This episode features an interview with Daniel Hartert, CXO Advisor at Netskope. Over the last 20 years, Daniel has held CIO and CEO positions at large international organizations like Bayer Business Services and Philips Group. He is also a co-founder of DCSO (Deutsche Cyber Security Organisation), a company working to strengthen protection against evolving and growing cyber threats. In this episode, Mike sits down with Daniel to discuss communicating with C-suite executives, how advisors can enable people through security, and the critical success factors of a CIO.
This episode features an interview with Daniel Hartert, CXO Advisor at Netskope. Over the last 20 years, Daniel has held CIO and CEO positions at large international organizations like Bayer Business Services and Philips Group. He is also a co-founder of DCSO (Deutsche Cyber Security Organisation), a company working to strengthen protection against evolving and growing cyber threats.
In this episode, Mike sits down with Daniel to discuss communicating with C-suite executives, how advisors can enable people through security, and the critical success factors of a CIO.
-----------------
“I'm coming from industries where manufacturing and health and safety was a big point. So, in these industries, there is a mindset around EHS; environmental, health, and safety. [...] I see a strong analogy because watching out for a malicious email or malicious emails is very similar to using the handrailing when walking down the staircase. So, this is what we need to build into the DNA of an organization, this permanent security awareness. And if we can build this, then this protection level of a company will immensely increase. Because in the end, the doors to malicious actions are always the people.” – Daniel Hartert
-----------------
Episode Timestamps:
*(02:27): Daniel’s journey to becoming a CIO
*(05:25): How Daniel transitioned into an advisory role
*(07:37): Daniel’s take on security as a team sport
*(17:57): How Daniel communicates security to C-suite executives
*(24:09): Ways Daniel thinks about enabling people through security
*(29:22): 2030 Goggles
*(32:09): How we can get more diversity in security
*(34:29): Daniel’s take on zero trust
*(36:50): Quick Hits
-----------------
Links:
Connect with Daniel Hartert on LinkedIn
Connect with Mike Anderson LinkedIn
Daniel Hartert: I'm coming from industries where manufacturing and health and safety was a big point. So in these industries there is a mindset around EHS, environmental health and safety. I see a strong analogy because watching out for a malicious email or malicious emails is very similar to using the hand railing when walking down the staircase. So this is what we need to build into the DNA of an organization is permanent security awareness. And if we can build this, then this protection level of a company will immensely increase because in the end, the doors for malicious actions are always the people.
Speaker 2: Hello and welcome to Security Visionaries. You just heard from today's guest, Daniel Hartert, CXO advisor at Netskope. The future of security weighs heavily on two things, zero trust and diversity. First, as companies move forward in this digital age with remote workers and hybrid cloud environments, it's critical to address these challenges by having a zero-trust framework in place. Second, industry leaders need to make security attractive. It's more than just staring at a computer screen all day. Having advocates in your organization starts by bringing on people with diverse backgrounds and experiences. Before we dive into Daniel's interview, here's a brief word from our sponsor.
Speaker 3: The Security Visionaries podcast is powered by the team at Netskope. At net scope, we are redefining cloud data and network security with a platform that provides optimized access and zero trust security for people, devices, and data anywhere they go. To learn more about how scope helps customers be ready for anything on their SASE journey, visit N-E-T-S-K-O-P-E dot com.
Speaker 2: Without further ado, please enjoy episode 15 of Security Visionaries with Daniel Hartert, CXO advisor at Netskope, and your host Mike Anderson.
Mike Anderson: Welcome to today's episode of the Security Visionaries podcast. I'm your host, Mike Anderson. I'm the Chief digital and information officer here at Netskope. I am excited today to be joined by Daniel Hartert. Daniel is truly an industry luminary when it comes to the CIO role, having led IT organizations for some of the largest companies in the world. And I'm excited to have Daniel here today to talk about security and share some insights and thoughts with us. So Daniel, welcome. Maybe just tell the listeners a little bit about your background, your journey to becoming a CIO and then we can pivot to some more of the security conversation.
