Cloud Reset – The Podcast | Episode 6: The Art of a Long Term Security Strategy (plus Microsoft Ignite highlights!)
Show Resources:
Here are the resources we covered in the episode:
Follow Naran McClung on LinkedIn
Contact us at enquiries@macquariecloudservices.com with any questions, suggestions, or corrections!
And don’t forget to rate/review!
Episode Summary:
In this final episode of Cloud Reset for 2024, Jono and Naran are joined by Enrico Conte, CISO of IMB Bank, to unpack the challenges of managing cybersecurity in an ever-evolving threat landscape. Fresh off the plane from Microsoft Ignite, Naran shares key insights on Microsoft’s roadmap, the explosion of generative AI, and the critical role of data governance as organisations prepare for the future.
In this episode you’ll hear about:
- How banks approach cybersecurity to balance innovation, risk, and data protection.
- The rise of data governance as a critical foundation for AI adoption and business resilience.
- Microsoft’s push towards AI and Copilot solutions, and what it means for customers and partners.
- Real-world examples of managing risk in a dynamic threat landscape.
- The importance of agility and adaptability in long-term security strategies.
- Why trust, skills, and AI readiness are the key pillars for successful technology investments.
As Jono and Naran reflect on the year, they highlight recurring themes from their guests, including cost optimisation, managing risk, and the growing role of AI in IT and security strategies. With plenty of exciting plans for 2025, including insights from CEOs and more deep dives into AI, Cloud Reset will return in February to tackle the biggest challenges and opportunities in cloud and IT.
Episode Transcript:
All right, welcome back to Cloud Reset where cloud strategies collide straight talk real solutions. I’m your host Jono Staff and we have the fearless Naran McClung. Happy to be here. I don’t know where the fearless bit comes from, but I’m certainly motivated and I think we’ve had a great time doing these podcasts all year.
I have enjoyed them thoroughly. I know we’ve got a great plan for next year. It’s not time to talk about that. Obviously, we’ve got lots of other things to talk about today. Jono, what are we talking about today? Well, today I’m excited because we’re going to blow the lid off what it means To do cyber security well inside of a bank.
Now hang on a minute Jono, hang on, so cyber security for banks, so banks have got the biggest risks of all of us, right? So therefore, whatever cyber security strategy a bank has, that’s what we should all follow and do, because quite clearly that’s where the action’s at. Well, well, surely, surely. I think we’re going to find out all about it.
And I’m also pretty excited too, because you are fresh off the plane from an arduous journey back from Chicago. Yes. A visit to Microsoft Ignite and I think you’re going to bring some insights about all things Copilot. All things Copilot. They could have called it the Copilot experience or something like that.
It was 16,000 like minded dorks of myself and other product and engineering inspired people. who ventured to a snowing part of the world. I’ve not been to Chicago before. It’s lovely. If nobody here has or has been etc. Like what a beautiful city, right? You got lovely wide streets and very picturesque.
There’s great jazz bars and that wasn’t why we were there. It wasn’t a junket for that reason. It was to learn about all things generative AI, and clearly Microsoft are all in with Copilot. There is a Copilot for absolutely everything. I would say at the very least, navigating that now as a customer and even as a partner, there is just so much going on.
Every product team is activated within Microsoft to convince you, to take you on a journey, to get you compelled to embrace this AI thing as Microsoft would see it. So I will try to bring that to life. today. I’m sure you’ll do a great job. Um, if only just to save your own skin and prove that it was not a junket.
Um, I didn’t feel like I was under that kind of pressure, but here we are. Okay. Yeah. Let’s do that. Let’s do it.
All right. Delighted to have with us today, Enrico Conte, CISO from IMB Bank. And Enrico is going to chat with us around how he manages risk for a bank, how he thinks about long term security investments and how he preserves his own resilience. As a size in the proverbial hot seat, which is a 24 by 7 job.
Welcome Enrico. Ah, thanks. Thanks, Jono. Glad to be here.
Enrico, now you’ve just come back from Microsoft Ignite. I’m sure that’s a topic within your own business as well. And Microsoft being one of the largest security providers in the world, obviously on your roadmap. What are some of the things that you’re pretty interested in looking out for in terms of the roadmap coming out of Ignite?
