[00:01:15] Chaahat: Hey there, my cyber explorers. Welcome back to Destination Cyber Season 2. Today’s episode features someone who has lived through every era of tech from mainframe to cloud. Starting his career in Canberra sporting fraud detection systems, he went on to build enterprise solutions in London, led major digital transformation programs across Europe and spent over a decade at Fujitsu shaping cloud and hybrid it. Welcome David Lane. Now, as a head of product for cloud, cybersecurity and managed services at Interactive, he’s steering the future of modern tech offerings in Australia. We dive into how he broke into the industry, what global experience experience taught him and how cloud changed everything. And what does data sovereignty and leadership looks like today?
Tune in.
[00:01:57] David: Well, I studied engineering at university, so that was computer engineering, which is focused on designing processes and also writing software. So I always thought I would probably end up in the IT industry. I wasn’t quite sure where I would start and I was studying in Canberra and so there was limited opportunities for doing anything around sort of hardware technology. So I ended up having effectively applying for jobs for graduate positions with various federal government departments. And so I landed my first role with Centrelink, which I think is under the sort of Services Australia sort of delivery arm now. But back then it was sort of the Centrelink sort of operations, you know, IT section which was massive. It had thousands of people working for it at the time.
[00:02:36] Chaahat: So you mentioned that you applied to a lot of graduate programs. How was the process applying to graduate program? Back in the days it was as
[00:02:44] David: stall destroying is probably what it is today, but I would say that it’s probably harder today. So I think for any role that you’re applying for, there was probably at least 50 people applying for any role that you went for, whereas I think now it’s probably several hundred. So I do really have a lot of sympathy for graduates today, but I’ll be honest with you, it was in the early days of the Internet, of the web, so most things were still being done. Writing cover letters, sending literally printed out CVs to all these different departments, sometimes not hearing anything for weeks, or sometimes never hearing anything full stop, or getting lots of rejection letters, which is actually what happened for the most part, until I was able to land my first interview and I was able to secure that job.
[00:03:22] Chaahat: Well, that’s fantastic. So I know that it’s brutal out there in today’s market, landing the first job, it’s very hard. And like you mentioned, even the printed time, that you did have to face a lot of rejections. And that’s sort of demotivating for a lot of people out there because they face like, every morning wake up, there’s a rejection email. So what sort of advice would you give to the graduates? How, how to navigate those rejection mails and how to come out like, more stronger with the new applications.
[00:03:46] David: I think you have to treat applying for a job like a job. And actually I helped my son through this process, you know, about a year ago, and he spent probably seven months applying for job after job. And I think you have to treat it like a job. So you have to sort of specify, you know, what am I going to do today? My plan is from this time to this time I’m going to be doing, I’m going to be checking all the applications I’ve made to see if I’ve got any feedback, if. Is there anything I can prove in my. Whether it’s my LinkedIn profile, my resume, my portfolio of work, or whatever it is that you’ve got to sort of add value to yourself and treat it like a job. So from this time to this time, I do it and then actually look after yourself and your wellbeing. Seek out people that can sort of coach you and help you prepare for the next one so that you’re preparing fresh again rather than getting into sort of a monotonous sort of mode, because otherwise you’re going to the level of demotivation you may feel will actually impact you and actually might affect the next interview that you end up going for. So you want to try and sort of keep yourself fresh. So, you know, you’ve got to sort of manage your time like a job, manage your wellbeing like you would if you had a job. So that’s, that’s the advice I gave my son and eventually it certainly did help him and I’ve obviously hired lots of graduates in the meeting over the last sort of 20 years as well, so that’s probably the same advice I would give them today.
[00:04:59] Chaahat: No, that’s a very good advice. And I feel like if you’re refreshing yourself and like just keeping track of things, making like a separate sheet and balancing it out, you at least know what direction you’re heading in and you can check your. Oh, what feedback you got from that particular rejection. What could you have done better? You mentioned that you hired a lot of graduates in your past 20 years of experience. So when you interview those graduates, what’s the thing that you look out for in those individuals?
[00:05:22] David: It’s actually attitude and behaviors, really, whether they’re going to be a good addition in terms of the culture, the diversity of thought they’re going to bring to that team is what really is important to me. Less so their actual knowledge or technical skills that they have to try and demonstrate either from their studies or from their past experiences. Because you can teach technology, there’s lots of skills, you can teach the culture side of things or values, those sorts of things, they’re kind of what you’re. What you’ve developed or what you were born with, and they’re much harder to sort of change in yourself as well. Right. So. So that’s. That’s what I’m looking for.
[00:06:01] Chaahat: So when you mentioned the attitudes and the behavior, is it more of like the discipline in them or is it more of like problem solving? What’s the talk? More skill. You would like, say that if this graduate has the skill, like he has a leverage of getting shortlisted or going up to, like, for the heights.
[00:06:17] David: Gosh. I would say attitude towards learning. You can tell if someone’s really keen on learning by the kinds of questions they ask. So I think someone who’s always keen on learning will always do well. A work ethic for me is a default position. It’s a given. You have to be disciplined in your work ethic. I also think creativity as well. I deliberately try and hire, not like myself. I know my strengths and my weaknesses. So I don’t want to hire in my. Necessarily in my areas of strength. I actually want to hire in, in the things in the areas that I feel the team will benefit from that. And that’s sort of. So I really am after diversity of thought, really, when I’m looking for good hires. People are going to make a difference and you can just tell that quite quickly. Work ethic, you can also identify quite quickly from what they’ve been doing like if they’ve never, maybe they’ve just graduated and they’ve only ever worked part time but you can even tell from the part time work that they’ve been doing what their work ethics. Like that could be by the organization they’ve chosen to work with or by, you know, the way they talk about it. And it’s very easy to identify someone who’s got a very strong work ethic.