Daniel Hartert: Sure. Hi Mike. Yeah, so after having started out as a passionate software developer in the late eighties, early nineties, I got increasingly involved with IT becoming a key enabler for the business. So step by step, my responsibility to IT management increased and by the year 2000 I became the CIO of Bertelsmann, a global German media company then known for its global music for publishing television business. A few years later I joined Phillips as the global CIO at a time when they were still actively in semi-conductor business, consumer electronics, lighting and MedTech. And after five years I transitioned actually to become the CEO for that MedTech business basically in the Boston area. And then in 2009 I moved back to Germany to assume the positions of CIO of Bayer and the CEO of Bayer Business Services, which was responsible for all financial purchasing, HR, other shared services, and including the 11 years at Bayer, within those 30 years I've been in many different industries, as you hear. My main takeaway is no matter where you are, IT and digital have become everywhere and key driver for innovation and new business models.
Mike Anderson: That's great. Mean it's such an amazing career and journey and you, obviously going back over your career, seen security evolve immensely and in the last couple of years you transitioned more into advisory roles. You've taken on the advisory role here to advise C-level executives from a Netskope standpoint and our customers around the security and digital transformation. I know that you also started a group in Germany with fellow CIOs to really tackle and band together around this cyber topic. Maybe can you tell us a little bit about that and then we'll transition to more the new advisory type journey?
Daniel Hartert: That's right. Back in 2015 I was sitting together with some other CIOs from other German industry companies and we all detected, we all had the same challenges. It was an uphill battle regarding cyber security, where to get the talents, how to really understand what is the protection level at any given moment in time and so forth. And out of this conversation for CIOs actually came together and these were the CIOs of Alliance, of BSF, of Fox One and Bayer, to actually create a joint venture. So this was just more than working together. We actually created a legal entity based in Berlin, which in the meantime has about 120 employee, cyber security specialists. And this company was built in order to protect the German industry landscape and they gained over time also many more customers outside of the range of the four founders. So I'm pretty proud of this because it's a center of expertise in Germany which is often cited also on TV in terms of what is the opinion on the latest threat situations.
Mike Anderson: That's amazing and it truly brings together a theme we'll talk about a little bit later about this whole security as a team sport. Before we go there, you transitioned from CIO for major global Fortune 500 companies to now advising your peers in these advisory roles. Tell me more about that, the journey, how that's going and how you're helping the community at large in your peer group.
Daniel Hartert: After 20 years of being global CIO roles in three different companies, actually it was really time to think more about what I do for myself and when you are in these large corporations, you are a hundred percent of your time dedicated Monday morning to Friday evening, and if necessary, also the weekends. There's not much time left to do something else. So I look for changing the perspective a little bit and to experience something new. And with all the things I've seen the years before, I thought I could create maybe more value by dedicating my time to broader portfolio of activities instead of just working for one company full time and to those activities that really matter.
And one of them is actually cyber security and as I explained with the DCSO in Germany, it's a topic that goes to my heart and it is one that for many, many years I think has been under-weighted. It is relevant also in these large corporations, but now with everybody going digital, going into the cloud and expressing fears that with cloud security becomes even a more difficult topic, I really want to be kind of an evangelist also to educate CXO levels up to non-exec board levels about cyber security. And there's no reason to worry too much about if you put in the right solutions and these are obviously available and that's why I joined also Netskope as a CXO advisor.
Mike Anderson: That is great. Definitely we need all the help we can get on that topic. It's interesting, one of the things I think you and I have talked about once before is in the security spaces, a lot of times that it can become a very technical conversation, but when you translate it to people that aren't in the security every day, like you mentioned board of directors and other C-level executives, the conversation's a bit different because we get inundated with a lot of times from the security community. I mean Netskope, we're guilty of that as well, of talking about products and features and not the outcomes that we're trying to drive from a cyber standpoint. But we'll come back and touch on that later, maybe some concepts or things that you use to translate that as well.
If we pivot a little bit to this whole topic of security as a team sport in the new way that you're advising companies, why do you feel like that's an important concept? And maybe give us a few examples of some advice maybe you've given to some companies in that regard.
Daniel Hartert: Security is really the last thing that you can simply be delegated to one team. I mean first of all, there are users of information systems. If you don't include them, you will never reach the desired security levels. If you include them, you are already a large team. And then you need to be aware that security is a horizontal topic. It really goes across any aspect of developing, provisioning, operating and using information systems. So you really need to think of an interdisciplinary team where you can bring together people from all functions.
Mike Anderson: Our people, right, we often say, are the weakest link in our security programs. It's the people in the chair that are interacting with those systems and so we had to help them along that journey. It takes everyone both in our company and outside our company. Honestly, it takes a community approach.