Thanks, Jono. Yeah, so definitely a hot topic and something that, you know, we, we couldn’t really justify a trip to the US also because it was sold out within minutes. So really interested to hear, uh, what Naran has, uh, to bring back from Neptune, especially around the long term strategy and the long term roadmap of, uh, Microsoft.
To be able to see if there’s anything, uh, coming up in the future, uh, that might impact us and how we can adapt and sort of, uh, embrace the new technologies that, uh, Microsoft, uh, will release. Yeah, Naran, talk us through that. What did you bring out of Ignite? As it relates specifically to security. Yeah, great.
So firstly, I’ll echo your desires there. In fact, we have the same intentions. Clearly, we build intellectual property and capability around Microsoft’s product stack. So it’s super important for us to maintain relationships with the product leaders. We go over there with a full contingent. of product owners and architecture across all the things that we take to market.
Clearly managed security is a key part of that. So we’re looking for insights and direction and it usually just comes in conversation as well. A lot of this stuff is NDA. So we will get into typically closed rooms when we go up there with the product leaders to eke out direction and intent. The last thing we would want to do is invest time in in building out a capability that Microsoft are going to release as a feature, for example, or product in the next 12 months.
So we try and understand that we try and understand how we can differentiate and better serve our customers by enriching capability. So that’s that’s the first thing. First and foremost, there is a partner to operate element to this as well. Um, you have to be a good partner in Microsoft’s eyes and it makes sense for us to be seen.
Um, but it’s that knowledge and foresight of Roadmap that we value greatly. Um, I would say holistically from Ignite, it is quite clearly all about data governance and AI. Microsoft have a Copilot for everything. Um, they would, uh, seek and hope to inspire the world to embrace Copilot and build agents, um, either in a low code scenario where it is, you know, taking advantage of, people with power platform inspired skills.
You want to be able to cobble things together with help, and there’s a lot of help out there with Copilot Studio to bring that to life for organizations. Um, for MSPs like us, we typically like to develop our own capability, and that is we would take advantage of something like AI Foundry and figure out how open AI can help enrich our services, and clearly we’ve delivered that with our SOC Digital Twin capability and speeding up incident triage, customer insights, which helps.
Jono, I got to be driving into work, wanting to get a better understanding and a feel for what’s going on within our customer environments before all important meetings. So that’s, that’s how we’re taking advantage of the tech. Um, and I think Microsoft recognize that data governance is hugely important.
Right? I mean, I think you could probably talk at length that that that’s important. The efforts that you go to to protect, protect, um, personal identifiable information, you know, of your staff and of your customers, and that’s a massive, has massive implications with AI and how you would build AI agents and so all the best practice around that.
And so Microsoft are clearly looking at technologies like Purview to really help organizations get a handle on data governance, uh, and build policy around that. So. Honestly, we could have called this thing like the Copilot experience. I know they call it Ignite and pretend like other products matter.
Like it’s really, it’s primarily all around data governance, data management, and building out Copilot and Gen AI solutions. Well, let’s talk a little bit about data governance, um, probably as it relates to your organization and Ricoh. You know, what we’re seeing with a lot of the customers and potential customers that we talk to, as they make ready.
For AI, you know, thinking about our roadmap, how do we, how do we get ahead? How do we get the most out of our data? Data governance seems to be the thing that now everybody is trying to play catch up, you know, thinking about governance, risk and compliance. Obviously that’s a big topic, uh, in your organization.
How does data governance work in your organization as it rolls up to security? Is it a tangential thing? Is that Another department that’s responsible for what does that mean to your organization? So for us, uh, data governance, it’s an enterprise effort. So it’s not just one single department. Uh, we do define different information assets, uh, and then allocate owners that are responsible for, for controls being applied to that one.
So it’s a bit of a traditional approach to, to data governance. But to your point, going back to what CorePilot can do and any other generative AI is that sort of accelerated discovery of data that someone might have not known that they had access to that really makes the difference and sort of increases the risk of using these new technologies.
So it’s all about the discovery and then ensuring that proper access controls are applied to the data types. So that’s where, like, for example, what Naran was saying in terms of Microsoft focusing a lot on data. Uh, we had, and the whole industry had over the last three to four years, uh, just an explosion in terms of how much data, uh, we are piling up, collecting and building, uh, because it helps us, um, sort of having a better understanding of our customers, but then at the same time, uh, it’s a lot of data and there’s a lot of security involved in terms of, uh, how you protect it.