[00:07:20] Chaahat: That’s a very good point. Thank you for sharing that. And so David, coming back to your journey. So after Centrelink. So in Centrelink you worked as a mainframe programmer. That’s what I got from LinkedIn. Could you tell us more about it? What was that like?
[00:07:33] David: That was a hard job because I. Mainframes are really old technology so I didn’t even know what one was when I got the job. I was just after a job. So I’ll just be honest, it was not my dream job. It was not really what I wanted. But you know, needs must. And I thought I’ll give this a crack.
[00:07:48] Chaahat: That’s most of us today.
[00:07:49] David: That’s right. And I didn’t last too long. So I didn’t know what I meant. Frame was I didn’t know I’d never worked in the public service in the sector. I didn’t understand how those structures were, but I did learn a lot through it. So. And the area I was in was actually very technical. The role was to try and do what’s called data matching, which is where you bring data from different systems together, run queries against that data and then identify potentially fraud. So that is, you know, people who are potentially being paid more than they should or who are defrauding the government. Most people aren’t aware of that. But organizations like Services Australia, they can pull information from taxation, from Social Security, from healthcare and they can bring all of that data together and allow queries to be run against it. But all of that data, most of it was, I don’t know if it’s the list they are. It wouldn’t surprise me if it’s still on mainframes today. But back then it was on mainframes so you had to learn how to program in cobol, how to use mainframe tools like job control, language. None of this I understood at all. So it took a long time to get familiar with that. Weeks of work to get familiar with that. I can’t say it’s the most thrilling work. It’s lots of boring and then a few little interesting bits is what I would say. But it does teach you some discipline. It also teaches you how organizations like, like the government actually do data matching and actually try and identify fraud. So that was the interesting element of it, but the actual technical work I found not particularly thrilling.
[00:09:09] Chaahat: I had no idea that the governments could do that. That is a bit scary.
[00:09:14] David: They can do it, but there is legislation around that that protects your data and my data, the Privacy act, for example. But there’s also an act called the Data Matching act, for example, which allows government departments to bring all that data together and to actually run queries against it.
[00:09:28] Chaahat: So you was just out of your university degree when you first started into this role and so all of this language, like Kabul for example, was very new to you. So how did you like navigate? Did you ask for help from the people who were there at your work? Was there any sort of like mentor or did you put a lot of in like self learning and self teaching and then you sort of developed an understanding of what’s going around?
[00:09:50] David: It’s all of the above really. You have formal training, so they put you on days of formal training and there was lots of documentation to read. They still had things printed out in binders that you had to read. And of course they gave you sort of sandpit environments that allowed you to test, to actually run queries against anonymized data sets, submit jobs to a mainframe to run overnight so you could actually at least understand the processes and the systems that we use. That was fairly straightforward. But I guess having studied engineering, which included software engineering, a language is a language. Like I don’t do very much hands on technical work today, but if I’m sitting next to one of our developers and I can actually track what they’re doing, I understand exactly what they’re doing. I don’t know the syntax, I may not know the actual language, but I can see what they’re doing and I actually understand what they’re doing. So I think that knowledge for me to learn a new language today, it probably wouldn’t take me long. I’ll be rusty. I won’t be the fastest, I won’t be the best, but I’ll be able to hack through it. After a few weeks worth of hands on self learning, I’ll get there.
[00:10:47] Chaahat: Yeah, that sounds like a wonderful experience. And whatever we do, learning is always involved. So seeing as how you navigated that space, definitely gave you a lot of lessons. And yeah. So my question is, after Centrelink you went to Fujitsu.
[00:11:00] David: I did.
[00:11:01] Chaahat: So there you were in Canberra in the beginning, as A consultant. And then you became a principal consultant in the London office.
[00:11:08] David: Yes.
[00:11:08] Chaahat: So from Canberra to London and then to Sydney. So your journey spans continents and industries. So what were the biggest lessons you took from working in such different tech, tech and cultural environments?
[00:11:20] David: That’s a great question. The reason I went to London was I was on this high potentials program. So I was very fortunate. As a graduate I worked for a number of years and I was identified on a high performance leaders program. And they asked me, would you like to go on to convent for a couple of years to the uk And I thought it was either the UK or Japan at the time. So I thought I’ll go to the uk. So I landed there and everything was just so much bigger. The government parents are bigger, the commercial organizations are bigger. But the other thing that was really noticeable was the diversity of workforce.
But very quickly you land in a European context. So you move into the UK but you’re really working in Europe. So you’re working with colleagues scattered across Europe. And that was a great experience for me. So you understand that people adopt technology in different ways from different countries.
You also see different cultures and how they work. I would say Australia is much more like the uk. I would say Australians and people in the UK tend to work longer hours comparison to other countries like France and some of the Scandinavian countries. And there’s not really a right or wrong way, there’s just a different way. And I think you need to be open to learning different ways and that diversity can still deliver great outcomes. It’s not to say there’s not weaknesses in different cultures. Some cultures can be very rigid and others a bit more flexible. So. But I think working in that dynamic was super fascinating for me and super enjoyable. I mean, I love discovering different cultures and spending time in different countries and you know, I’d always make sure I’d get to a different country slightly early so I could do a bit of sightseeing and explore those places and often go back on holiday if I found it to be particularly good. Technology adoption, I would say was the vast difference between different countries. The UK is much more like Australia, focused on commercial software and hardware. Open source is much more prevalent in countries like Germany and also in places like Spain as well. So you know, you see differences in how people use and adopt technology and what they’re focused on. So I think that’s probably the biggest learning is to always be open to learning new things.
