EP 3: The Shift to "The Cloud" in 2020 w/ Sue Bergamo

ABOUT THIS EPISODE

Sue Bergamo, Chief Information Officer and Chief Security Officer at Episerver joins show host, Claudine Bianchi, to discuss the role of the CIO/CISO in a COVID-riddled operations environment, securing your business and not just relying on the inherent security of cloud services, impactful trends and some candid looks at what her C-Suite peers should do to invite a stronger partnership with IT to everyone’s benefit company wide.

Sue represents not only the strength and stature of women in tech today, but personifies the emergence of C-level IT leaders from “geeks behind the scenes” to business strategists and influencers at the table.

Whether you were ahead of the pack with a fully fleshed out business continuity plan or are still playing catch up, this interview will leave you armed with valuable IT and marketing leadership insights.

We talked about many insightful topics this episode: Why cloud adoption still means securing your own environment, how CIOs and CISOs can successfully collaborate with the rest of the C-suite, challenges for women in the CIO space, Industry trends surrounding IoT and machine learning, and business continuity planning- Are you playing catch up? 

To hear this interview and many more like it, subscribe to the Unleash IT Podcast on Apple Podcasts, on Spotify, or on our website.

Companies that are in growth mode and are serious about the growth include it in the process. Welcome to unleash it, a podcast where we discuss the experiences and ideas behind what's working in enterprise architecture and digital transformation within the IT landscape. Unlock Your Business has digital capabilities. Transform your enterprise architecture. Unleash it. Let's get into the show. Hello, it's clouding, Bianki Cmo at Lena X, and I'd like to welcome you to this episode of unleash it. Today I have a very special guest. Her name is supergamo. We've known each other for a number of years. She's currently the chief information and chief security officer at epy server. So welcome to the show. Thank you, it's good to see you again. Yeah, it's great seeing you. You fantastic in the middle of a pandemic and the middle of the pandemic, we're all doing well. We're both remote. I can see you're working from home on it by Summer House up here and made so, but it is a virtual lifestyle that we live these days. It isn't actually it's it's kind of Nice to figure out how to get comfortable working remotely. You know, and I hope that's the one thing that this pandemic will do for companies, is to show them that people can be productive while working from home. Yeah, I hope so too. It was m enjoying it for one. But before we get there, because I'd love to get your experiences when we did go through this covid from a CIO perspective of what you had to go through, but when you give us a little bit about your background first, how did you end up in it to begin with? Actually, it's a flute, believe it or not. I went to art school. I wanted to be an illustrator and a painter, and then I switched over to graphic design because computers were prevalent at that point and at some point I realized that I needed to make money to live, so I went to computer school and the rest was history. So, from an overall perspective, as a female and...

...technology working in a male dominated world, I just kept raising my hand and I remember way back when, I won't tell you how many years ago, people used to time, you need to pick an expertise, you know, be a DBA, be a developer, you know, whatever it was, and and I said no, I don't want to have one thing to do. I want to learn all that I can because I think I want to go into management. I mean I was a, you know, young kid in my s and I just kept raising my hand and I just kept going back to school that whole bunch of degrees and learned as much as I could and here I am. So I've over the years, I think I've pretty much done just about everything. And I take yeah, and you've been an advisor to a lot of fellowsy I has. When, especially when you were at Microsoft, certainly that was a great exposure for you to get to see a lot of different companies, a lot of DIF from CIO perspectives, that that had been riching for your own career too. It really was. So, you know, kind of twofold. Ask Cio and see. So I do a lot of tech advisory to start ups. I like that work. It keeps me not only plugged into the industry and where some of the vendors are going, but I also have the ability to lend my experience and help them, you know, to craft their product. And then, you know, at Microsoft they hired me specifically because I was a cio. So I could speak CIO to other CIOS. That worked out very well for them. So I had some great clients. It's a matter of fact I still talk to a lot of my clients from my Microsoft days. There's just a really good learning experience, really good learning experience. So certainly you've seen a number of trends over the past ten years in it which have been the some of the most more significant ones that you've witnessed? That's a great question. I'm going to answer you a little differently. So it is really we do a lot of the same things but we call it something different. From a marketing standpoint you would approchiate right, but we really do a lot of I think...