And how you ensure that just the relevant people have access to the relevant data. So that’s where the governance sort of plays a, plays a huge part. And is that something that is changing all the time or needs to change in your view? Um, to do AI properly. So do more people need access to more data? data sets.
Is that what’s going on there? And you’re trying to figure out how to, how to manage that? Yeah, it’s hard to find the right, the right balance to being able to provide relevant data and enough to provide insight to the people who are querying the generative AI model. But without disclosing the actual data itself, so that’s where the biggest challenge is.
We’ve seen some clever applications of this. I mean, Jono, you know, a good friend of ours runs an AI business. I won’t name them, but they’re a very popular AI business, and I know that, um, In order to get the trust from their customer base, they had to go to great lengths to obfuscate customer and personal identifiable information, ways in which you could identify back to the businesses, et cetera, as well.
And there’s a whole piece around that. And I think, I don’t know whether this is tail wagging the dog type stuff, but I get a sense that certainly in Australia right now, Data governance is a relatively new concept and it’s a relatively new concept if we think in terms of just how much Microsoft would have us embrace these technologies and I reckon it was probably a 50 50 split of building out the AI capability but having the maturity with data governance and management and data platform and even thinking around data modeling etc.
These are relatively new concepts, at least In the, in the context of how Microsoft would have us embrace this technology. And I, I think organizations would be going through considerable, um, process change as well. Process change is hard, isn’t it? You know, like people are stuck in their routines. They do things a certain way.
I wonder, you know, Enrico, like, for an organization to think about classification of documents each and every time you produce a document, how should I classify this thing, knowing that there’s policies that would be enforced that are going to change the way in which that, that artifact is leveraged internally.
These are big changes. Yeah, they are. Definitely are for. Everyone in the business, both around data classification, but also data rights management as well, as that then prevents you from sharing information or prevents other people from accessing it. So there’s a lot of adaptation that has to occur in terms of business processes.
That’s right. The technology is there. Yes. And, uh, well, it advanced quite a bit in the Microsoft ecosystem in the last, uh, probably five years. Yes, but it’s that change management and adaptation of business processes that’s still, uh, sort of playing catch up. That’s right. Yeah. So with the Australian government and, uh, the, um, privacy reform that’s coming into effect into, in the next few months, um, there’s, there’s definitely a lot of catch up, uh, that, um, needs to happen. Um, and that’s sort of like showing the interest from the Australian government, uh, in, in this space as well.
I can see that for sure. I wonder, Jono, you know, like our own, um, The internal cyber training that all our staff has to do, and I’m sure many organisations around Australia do the same thing, where you try and lift this sort of base understanding of risk and threat and management. And every, every individual in an organisation has a role to play in defending an organisation’s security.
Um, cyber position. I’m wondering whether data governance could be the same thing and we start thinking about the classification of data. We start thinking about where our artifacts can end up and think in terms of our own responsibilities and how we classify data. Is that something do you reckon could find its way?
I think it’s going to need to. I think the amount of data that you need to ingest to do AI well, or even, you know, train a large language model, develop an agent to, you know, Give you insights on one discrete area of your business. It’s more data than ever before. It’s like, give me all the documents you’ve ever produced, put them into this machine and we’ll be able to query it and get clever insights in real time.
And we’ll all be more productive. That’s the dream, but everything that’s going, like if you had to go back, say five years as an employee, every bit of content you’ve ever produced, now it’s going to be available. To be queried by, you know, this system, by who in the organization, at what time, um, from inside, from outside, is it public facing?
These are things that I think it’s a bit of uncharted territory. Yeah. So developing good, uh, controls and practices and a, like a culture of awareness around, um, you know, what I’m producing, who’s going to be able to access it, where it’s going to live. Is going to become really important. And I’m sure, um, as a CISO in a bank, you’re probably faced Enrico with some interesting situations to maintain some tension, I guess, between the people who want the insights and want to go fast and it’s your job to keep them safe while they do it without really impeding them.
Can maybe can you play us through some real life examples? Have you got executives in your organization going, Hey, I want to use AI so I can get, so I can figure out, you know, who my best customers are on the fly or what my forecast is, or, you know, that sort of thing. And maybe you’re the one saying, well, we’ll slow down.