[00:13:19] Chaahat: So when was the first time you actually stepped into a role that was like cyber related? So Was it in your time in Fujitsu or was it like later on
[00:13:27] David: it was in Fujitsu? And it wasn’t specifically cyber security. Because of the work I did around automation and records management, I ended up in a very sort of niche space which is around information management and information governance, which then sort of went into data governance. So at the time a lot of new legislation was being proposed in Europe to protect data. Quite sophisticated data protection acts were starting to be applied in different countries.
New acts around freedom of information, GDPR was being proposed as well. And the understanding of all of that was that you’re going to have to protect data, you have to report on data, you have to govern data and manage it in a much better way. So technologists like myself, who are used to deploying content management systems, document management systems, records management systems, were all of a sudden thrust into a much more elevated position around an organization’s risk posture, around data both structured and unstructured. So things in databases and basically things in documents or images and so forth. So that’s kind of how I started my journey into sort of the security space, because effectively the cyber security safe is very much more technical role then as well. So the two of us started colliding in terms of data and information with systems that protect it, systems in terms of firewalls and network security, to antivirus, all those things like that. The collision of those two, two sort of disciplines together. So I was coming from the data and information side.
[00:14:53] Chaahat: That sounds fascinating. And you’re right, the cyberspace, it did develop a lot later on. So when you mentioned something about like risk management, did you also have to do sort of risk assessments for an organization all the time?
[00:15:04] David: All the time. I mean, you know, business I work in right now, we do GRC governance, risk compliance, sort of assessment services. We used to exactly the same thing. My role is very much more focused on the data and information side as opposed to all the network, the communications and IT system side. But yeah, very much so. We go in as two or three people into a customer, do an assessment on the data assets, information assets, see how they’re using it, see how it’s protected. All those types of things was quite interesting. Depending on what the organization’s main purpose was, you can see some really interesting uses of data. And I got the opportunity to work in quite some really fascinating spaces.
[00:15:38] Chaahat: Yeah, so you mentioned there’s a lot of stuff like there’s data, there’s network and how the monitoring of all that goes. So even in cybersecurity, there’s A lot of disciplines that we need to learn from. So coming from like a graduate perspective, the field seems very vast and massive. So how can we keep up to date with like basics of all of it? And how did you yourself found out what your niche was and where you wanted to go?
[00:16:01] David: In some things you fall into, some things you discover after having done it that that’s what you really, really enjoy and then you decide to actually go down that path. So I think you need to be open to try anything first. I think as someone who’s early on in their career, you need to sort of be open to trying things. And as you experience those things, you then decide, well, actually I really enjoy this aspect of what I’m doing and I want to spend a little bit more time working in that space.
And then from then you develop an amount of expertise and then from there you can either make your career out of it or you can kind of do what I did, which is I kind of wanted to try many different things. I’d hop in and out of completely different domains in some cases. I’ve worked in infrastructure, in applications, in information management, data, cyber, just because I was interested in those areas. Now, obviously the organization you work for has to be a place that allows you to try and potentially fail as well. Not all organizations are like that, but I was very fortunate at the time that Fujitsu Group, who I worked for at the time in Europe, would allow you to sometimes do some completely different things, you know, and it’s in fact how I got into cloud was I’d done well somewhere else and someone said, I think David, we can throw this problem at him and see what he does with that. So I had some great experiences in that way as well.
[00:17:16] Chaahat: Oh, wow. Yes, you’re absolutely right. Failure is the way to learn and to move forward. So you mentioned about cloud and how you got the cloud role and you also did a lot of leadership roles within the cloud service, like shaping all the cloud services. So what was that shift moving from like on prem consulting to a hybrid cloud environment?
[00:17:36] David: The tech was really interesting and really exciting and actually relatively easy. After my first proper cloud experience was actually the early release of Azure and I remember writing a hello World application and being able to push a button and it would just deploy straight to this cloud platform. And there was my application running. I didn’t deploy any infrastructure. It was just done for me. So that was amazing. The challenge I had was the organization I worked for. And like many global sis, we had large data centers and we had large Server farms, supporting customer workloads and those types of platforms. At the time, this is about 2010. So 2009 and 2010, those were seen as a threat to the core businesses of an organization like Fujitsu. So that was the challenge I felt when I took on that leadership role there, that it was we were too early for the organization and in fact we were probably four years too early and four years later we were successful. When I kicked off that mobilization team to start an Azure team within Fujitsu, it was just too early for us. So whilst we spent a lot of money, we did some really interesting fun things. The overall program was not what I would call a success. I would probably put it as one of my failures, but a fun failure. And those are also good, you know, the failure, as you say, you can always learn some great things from failure.
[00:18:54] Chaahat: So when you were like in the IDE space, was it more of like consulting that you did or was it like, so what was the process like? So from the data centers that you mentioned you had over there, did you have to like shift all of the data from there to something on Azure or was it more of like different new services that you had to create, that you had to give out to like small business?
[00:19:19] David: One of the offerings we did create was actually a hybrid data solution. So you’d have data potential on premise, but actually delivered via a cloud hosted application. We also had data services, you know, where data was migrated to a cloud platform and then used within the applications or services or integration or APIs that were being created for that data to be consumed. So it was actually both. So I’ve always been involved in hybrid deployments. Most organizations, I think even today 90% of organizations operate hybrid IT infrastructure. So I don’t really see that having changed. I think what’s really changed is the level of innovation within those hyperscale. Cloud is something else. It’s not something that I think anyone could really foresee how amazing the capabilities would be in a cloud platform today. So I think that’s what’s really the big difference.