Daniel Hartert: And sometimes you tend to forget about this when you are so highly specialized and you're working in a team of security experts. Of course you see all the technology and all the tools and all the data, but in the end you're only there to help your company and your company is the people who work there, who work with the data. You help them to be better protected. That always has to be in your mind when you enter the office or when you switch on your laptop in the morning in your home office.
Mike Anderson: Absolutely. So let's pivot a little bit to this topic around working cross-functionally. You mentioned the different functions in the company, some in IT, some outside of IT. How have you seen the security organizations evolve across some industries you've been in? Pharmaceuticals and obviously in IT and healthcare. How have you seen that security role evolve over your career and maybe give us some foresight in how you see that continuing to evolve.
Daniel Hartert: First of all, I think independent from any industry, the role of information security has gained a lot of awareness, importance, and necessary funding, lately. Also the level of the funding I think still remains an issue. So I've experienced myself the increasing levels of relevance and interest for top management. 10, 15 years ago, I would say security was mainly a capsule within IT with little direct connection to the business. But over time companies installed information risk boards. For example with CXO level participation at Bayer, the CFOs of the divisions, the head of corporate audit together with the CIO and CSO formed such a board with the purpose defined priorities and necessary investments. And that was really helpful because you were able to bring the relevant topics up to that level and up to the board level even if it required investments that exceeded certain thresholds.
But then for strongly regulated businesses such as healthcare, pharmaceuticals, the requirements are even higher in particular when it comes to document and proof, your information risk strategy and what are your related implementations. But also what people often forget, I see a lot of strong involvement by governments lately in the context of M and A transactions, especially when companies to be acquired are seen as critical infrastructure or if the acquired companies are in another country or even in another continent and governments want to make sure that you are taking care for any potential situation that data could be breached or data that is lying in your current environment could be opened up through these acquisitions. So it's a lot more attention to cybersecurity definitely from the board level as well.
Mike Anderson: It's interesting, you bring up governments. One of the things that is a big topic today and it covers not just security but when we think about cloud and data centers is data sovereignty and how do you tackle that problem? Because obviously GDPR created a lot of data sovereignty questions and data privacy questions and obviously Germany has probably I would say some of the strictest governance around that from that standpoint. Any thoughts or nuggets on that one or things, guidance you would give people on that topic?
Daniel Hartert: It's a good point that you're raising and it's the very critical one because on one side we all want to benefit globally from unlimited borders or borderless business, from scale factors that you can only get to when you implement something on a global level. But in many countries, and you mentioned Germany, there's quite a fear regarding the data and I just had meetings last week from fellows in SAP and other companies that are now trying to build a sovereign cloud for the German government and all IT administration offices. It's a huge sector in Germany. While I see that the reasons to think about building something like that are to a certain degree valid, I think the administration, the governments limit themselves a lot by building these type of operating clouds if they will work at all. It still remains to be seen, I must say.
So I look at this on one side with some understanding in terms of data protection but also very critically in terms of whether these will be viable platforms and whether these platforms will be able to benefit from the same level of innovation that the open cloud environments are getting.
Mike Anderson: No, it's creating a complex environment. And I remember 20 years ago we had the book come out, The World is Flat and now the world's not so flat anymore. It's creating a lot of challenges. Some of them are just, it's going to be interesting to see how they evolve and how they affect what we do from not only a technology standpoint but how that impacts our ability to be a digital business.
It's interesting, We look at this cross-functional side. When I look at, just inside the IT organization alone, if I think about our network teams and security teams are often right in the middle of this conversation. The best way example I was given recently is network teams are interested in moving bits and security teams are interested in blocking bits. So if you've got those two pieces you have inherent friction that's created just inside that and then you expand that to the application development teams, right? They're just trying to ship new code and get new releases and production and oftentimes security has been kind of the gate at the end of the process to get that new innovation, that new release out. Can you give me some examples in your time as a CIO and things you've observed? What have people done to reduce that friction inside the organization? Maybe start with IT and then maybe let's take that conversation beyond that to maybe other functions in the organization.
Daniel Hartert: I would go even so far to say that working cross-function is one of the key critical success factors for the CIO job. Your role is to deliver value to your business and to any function and each of them have their own priorities which often conflict even with each other. And the CIO is really the only neutral force in these constellations. So you need to balance the interest and determine what is the best course of action in the interest of the entire company.