Or are you saying, no, we can speed up, but we need to invest in these tools. We need to do it properly. How, how do those conversations play out in your business? Yeah. So it’s a bit of a, Yeah. Yeah. It’s a bit of a fine balance and that sort of moves over time. So for us, in terms of our approach to the security is all about offering solutions to keep our staff and our members safe.
But at the same time, yeah, we understand that we are a bank. So back to what we were talking about before, there’s an expectation that we maintain a certain high standard in the security space. So things tend to move slower than, uh, than in other organizations. So there’s that constant tension, absolutely, between, uh, uh, people who want the innovation.
Uh, but then at the same time, um, yeah, our job and our role is, uh, is to keep, uh, to keep the information, uh, secure.
What’s the, um, without divulging anything confidential, what is the, the craziest innovation request? What, what’s the, what’s the one that surprised you the most, or the most interesting thing that you’re trying to figure out? How do we stay secure while we do this? Is there anything cool that you can share with us?
Uh, nothing that’s in the pipeline, uh, but it’s probably just looking even broader in the industry, uh, the sort of biggest change is when you start interacting with your customers. So that’s, that’s the line that everyone at the moment, uh, it’s a little bit afraid to, to cross, uh, because, uh, there’s new regulations coming into play as well around the responsible use of AI.
Okay. Uh, which does apply the moment you open access to, to your customers. But then there’s also this horror stories that we had in the past, that we are a bot interacted with the customer, and then all of a sudden, uh, you have to HANA, uh, whatever the bot promised. Send customer. Wow. Yeah, I like that one too.
Yeah. Yeah, I think there’s a couple of stories, whether they’re real or not, about manufacturers or car sales companies in the US. We’re customers, we’re clever enough to be able to trick the bot into offering significant discounts or almost things at no cost. And, uh, because the bot said, yeah, that’s fine.
You can have it for 0 and they had to, they had to honor that. Okay. Um, good to know listeners pay attention. So I’m like, I’m sure as a, as a, you know, a customer of a bank, obviously not, not your bank, you know, some of the things that that’s really interesting crossing the line to making it available to your customers.
So there’s a little bit of an inward focus. You know, how do we use AI to get better insights into our own business? How can we leverage AI to give our customers a better experience? And you’re saying when you’re a bank, you actually got to be really careful. Like I said, the whole industry is thinking about, you mentioned crossing a line.
You know, it’s like a threshold of, okay, now this stuff’s in front of our customers. Our customers can interact with it. What does that mean for us and our own security and governance? Yeah, both from a security perspective, but also you’re dealing with people money. So that, that’s where, uh, there’s that sort of fear, uh, of the bot taking control.
Uh, so it’s that when before, so between providing information and then taking actions, uh, uh, that’s, that’s where the line sort of is, uh, querying and providing information is pretty well used across the industry, um, as a, as a tool and as a technology. And it’s not very different from what we’re used to.
Previous sort of models or machine learning, uh, used to be years ago. It’s not a new concept. Uh, it’s that generative AI being able to interpret natural language and then take actions. Uh, that’s where it then becomes very tricky. I’ve got an idea. We’re going to get the bot to figure out how many streaming subscriptions I have and which ones I’m not using and cancel them all.
It’s a very good use case. I like that one, right? Yeah. All my little hidden, you know, all my son’s PlayStation. Look, I like you guys. I don’t mean to drag you into my hole here, but I’m, I’m old enough to remember Clippy. Remember good old Clippy? We used to get annoyed. Clippy would pop up and say, can I help?
No, you cannot help. You won’t help at all. You just serve to infuriate me greatly. Now. When you see bot services, particularly like web, web end bot services, and you see an example, I had a fantastic side by side example, um, delivered from Microsoft, in fact, recently, showing just the difference in milliseconds that, uh, I think this, this example is the performance throughput unit, so PTU example, um, and it was the difference between getting annoyed and not.
Right, so it’s like there was an AI model behind there that was intelligently asking questions, but it was doing so with really low latency. And it was the difference between me getting annoyed and me not being annoyed. Now, if we then add that to this concept that, um, from, I think, chat GPT 3 onwards, scale essentially just adds IQ points.
Right, so the more scale you have and the, the bigger the networks that you can build out. Um, the grade of the intelligence, quote unquote, of the bot services themselves. So with a new model and with new IQ points, who knows how good this thing is going to be, right? It’s going to be answering questions that you might not have perceived to be possible.