[00:20:08] Chaahat: That’s a very good point. And also, just like you mentioned that the cloud coming during those times 2009, 2010 was a fairly new thing and I believe there wasn’t much in the industry to know or learn more about it because nobody has ever done this before. And as you mentioned, mentioned that it was first for you guys as well. Similar to now the organizations, they’re going to shift to AI and there’s not much about it, but every organization is trying to sort of have AI first approach integrating AI into their systems and doing a lot of stuff around it. And there’s not much in in the industry about it as everybody is still learning how to use it and what could the error points be? So coming from that perspective, what would you recommend the organizations to like focus on while implementing something like new into their system from a cyber perspective as well?
[00:20:53] David: AI.
Super exciting. Art of the possible is. You can nearly not comprehend what the art of the possible is with regards to AI. I think most organizations will be able to experiment simply with services like ChatGPT or Copilot and all the other ones from most of the other sort of hyperscale sort of providers. They’re great to understand the types of things that you can do and they abstract everything for you anyway because they provide a lot of frameworks, they provide a lot of tools to create your own agents, your own bots and so forth. So you don’t have to really understand the underlying technology, you can just consume it and make good use of it. But the training around how to secure your own data is massively important. I mean that’s one of the things that when we support customers and we in our own deployments of AI capabilities within applications that we use, that’s been one of the key things. How do you identify that you’re in a safe place?
How do you understand whether you’re talking to an AI agent or capability or language model that’s on the public Internet and not that I’m putting data into it or that it’s only within it’s ring fenced within the data that I’m using within the organizations. I think that’s really important that you can identify from day one that you’re in a safe place or potentially a a non safe place from the organization’s perspective. I think beyond that there are some people who will want to understand what is under the hood. There is a lot out there, but because there’s a lot out there, it’s really hard to understand what is really good and what isn’t good. I think there’s a lot more consolidation from a technology stack perspective to happen. There’s lots of frameworks, most of these are open source. Like if you look at any of these services, just like many cloud services, often the base is an open source stack that someone then sort of productizes and puts a commercial wrap around that. It’s no different within the AI space, I guess Nvidia from a hardware perspective has a massive footprint, is the leader in the market and they’ve largely dictated some of the software capabilities that exist in market and have spent 20 years marketing and trying to build an ecosystem. But the reality is many countries, many private organizations are creating either competitors or leveraging that knowledge. And we’re seeing that across the piece. So there is a lot there, but it’s trying to sift through. I think sometimes there’s too much.
I think you can actually use AI to learn about AI and use them as a bit like a tutor. You know, you could use a copilot or a chatgpt, like a tutor. Help me understand AI and the different types of AI. What is rag, what is inferencing? What are small language models? What are large language models? What are security implications of using a product? You know, we all know them. There’s so many case studies. You’ve had engineering teams literally put their entire roadmap and design and code up into ChatGPT public, and then the company has then locked everything down and said, you cannot use anything outside of the organization from an AI perspective. So we’ve seen and heard all those case studies. And I think, like many things, what I did notice, I believe right now, AI is the new shadow it. Like, if you talk to your colleagues at work, you’ll probably find they’re using lots of different types of AI. Now the question is whether they’re using them sensibly. So I think one of the things organizations are going to have to do is at least monitor what is being used and potentially block out the ones they feel are too risky for them to have access to within a work context. Just like shadow it. Many people just signed up with a credit card for some cloud application, and then they’re wondering, why is my IT budget completely out of control? It’s because they’ve got 50 million different applications someone signed up for on a credit card as well, not even on a proper invoice, any proper discount or anything like that. So I think AI is a little bit like that at the moment. Then I think there’s going to be a lot of learning for organizations to be able to bring a degree of governance and risk management. So without stifling innovation or without stifling productivity sort of gains.
[00:24:41] Chaahat: Yeah, very, very good points, David. Thank you for sharing that. And data sovereignty is also such a buzzword today. And you’ve seen that data governance mature over the decades. So what does data sovereignty really mean in practice, especially for young cyber professionals out there?
[00:24:56] David: Wow. Okay. I think data sovereignty is not simply about geography. So generally, historically, people say I want a data sovereign solution. I want a sovereign solution. They generally met is my data stored in country and all the processes and whatever everything’s stored, managed, processed within country like Australia. That’s most people’s thought process around sovereignty would be. But the reality is sovereignty is much more than that. Sovereignty is about geography, but it’s also about operational sovereignty, like who has access to look at that data, who you know, and if it’s in a managed platform or someone’s operating a platform, like a cloud platform or a bit of infrastructure that data is residing in, who are the people looking after that or who could potentially have access to it? Do we know who they are? Do we know what they’re doing? So the operational side is, is also important. The other aspect of it is actually what I’d call on the judicial side of things, which is the company that is operating or hosting, who owns them, where are they headquartered, what country are they headquartered in? Because the fact that that data is in let’s say Australia, maybe it’s an American company and the FBI comes along and says please, based on their access acts that they have in those countries and same many other foreign countries have similar things. They can put a request through a form of subpoena. It could be public knowledge or it could be secret, provide me the data. And we don’t care where the data is residing because you are an American company and you have to abide by our rules. Therefore, the ownership structure of the organizations now has a bearing on on sovereignty as well. And then the aspect of which I call is more about the technological sovereignty is do I have the skills or of now have I completely outsourced the skill set so I no longer have the skill set to even understand or operate or do the things related to the sovereignty of that data. It’s quite a complex pillar of things when we talk about sovereignty. And I think we need to be able to define what that is and agree what those definitions are and then also define for the organization what is important with regards to sovereignty. Because not every organization is heavily regulated, not every organization has the same compliance requirements, but they still might have some sovereign requirements, but which ones are the important ones for them.
