11 minute read
Secon Cyber Leadership Interviews
by Secon
Janakan Nadarajah in conversation with Que Tran, Head of IT Europe & Russia, DP World
J: What’s your current role and what does it involve?
Advertisement
Q: I currently lead technology and digital for Europe and Russia region at DP World. DP World is a leading enabler of global trade and an integral part of the global supply chain. We have over 150 operations in 40 countries handling about 10 percent of the world’s container trade. In the last the last 12 months, with regards to the pandemic, the delivery of goods and global trade has become ever more important in our current situation.
In addition to the technology leadership, I’m focused on cyber and digitisation and innovation initiatives across the organisation. That’s really, I suppose, three parts. One is to protect the organisation; another is to optimise our business. The other part is to transform both the organisation and industry in how we work and operate. Maritime is one of the oldest industries in the world. With that comes a lot of cultural heritage, but also a lot of opportunities to use technology to drive it forward.
My day-to-day work includes a challenging range of things from the people management, which is still a very core part of any business, to working on the business challenges. That’s developing the technology strategy and digital roadmap, working with internal and external teams, and partners, on solutions and product development and what we can do better with regards to our existing operations, but also potential new acquisitions.
A lot of work is also working with the risk and audit teams on improving our technical design and security processes and managing the technical integration of new products because we don’t just live in a greenfield environment. The new digital products and security products we put in have to be embedded onto our existing environment so that takes a lot of consideration, thought and planning.
J: What brought you your current role and what is it that you like about it?
Q: Like most of my career, it’s come about from being inquisitive and connecting with people. Technology is systems and infrastructure and hardware. At the same time, it’s about collaborating with people, those within your teams and those outside of your teams as well.
And what do I like about it? It’s a business that materially impacts everyone. We probably take it for granted these days because we click something online and it magically appears at our doorsteps a day later, but it’s a real business that has material impact.
Even though I’ve been to so many of the terminals in the business, it’s still amazing every time I go to see the sheer size and scale of the business and the actual automation in place. It’s still a physical business, but enabled by digital. I think that’s what really excites me about the business.
J: Is there anything about your role that keeps you awake at night?
Q: I think sometimes it’s about approaching the question in a different way, because obviously if you approach a question in a certain context, then you answer it in a certain context. From my perspective, I would prefer to think of it as what motivates you to get up in the morning, which for me, it’s leading the delivery of secure, leading technology and digital that underpins and drives the organisation forward. That is what motivates me to get up in the morning, to do that work rather than mull over it in the evening. I think it’s more like, we’ve done what we needed to do, the next morning is another day to do even better.
J: What are the top two or three biggest lessons you’ve learned as a CIO?
Q: I suppose whether it’s as a CIO or whether it’s generally through business life, I think across organisations what you need really is great people, to build a capable team and trust. I think early in my career, I probably wanted to do everything and to revolve everything around myself, because, as you know, you sort of have a sense of I want to be the superhero, I want to be that capable person. But I think over time, I learned to share as much as possible, be it information, responsibilities, supply relationships, be it actually recognition and rewards to the wider team.
I think the second part is actually about communication and talking to people as much as possible. Whether it’s in technology or other parts of an organisation, many issues arise due to lack of, or misaligned, communications. I think talking to people as much as possible is key and asking questions sometimes more than once is really important to get through to the heart of things and get things resolved. A lot of challenges in technology are really about problem solving.
J: What do you think is the future of digital transformation and its impact, particularly on cyber security?
Q: Take how we looked at cyber security previously. Security was previously about how we protected physical assets, and then we’ve moved on in the last few years to get to two-factor, multi-factor authentication, be it on your phone, an app or token. When you look at digital transformation, everything is connected going forward.
In the future, we’re not just concerned about protecting a single computer device because essentially everything is a computer device, be it a computer, a vehicle, a vessel, or entire cities. How do you manage security to protect that? I think there’s the element of today, quantum computing is in at least early nascent stages. Today’s security does not even consider what quantum computing can solve. How do you consider that going forward?
I think there’s also the part about the need to protect human software. It sounds a bit scary, bit cyborg, but actually, there’s human machine software augmentation and A.I. How do you protect that? Because obviously, the hardware and software are no longer standalone, it’s part of us and how we work. How would you protect that? I know more questions than answers, but I think those are kind of interesting ones to consider and think about going forward.
J: When it comes to cyber security, what is most important to you?
Q: I think most important from my perspective is a matter of balance. That’s balancing the risk of protection versus user experience versus performance. I think sometimes we only think of one of those boxes, not all three. We know something with a bad user experience does not get adopted, very rarely. Likewise, something with poor performance very rarely gets sustained over a period of time. I think it’s equally being able to balance the risk of the appropriate level of protection versus the user experience and the performance.