So that must be very difficult for a bank to try and lock down the outcomes of something that’s inherently just going to get smarter with scale. And it’s going to try its best to answer questions, unlike Clippy from back in the day that only served to annoy you. For sure. For sure. That’s fair. Risk management plays a huge part.
So it’s no different from any other model that you’ll be using. So having control over the module, over the model, and being able to control input and output. Uh, it’s the most important, uh, pass is not just, uh, being dragged onto that sort of trajectory of, uh, let’s always put the newest and greatest model on, uh, it needs to be controlled and Microsoft is that, um, within this sort of Azure AI studio, uh, product where you can actually control the model and that helps you, uh, knowing that, uh, you have a, uh, Sort of steady and controllable output and also the retraining just constant retraining as well.
Microsoft made a point while we’re in ignite for the week just to talk about the importance of training and retraining and getting the kind of behavior that you want. It feels like a statistical goal and objective that the more you use something, the better it gets. You got to take the thing on the journey.
And it’s got to evolve with you and certainly doesn’t happen straight away. So there’s this sort of balancing the risk of release of product, knowing full well that three months down the line, it’s going to be materially better from where you are today. So it’s a question of how much risk can I absorb between now and then.
What a balance. Must be fun for a bank. Yeah, definitely. But Mark’s also got work to do as well. If you take the example of Copilot for Outlook, and the way it suggests to you how to write better emails, Uh, you then change it, you ask it again, and you suggest it to change back to what you originally wrote.
Right. And it gets into that kind of a loop situation where, uh, the more you ask, you just keep getting the same suggestions and you go back and forth. Yeah. Uh, so, uh, there’s, there’s a bit of work there, uh, to do. There is. Indeed. Enrico, obviously, um, staying up to date with the product roadmap from key vendors like Microsoft is important in terms of how you, Develop your strategy.
And I know you’ve brought a bit of a long term thinking strategy into the bank. Can you just maybe just talk us through what it means for you as a CISO thinking three and five years ahead? What’s the what’s the top thing on your mind that you’ve got to be prepared for in terms of keeping your customers data safe?
In terms of what you asked on a long term strategy. So there’s this few elements. And a few dimensions that sort of play a part in, uh, when we define a long term strategy is about having a vision and a bit of a sort of goalpost, uh, for, for long term, but it’s also about building it, uh, in a certain way that is adaptable and agile, uh, so it can change and evolve, uh, as the sort of threat landscape, uh, changes over time, uh, because yeah, the threat landscape it’s, uh, it’s very dynamic at the moment, uh, and technology as well is moving faster than, uh, than we can keep up with, uh, So it’s being able to every 6, 12, 18 months, uh, uh, reassess and make any adjustments or any changes in terms of what the roadmap and the strategy is, uh, to keep it current, keep it relevant.
Uh, and keep it aligned with, um, with security. Certainly a tall order. Um, but I love that takeaway for our listeners. And if I had to just play it back to you, it’s set a long term goal in terms of your security posture and what you’re trying to achieve, but be agile and reassess every six months and adapt because what was good might not necessarily be good.
You need, you need to, it’s really keeping you on your toes. Yeah. And it’s not about, um, sort of taking those actions is about building it in a certain way. Uh, that allow you to make those changes throughout the journey. Sometimes, uh, you know, you build a program of work, uh, you define an investment, uh, and it might take three years to deliver it.
That just doesn’t work in the security in, uh, in 2024, 2025. Uh, it’s just, we need to, um, we need to change the approach, uh, because things are moving faster than, than we can keep up. Look, that’s, that’s Awesome point. And I’ll say I’m going to give Microsoft some props to right in Chicago. They talk through their own security incidents.
I mean, clearly Microsoft is a big target globally. There’s lots going on. There’s a lot going on in the Ukraine and obviously Russia as well, which happens to be a very huge Azure environment out of Ukraine. So, um, They talked candidly about how they’ve had to change their strategy on the fly as well and adapt to an ever changing threat landscape and they talked about things that they didn’t do so well in the past that have learnt from openly and all the effort that goes into protecting themselves as an organisation that then plays through to the types of products and services that we embrace as a managed service provider and, um, it’s a big change.
Thank you. It’s a big factor for us. If you think about, you know, we invest in open AI and we’ve invested heavily in building out our SOC digital twin capability. We’ve spoken about multiple times on this podcast. For us, that’s an investment in the Microsoft platform and it highlights the importance for us not to deviate.
