The Leadership Playbook for Aspiring CIOs and CISOs

Paul Jackson: Wherever you are in the world. Hello and welcome to THEOS Cybernova podcasts.
Before we begin, I’ve got a quick favor to ask from you. There’s one simple way that you could support our show, and that is by hitting the follow or subscribe buttons on the app that you’re listening to the show on right now. It makes a huge difference in helping to get the show out there to as many people as possible.

So please, please give us a hand and click that button now. Thank you very much for.

The THEOS Cybernova podcast hosted by Paul Jackson.

Paul Jackson: Welcome to another episode of THEOS Cybernova podcast. I’m Paul Jackson and each week I’m digging into the latest trends, challenges and innovations shaping the cyber security landscape. As well as talking to a fantastic mix of leading industry experts, thought leaders, technologists and legal eagles all with a particular focus on the Asia Pacific region.

So whether you’re a professional in the field or simply curious about staying safe in the digital age, we hope THEOS Cybernova will offer up valuable knowledge and actionable insights for everyone.

So today I’m delighted. And in fact, I’m honored to welcome David Gee. Who’s with us for the first time. And David is based down under in Sydney in Australia. But obviously with very strong connections to the part of the world where I’m based in. And David is an absolute cyber legend. Everybody knows him in our region every time, you know, I’m out with friends in the cyber industry in Hong Kong or wherever, Singapore, wherever it may be, your name inevitably crops up. So thank you so much for taking up the time to join us on the show today, David.

David Gee: Thanks, Paul. I’m not sure what to say, but thank you!

Paul Jackson: You  know, you truly are a legend. You know, you, you know, and I know, you know, we’ll talk about your book in a moment. But it’s so highly regarded. And I know you’re bringing out another one soon where you’re inviting a lot of those other cyber legends from around the region to contribute.

And I know that’s going to be a fantastic addition to your portfolio of, of work. All right. So, David, I’m not going to read out your bio because who better to introduce yourself than you personally? And, you know, I know it could take up the whole show talking about yourself here, but I try and convince it into, into,

 David Gee: Gosh. Thank you. Look, I’ve it’s sort of interesting talking about yourself in a but if you summarize it, you know, 20, 20, 25 years CIO, CISO, pivoted to into risk management. My last role prior to retirement, I retired in 4th of July last year in there,  the Independence Day. But, you know, my last role with Macquarie Group was running take cyber and data risk and kind of using all that scar tissue I accumulated all those years of management to kind of kind of know what the bad things are and how do I help address that.

And also, I guess you, you know, when you’re being CIO, CISO, you’ve been haunted by really bad risk people who don’t have a clue. So how do I  should not do that. And will I really focus on what really matters and work to protect the organization or the bank versus, you know, taking my backside. So I’ve had a lot of fun doing that.

 And so I’m still doing that now as an advisor for Bain and, you know, doing work with, JS Careers, doing cyber recruitment and a whole bunch of other stuff. So, I got eight  email addresses, I think. So, yeah.

Paul Jackson:That’s more than enough for now. But we can really dig into some of these things. And, look, you know, the author of The Aspiring CIO and CSO book, which we’ll talk about in just a second, but before that, I’m a little bit curious about your personal history, because, obviously your origins are from more my part of the world up the not far from Hong Kong. Right. So how did you end up in Australia?

David Gee: Look, I think my great grandfather somehow wandered into Australia. He was. Which believes he’s a tailor by training. And he had that. That was his training. And then he, you know, the Chinese surname is Ju as in Jurong Deed Ju. But you know, they write, they write something down which is Gee so I became Gee.

And so, you know, my grandfather, Fred Gee was up in the Northern Territory, in Western Australia running businesses, you know, with his towns, with his know Chinese people and Aboriginal people. I think so it’s, I guess, a hard life, you know, because you’re in the outback. So, yeah, I was kind of privileged to go up and down, which was a very multicultural society with the, you know, there’s an Aboriginal, then an Asian, then a Italian, then a white person.

It was very much that way. And so, a lot of what I, I am, I think is formed from you know, that sort of living in a very safe place. We didn’t lock the door at night. He kind of felt, you know, secured,  no install from each other people we knew each other and I never encountered racism until I left and went to Sydney.

So it’s I grew up in this silk cocoon in a way.