Of course, it starts in your own shop. You are seen as this neutral moderator across the different functions like purchasing, finance, supply chain and so forth. But if you don't keep your own house in order and you manage the frictions between applications, infrastructure and so forth, you will not have the credibility. I was always alluding in my teams to my team members that one plus one needs to be three. And this is only possible if you work strongly together and if you are selfless. If you have a common goal, a common purpose and you figure out together what's the best way to get there. And in most cases it means that you work across departments in order to reach those goals and in the end the people have more fun and a party that you can have after success is always nicer if you have more than one department, than just having one department having a party by itself.
Mike Anderson: No, absolutely. And it's great when you can do that too. Because I mean our natural inclination is, there's the author Matt LeMay had used this thing around agility and he said there's these laws of organizational gravity and one of those is that people get so focused in the silo in which they're in from a functional standpoint, and when you can go against that organizational gravity and get those teams to work together the potential you can get by not just people aligned to a common purpose like you said, but also reducing the handoffs and the delays. Because then you're, I think about the back of the pandemic.
Pandemic happened. Immediately overnight teams just said we got to get people able to work from home. And so everyone jumped in and you had, that was a great example of cross-functional working and my hope was that as we got past the pandemic, and I think we're on the other side, as we get to the other side of that now how do we make sure we keep that same kind of common purpose and goal? I think that's going to be key for us moving forward.
Daniel Hartert: Absolutely. Internal borders, to make that statement, is the most stupid thing to have. And I have seen constellations, for example, when Bayer acquired Monsanto, think about this. There are two different companies, two different geographies with very different culture and now you have an IT team in Monsanto and you have an IT team within Bayer and they start working together. They haven't known each other before at all, nobody. But these teams through these M and A processes, they find a way to work together to express common goals and to succeed. And if that is possible then I wonder why can network and security within your own shop not cooperate and go for the biggest bang?
Mike Anderson: No, absolutely. I get the conversation you mentioned earlier around the investment around cyber. I get conversations all the time where my peers will ask me, I'm sure you get this, how do we know we're doing enough? What's the right amount of investment? And I quickly pivot the conversation. So let me guess, your CFO is asking you when is cyber security going to be a predictable percentage of revenue like everything else so you can benchmark across your peer set. And unfortunately it's not that simple.
It's still an evolving area and there's never honestly a dollar amount you can invest that's going to make you a hundred percent safe. We see that in all different other types of our organizations as well, which kind of pivots me to a different conversation. When you think about board members and not even that, the people you sit in the C-suites with your supply chain officers you mentioned before or finance executives. When you think about security, how do you communicate to them that importance in ways that they understand? It's not getting into the bits and bites but more around the outcomes or how it can impact what they're trying to achieve?
Daniel Hartert: Yeah, that's a real great point. Communication is so important to create a common understanding and if security leaders are communicating in whatever way with board members, then that's already a good thing. But to do this effectively, you really need to focus on output factors rather than input factors. What I mean with that is don't bore the board member with all the things you are doing in order to increase protection levels. Rather explain what is or will be the result of all of your doing. Will the overall protection level for the company improve? Are your production sites becoming more secure? Will users in the home offices be less of a risk due to your actions? That is what counts and where board members can also relate to in terms of the financial requirements.
Mike Anderson: It's a good point. When I think about manufacturing companies, if my factories go down I can't generate revenue, but at the same time I have my own factory. But if I have other people that provide raw materials to me or components that I rely on and they don't have a good cybersecurity posture, that also has a crippling effect on my supply chain. And so thinking about translating, as you said, into the output is if we don't do this, if we don't, for example, look at the security posture as part of our procurement process, as we think about sourcing strategies and supply chain, that can create a single point of failure where if that part goes down, if I can't get sheet metal and I rely on sheet metal, that can cripple our company. And so I think that output was one that I used as I was at Schneider Electric before when we talked a supply chain. It's like what's, how's that going to impact our business if our cyber posture is not good with our key suppliers?
Daniel Hartert: Absolutely. And these discussions in particular, when it's about production supply chain, you often have as a CIO or CSO, the priority discussion with the production heads. They always have so many things to change and to do in their production sites and then you come and you explain you should change your old Microsoft Windows based systems to more actual system levels so you can put adequate protection levels on these. For them it's not a priority, but you need to really be able to articulate what are the risks related to this current setup and that any investment there is more important than maybe extending the production side at this moment. Because what does it help to you if you have a larger site but it's down?