...the biggest trend that I have seen is Iot and machine learning, you know, the advanced languages, as I'll call them. I think that has been a rock star trend that has just taken off and is going to continue to take off as time goes on. So I'm really excited about those technologies, where they've come, how strong and they've gotten and what companies are doing with them and the innovative products that are coming out in in literally every every industry. It's just amazing. So you've been through a lot. You've actually, I believe I've done some migrations to the cloud, going from an on Prim to cloud world. And since you're also a se so besides being a Cioh I have to ask what were some of the security challenges that you've seen in the shift from on Prem to cloud? Is a cloud more secure, in your opinion, or less secure? It's just as secure. So I have to share this because this is one of my proud moments in life. So, while at Microsoft, in addition to being cio and see so, I'm a level three cloud architect. I certified. It was tough, but I did it. Yeah, no, it's amazing. Right. And all I did the group that I was in at Microsoft was move customers to the cloud. So here's my advice and recommendation for any company. I spend a lot of time with customers, even today, right. I enjoy that. I learn a lot. I get to learn from them and I get to talk about my really secure, solid program it's terrific. But customers still, to this day, even though the cloud has been prevalent out there for many, many years, still believe that they don't have to secure their pieces of it that if you go to a cloud vendor, everything's all set, and I do a lot of education around you have to still make sure that your own environment is secure. Yes, you know your cloud vendor, either you know, public or private, is going half security in place. Your application vendors going to have a good, solid foundation of security, but if you put...

...anything on top of that, you still have to secure it, if it's through access control or device security or your own network like. You can't not do those things, and that's the one piece that I find amazing in this day and ages that I educate clients all the time on. You still have to be secure. And if I cannot take it one step farther, a lot of customers, if they're dealing with you know, I'm all about data privacy, right, and we're global company, PCI. If you're doing any kind of credit card information, customers have to certify in pcidss, for for credit cards, even though their credit card like they may have a striper shopify that you know are certified and peace that they still have to certify and PCI think there are different levels of definition hip up same thing. Right. You still have to have compliance toward those regulations. And those certifications if you're dealing with any kind of confidential private data or credit card data, sure or like GDP, are, of course, in Europe as it now. You've ren global organizations the most part. What are some of the challenges for Cioh that has to worry about globalization, that has to worry about a possible despair it, you know, units all working together under one umbrella. How does that happen or what some of the challenges there? So I'm going to I'll say this ingest. I'm in a funny mood today. But Marketing, the count writing it, we always know are we're we're the worst cases of shadowy. That that any other organization. No, I adore our CMO and you know we have a great relationship, but marketing needs to help run a business right. Right in these data privacy regulations are just the death of all of us really. So there's a balance and you know I love gdpr. I spend a lot of my time on it. So opting in and opting out right. We just need to make sure that you know, we are giving the guidance to marketing to make sure that data is consented before you collect it.

Then we need are. I'm going to get a little granule on your then we need to understand how to mas get where it's stored and in the event that a subject access request comes in, they all have rights to forget them or delete their data. We have to make sure that we have the mechanisms to do that. And that goes through the entire company, from weeds to opportunities to employee data, you know, right through the product. So that's our challenge. Yeah, had everyone's challenge, but so ilways think that, you know, the past decade was the decade of the the CMO. You know, I think that game before was the decade of the CEO and I think that as we move into the two these it's going to be the decade of the CIO. And we started with this pandemic right, which put everyone all of a sudden we were moving our entire teams from in office to remote right. And who's The star of the show? And it's the CIO. Really, yeah, how did you guys cope with that sudden transition? I mean, did you do have a plan? Did you foresee any of this? You mean sending people remotely? Yes, yeah, exactly. I know there was going to be a pandemic. No, but we have a BCP. Like, in this day and age, how do you not have a BCP? So there are three types of companies out there right now. I'll go back, you know, five months ago. Those that weren't prepared, those that were semi prepared and those that were were I'm a prepared right, that's what I do for a living. So we were prepared, and so a thousand people home in a day. We did do rolling BCP tests, but as a global company, EPP has the ability. We do BCP all the time. So we have five major locations. They all have holidays, so we roll quote, roll over to another location on a holiday. Is Just what we've done and we've prepared around you know, moving operations. So it was easy. I mean we had a couple of, you know, Quirky things, a few developers and one location that didn't have laptops and we just looked at him and said, pick up your desktop, go home.