[00:27:14] Chaahat: So as there’s many frameworks out there, for example GDPR and all that. So what you said actually raised the thought, do you think we need to have a framework where a lot of countries agree on how to use AI or does it need to be like country specific, for example, the one that UK rolled in and what do you think Australia’s perspective would be, I do
[00:27:34] David: think we will have to have more regulation and I think that regulation has to have teeth behind it. GDPR is a great example because it wasn’t until it had some severe financial penalties did anybody take it seriously. And I think the same thing with new technology like AI, there’ll be a degree of regulation required because policy is interesting in general or frameworks are interesting, but if they can’t be enforced, most people will just pay lip service to them. And that’s actually what’s happened in technology over the last very many years. You know, lots of things, people say this is a really good idea, but they’re not actually going to do anything about it. There’s no penalty for it. It’s the same thing. Also, there’s the commercial reality of things. For example, when you talk about cloud and infrastructure and those sorts of things, lots of customers say I want a high available solution, I want disaster recovery. I want. And I’d say fine, you can have it. Here’s the quote. And they go, ah, I said I want a doctor. I really just meant I want backup. Because they look at that price and say I can’t afford it, I’ll just get a backup service, a data protection service. That’s enough resiliency for me. But really what they wanted was disaster recovery. So there’s always commercial realities behind things. And the fine regime of GDPR forced a lot of companies to actually pay and invest significant amount of money to protect their data and make sure they were processing it. And the supply chain that was around them was also complying with that. Because I think that’s the important thing in our world today. No organization, no country operates in isolation. We’re an ecosystem. So the ecosystem has to plug together and work together as one under the same sort of framework, regulations, etc. I’m not one for too much legislation, don’t get me wrong, but I think you need probably more than what’s probably out there today. You know, it’s a bit like you’ve got social media bad. It’s probably 20 years too late for under 16s. I’m just saying the cat’s out of the bag. It’s too late in my opinion, because everybody’s gotten used to these things and wants to use them even if they’re 12 years old now. So it’s very hard. And I think the last survey said that a third of all parents are going to allow their kids anyway. They’re going to probably sign up for them and all that sort of stuff. So I think there’s a lot of interesting discussions around at the moment around governance, around security, around protecting sovereign assets, sovereign capability, around protecting our ark citizen from potentially quite damaging things. When I look at even how AI today can be used on the negative side to try and breach defenses, to try and even do pretend to be human being and get intelligence out of someone that they can then use to then hack a system. You know, there’s, there’s so many use cases of AI on the dark side that like most things as technology ramps up, the black and the white need to be constantly outdoing each other. And that’s just the nature of our industry, of technology.
[00:30:18] Chaahat: That’s a very good analogy. And yes, you’re right, the social media policy, I do also think it’s out of the cat, out of the back because even I was talking to a couple of teenagers and they’re like, well, we’re just going to write account managed by parents and draw a bio and no company can do anything about it. But I hope it’s not too late for AI. I hope we do have a framework and regulation set in place in Australia before it gets too out of hand for AI as well. So David, now you’re head of product at Interactive and you’re shaping offerings in cloud, cybersecurity and managed services. That’s a big portfolio. Portfolio. So can you tell us what, what your day to day like looks like and can you walk us through what sort of things you love doing about your job and what looks more like a grind?
[00:30:59] David: Yeah, I, it’s a crazy life actually. I have to balance the strategic and the tactical every day. That’s kind of the challenge of my role. So if you think about what my role is, my role fundamentally is to develop and own the roadmap of the portfolio of services for Interactive here in Australia. So, and as you said, that portfolio is quite broad. Data center, there’s cloud, there’s the cyber, there’s security element, there’s networks, there’s workplace services, there’s everything and they all kind of integrate together. There is a separate unit that actually delivers on the cyber. But you know, fundamentally there’s a lot to juggle. So every quarter I’m reviewing our roadmap, seeing if that roadmap makes sense in terms of what is it the industry, the market requires of us and are we doing the right things, doing change and pivot. So we operate a sort of a quarterly cadence in terms of how things happen. I have to ask the business for money, so I spend A bit of my time putting together, whether it lean, canvases, concept papers, not just myself. I’ve got a team who helped me do that, but I’m responsible for making sure those things get put before the business and usually if they think they’re a good idea, then I have to go and ask for money. And depending on the amount of money I ask for, it might be just my boss or it might be the executive leadership team or in some cases, if it’s a serious amount of money, I’ve got it. We’ve actually got to go to the board of the company to to approve the amount of spend dollars to allow us to, whether it’s buy hardware and software or hire more people, it doesn’t really matter what it is. So there’s that aspect which is probably on a more strategic side. And there’s the day to day how is this product going? Tracking the progress. Occasionally I nip into a scrum team meetings and see what they’re doing, see what the backlog’s like. I don’t do as much of that these days because I’m trying to sort of step out of the day to day and let the product managers actually get on with what they need to get on with. But fundamentally I’m trying to make sure of my fingers on the pulse to understand what’s going on. I guess the hard part of product management is you have to manage every single stakeholder. You’re like the glue across the organization. So I’ve got a fairly small team. There’s probably what, 15 to 20 of us. But I’ve got to deal with finance, with financial matters. I’ve got to deal with our legal team when we’re drafting up standard terms, conditions and standard contracts. I’ve got to talk to technologists for integrating into service management systems, into billing systems, into I’ve got to put pricing together, so I’ve got to talk to sales. You know, there’s not one operations, you know, in terms of who’s going to manage this product when we create it and who’s going to improve it. There’s