Too far from Microsoft’s direction. If I think about the signals and the telemetry and how we embrace the Defender for Cloud and Defender ecosystem, we embrace that wholeheartedly because we depend on the programmatic methods and the ways in which we eke out insights now, and we need to. We can’t have any threat to that, right?
It’s really important for us to stay true to that vision, because if we don’t do so, it means that future threats will miss us. So we’re heavily invested in that. It’s important to have a sense of what good looks like, but at the same time, we know that we’ll have to change and we’ll have to adapt. And I think knowing that Microsoft reflect on their own, let’s say failings, but their own incidents and the things that they manage on a global scale, probably unlike any other vendor, certainly any other tech vendor.
So, um. Yeah, this is a crazy space to be in and I think AI’s got a huge role to play. Absolutely, really dynamic space and great insights there. We’ll be right back after this short break with a subscriber question.
Enrico, question from our subscriber. How do you preserve your own cyber resilience as the CISO at a bank? When you’re in the hot seat 24 by seven, I think, I think people are really interested, you know, in the top job at a bank, what does that actually look like for you? Maybe a day in the life of, you know, how do, how do you actually do it?
So there’s not real one day in the life. Every day is, uh, it’s different. Uh, you dunno what you wake up at any time of the day, of the night, uh, too. But I think the key takeaway in terms of how to stay resilient is about, first of all, having a great team with diversified skills and also having great partnership partners that you can work with and sort of trust and rely on.
What I was just going to say, I remember back in the day, it used to be that if you didn’t hear from your security provider, that surely must mean everything was okay, right? Because if they don’t call you, if they don’t contact you, then everything’s good, right? It’s the everything’s safe alarm. If it’s ringing loudly, you know you’re good as gold.
I know we don’t work that way with you. Um, we are obviously engaged and collaborative with you on a regular basis. What does a good level engagement look like? I mean, like, is it too much? Too little? You know what? What would you expect from your service providers in the space? Yeah, so a good level of engagement is regular updates.
So even getting an update that nothing has occurred, it’s still a good update. You know, the systems are up and operational, so. Uh, we do regular testing as well. Uh, so we know that something should fire and we expect for that to fire. So that that’s part of our internal program and just to keep you guys on, on your toes and, uh, keep everything.
Everything in check, uh, but it’s, yeah, finding that right balance that works, uh, that works for everyone, uh, but definitely, uh, not as, uh, expecting not to hear, uh, ever from, uh, a security provider or from a system or from an alert. Uh, you expect those to come in, but you also expect to see them managed, uh, and being able anytime to get an update and know that information is going to be there.
Because I can get asked questions all the time from the execs, from other members, from other managers in the organization. And I need to be able to pull that information quite quickly and know that I’m going to trust what information I find in the system. Yeah, I love that. And look, the team, they love to be tested.
They really do. It’s the same for our monitoring capabilities on Azure. There’s nothing better than having things trigger and having the team spring to life because ultimately that’s what, you know, we’re partly at least, we’re paid to do, is to do that. The team take great pride in the way they respond. I would say also, Um, that more and more we’re getting asked for, um, full transparency and visibility of how we embrace AI technology as well.
And I quite like that too. So if it’s something, a technology or a capability that we’ve developed is going to improve triage and speed to response, we want to make sure that We’re not dismissing incidents out of hand and we’re not dealing with, um, uh, hallucinations as it were. And so I think it’s right for us to be asked that question, show the results.
How is this thing operating? Is it doing the job that it should be doing? Or is it letting things through or worse, closing things that it shouldn’t? And I think that’s, that’s a good question. It’s a different take on AI governance and it’s a relatively new thing and I, I think the very least there’s a responsibility and a service prior to be entirely transparent on how that stuff works.
Yeah, great discussion, you know, for me to take away from both of those things. It sounds like you need a really good strategy, a clear strategy with an agile approach because it’s such a dynamic space. Um, but like a lot of people that we speak to when it comes to security. Especially CISOs, everyone talks about the quality of their team and the investment in their team and skills and partners they can trust.
And I think that’s, um, you know, it’s, it sounds really straightforward on paper, a lot harder to actually do. There’s a lot that goes into making that work. And sometimes it takes a couple of iterations as well. Uh, so, you know, all your listeners don’t expect to get it right on day one and no one’s got the silver bullet.