Paul Jackson: Yeah. Wow. But you say it’s safe, but all I ever hear about Darwin is crocodiles, snakes and things that want to kill you, right?

David Gee: Yeah. And, no worry about that. That’s an Australian thing. So at some of your times, you know, as a kid would, we’d been, you know, my parents were playing mahjong in a in a stream of what I’m holding, you know, like, sorry, two inches.So the old imperial scale be sitting in a and a table, play mahjong, and the kids would be out in the billabong, you know, swimming. Where the following week they were a crocodile that took somebody. And the water’s dark and murky and  cold. And so I don’t know how we survived, but we somehow survived all those nasty, crocodiles and sharks and stingrays and everything else for fun.

Paul Jackson:: That’s a great story. Yeah. So we should we switch to Cantonese then to do the rest?

David Gee: Oh, sure. Yeah. My Cantonese is okay. Not great in Mandarin. Sort of a little better living in Shanghai. And then, also a little speak a little of the Japanese as well, but all badly, unfortunately.

Paul Jackson: More Hong Kong Joho, right? All right. All right. Okay, let’s move on to your book,   what a fantastic book. It’s got so much great feedback. Look at all five star reviews you getting. I’m sure they’re not your friends or anything like that, but these are these are great reviews. So tell us a little bit about the book and what prompted you to write it.   Because, you know, you didn’t decide to disappear and settle on a beach after retirement. You’re giving back to the community and sharing your experience, which I absolutely love. And so tell us a bit more about the book.

David Gee:It looks a humbling experience to write a book because and I’ve, you know, always been a writer in the sense of writing for magazines are now write for The Foundry in the, the magazine. And, they have a gosh, a 1.2 million readership each month. So it’s a huge but eight, nine years ago is really also writing for this Australian version. And they were syndicating my articles to other parts of the world, but I’ve always loved writing, so. But for me, the motivation is not money because you don’t get much money from a book.  I get a coffee every time you sell a book. I’ve always enjoyed helping others and I put it down to this. You know, when I was a kid growing up and down and I was a kind of a fat, lazy kid, right? Spoiled and chubby. And I went to a boarding school in Sydney, and then I got to the more sporty and but at some point in my life, you know, the coach said to me, “David, I’m going to put you into the first team. They’re going to make you do.”  And I was in the first team for two years. “We’re gonna make you the captain. But actually, we’re going to ask you one thing. Can you stop shooting because you’re the best shooter?  Boy, you’d actually to pass the ball.” And I was like, wait, wait, wait, wait. Why should I pass the ball on the shooter?

 And so at the age of 16, 17, I started to learn about how do I make others better. And I was really uncomfortable because I just like shooting the ball, right. I was good at that. And you know, I felt I felt the, the for me have been the best shooter, the team on the star player of the team suddenly.

No, no, your job is to make others better. Pass the ball and be the point guard. And so I’ve got to carry that advice with me on my life is how do I make others better? Because if I do that, I can. I shot myself right versus being selfish and trying to just do what’s about me, how to be a team player and make others better.

And so the book was part of me trying to say, how do I help others grow? Because I’ve enjoyed that in my career. And I think Paul, you know, said the different experience in my career. But one of things I got into a good in a manager really early my life, you know, I just, you know, as managing a team of 3 or 4 when I was 25, 26, at some point the CIO is probably called something different back then, MIS Director, just fired the number two in charge and said, David, we’re going to promote you. You’re 27, you want you to run this team of 40 people. And I was, “oh gosh, okay, how do I do this?  Oh, I don’t these guys know more than I do, they are smarter, I know they’ve got PhDs and master’s degrees and it’s you know, it’s much smarter in developing code than I am and, and supporting these mid-range computers.

And so I had to learn and grow very fast to, to become a leader. And so to find people, how do I get people to follow me, given that they know more than I do? And how do I then try and inspire them, inspire myself? So I’ve always found that a big challenge, and even to this day, I try to inspire myself to what’s going to be the things I want to do to make a difference.

Paul Jackson: Yeah, that’s fantastic. You know what? We had an episode earlier with a guy called Dicky Wong. Dicky said exactly the same or almost the same thing as you said, which was sport played a huge role in, in developing, you know, how we managed teams. He spoke about rugby. He’s a great rugby player. Right. And how he taught him, you know, about teamwork, how it taught him to absolutely to  be a leader on the field.