so many different stakeholders to get on board behind this and there’s obviously dealing with marketing and sales and we’re going to launch like we’re launching something in it. We’ve launched something now but we’re doing the formal launch in two or three weeks. So there’s all the standard event management, getting brochures created and printed, websites updated. There’s everything in the in between in the tech practical. So I find myself doing A lot of that. And then there’s the fun stuff as well. Like if there’s a new customer opportunity, I’ll often join the bid team and we’ll talk to the customer. And particularly if it’s a new product offering, I’m often involved in some of those discussions with customers and trying to sell a new service to customers. So it is, it’s very broad, very dynamic, quite interesting. I like getting out there in market as well. I like being a product manager or a leader of product teams that is out there talking to customers, out there talking about, talking to people like yourself out there talking to everybody, going to trade events or conferences, doing a lot of market intelligence, market study type work I do as well. I need to be able to keep my finger on the pulse of what is going on. It’s like, well, the reason we’ve launched a new private cloud is because we actually did a market study, tried to understand if there’s further opportunities for that type of solution and as a result of that we decided to reinvest in building a new private cloud, for example, which if you’d asked me that five years ago, I would have said that’s a crazy thing to do. Who’s going to do that in this day and age? Isn’t it the era of public cloud hyper hyperscalers. But it hasn’t been same thing with cyber. You know, right now one of my colleagues, his name is Ronak and he’s working in our networks portfolio at the moment and he’s building a SASE solution at the moment, a secure access, secure edge solution. And there’s so many technology vendors out there, we’re having to work out which are the ones we want to work with, you know, and we’re building that, but we’re already selling it before we finish the work. So. Which is also a challenge we have as a product team. So between all of that and yeah, it keeps you super busy, that is
[00:35:05] Chaahat: very broad and dynamic. I agree 100% and it also sounds like a lot of high pressure when you have to go and ask the stakeholders for more money and there’s a lot of tasks that you’re doing on your day to day basis, a lot of teams you’re responsible for and you’re answering to. So how do you prioritize all that and how do you keep track of things?
[00:35:23] David: That’s an important ability for anybody. Doesn’t matter whether you’re super experienced or inexperienced. Prioritization is always key. I mean there’s lots of different tools. What’s urgent, what’s critical, you know, all those sorts of things. You know, I’ll be honest, I do use those, but occasionally life just goes crazy. I try to live by, if you like, the values of. Well, in this case the company I work for, which is interactive. So they have this value which is really around being a trusted technology partner. They’re also very. One of the values we have is really about customer first. So if I base my decision making around those, how does this affect the customer? That will obviously indicate to me how important something is. Like often we reprioritize work in the backlog based on customer demand or customer request or a contract we have with a customer. So that is obviously always a good true north. Is this helping the customer achieve what they need to achieve? So I think that’s an important part. There’s also the impact to the business. Fundamentally like we operate, we need to be a profitable business. So some of the decisions and process priorities we make have to be based on reality of running a business. How will this impact the P L? If it’s going to negatively impact the P L? Maybe I don’t want to. I will. Maybe this is not a good idea. Maybe we should park this for next year. This is not a good idea right now. It’s still important, but maybe it’s not as important. So there’s lots of different ways of prioritizing, but it’s generally the customer centricity of what we’re trying to do. And that is important. But also looking after your people as well. At the end of the day, what a business is there collections of people working together to try to achieve a common goal. And for that, you know, we have to look after our people as well. So there’s that, that aspect of it and looking at the workload. So sometimes I have to make decisions and prioritize or change priorities because we simply don’t have enough people to do everything. And therefore I need to look after those people by rather than saying work harder and work longer, I need to sort of say, actually this is a higher priority to work on, even though everybody’s asking you for it. And my role then is to protect my people, my team or other team members too, so they can get on and focus on what they need to do, even though there might be lots of voices out there screaming that they need something now or they need something next week. And I’m just saying, well, the priority is these three things. So my team fundamentally runs three new product work streams at any point in time and we Also maintain and evolve two or three other sort of major platforms and systems. So it’s quite a lot. I have more in my backlog than I have people to do the work all the time. It’s tricky. I’d say that’s the hardest thing to do in my role anyway.
[00:37:56] Chaahat: That’s very well said. I think you covered everything from customers to business to people. And I think when all these three integrate, that’s when the magic happens. So what I wanted to ask, you mentioned something about private cloud. So when you were starting out thinking about this idea, what was your first sort of Wayne like, did you have the clear picture right from the beginning or did it develop more along the way?
[00:38:16] David: I’ll be honest, it’s much more about written what I would call business as usual. So we’re maintaining a platform, we’re upgrading hardware, we’re upgrading software, we’re improving security, we’re improving this, we’re improving that. But fundamentally it’s the same thing. We’re just making sure it’s current, it’s around a currency and after. As a product leader, what you need to be able to look at is every portfolio that you have, every offering you have, and actually measure its performance. And if its performance is not as good as it should be, you have to ask yourself some really hard and difficult questions. And sometimes the end result is that you sunset something, you actually stop selling it. You then end of life and then you kill it. It’s really hard to do. As a product leader, it’s so hard to do because people are emotionally engaged. Like if you’ve created something, like if you’ve actually made something and then I come along and say, I know you made this, but I think we’re going to stop selling it and we’re going to kill it. You don’t really want to let it go.
[00:39:13] Chaahat: Yeah, it’s like the brainchild.