Mike Anderson: No, absolutely. That risk one is key. It's like what's the, and anything in a business, right? We think about one of our key drivers is how do I reduce risk in my business and what's my appetite for risk? And so when I think about it's not just security, it's everything. How do I reduce the risk of what's going on from a global economic standpoint or the wars we're seeing that are going on in Ukraine right now. We'd reduce that risk and so I think that's a key point to talk about is what is that appetite for risk within our organization and at a board level, what's the appetite for risk?
Daniel Hartert: Absolutely. Yeah.
Mike Anderson: We talked about the pandemic and that had a lot of impacts, obviously brought us together around a common purpose. But in that we've seen this acceleration to move things to cloud and cloud can have a lot of different meanings depending on who you're talking to. How did your team use this as an opportunity to transform security? And if so, how did they do that?
Daniel Hartert: With Covid, basically all employees from one day to the other were sitting at home and the first priority was to continue to communicate with your team to jointly get the work done. So for IT who were equally working from home, the immediate challenge was to enable infrastructure to accommodate tens of thousands of mostly teams and zoom sessions at the same time. And remember we all thought this is going to be a thing for two or three weeks and then we will be back to our offices. The great point was that top management was extremely supportive to provide the financial resources for IT to do what they had to do and the overall situation that even led to some stage to pride, pride about the fact that the entire company was able to overcome this initial challenge. But now this digital workplace has become reality linked to work-life balance, lower office real estate costs, higher degrees of agilities.
And with all of these significant budgets as I see were made available, made available to infrastructure teams, to security teams to actually run the projects that have been on hold for some time before. I wouldn't say that at that time the transformation of security was already that visible. They did a lot of things, but only when the long term consequence of Covid, namely hybrid work started to become a reality, then the necessity to embark on the new paradigm, SASE for example, became obvious and this is now the driver for all of these security transformations. The reality that we are living in a digital world and we will never revert back to where we have been before.
Mike Anderson: Absolutely. When you think about that hybrid work, one of the things that we discuss here at Netskope all the time is if your security controls impact the ability for an employee to get their job done and be productive, they try to find ways to bypass that. And oftentimes the same thing can hold true inside our own shops where our network teams want to make sure that ... They don't want people complaining because things are slow or people can't get to things. If you don't have that strong alignment you can end up investing a lot in security controls that get bypassed, not just by the user but in some cases your own teams. And so that transforming it to where security is present, I would say at Netskope, selfishly, you pick the right partner to work with to make sure that you're not having security get in the way of productivity is key, especially in hybrid work.
Daniel Hartert: Absolutely, yeah.
Mike Anderson: So one of the things we have at Netskope, and I don't know if we came up with this ourself because I have a friend Kim Mackenroth, she's the CIO over at Textron, she used this with me. But we call ourselves like it's the human firewall. How do I turn my organization, the people that sit in the chair, into a human firewall. Lamont Orange, our CISO, sent out T-shirts that said human firewall. I know at Textron, Kim had said that she sent out hats with a personal letter from the CISO about if someone was displaying good security hygiene, good digital citizen, she was providing a hat with a personal letter. So when we talk about that human firewall, what are some ways you think about enabling people through security so that we truly create human firewalls within our organization?
Daniel Hartert: In the end it's a great concept, this human firewall, because information security's purpose is to protect the company's data assets. However, the users and in particular the owners of these data assets are all sitting somewhere in the business and various functions. So therefore it's strongly recommended and in the meantime is also becoming best practice to educate end users to implement a higher level of security awareness and building what I would call a security-centered organizational mindset. And you can do that with a lot of training, with a lot of creations of examples that really mean something to the individual. So there are some takeaways and with that I also mean to create an any place, any time, any situation awareness about potential security impacts.
I'm coming from industries where manufacturing and health and safety was a big point. So in these industries there is a mindset around EHS, environmental health and safety. This means that employees are constantly being reminded to respect their safety requirements. And for me, I see a strong analogy because watching out for a malicious email or malicious emails is very similar to using the hand railing when walking down the staircase. So this is what we need to build into the DNA of an organization, this permanent security awareness and if we can build the then this protection level of a company will immensely increase because in the end the doors to malicious actions are always the people.