It and he took a lot of that back into his working life and pulled it. This is where you know, I told people actually, you know, you can practice leadership through that. And for me, it’s the same stories. Dick and Dicky, by the way, I was in the dragon boat team for Australia and we had big ambitions to, you know, to be in the Australian team. We try to create a and Australian Chinese team and the beat the big white boys who were, you know, triathletes and Ironman and stuff. So it was a it was a real challenge because they’re professional athletes are trained seven days a week and we’re, we’re a professional, accountants and management and whatever. Right. And so but for me, I let my management like Dicky by running and creating you know, Dragon batting club with 1,2, 4 teams and then organizing, gosh, we did trips to Malaysia, Singapore, Hong Kong, Macau, you know, you name it.

We and I would have to get sponsors and then raise money, have charity balls from these guys, you know, do all these events and then suddenly you’re in charge and you’re young and you’ve got all these passports and all that cash and organizing the breakfast and the dinners and talking to people, all of the you get a beer tonight, don’t go out and let them play.

And so, yeah, like  Dicky says, you learn a lot about yourself and around how to get people to, to achieve something through, through other mechanisms. Then you take it back to work. And actually this is easy.

Paul Jackson: That’s right.

David Gee: Because these people being paid this other stuff, this, you know, pro bono

Paul Jackson: 100%, and I’ve got a great dragon boat story, but I’ll save it for another time. But I pay to involve my time. When I was in charge of Tai O Police Station on Lantau Island. It’s actually a really embarrassing story, but it is quite amusing. But I’ll save that for another time. But, let’s  talk more about it. You know, some of the key components of your book, because I was out to dinner with, well, with a group who call themselves Legends of Cyber in Hong Kong, which is, quite musical, but, you know, a lot of them, of course, they’re  all senior executives in these positions.And we had a dinner and, they were talking about yourself, actually. And because I’ve mentioned that you’d be on the show, it’s a bit of a teaser, you know, ahead of this episode. And they said one of the things they loved about you is you were a fantastic mentor, right? And that’s resonate with me because I think, you know, we’re both obviously of an age, and it’s important to be that mentor and help young professionals to developing their career.

What’s the secret? You know, because you touched on this in your book. So people don’t have to read your book. What’s the? I’m joking. Well, what’s the what’s the secret to good mentorship?

David Gee: You know, it is it really I, I learned in my, my first year job in Australia with Eli Lilly and then they, they promise and I’ll talk about this in like some keynotes.

I do I was sort of torn up in my world. You know, I had these job offers to be a partner with EY Consulting or be a partner with Adi, Connie or Gulf in the CIO career. And I and I said, actually, if I do a partner, I’ll get this nice office. I make less money, you know, people think is prestigious, but actually it’s kind of like short, short term, not very strategic, not, you know, not really doing things for the world.

What I do something important. So I made that choice, Paul. So when I get to I get my first assignment, second assignment. So as the CEO in Shanghai. And this is 99. So China is like an idea, right. And there’s a ten year strategy put together with BCG consulting. And then with my first one is with

And HR  said, David, you’re coming here. We’re trying to build, you know, what’s going to be number one, number two, you know, if this company globally, can you leave deep footprints? And I thought, okay, that’s interesting. You know, I’ve been building data centers. I’ve been building applications, you know, doing all this other stuff. They footprints. What do you mean by that? She said, well, I mean, we do people, you know, how do you do that? And I said, well, I mean, I’ll be doing that in Australia. I give credit to, you know, the original team. And then I realized that, you know, it was really the calling I had as a leader is how do you then you know, hire people, make them the best versions of themselves.

