack messages while they're in that meeting. And so I think precisely your point, I think companies need to start listening and facilitating and helping to figure out what reduces burnout and creates the most positive work. I think having been a leader, you and I have definitely had days where we sit in meetings the whole day, and I would probably recognize, say that some of those meetings are probably pretty beneficial, but some of those meetings probably could have been an email or didn't need to exist, many of them.
And I think that there is this kind of autopilot people go on at work instead of figuring out or digging in or making the hard decisions. I think that often people just kind of throw it at meetings. And there's a person who talks about, I don't want to steal her thunder, but she talks about simple hacking and the idea that we overcomplicate things as humans. And one of the things she brings up is you can find it, it's out there online, but there is an OSS manual like precursor to the ccia of how to sabotage German factories and stuff in France and places like that. And it's literally end every meeting by scheduling another meeting, have as many people on a committee as possible, never actually make a decision. It's all these things that in corporate life just they have been on autopilot. And if you would probably go back and look through, there's probably a series of meetings you had and nothing was accomplished from that series of meetings.
And yet you can't go walk the trail on that meeting. You can't be outside. You're taking time potentially away from your kids or other outlets or work that you need to do. And I think that we, it'll be interesting to see how AI affects this, but I think that we are still figuring out what is the modern definition of work. We're locked into a definition of work that was created over a hundred years ago. And I think we need to really figure out what that modern definition means. And I think that once we settle into that, I think you will see a lot of burnout fall away.
Den:
And by the way, kudos to the Dutch because I think they just implemented legally a four day working week with no work on Friday for the same pay. And I've done this for about 15 years. I've done no meeting Friday for my orgs. And it's really crazy. I was talking to somebody earlier just about how hard it is to implement something like that. Now. It's not that we wouldn't do meetings if your customers or whatever called and you'd jump and do it, but no standing meetings, you'd block your time out so people couldn't book you for meetings on a Friday. And at Adobe, it was many, many, many, many years of reiterating this to my team. And then at Cisco, it really never took off. In the year and a half I was there, how long it takes to change people's behavior. And then the other one was, you have my permission as the executive of the org, you have my permission to not turn up to a meeting if there's no agenda. If you don't understand why you've been invited to the reason or it's not clear your purpose for being there, you have my permission to not go.
You also have my permission to email the organizer and say, I expect these things in order to turn up, otherwise I won't. And people were even uncomfortable with that because that was a bit alien. But for me, I mean it's like, look, our time is limited and I don't want my team working a 60 hour week. That was the other thing is I started to get on top of people for working too many hours. I'm like, if you're working a 60 hour week, you've created an expectation to our org that says, this is what you get output wise for this number of people. And if one person left, so let's say somebody's working a six hour a week just because they love doing it, no idea why, but if they leave and that backfill with somebody else, there's no guarantee that person wants to work a six hour week, nor should they. So we have created a problem, especially if you've got two or three of those people in New York, which we did. So yeah, I know we're up in time. Peter, on the music front, I think you and I, we both play music by ear. What instruments do you play? Why don't you share with the audience a little bit about your musical journey?
Pieter:
Sure. Guitarist, bass, guitar, piano, clarinet, dabble in some trumpet saxophone. At a certain point, I just kind of started buying instruments. At a certain point you just, it's music, and so you engage in it. And I think that's, but I think that is also part of the journey of being creative and being a musician. I obviously write in a lot of coding languages. I think that a certain point, you start to see the kind of system as opposed to individual pieces of it. Or as one of my music teachers would say, at a certain point, you'll stop hearing your instrument and you'll hear the orchestra and you'll know exactly, you don't have to count like you should, but you don't have to count a rest anymore because you know when you come in. And it's the same kind of, I think, mentality as a leader, especially in tech. At a certain point you start to see the system and the architecture of the system as opposed to individual components. And I think that's really when it locks in.
Den:
Well, that is a brilliant point to end on. Pieter, I thank you very much for being a repeat offender on the show. Your knowledge is excellent and it is great chatting with you. As always. Love to have you back again sometime soon. Maybe in six months, we'll check out what you're up to. And everybody, thank you very much, Pieter Vaniperen and AlphaSense, C-I-O-C-S-O, and probably everything else in between. So Pieter, thanks man.
Pieter:
Appreciate It. Thanks Den.
Narrator:
Thanks for listening to 9 0 9 exec. Subscribe wherever you get your podcasts and don't miss an episode of your source for wit and Wisdom in cybersecurity and beyond.
.svg)
.svg){kind=icon}