Mike Anderson: Yeah, a hundred percent. One of the things that's interesting, the evolution that we're seeing in the IT industry now is, especially it's been accelerated, I would say, from what happened with Covid, is the citizen developers now becoming a bigger piece. If you look at some of the predictions, more and more of technology innovation will happen at the edge of our companies outside of IT and IT plays a key role in that but it really brings home the point, we need people to be a human firewall. Because if we have people that aren't technologists by background building capabilities we have to make sure those capabilities are secure and don't create risk in our organization.
And so this whole idea around, how do I create better digital citizens in my organization, because our dream would be everybody, people don't click on the links they're not supposed to and everyone uses the applications we have and before they bring new things in we go have conversations about the problems they want to solve. That would be the ideal digital citizen. Unfortunately it's not the world we live in, so we have to continue to promote that mindset. Maybe, what are some ways or advice you would give on how you would go about that or how you've gone about that?
Daniel Hartert: I have one example where I am a non-exec board member. It's a food logistics company in Germany, about two billion size of revenue. And this company has a lot of facilities for the logistics purposes. They're running several thousand trucks that are constantly on the road and the trucks themselves are now becoming to be highly networked. So the IT organization was thinking about how can we instill this mindset of, we are in the midst of a digital transformation phase and at the same time we need to become more aware about security requirements.
So they defined across the entire organization, regardless of what function, regardless of what level specific people that are part of the organization who are seen as the champions for digital transformation and the champions for this new security mindset. These people go out and start educating their colleagues. They create examples in team meetings. They are watching out for events that they can use, good events, bad events, that they can use as trigger points to better educate. And I think this is a great way because you mobilize people, you give them a task to yield something better and they retrieve a lot of pride by seeing that the entire organization is following them.
Mike Anderson: That's amazing, having those advocates out there. So you have the advocacy and ambassadors out there in the organization. Bringing that forward is definitely a great thing to do. I think about the human firewall as well and I think about manufacturing as we go forward and they talk about the weaponizing of OT environments. We saw that with Stuxnet was a great example of weaponizing OT to achieve in that case more of a military based outcome. But that's going to be extremely important for people in manufacturing environments to have that mindset that it's not just about your digital safety, it gets into the physical safety. Just like you talked about the handrail before. Security is part of being safe and I think that's a mindset we have to bring in, especially into companies that have a operational technology in their organizations.
Daniel Hartert: And these companies, they are always under pressure. I mean the people, every second they are deep into the operations and to make them aware of the fact that there are these other factors that they have to take into account is not easy and posters and so on will not really do it. It's people. That's why I think this advocacy linked to people who feel responsible to be that is the best way to do it.
Mike Anderson: Absolutely. So let's pivot a little bit. We talk about what some of the trends in the future are. If you pull out your crystal ball and you fast forward to 2025 or 2030, what do you think CIOs will have wished they invested in now if they were to look back in time five to 10 years from now?
Daniel Hartert: Great question, Mike. Yes, the crystal ball. I think there's some obvious points when we put ourselves five, 10 years into the future. I believe digital transformation is for many company something that they have will have accomplished. Many will have more data-driven business models, more digital-based business models. So I believe that looking back CIOs will have wished that they have done digital transformation with even higher speed than what they are planning at this point in time. Hand in hand with this goes the hybrid workforce and enabling the hybrid workforce to the highest level of productivity is something that you also have to invest into, and I don't mean this in terms of laptops or the individual people. I mean this in the context also of your entire digital working model. And that includes cyber security, cyber security to protect this new hybrid and digital cloud-based setup.
And I strongly believe that the future will see many, many more data-driven business models. Actually, I just talked yesterday with a CEO in the automotive business who joined a company, it's called Knorr-Bremsa in Germany. It's a several billion company producing brakes for cars but also for trains. And he said the main reason why he joined was because this company is embarking on new data-driven business models and they see these models as a competitive weapon. But when you are data-driven, I mean the first thing you have to think about is how to protect your data. And I believe CIOs really have to invest now into a new paradigm in cybersecurity in the cloud-based setup, platforms that are based on SASE. And if they don't invest into this now I'm definitely sure they're going to regret in five or 10 years not having done that earlier or better.