So whatever they try to sell you, uh, they won’t be able to fix all your problems. But you want to look for people that will want to work with you, uh, versus, uh, selling your product, that cultural alignment, you know, that they want to get the outcome together. Yeah. Look, great conversation guys. We’ll be right back after this short break.
Okay. We are back to that end of the. that we refer to as the, uh, it’s the quickfire questions. We ask each guest that we have in the hot seat the same questions. Doesn’t mean you have to answer the same way either, by the way. Please answer them how you see fit. So first question for you, Enrique, is if you had to cut 20 percent from your budget tomorrow, where would you start?
Uh, well, where would I start? Uh, definitely not, uh, from, uh, the sort of security, uh, technology that we, that we deploy and implement. Uh, but, uh, it’s a, it’s a complicated answer as well. Uh, it’s not an easy. It’s not an easy sort of task, but if I had to cut 20 percent from the budget, I’d probably first look at, um, easy wins and anything that, uh, is a bit of a duplicated service to try and consolidate as much as possible, uh, failing that because, uh, normally that, that’s something that, um, yeah, anyone would have done already.
Uh, it will be looking at how to reduce. The volume of alerts or data that we collect that has a cost and try and focus on what’s important and what’s the sort of most valuable information from a signal and telemetry perspective. I like it. I like it. Um, I mean, if I think our own adoption of technologies that improved our efficiency just simply just meant our teams are able to work on more valuable things.
So yeah, I think you can save 20 percent of effort. You can attribute that to cost and maybe direct that somewhere else. So I think that’s a, that’s a cool play too. Alrighty, question number two. What is the one piece of advice for attracting the smartest talent? to your team. I mean, we challenged with this too.
How do you do it? Yeah. So I think it’s just not, um, sort of pigeonholing yourself into, into skills and qualifications and certifications. Um, security is a, is a great space and you can train people on processes, technology, especially if you have a sort of stronger, uh, base in that space. Uh, so it’s about, yeah, focusing on altitude and yeah, don’t discard, um, People because they come from other areas of the business or from different background.
Like I always take this great example. Yeah, one of my guys got a background in physics. And he knows how the word ticks. So he can apply that to his business. To security and that that’s a great skill to to have in the team so it’s about having that diversified team. That’s that’s very important. I love that.
That’s um, I think what you’re probably the first person to say that and that’s to say redefine what the smartest talent is. You know, maybe cast a wider net and, uh, and think laterally. Yeah, absolutely. And then training qualifications, certifications that can come with time. Um, we all try and allocate time for, for training, uh, and upscale people.
But you have to turn up with the right attitude. I mean, I want to take that further. I mean, I don’t want to typecast, but if I look at our SOC analysts, they are a different breed of people in our organisation. And I say that affectionately too, by the way. I mean, we’re talking six monitors, you know, and they’ve got these visual spatial skills and they’re spotting patterns over here and patterns over there and they’re high functioning.
There’s a couple of keyboards on the go. I mean, that’s not a job for everybody, right? That’s a different mindset altogether. I don’t know how we typecast that person, how we describe them, but they are definitely a different breed of people. And it has forced us to think differently about how we hire them and the attributes that we look for.
That’s great advice. Cause I couldn’t do that all day. I’d lose my mind. I mean, I wouldn’t know what I was looking at to begin with, right? But it is different, isn’t it? It is absolutely. Uh, and you want to offer that environment as well that you mentioned. So if what they need to. Performing their role is having six monitors and two keyboards.
Then by all means have six monitors and two keyboards. We shouldn’t stop them. Uh, and we want to encourage the people to, to bring ideas and innovation, uh, versus us thinking that, uh, it’s a square box, uh, where, uh, everyone should work the same way. All right. Very good. Final question. Um, when you’re evaluating a prospective partner, how do you spot the red flags that tell you they’re not the real deal?
Uh, good question. Uh, red flags. So what do I look for? Uh, mostly like from this set of the engagement. I’m pretty good at spotting, um, red flags. Uh, most of those are based on, uh, promises and, uh, what the pre sale engagement, uh, um, normally normally brings to the table. Um, if it’s just. Products and services, uh, that’s normally not a really, um, sort of good, uh, good tell sign, uh, for, for a partner, uh, that comes on board.
