Csaba Tamas bridges theory and praxis of leadership in technology teams

It’s a complex world we live in, and to succeed, companies need to change how they operate to deal with that complexity. Why do some companies perform better than others in their industry – and not just a few percent better, orders of magnitude better? These two seemingly unrelated challenges formed the crux of December’s Leaders in Tech | Berlin event. Csaba Tamas of AWS told his story of learning how to become a better leader and understanding how to motivate and align technology teams in startups, traditionally-organised companies, and other structures. A select group of technology managers and leaders joined in for the talk and discussion in the elegant offices of blueReport (by Cognita) in Berlin on the border of Mitte and Wedding neighbourhoods.

Csaba Tamas describes himself as a culture geek, and his talk and presentation reflected his deep passion and obsession with organisational culture, leadership, and performance. In addition to sharing real stories from his career working in traditional companies, startups, and at Amazon, he also matched these experiences with insightful theoretical models and frameworks, along with book recommendations for those who wanted to learn more.
 
Cultural ingredients of high performance, innovative teams
Csaba Tamas started off by posing the question of how to achieve high performance in a world that is volatile, uncertain, full of complexity and ambiguity. While these descriptors don’t seem to be conducive to the development of effective and innovative companies, there are companies with “performance enhancing” cultures who succeed both on technical as well as business measures. The defining characteristics of these highly effective and innovative companies are

Vision
Skills
Incentives
Resources
Action Plan

 
Once these are in place, the momentum that builds over time thanks to the business and performance cultures in these organisations results in long-term success and continuing relevance in the modern world. As Csaba says, companies need to “create an environment of trust where failure is an option.”
 
Here are some of the most concepts covered in Tamas’ talk:

Jim Collins’ Flywheel effect, a concept about cumulative effort and building momentum. Find out more about it here
Organisational vector theory, as explained by Elon Musk, shows the importance of alignment in achieving team and organisation goals. Read more about it in this article.
Douglas McGregor’s description of two types of management mindsets: Theory X vs Y. Wikipedia
When Two plus two equals ten: group culture, illustrated through Peter Skillman’s experiment with kindergartners and business school students by Daniel Coyle in Culture Code
Daniel Pink’s motivation 2.0, which pinpoints autonomy, purpose, and mastery as the essential ingredients to motivating teams.

 
To see how all these different concepts fit together, you can watch the full video recording of Csaba Tamas’ “Cultural ingredients of high performance, innovative teams” talk
Csaba has shared his slides from his presentation, they’re available here.
 
 
Austin Fraser has built a vibrant community around the Leaders in Tech events, convening CTOs, CIOs, VPs, heads of IT and all kinds of leaders in technology. With hand-picked participants and speakers for each event, the conversations around the talks are just as valuable as the talks themselves. Thanks to Austin Fraser and blueReport for a great event!
 
If you’d like to read more about Csaba Tamas, check out the interview with him on the Austin Fraser blog, “The role of the leader is to suck out the poison from the system.” 

Cybersecurity and the cloud with Paul Tacey-Green

Welcome to the part two of our report of December 2019’s Leaders In Tech, Decoding Cybersecurity. This article is a snapshot of the talk by our second speaker of the evening, Paul Tacey-Green. As Head of Cloud at Amito, which runs Reading’s largest data centre, Paul’s had many years’ exposure to the security elements of cloud services and therefore has a unique perspective of cybersecurity in his field. Paul’s talk looked at how views of cloud have changed over the last ten years and the key security questions that tech leaders need to ask before taking the plunge and picking a provider. 
According to Paul, 95% of today’s Fortune 500 businesses are using cloud. And it doesn’t look as if the popularity of cloud is likely to wane anytime soon. He cites a study that claims 66% of UK-based organisations intend to use more cloud services in the next 12 months – but what proportion are giving serious thought to cybersecurity? For Paul, this is an issue that’s more important than ever. However, as cloud use has grown, it seems complacency has as well. 

Back in 2011, when Paul’s Amito business was just getting started, it was a different story. 
“People’s views of cloud were fairly negative,” says Paul. “They were fearful and cynical. People were comfortable with having physical servers, often on premise. So, when we first launched Amito, we were teachers, educating on the benefits and features of cloud.”
Just under a decade later, and the landscape has transformed. Today, Amito serves 350 clients in countries including Australia, the USA, Germany and Russia. It manages over 20,000 virtual machines and has 650 racks of equipment live (just in Reading). In short, organisations have embraced cloud and continue to do so enthusiastically. There are a number of reasons behind this shift, according to Paul, from the development of more robust technology to herd mentality. “However,” says Paul, “I don’t think that the risks have really changed.” His recommendation? To return to the more wary, questioning mindset of 2011. 
“Cloud is still just servers in a data centre. We still need to be considering all the things we did before.” 
 