Mike Anderson: No, absolutely. I mean there's all those analogies. You know, the data's the new oil of our business. Maybe that's not a sustainable statement if we say it's oil, but if we think about data we always think about crown jewels and we think about systems, but crown jewels are also the data in those systems and the data that gives us that competitive advantage. I think that's a great prediction and obviously it's near and dear to our heart here at Netskope as well. One of the things that we're often challenged with on the cyber side is talent. Finding IT talent is tough. Finding cybersecurity talent is even more challenging and one of the things that we also need is to be able to think different and what brings different thinking is diversity and diversity comes not just in gender but in backgrounds and where you come from. What are some things we can do to get more diversity into our security leadership roles?
Daniel Hartert: Yeah, that's also a great question because there's a strong need to bring more diversity to this function. In the past cybersecurity was often seen as the place for nerds, if I say so, who love to sit somewhere in the dark in front of their screens. But security has become the most business-relevant and critical role, actually enabling business to go digital and to implement data driven business models and with this elevated positioning of information security it has also become more attractive to become part of it for people with very different backgrounds.
So you do not have to be just a cyber specialist. If you understand how business works and how business can relate to managing certain type of risks, then your place can be in a cyber security team. And I also believe that security leaders should actively promote a more diverse team and therefore plant the seeds for higher degree of diversity in security leadership roles later on. So to make it short, put cyber security and the security teams out of the more darker light into the front place and make it attractive for people to join who understand the topic and who do not have to be a certain expert only on technology but who understand how to relate security to the business. That will help a lot to create the desired degree of diversity.
Mike Anderson: That is definitely great advice and something that we could all do. I definitely relate to the security and IT being, people think that the propeller head is always the term that comes to mind too when they say the nerds that sit in the back room. So I'm proud to be a nerd myself, so I wear it with pride.
Daniel Hartert: Yes. The greatest thing though, Mike, is if people develop from being this nerd in front of a screen and then learning by the time that what they do is even more relevant than they thought and that this relevance really brings them closer to management.
Mike Anderson: Absolutely. It was funny, just a funny thing I heard from a former peer that I worked with when I was at Schneider Electric. He went to Northwestern, there were a lot of other Big-10 schools in there. And speaking of nerds, he's at Northwestern, you may beat me in sports, he said, beat me today, work for me tomorrow was his motto. So he happened to be the president of the US business when I was there. So I thought that was pretty funny on that side. So the latest buzzword in security, just like cloud became the word and digital transformation and everyone takes their own meaning to it. The new one is zero trust, it's on everything. And so I'm sure as you talk to peers and you talk to CEOs and even boards, is it a phrase that people ask you about? And then two, how do you communicate that in context of the security program? And going back to protecting the data and the organization is they become data driven companies. How do you advise people on that? What's your definition of zero trust and how do you explain it to those folks?
Daniel Hartert: I first try to explain what is the situation around the overall threat level and then come to zero trust because the term zero trust is not so easy to understand if you don't bring it into the right context. So with a cloud and digital transformation in addition to an ever-increasing cyber threat landscape, the risk profile of companies has increased significantly. No doubt about this. But many still try to mitigate the risk with their pre-cloud tool sets. So next to digital transformation, a network and cyber security transformation is equally important. And I explain this to CIOs in many different companies who might not be so close to the latest developments in cyber. Say, you transform digitally your company, you cannot stay analog with cybersecurity, you need to do something about this. So I believe a cybersecurity strategy with zero trust at its center will become the gold standard.
I truly believe this because zero trust is so much more powerful, is more granular, more real time, also more user friendly and much more effective than whatever we had before. So I believe in a few years we will look back and think, how could we ever manage cyber security without zero trust? So this is what I'm trying to explain to the CIOs that with digital transformation and cloud, the commonly broad perception of, oh my god, it's getting even more risky. We are moving into the cloud. No, no, no. When you move into the cloud there is now a new paradigm that will provide an even better protection level than what you had on premise. And this is my core message and people start to understand this and that's why I also believe that we will see a great level of companies embarking on zero trust going forward.
Mike Anderson: No, that's great. Great advice. So speaking of advice, let's pivot to a few quick hits here as we start to wrap up our conversation. So the first one I always like to ask, what's the best leadership advice you've ever gotten.
Daniel Hartert: Regarding personal characteristics, integrity, integrity. Integrity. Very, very important as a leader regarding what you try to achieve. Empower your team to drive for results and as a leader, lead courageously, make decisions, and most importantly, develop the next generation of leaders.