[00:39:15] David: Yeah, it’s your child. And I’m now saying, jahan, I got to kill this child of yours. You don’t want it to die. But those are the really difficult questions commercial organizations need to make at the end of the day. Like, does this have a future? Is it profitable enough? Does it deliver value to customers? Is it something customers even want today?
And if you can’t answer those hard and difficult questions, often it’s because you’ve deliberately tried to put your head in the ground and ignore all those signs that are telling you you need to do something. And that’s kind of what we did with our private cloud. We were looking at it and saying it’s either got to evolve or it’s got to die. And so we initiated a market study and we decided we’re reinvesting. We’re going all in this because we still think there’s a use for this type of solution, this type of capability in the market that we’re in at the moment. In Australia, we believe in hybrid cloud, which is public and private working together, believe in supporting very old things in data centers where need be, because sometimes there’s a really good reason. So those are the difficult challenges to do is to. And that’s one of the first things I did when I joined Interactive, what, three and a half years ago. I actually had to kill a few products because I thought, well, I’ve got two of these. And how is this selling? The people have used this thing. Why are we spending so much money maintaining an offering in market when it’s not growing? And it’s really hard because people don’t. People who’ve been used to selling the thing want to keep selling the thing. But then I’m saying, well, you’re trying to sell it, but it’s not really successful.
Maybe we need to. Can we make it better? No, it’s. We can’t really make it better, or we can. It’s gonna be too much money. And then you make those calls. And at the end of the day, yeah, but it was good because it got us through the. We now understand what the process is and we’re now comfortable with how we make decisions and that’s improved how we look at an offering. Same with cybersecurity. Have we got enough in the portfolio of cybersecurity? We do endpoint protection. We do. We have a stock. How many products should we support? What is it customers actually want out there? You know, and now we’ve got Sase coming down the line. There’s all these things that are out there and obviously you want something out in market when it’s relevant. You don’t want to put something out where it’s three years too late. Everybody else has won and you’re going to have a hard time. And let’s face it, in our industry, in it, most of us are using the exact same technology.
Like, I can sell you public cloud as your AWS. I could sell you Microsoft 365 and offering around that. If you go to a competitor, they’re probably selling exactly the same thing. So what is the difference? The difference is how we do it and what value you get out of us from our people. What happens when you pick up the phone or something goes wrong? Does someone actually look after it? Does someone find out that there’s someone trying to breach your systems and we let you know about it and we can actually proactively protect you or is it too late and then we’re in recovery mode and we’re trying to recover from backups which were hopefully air gapped and all that sort of stuff. All those things. The value you get from us is actually our people, our systems, our processes, our culture, our attitude towards our customers, which is we will do whatever it takes to keep you up. I mean that’s the history of our, of my company’s business is exactly that. We want to make sure that your systems are available. That’s been from sort of day one and we’ve carried through that ethos for a long time now.
[00:42:17] Chaahat: And I feel like at the end of the day anything that a customer wants is as well that they’re being looked after.
So if you’re fulfilling that promise, I think that’s a win win for both the company and the business.
[00:42:28] David: That’s the way with business. Often it’s because someone’s really dissatisfied with an existing provider and they’re so dissatisfied they’re prepared to come to someone else and if they experience something good from you, they might have tried you out with something small and they think that experience was really great. They’ll probably come back to you for more. And that’s really how we often get a lot more work, a lot of more business out of customers. It’s from existing customers. You’ve existed, experienced something good from us. And then they’ve said, wow, that organization really helped me out. In fact, that’s how we got one of our customers. They had a major cyber attack. Their existing provider wouldn’t support them, says we can’t really help you, we don’t have a contract to help you in that way. And refused to help them. We didn’t even have a contract with them. We said we’ll help you. We put our hands up and we put in a, a DFIR team on the ground to help them out. We got them a new environment built on a public cloud environment really fast. They had something there. We could have done it on a, in our private cloud as well, but because they were already users of Microsoft cloud, we decided we would deploy public cloud for them and we stood them up a service within a matter of weeks. As a result of that, they gave us their entire IT infrastructure and cyber to look after and that was Just because we decided we’d put our hand up.
[00:43:37] Chaahat: Yeah, that’s brilliant. I feel like taking the initiative as always builds up value over the time, always does so for the students or early career professionals like myself. What skills or mindsets you fish you had starting out?
[00:43:50] David: I think well, I studied engineering, very technical degree. Within that I probably did a little bit of accounting and economics and some supposed management. I’ll tell you it was pretty poor. And looking at university degrees today during that very technical stream, they really prepared you for the commercial world very well. That’s my honest opinion. I hope to be proven wrong certainly when I’ve seen even graduates in the last three to five years, the where I spend the most effort is actually teaching them commercial skills, understanding P Ls, understanding pricing, understanding market research and also communication skills. I’m successful in what I do because of the communication skills that I have and have developed. They’re developed over time. People need to give you opportunities to develop those skills, but you develop them over time. No one walks out and says they’re amazing at presenting. You can see that in some of the best presenters who’ve ever existed. You can see how they’ve evolved over time because they keep practicing and getting better at communicating. And communicating clearly is massively important from that perspective. So I think it’s commercial awareness, it’s stakeholder management. We live in a world now where hierarchies like they used to be 30 years ago don’t exist anymore. You have lots of mini people working matrix organizations these days. So you influence people rather than have direct authority or control. And so I have an engineering team and product managers, but the operations team, they don’t report to me on the platforms that we operate. I have to influence them. And I’m not the type of person who will always go up to their manager and try and make someone do something. You have to be able to influence people. And that’s really about stakeholder management. So I think those three things are important. So the commercial awareness, the communication skills and stakeholder management are the three things I would say if you were starting out today, try and develop those. Try and get opportunities to develop those.