And I think a I’ll take a snippet out of my, my learnings in which I put in the book, if you take a very simple equation, Paul,  and you said, okay, you walk into a team anywhere in the world, right? A bank and insurance company, you can’t file everybody you have. You got to usually work with them, right. And you might make some changes over time. So as a leader, how do you make these this team supercharged? And so they can’t all be superstars unfortunately that’s just the way it is right. So you know walking I’ve got Paul. Paul’s really good Paul on a good day can be a seven at a ten and a good a better day can be an eight at ten. Right. But when he’s got a bad day he’s six. How do I how do I encourage Paul to understand. And Paul’s thinking, Paul’s mindset to say, how do I help Paul being eight, what makes him an eight? Does he need some encouragement? Is it actually that he’s a bit afraid to take chances? How do I stretch him? And David, he’s rubbish and he’s three out of ten. How do I get him to be six? Maybe six is a stretch? But if I encourage him figure out how he thinks I can get David and Paul to be the best version of themselves and how do I get to be a good team? So they actually working together. So it’s not a negative in a conflict situation wise. In minus, it’s a multiplication, which means as a leader, I’m getting fantastic results. Now, to me that’s is a simple equation. You know, a number versus another person, but another person coaching them to be the best version of themselves, giving them. And actually, I’ve said this to my team members. I said today, “Bob, I know you can be a seven today. You’re a five. And the reason why you’re five is you’re not doing this or you’re not going to getting stakeholders. You’re not actually stretching yourself, and you stay in the comfort zone. And when your comfort zone, your five and I want you to be a seven. When you beat seven, I can reward you. I can do more things for you and you can get more opportunities as a lady because you’re being comfortable being uncomfortable.”

Paul Jackson: That’s fantastic. It’s great insights because soon as we finish this, I’m going to I’m in the office right now and I’m going to walk out the door, go to one of my team. You’re a five. And I know that in all seriousness, you know, this is actually a great way of looking at it.

David Gee: Really great being straight and put, but also then how do you be specific, right.  Telling Paul that his communication skills is poor doesn’t help us. What does that mean? Is it is it that listening? Yes. Is it is it when he’s actually is it when he’s in a group of ten people that he goes quiet? You know what, what is it specifically? Yes, if you can figure that out. So I always tell people this story and say when I was 25, 26, 27 getting promoted, these big jobs and I didn’t want a team meeting, I was scared.

I mean, I didn’t want to speak in public like that. I liked one on ones, ten people. Oh gosh. And so I said, okay, how do I volunteer to do this? How do I volunteer to run workshops? 50 people, 100 people, 200 people, 500 people, 1000 people, different countries, 5000. You know, how do I do that? Right. And so I focus on that as being a weak point to make it into a strength.

And so if you understand where are you and what scares you. And then therefore how do I then try to practice that. Does that make sense?

Paul Jackson: Yeah. Look, I think we’ve both been leaders for a long, long time. And I’m with you on this because it’s no point just picking holes or pointing out failings without showing a path to the improvement. What steps they can take to get from that 5 to 6 or 7 to 8 and up.

David Gee: And it the structure I put in my book, that is the skills, knowledge, experience, behavior, right? Yes. All quadrants. You pick one of those and say, okay, for me to be two jobs ahead of where I am, okay. Yeah, I need to be thinking about this like a good example.

So I was HSBC CISO  Hong Kong for three years. I can go get another CISO  job. I get back to be a CIO. What I get to do is risk management. Why would I do that? Because I wanted to be better at asking questions. I’ve be really good at doing things. If I want to be a board member and board members get a chance to ask 1 or 2 questions each quarter.

Maybe, right? How do I make sure that I ask the right question, not the question number 2019. By really thinking through what’s going to make a difference from the rest at an enterprise level, versus me being the person gets less stuff done. You know, the transformation shit, right? I’m good at that. But if I want to be progressing that field, I need to be thinking about myself. Two jobs ahead, which is boards, and then making sure that I spend the next three years just asking really hard questions.

Paul Jackson: Yes, you’re absolutely right. And again, you’ve resonated with me because a lot of people ask me, why have you moved away from big client focused client facing in my previous roles as leaders of delivery teams in Asia to being a CEO of a company, and it’s really about, you know, extending myself and also empower the people that are in this company and helping them to be better, to go on to reach greater heights and  to show that this company in Asia based company can compete with the best of the international

companies and be, you know, something to be proud of in Asia. So yeah, it’s all about not only pushing yourself, but also putting yourself in a position where you can help others to be better than they are. And I think, you know, we’re both on the same page

David Gee: And make this this try this tried and in going back and see, you know, people you’ve built developed and you know I someone to speak to people are now CEOs, COOs, CIO’s And then I’ll contact them or you know some have contacted me after reading my book and they say, David, I’ve read the book and I hear your voice as I read in the book. And then, then I actually said, actually, you told me I should be doing this all those years ago, 12 years ago. And that’s still in my head. I’m still thinking about, am I doing this? Am I getting enough? Because if I don’t delegate, I’m not growing my team. Right? Their capability, but I’m honing in on being a really good leader and getting stuff done. That’s great. But actually I need to also build these guys below me and guys that goes below me. And that was a woman, by the way, who said that to me and to David, that of what advice I’ll carry for 12 years now, and that she’s a CEO for a large organization in Australia.