Uh, it’s about looking and trying to understand, uh, what we need. Versus trying to sell us what they have. So that’s probably the biggest, uh, the biggest determinator for me. All right. Fantastic chat. And I love the answers to those three questions. Really, really insightful. And I know our listeners will get a lot out of that.
And Enrico, thank you so much for coming on the podcast today. That was Cloud Reset, straight talk, real solutions. Thanks, guys. Okay, that’s a wrap for another episode of Cloud Reset, and in fact, the last one for this year. Incredible. I can’t believe we’ve done what we’ve done this year. I’ve thoroughly enjoyed it.
I think all our guests have brought different perspectives, which I love, and I know that we’ve got a well earned break for about a month. We’re going to be back on the 6th of February for an all new approach, an all new routine. I know we’ve got some heavy hitters coming in, some CEOs, for example, that are going to give us their perspectives.
That’s going to be a whole new thing. Uh, in the new year, the CEO piece. Definitely excited for that. You’ll have to subscribe and do all of the necessary things that you need to do to be alerted to when that drops. Looking forward to that. And I know we’ve learned a lot as well now, and, and I thought maybe it might be fun if you can talk our listeners through the top three things that have surprised you that you’ve learned.
Okay. Well, look, let’s see the top three things. So the first thing is clearly cost is a massive factor for every organization. I think in Australia, I know we talk a lot about cost and risk. Organizations are looking to save money any which way. The cloud repatriation thing is real. But listen, as the head of the Azure business, our Azure business is still growing and growing very strongly.
These things are happening at the same time. All that says to me is that we have Discerning customers, discerning buyers, they are looking to put workloads where they belong. Uh, this notion of simple lift and shift is, I think, long since gone. Workloads need to belong where they should belong. And I think hybrid is definitely a real conversation.
It’s been a popular conversation for the guests that we’ve had on. Jonno, I don’t know whether that’s us forcing that or whether that’s a real thing. I want to believe it’s a real thing. And I think, Organizations have an incredible responsibility to e count as much value as they possibly can. And I know our customer base keeps us honest with that.
And I would say cost relates to your security investments as well. And similarly, as lift and shift being just as unpopular as I can afford every security product and service and it all has to be Rolls Royce. Well, that’s not true either. And I think the customers of ours that we have that are security customers are discerning buyers just the same and they’re looking to maximize their investments and that a huge role to play on us and the way we build service and capability and AI’s played a wonderful job in making us more predictable and more scalable as well.
And so that’s been a real feature. Managing risk is incredibly tough for organizations and I love Enrique’s take on that today as well. It’s an evolving picture. Once you get the handle on today’s risks, tomorrow’s are altogether different and you may have to pivot in a moment. So this point on being agile, I’d say was a recurring conversation and theme for everyone we’ve had on.
So it’s been great. I think that’s right. I agree with everything you’ve just said, so I can’t repeat any of it. You’re a hard act to follow, but I do have a couple of things that have surprised me that I think were insightful that came out of the conversations with our guests over the series. And look, one of the big things for me was some insight into how they make decisions around their technology investments in terms of what they buy and who they buy it from and the underpinning.
thing for me was trust, right? And it was really good to get some quality insights from our guests around how they figure out who they should trust in this dynamic industry, right? When there’s a hundred different solutions that you can invest in and everybody’s trying to tell you that they’re going to get the outcome for your business, how do you make a good decision?
And a lot of that came down to trust. The other one for me was skills. Everybody that we’ve spoken to, you know, when it comes time to bringing a technology solution to life and getting an outcome for their business, uh, the skills conversation really came to the fore, you know, do we have the right people, whether those people live in the partner community or within our own business, how do we attract those people?
How do we afford those people? Because without people in our industry, none of these solutions. Can actually make a difference for those organizations. So that was really interesting. And the third one for me was obviously the excitement around AI. And where that’s going. And I’ve learned a lot about where I think it could go.
And I’m really excited to dive into that in 2025. So looking forward to, um, getting all over that. And it’s been fantastic. And, uh, I hope everybody. Has a wonderful break. Thanks for listening to cloud reset. Okay. And look, final piece. Look, please don’t forget to subscribe. You’re going to find us on Spotify, on YouTube.
Clearly we put links all over LinkedIn. We’re everywhere. Anywhere you find your podcasts, please subscribe, listen in, ask us questions, reach out to us. All the links will be made available and we will see you in the new year. See you in the new year.