[00:45:33] Chaahat: That’s a very unique perspective. I haven’t heard that from anyone, so I’ll definitely look into those. And the other thing you mentioned was like you have to influence them. Can you tell me a bit about that? Like how do you do it? Any example that you have, it’s like
[00:45:45] David: anything, if you want a decision or support for something, just broadcasting that information is not Sufficient, because everybody learns, everybody understands things in a different way. So sometimes when what I will do, if I’m meeting some very senior stakeholders, and this could apply to whether it’s a customer, whether it’s the board, or whether it’s executive leadership team or my boss or peers, sometimes you just take time aside to explain what it is you’re trying to achieve, to understand what motivates them, what’s important to them, and you try and marry the two together so you can get support for your initiative, your idea, your funding request. And if you can explain those things clearly, you can articulate the benefit.
They can see a win for it, for themselves as well as for the organization and as well as for you. That’s really how you can influence someone so they can understand the why. You know, I’m a big believer in explaining why. You know, if you’re a sort of a fan of Simon Sinek, that explaining the why is so and so, so important. If you can’t explain why you’re doing something, how do you expect someone else to be able to get behind what you’re trying to achieve?
[00:46:49] Chaahat: That is a very valid point. So the tech often talks about innovation versus the regulation, and we have touched a bit upon that as well. So how do you see that balance playing out in cloud security and at the same time, data sovereignty?
[00:47:02] David: That’s a really hard question. I don’t actually think there’s a right or wrong answer there. I don’t actually think the reality is the amount of investment being poured into cloud systems is beyond anything anyone in an individual country or organization could simply achieve. So I think innovation will always be happening out there, particularly in that hyperscale cloud world, and that’s never going to stop. The question is, is there transparency in how those things are created and operated? And I think that’s what’s really, really important. And tools and security products in particular give you that ability to understand what’s going on.
Those will be the things that are going to be massively important. So I think if you say, I’m not going to use any of those services, you can’t really be innovative because you’re cutting you out, you’re cutting yourself away from huge amounts of innovation, huge amounts of investment. So the question is, how can I use that service, that capability, that new technology, but have the guardrails, have the controls? And a lot of that is really about transparency. If you look at what most cyber security analysts in a SOC do, they’re trying to filter through huge amounts of data, trying to find that needle in the haystack. And that’s why AI and all these other automation tools are so important. Important because they allow you to sort of get rid of all of the noise and focus on really what are the genuine threats. But the point of it is the reason they’re trying to hoover up all of the logs, hoover up all the audit information, is to try and understand what’s going on. So I think that the ease with which those new technologies provide the ability to understand what’s going on is going to give us more trust in that. And I think that’s the balance. What you can’t do is consume something as a black box and not really understand how it’s doing it or where it got it data from, whose data is it? Like that’s the problem I’ve got at the moment with some of these AI systems. They’re a bit of a black box. There’s an API around it, but you don’t really know what is inside it, what trained it. That’s where the concern I have is, where I don’t understand what’s going on underneath the hood.
[00:49:04] Chaahat: That’s very true. But I hope we can solve this mystery sometime in the future. In your career till now, what’s the problem that you have faced and that you are proud of, like solving and what did that particular problem taught you? Any challenge that you came across?
[00:49:19] David: Oh, well, I’ve had lots of failures as well as lots of successes. Built some pretty impressive systems like some big case management systems used by, for immigration and things like that, so that I would, I was very proud of because I was involved in, in, in designing, implementing and rolling these things out. So I’m proud of that. What I learned from that though, may not be what you expect to learn and that is more about people and the complexities of dealing with, for example, governments who declare things and then want things done by a certain date and working with people who think that no matter how many people they throw at you, that will be how, how you solve the problem. Solving the problem is, do you need 100 people, do you need 200 people to solve this problem? And there’s certain things where it doesn’t really matter how many people you throw at the problem, that’s not going to help. What’s actually going to help is having the right people, a smaller number of the right people to solve the problem. So I think that’s my learning from, from that. But I’ve also had some failures. I’ve built systems that never got used to and I should have really identified the fact that that process was hardly ever used. So what’s the point of automating that process, for example? So I’ve learned from those mistakes as well. So that’s.
But there’s lots of things I’m proud of. But what I’m mostly proud of is building good teams. That’s really what I where I get my kick is seeing good teams form good teams, so less about what they achieve but more how they came together. And a major challenge together is what probably motivates me more than anything.
[00:50:39] Chaahat: And as I say, teamwork is the dream work. So I don’t think an individual can do something unless it has the support of the team. And Kaleli, thank you so much for a wonderful session today. David and I have some rapid questions, rapid fire questions that I used to do. So I’m just going to throw a question, one word to it. So I would like to ask one word that describes your leadership style.
[00:50:59] David: Coach.
[00:51:00] Chaahat: Yeah. The best career advice you had ever received. Seek mentors, cloud, AI or cybersecurity. What excites you the most?
[00:51:08] David: I can’t give you one. I think it’s AI for the possibility, but cloud right now because obviously I’m launching a new cloud offering, so I’m slightly biased, so I’ll say that.
[00:51:16] Chaahat: Fair enough. A misconception about data sovereignty you wish to bust.
[00:51:20] David: It’s not just about geography.
[00:51:21] Chaahat: And if you weren’t in tech, what would you be doing today?
[00:51:24] David: Probably be a doctor because my dad was a doctor, my mum was a midwife, so a medical family. So I probably should have been a doctor. But. But engineering was what I started with, so yeah, yeah.
[00:51:33] Chaahat: And we are good to have. We are so happy to have you in this space. So yeah.
[00:51:36] David: Thank you.