So that makes me really proud.

Paul Jackson: So at this point in the podcast, if any of our listeners aren’t already on Amazon.com looking for The Aspiring CIO and CSO, well, you really should be, but let’s pick another aspect of this book, which is how you get in that front door in the first place. Because I know in the book you talk about preparing for interviews, interview questions. What’s your top tips for somebody who is an aspiring CIO or CISO? Let’s focus on CISO as we’re cybersecurity podcast, what is the most important tips you can give to somebody who wants to open that door?

David Gee: Yeah, now I look I go back to the experience of behavior. Right. It’s in the day. If you got these certifications, these accreditations, these degrees, it’s kind of so what.And I mean it’s all at all foundational. You got to have it right. You got to have these things. And it’s the knowledge. But what you’re looking for is you’re looking for the experience. People have got experience during hard things solving problems, you know, okay, you’ve been hacked, actually. Great. You actually understand how to recover from being hacked. I see that as being a positive. Right. It’s no different to, you know, you know, interviewing a person in China one time and then I was like, oh, you got, five years gap in your CV. Oh, you know, I hacked the US government, so I got put in jail by the Chinese love it because he’s honest.

Love it because he’s he can do it. Okay. Right. And so I was like, oh gosh, you can’t hide this. Oh no, this is this is a tick, tick, tick for me. And so for me trying to figure out, you know, what, one of the pointy things around experience that make a huge difference. Yes. Show leadership show you can do things now the behavior side, right? The B side now. So can you work with difficult stakeholders. Can you can you can you say no to them. Can you say no to the board? Can you say no to the chief risk officer when they’re pushing to do things you shouldn’t be doing? Now let’s take a great example. And I’ve had this, not myself, but others. I’ve come in, you know, I’ve seen done. And you’re the new CISO. Okay. They ask me for advice and I say, well, actually, you don’t have enough budget, you don’t have enough resources and this is your first board meeting. We’re going to say, are you going to say what the boss tells you to say, the CIO or you going to say, I need to look into some concerns.

That’s why I’m under the bus or under the bus, but actually say, I’m not sure we there yet. I’m not, you know, how do you then show the leadership behaviors so you’re not becoming a victim. So when they get hacked and say, well, I you know, you asked and you didn’t ask for anything. David. Right?  That’s it’s a bad, bad lose win situation.

Right. How do you make sure you stand up for yourself and what you need. And that’s behavior that’s having the backbone. That’s how Big Kahuna is. Right. They say right. So how do you how do you show me that? Show me that. And if you get that, I will always back. That’s people every time.

Paul Jackson: Fantastic advice. And I 100% with you on that. And I also agree with you on the qualifications. Yes there are way to get, you know, through the air paper mill. But at the end of the day, it’s that passion. It’s the, you know, the aptitude, the, the willingness to push the boundaries and to show yourself as a leader that are really, truly important. So 100% agree.

David Gee: So I’m not advertising the career stuff because that’s true in Australia. But as a recruiter now advising recruitment firm around takes time and data. You know I do people’s grading every day okay. Yep. And I’ll call you Paul. And I’m seen your CV or LinkedIn account and I’ll call you. And then I can figure out in five minutes whether you’ve got the right thing, provided you’re not in, you know, work environment where you can’t speak. Well, I can figure out, does he have the right stuff? Does he does. He is in is it crew? Is he curious? Is he you know she wants our problem is all that you know I also what I use the other day I said okay are you a vitamin or are you a painkiller. I want to hire the  painkillers, right?

Painkillers help me quite a bit. Or a painkiller? I love vitamins. Make you feel better? Yeah, right. They don’t fix anything. But painkillers really fix the problem. And they make it. They make a big difference.