The cloud and cybersecurity: the questions you need to ask
To help our tech leaders minimise the risks associated with cloud services, Paul laid out the questions they need to ask in order to keep businesses operations and data safe. Below is a summary of the most important points for on-premise, public and private cloud operations. 
On-premise private cloud
If you plan on keeping cloud operations on-site, have you thought about physical security? Are windows and access points secure? And how are staff vetted? Can you trust the people who access your cloud site – including cleaners and third party contractors? 
Public cloud
When it comes to public cloud, Paul’s questions centre more on data and systems: for instance, how does the provider encrypt data over the network, in storage and on backups? And how long is data retained after a VM is deleted? Crucially, will the answers to such questions change in the future? Businesses need to consider all the above before committing to a provider. 
Private cloud
Paul has a host of questions for would-be private cloud providers too: will hardware be continuously upgraded to mitigate legacy security issues in firmware? And is there enough budget allocated for off-site back up and disaster recovery services?   
By getting the full picture from providers, tech leaders can choose the safest option and minimise risks – which could save an organisation from costly cybersecurity breaches. Finally, Paul gave our tech leaders some tips on getting into a more security-focused mindset. We hope you find his insights as useful and interesting as we did. 

Revisit the questions you would have asked back in 2011. Don’t be afraid to interrogate providers on security the way you would have done in the past.

Support the stakeholders. Make sure they feel comfortable about what they’re agreeing to.

Let the business set its own level of acceptable risk. Every business is different and will be striking different balances between security, budget and ease of use.

Become a secure business. There are frameworks out there to help, such as ISO27001 and Cyber Essentials (an entry level accreditation).

Get confident asking questions and getting answers.

We’re very grateful to our fantastic guest speaker for sharing his wealth of experience. Many thanks to Paul Tacey-Green and to everyone who made it to December’s Leaders In Tech | Reading.
Look out for details of the next event on our social media channels.
 

Lessons from a CISO

Last month we were lucky enough to welcome not one, but two awesome guest speakers to Leaders In Tech. The first was Cath Goulding, CISO at Nominet, and the second was Paul Tacey-Green, co-founder of Amito. Both had plenty of fascinating things to say about that evening’s topic, Decoding Cybersecurity. So, we’ve decided that each talk deserves its own article. First up: Cath Goulding.
If anyone knows the cybersecurity arena, it’s Cath Goulding. She’s spent the last 20 years in the industry; 15 with GCHQ and 7 with the .uk domain registry, Nominet. Cath kindly agreed to share the valuable lessons she’s learned with our tech leader guests. Like them, we were all ears.

Connect with the Board
Cath began by looking at what can be the most frustrating element of a CISO’s job: explaining to a Board why investment in cybersecurity is essential. Her three cast-iron reasons came down to the following: (1) to avoid security incidents and disruption to the business, (2) to meet the ever-growing list of compliance and legislation, and (3) to build trust in the business – to build a reputation as a safe, secure brand. “Some security professionals say that Boards just don’t understand,” says Cath. “But Boards understand risk. You just need to translate it for them. Explain the impact of an incident and how likely it is,” she advises. “It’s an opportunity and should be sold that way.”
Think differently about recruitment
For Cath, the biggest risk to security is lack of qualified professionals: “Ever since I started in this field, we’ve been short of people.” Her solution is a practical one – to hire a broad mix of talent, from techies to business-orientated professionals. “After all,” says Cath, “there’s no such thing as this unicorn, the security professional who knows everything.” She also advises tech leaders to think differently about recruitment by looking at people’s potential. For example, an Auditor could have the skills to make a good CISO.
Do your best to measure
If the biggest risk to cybersecurity is people, the hardest part is measurement. Although Cath doesn’t have all the answers, she suggests a useful tool: the Capability and Maturity model. This helps CEOs understand their organisation’s position. “They can use it to make informed decisions,” says Cath, “and then you’re likely to get more budget!”

Don’t believe the hype
Cath’s next tip? Beware of the cyber hype. Infosec is a huge marketplace – with many snake oil salesmen. If you have to venture into this arena, Cath recommends a sceptical mindset. “Ask what the product or service actually does and get proof of value.”
Be prepared
Cath’s next lesson came from the book of common sense: when it comes to cybersecurity, prevention is better than cure. She highly recommends two-factor authentication, on personal email accounts as well as business systems.
Think about culture
Finally, Cath stressed the importance of workplace culture in cybersecurity. She illustrated her point with a story about how she got her team to switch to more secure working practices through a competition. “If you have a positive culture and environment, it will make you as an organisation much more secure,” says Cath. “Training and the human aspect are massively overlooked.”
In summary…
To finish, Cath gave a list of questions that tech leaders should be asking CISOs:

Do we know what to do if there’s a major breach?
Is our most important data backed up?
Is our infrastructure fit for purpose and future proof?
How confident are we in the security of our products and services?
What are our top three risks and what are we doing about them?
How well do trust our suppliers?
How are we measuring the effectiveness of our cybersecurity?

We hope you’ve found Cath’s lessons as useful and interesting as we did. We’re very grateful to our fantastic guest speaker for sharing her wealth of experience. Many thanks to Cath Goulding and to everyone who made it to December’s Leaders In Tech | Reading.
Look out for details of the next event on our social media channels.