J: What are the biggest challenges you’ve faced in the past when dealing with cyber security?
Q: It’s really about people and mindsets. I break it into sort of three things. One is about the mindset that tools can solve all the problems of cyber. We know that they’re an enabler and they are a component of that, but they can’t solve everything because ultimately you need good people, good processes, a good culture, to be security aware and looking to protect your own assets all the time.
I think secondly, it’s also about the people side of things. It’s about education, it’s making sure people make the right choices because, you know, smart and sensible are two very different things. You can have very smart people doing things that don’t seem sensible sometimes, especially from a cyber perspective. I think that constant evolving communication, education, and collaboration with people is very important in cyber.
The other part is the mindset about cyber security being a onetime event, i.e. you put something in, it solves the problem, be it a piece of software or big piece of hardware or a company that just comes to manage your SOC, suddenly all the problems are solved. We know it’s much larger than that. It’s understanding that it’s not a one-time event and it’s something that is continually evolving. As an organisation, you need to continue to adapt.
J: What expectations do you place on your suppliers and partners? How do you like to engage with them? What can make the process as stress free as possible for you?
Q: I think it’s important to recognise that we’re all we are human beings, and we all need to understand that we have our roles. Typically, I will talk when I’m available, when time permits, and I will connect if I have a problem that I need to solve. I know a lot of partners understand that, but some also don’t. Likewise, it would be good for you to also understand why I’m not talking to you; sometimes lack of communication does not mean disengagement. Lack of communication may mean that actually things are going fairly well.
From an expectation perspective, we know pricing is one element and sensible pricing is expected. We’re here to build a long-term relationship based on trust. I think even more important is great people providing a great service because I think that’s what truly stands out, be it in the technology space or any other kind of business you’re in.
What will help? I think being able to help me with all the background work, providing the information that helps me make a decision. What you don’t want, and what I don’t want either, is we both sit in a room and I can’t say yes or no, or I can’t say stop or proceed. Even more important is the buy in and trust of the wider teams and stakeholders because what you want is everyone to be able to work, regardless of whoever is in the room.
J: What advice would you give to someone who’s aspiring to become a CIO or a CISO?
Q: There’s probably no one straight path to get to whatever it is, whether it’s CISO, CEO, MD, whatever. I think it’s important to recognise that you’re in your role because you’re definitely capable, but there’s always something to learn. It’s important to continue to be inquisitive, to listen and learn both inside and outside of your domain.
I think technical skills are important. I wouldn’t say they’re not important, but we know it’s a moving landscape. I always advocate learning and getting certified before you need it, because it helps you to move forward. As I said earlier, people skills, communication skills are very important and emotional intelligence to connect with others is definitely a good asset to have.
From a technology perspective, I think it’s also being able to plan and handle both the bad and good situations. Particularly in technology when things go well, we’re overly optimistic, but at the same time, we get overly pessimistic in resolving a crisis. It’s about balance on being able to handle both and then being able to lead people through those situations.
J: Digital transformation was supercharged in 2020 due to the pandemic and need to work remotely. What do you think 2021 will be known for?
Q: I think the thing we learned about predictions from last year is don’t predict anything because you’re going to be wildly off the mark. But I think, looking at where we are right now and what we’ve been through, it’s about being able to adapt to what is now the next normal. What does normal reality look like in 2021 now we’ve come out on the other side? With COVID-19 and all the transformation that’s happened in organisations to enable people to work collaboratively and remotely, I think there will be opportunities for new services to adapt us to this new way of living and working because we know people will be outside of their homes regularly now for the first time, sustained in 2021. What does that mean? That probably means opportunities to provide a different set of products or services that probably weren’t possible or weren’t thought about back in 2020 or further back.
I think it will bring about a skills challenge as well. I think about how we adapt to changing roles and responsibilities. Obviously, in the last 12 months, it wasn’t as much of worklife balance as work-life integration; rather than from working from home, you were literally working at home. Moving forward, it’s about what do these new roles mean? Are there new industries that evolve out of that?
Thinking about the role that technology has to play going forward and acceleration of technology, organisations have seen that people can work remotely and a lot of tasks can be done digitally. Now going forward, what is an automated digital task versus what is a human task and what does that mean to people’s roles and how we work and how we live?
Previously what we would have thought about is we’ve had a kind of certain life cycle where we studied really hard to learn some skills, then we kind of worked through a major period of our life to save up to relax at the other side. I think what we’ve seen, and I think will be exponentially increased going forward, is a kept-up dipping in and out of learning and then working and re-skilling, where it’s not just this straight cycle of learn and work, it’s more a bit of learning, bit of working, a bit of learning again. I would say that would be a trend in 2021, seeing the new roles and skills that are going to be needed much more going forward.