Paul Jackson: We just heard a sound bite for this episode. And you’re right. A bit of a painkiller that. But you’re right. When you talk about five minutes in, I’m you know, when I was at JP Morgan building out the team there, they started a New York running the big team there. I was doing hundreds of interviews, literally. And you’re right, probably within five minutes I’d made my mind up. And the rest of it, it was all just filler.

David Gee: Which is unfortunate because you don’t spend the next 55 minutes thinking, okay, how do I justify my decision?

Paul Jackson: Yes. And, you’re 100% right on that. And look, you know, I always showed people respect, of course, by going through the entire interview, even if I decided within those five minutes. But still, those first five minutes are crucial. And if you can’t get your  talent across, your potential across, then

David Gee: And you know what else I’ve seen? Is’ve seen interview. You know, people come interviews and there’s no eye contact. I was once seen interviewing an architect and say, okay, so can here’s the pin. Can we can we just go and draw? I want to understand how you and the person wouldn’t draw. He wouldn’t give me, I said I don’t care is a data model or system diagram or which picture. I just want to understand how you think through a problem. And because he wouldn’t, and he’s an architect wouldn’t get the pin. I was like, wait, wait, wait, you’re an architect. You should love drawing.

Paul Jackson: Absolutely. And I actually really loved the fact that you’re working in the recruitment space now, because it’s been a big bugbear of mine down the years, how poor cyber recruiting is. And you probably be aware, a couple of episodes we had, go we had Craig Johnson on who’s an absolute leader in the cyber recruitment space, somebody who takes it seriously, you know, lives and breathes this sort of stuff. And he’s brought in people like yourself, right, who are experts to be advisors. And I think that’s a great model where, you know, you’ve got people who’ve been there, done that, who could actually help with interview processes or assessments because, you know, sometimes it’s the blind leading the blind.

When in recruiting, you know, you get say, I don’t know, CEO of a company who’s trying to hire a CSO, but obviously their skill sets are in the business, not in cyber. And how are they supposed to determine which CSO is better than the other, right?

David Gee:  Yeah. No, you’ve I’ve seen it so many times when we’re doing these recruiting roles for CISOs and the team below, which is that you’re trying to do a, a Tinder match for.  Okay. So how do they match up that the culture’s fit, that they’re looking for the right, you know, interface to board, interface should team interface with peers level of, you know, competency because the because the level of depth requirements may vary depending on the size of the organization. With its large organization, they maybe can get by without having everything on the CV.

Paul Jackson: Yes, absolutely. Okay. I want to switch gears a little bit because you mentioned earlier about boards, you know, your aspirations to be on big boards, etc.. You remember a year or half ago, whatever it was, the SEC were, you know, put out the discussion around what the roles and responsibilities should be for boards of listed companies. And there was a lot of debate as to whether there should be a cyber expert on the board. I’d like to hear your views on that.

David Gee: Now. This shouldn’t be now. It’s interesting. I got a bae’s position, of course, you know, being sort of a digital CIO, a risk professional, and the CSO. Right. I’ve kind of covering, you know, triple threat. I’m doing all kinds of and things. But you understand what boards do. And if you remember a board be more than the cyber expert. You need to actually be a board member first. That helps the organization grow, help that help them with the strategy, helping them with the people, succession planning and the whole those dimensions around, you know, the environmental, all those issues you got to weigh in on. Okay, you can’t just be the person who can solely talk about that. Now, that being said, you know, because I’ve I know too much about cyber. I’m kind of cautious which ones I would join anyway. Because you said if you’re the cyber person, you’re hacked, then it’s my fault, right? And you, you’re not even operational. So it is interesting. The same token I did prior to retiring. I did meet a lot of technology board members around town and figured out that a lot of my ex CIO’s or project people and then necessarily understand cyber, they might understand some of it.

So it is an interesting one. You know, people will get there, but they do need you do need to be rounded. You need to have all the other dimensions, you know, in that sort of board portfolio prioritization, which skills matrix they do. You got to take a few boxes. You can’t just take one box. And I think that’s enough because I think they’re going to be saying, I want this person to help drive digital change. I want this person to help, you know, be on the risk committee and look at risk broadly. And cyber risk is one of those risks. Very important? Of course, I don’t understand that. But actually, yeah, you can’t just be one dimensional, expect to get the job because SEC says so. And that’s fair.