Mike Anderson: That's definitely great advice. And I know you've developed a number of great leaders out there today that lead our CIOs for major global companies and you've definitely done that in your career as well. So next one is, if you had your last meal, what is it going to be?
Daniel Hartert: Something very simple, Mike. I would choose spaghetti aghlio e olio. Very spicy.
Mike Anderson: Oh wow. I'm a spice fan myself. So next time we get together and break bread, we'll have to have some spicy spaghetti.
Daniel Hartert: Yes. With a nice chili. Yeah, love to do that.
Mike Anderson: For sure. Music. Favorite song and what does it tell us about you?
Daniel Hartert: Yeah, with that question you pretend you would know my favorite song. You know there are more than a hundred million songs online out there. And while I like many genres like rock, pop, ambient House, electronic, it's often the less known songs that fascinate me. One, for example, is a very nice title, it's called Kiss of Life. Not sure whether you know. It's from a band called Gene Loves Jezebel in the nineties. It's a great piece of music, but it also played a role in the context of meeting my wife and music and emotions going very nicely together.
Mike Anderson: No, absolutely. That's great. I may have heard the song, but I probably need to go, I'm going to go listen to it after we get done with our conversation so I can remind it. But that's great, especially that emotional connection. You always have that takes you back to that memory. So next one would be favorite book you've read this year.
Daniel Hartert: There's one book that I really love, it's called Hologrammatica. Not sure whether you know about it. I mean it's a strong recommendation to read it. It's from the author Tom Hillenbrand and it's kind of a reality science fiction. It plays, I think in the year 2070, 2080, and it's playing in our future digital world. And it sounds really realistic. And for example, in those years the United Nations have forbidden artificial intelligence but there's some criminal forces who keep AI alive and that comes with a lot of consequences. So it's a real thriller. It's a thriller in the digital age of the future.
Mike Anderson: That's great. I have not read that one, but again I'm going to add that to my list on Amazon to go read next. So last quick hit question, who do you admire most and why?
Daniel Hartert: It's really people like Gandhi. Leaders who were standing and fighting for freedom, for human rights, no violence. Selfless leaders that carry your vision and have the personality to execute. And this is something that I wish to see more frequently in politics but also in company leaders. Personalities that are selfless. They think the bigger picture and they have the means to execute together with their teams.
Mike Anderson: No, absolutely. I mean that speaks to also servant leadership and kind of raising the next level of leaders. It flips how you think as a leader. So that's definitely a great person to admire and appreciate you for sharing that. So wrapping up our conversation. Every time we talk, Daniel, I learn more about you and I just really appreciate the advice and taking the time. A few takeaways that I got from our conversation. When I think about the CIO role, your advice around the most critical thing you need to do is be able to work cross-functionally. Your job is to be the cross-function leader, especially in this, what we think about from a digital age, we're the best one equipped to help drive that cross-functional thinking on cyber and that topic.
The second thing I got from our conversation today is that when we think about the human firewall is translating that into advocacy within the organization so that it's not just the cyber teams that are driving that mindset but it's having advocates in every function in the organization, the people in our operations being advocates for us.
And then the last takeaway I got is we think about, I'm going to blend these together. It's really around diversity and zero trust, right? Because zero trust is going to be a key thing that we have to think about, but it's also we have to have diversity in order to do that. And to get that diversity we have to make security more attractive than the nerds in the back room look staring at a computer screen. And there's so many other nuggets. I could go on for another 10 or 15 minutes about all the great insights I got today but I just want to just say thank you so much, Daniel, for taking the time. And is there anything else, any parting thoughts or things you'd like to share with our listeners?
Daniel Hartert: I think you made already great summary that's, I think, great for our listeners. It was really fun, great questions, and looking further to contribute on our path for cybersecurity.
Mike Anderson: Thank you very much.
Speaker 3: The Security Visionaries podcast is powered by the team at Netskope. Fast and easy to use the Netskope platform provides optimized access and zero trust security for people, devices, and data anywhere they go. Helping customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, or private application activity. To learn more about how Netskope helps customers be ready for anything on their SASE journey, visit N-E-T-S-K-O-P-E dot com.
Speaker 5: Thank you for listening to Security Visionaries. Please take a moment to rate and review the show and share it with someone you know who might enjoy it. Stay tuned for episodes releasing every other week and we'll see you in the next one.