Paul Jackson: 100%. So, you know, one of my key roles that I spoke earlier that as a CEO, I of step backwards obviously client delivery. But one of the areas I do still engage with clients is delivering board briefings because of my background and risk is of course, the most important function really. I think managing risk. And as a former police officer, etc., I’ve seen all sides of risk, obviously, and so I’m able to sort of put this in a, in a perspective that is meaningful for boards. So I do a lot of board briefings, and I know you do as well, but I’d love to, you know, pick your brains a little bit because nobody’s perfect to doing this. What kind of things do you focus on when you’re when you’re talking to boards? What do you think resonates most with them?

David Gee:  It’s interesting, you know, when I was who had just speak, that was one thing that I did a lot of that as part of my job, globally. And so I think I do a few hundred board retreats in each year, and prepare the board packs that others would use as well. Now, interestingly, to me, you know, given that the audience, the board members actually don’t necessarily understand this in depth, how do you provide them with that? With that time, the psychics had had to provide to them, you know, respectfully, here’s the position. Here’s where we are, here’s our risk position. You know, here’s our path to goodness. I don’t say green, partly goodness. And let them understand that this is where we are. And, you know, just give them the facts. I think the I’ve seen so many, you know, CEOs and C CEOs provide a very tainted vision that looks better than it is.

And that doesn’t do you very much good. The whole advice and I got that from Rob Veras is is one of the keys here, which is really good advice, which is boards have to challenge the greens and you know that’s not typically what they do. They that that challenge the red. But how do you know challenge the greens and say is that really green. You know and then support the reds. Got it. Because the reds mean and I’ll say this CSR recently I’ve been helping them bank in Australia. You know how do you get help. How do I help you get the right help for your risk? Take cyber appetite, which means you’ve got to. They have this massive support for the next X number of years.

And then they actually understand that every time you do, you know, at end of life end of service support thing, that’s bad right. That’s actually negative to your risk appetite. And so don’t assume that metrics can be good. Going to be bad. That’s okay. Because once you know those are there I’m going to track them and try to do more to contain that. That’s good. But that’s a mindset shift cultural shifts and said to get the board to help you with that. And so a lot of dimensions there and put reporting and being having boards involved in exercises and all that sort of stuff works.

Paul Jackson: Agreed. And if you’ll do me the honor of appearing on another episode in the future, I think that’s a topic that we can drill into, you know, gov governance and board responsibilities, because I think it’s such a hot topic right now. I get asked this all the time, but I’m conscious of time here, and I do want to touch on one more point before I hit the music question, which always appears that the industry shifts. Yeah. It’s that, look, you’re Australian, you’ve got a lot of history of working in China, Hong Kong and your Chinese heritage. Of course, I’m probably in Hong Kong, etc..Geopolitics. Ouch. Without diving into that too deeply and getting in trouble, you don’t have a new role, don’t you? Because you’re the ambassador for the CI –ISAC,  could you explain a little bit about what that means and what those responsibilities are?

David Gee: God, I took that role on a few weeks ago, and, it’s interesting, I spent 3 or 4 years law longer as the chairman for FS-ISAC Asia Pac of this strategic committee. And I, you know, to me it was all about how do we work to protect ourselves and others. And, I think I remember at the July FS-ISAC meeting in Singapore, the CCL congresses and I said, look, here’s where we are, guys. We think about this. And I wrote a story about this in CSR magazine, which is called the Mosaic Strategy. Right. And I said, here’s a story where we were working together and we kind of saying, the wolves are coming, the wolves are coming, the wolves are coming. And then we, as good muskox will put it horns up, go in a semicircle for the babies in the middle and protect the babies. That’s what the muscle students do good because that mean, so if I took this a step further, right? Put this analogy of nature into our world. We’re doing this emphasizing we’re saying the wolf’s coming. We don’t put our horns up. We don’t put our babies in the middle, Our babies could be our vendors. They could all subsidiaries. We kind of say, okay, the wolves coming, and then they on their own, not good enough.

Can we go the step? Can we can we think about evolving our defenses more in that fashion that we think about others rather than just ourselves? Now, I said, as in and jokingly, which in the article, when the muskox sees the bear, they run. They just run because they realize that it’s all man, every man for himself.

So there’s always self-preservation in cybersecurity cause that because that pays your bills, right? So I get that. But what can we do more broadly. So to me if I say CIO stuff exactly that. Financial services is the most advanced because we’ve spent the most money. We’ve been the most attacked in the past, not longer any more, which other than protect more. But we attacked a lot. So we got good at this, I think, or better at this. So for me, the whole argument is interesting because, you know, we said, I said that if you’re actually protecting yourself and don’t think about other sectors, you kind of be foolhardy because your resilience is relying  on others so that water that that historicity, that data center, that network, all these have critical infrastructure. They don’t work. You don’t work. Right. So it’s great you’re being protected here and you providing it until to each other. But what about sharing that with your buddies? And so for me, the story was we wrote to, all the top CIOs and CSOs as a letter, a few weeks ago to invite them to come and join us, to work together to share information, have a meeting and join this cause and know this is not regulatory, right? This is the carrot, which is how do you help yourself and, the woods are right in the lead. And I had the chairman of the CIO also cosign this, which was, my dad fought in the Army, in New Guinea against the Japanese, in the jungles. Right. Trying not to be shot by seven soldiers. He looked the wrong color. Okay. And, similarly, you know, Steven, our chairman, he spent 35 years in this rain army, then ended up running cybersecurity for the for the government dedicated dating Australia. This is the same thing. It’s becoming that way in this world that we have these policies happening. So we need to be thinking about this. That’s not just the company. It’s all about. I live in this country. I got to take the country. I got to take my partners as well. Other countries that are we are partners. How do we do that more broadly? That’s the that’s the cause. And I love that because that’s, gets my juices flowing about. It’s no longer just protecting this organization, but also detecting everybody that sits within that organization ecosystem.

Paul Jackson: Well, with the, proliferation, if I could say the word, of new critical infrastructure. And by the way, I should have said CI stands for critical infrastructure. Of course. Bills coming out across our region. This is indeed a hot topic. And do you know what? You’ve just signed yourself up for yet another episode where we dig into critical infrastructure protection. So, look, this has been fantastic. And look, I recognize we’re running out of time, unfortunately. So my last question to you. Music. You know, I always tell the audience it is my way of decompressing, putting a vinyl record on, you know, just listening to some good music. What about you? Do you do you enjoy listening music? What? What do you listen to the moment?

David Gee: I do, I mean, the idea, I was in Vegas in October in, Vegas recently for another event, tech kick off event. Recently and I went to two concerts. I wanted to Lionel Richie in Vegas three weeks ago, which was fun because of Lionel’s, just in attaining. He’s, you know, 70 years old. And the girls are still passing him notes on stage. And I’m all for this. So that’s really fun. And then in October, we had the privilege of going to see the Eagles at The Sphere. Fantastic hemispheres, you know, 20,000 seats with, 116,400 speakers. I would love to go. I saw the YouTube videos, etc. there, know it’s just not there.

We had this. We had a friend who knows the sound engineer and got a staff price tickets, which are a street value 2500 dollars for 400 bucks. So we the best seats in the house. And the sound just blew my, my mind just quality was just nuts. The visuals was nuts. Now I think I was, I was at a Coldplay concert a month later and going like, sounds rubbish on the band’s fantastic. The light show is great, but from a visual standpoint, at this show, you’re crying. You are literally crying because it’s so beautiful. And they have, sorry, they have, 200 piece orchestra that they did live at U2. And my friend’s friend said, no, no, no. What they decided to do was they recorded that and mix it in live because they can sell 200 more seats. So it’s the technologies off the charts.

Paul Jackson: Yeah. Crazy, right? Everybody. The Aspiring CIO and CSO: A Career Guide to Developing Leadership Skills, Knowledge, Experience and Behavior. Get on Amazon right now and buy it by David Gee. What does Gee stand for?

David Gee: Jordan, its a Michael, Michael Jordan

Paul Jackson: David J Gee. And it’s in all good bookshops, but probably best to get on Amazon. And, yeah, it’s a great read. David, thank you so much for being on the show today. Definitely going to get you back. And, thank you so much for giving up your valuable time to be with us today.

David Gee: Thank you!

Paul Jackson: So, THEOS Cybernova was presented by myself. Paul Jackson, the studio engineer and editor was Roy D’Monte. The executive producer was myself and Ian Carless. And this podcast is a co-production between THEOS Cyber and W4 Podcast Studio.

The THEOS Cybernova podcast.