Right if you need a desk, your chair, pick it up, go home like you're going home and we're not going to take no for an answer. So that's what we did. But I really felt for and I'm trying to be empathetic to the CIOS that weren't prepared, but frankly there was no excuse. It's two thousand and twenty. If you didn't have a BCP plan, shame on you. You went packed your companies. So I do hope that the height and the fanfare that the CIO has been given this year continues because, you know, sometimes you've been pushed into the back and we're we are true business participant where we're there for the business and, as I'd like to say to folks, God forbid if we went into the data center and hit the big red switch, you'd see how important we really are. You know, the good news is now it's all cloud based and there is no red switch. It's the club providers. Yeah, we're an important part of any business. We that. Yeah, this is chief. I'm seeing too. Is Really and it brings up another question which should I'd also like to discuss with you more and more. It needs to be part of those business discussions. I mean we can't move forward with innovative technologies. As a marketer myself, I know sales can. I every line of the business really can't meet their innovation objectives without it. At the table and aligning ourselves so that we're getting the technology and the business is to meet the same positive outcomes right. That's very important. What I've seen is the shifts, and I think what's helping with this alignment is really a shift in it from project based work too much more product orientation. So I just don't stand up as Crm, I'm actually building the applications that are going to make my business more effective. Is this a trend that you've seen and, if so, how does that impact the it organization? Well, you know, I've worked for companies where it has had more business experience than the business because we tend to stay and we, you know, we do things from a start to finish. So you know, we want to be involved and we are not. You know, we we have sometimes when we're, you know, point based and need...

...to be, but we are no longer a department that should be just again was stuffed into the back room and we're not a bunch of geeks. We have a lot of business experience, we have a lot of knowledge about the company. So what I've seen over my career is that companies that are in growth mode and are serious about the growth include it in the process of, you know, defining the business strategy and then in executing the business strategy. I can give you countless examples where it was stuffed in the back room in the business just lingered and you know, I'm not going to say failed, but lingered, you know, because we are a business unit right. It's like people they laugh about shadow it will shadowy t is fine, we've all embraced it. But when done the right way, but at the right level of access, we can get more things done right and there are handoffs there, there are synergies there. We can't do it alone. We don't want to do it alone. We need our business partners to be involved with us. But together, as a team, we can get more done in the business. Can succeed from that ability to get those things done. Yeah, that's really great insight because so often we unfortunately, I said, on an executive team to you know, we forget about the it aspects of and how early we should be bringing them in on the decisions. Yeah, it goes back to so Lena X's enterprise architecture, obviously, and it or big proponents, obviously, of planning things out right, understanding what your landscape looks like taking that and planning it out. So you, being a planner, probably see that some of the benefits of that. But there's always unexpected things that happen. You have to roll with the punch and but you always had a backup plan, didn't you? The BCP that you had an installed was just part of being a smart it executive. What are some of the challenges and complexities in your roles, specifically as both the CIO AC? So do you get pulled in different directions? I mean, how do you manage both of those roles in one because I can't imagine it being easy. So I really so. I like to be really busy, which is to right. That's...

...good one days, which is really good because it keeps me really busy. No, it's actually a good compliment because security is a part of it. Right, it's a part of my bio role. So it was a perfect compliment this time. You know, in this position I just happened to carve it out into dual roles, but you know, interchangeably they go hand in hand. So under my cio hat ideal with corporate and the applications and you know, the network. Yeah, I tho see so side I do all of that, plus compliance and risk and in security. But I get into product, which is really a lot of fun for me and you know, a lot of times a cio isn't always customer or customer focus, for our internal customer, but as the see. So I get to spend a lot of time with our customers, are company customers, and I do a lot of external meetings. I spend a lot of time with customers and especially in the sales cycle, and I love it because, again, you know, I learn a lot from our customers. I can educate them, I can talk about the great work that we're doing, the you know, the top notch product that we have, how secure we are. You know, like these are just it's terrific conversations every time you can have one. So I wouldn't change that for the world. And you know, at the end of the day it's a balance, you know, you need to make sure that you're working on the right things. I tend to get very busy at the end of the month or the end of the quarter with, you know, the sale cycle. I spend a lot of time withers at that point and you know it. You know, people expect it to work right. So, as I like to say, if I'm doing my job correctly, my hair is not on fire, I'm not running around. Is kind of mundane. Right. Should be routine and that's the way it should be. A good cio isn't running around with their hair on fire, just like a good see so is not running around because they're getting breached every other month. So when you have a good program in place, things are relatively easy. I that they're not complicated with their relatively I'm sure they're very, very complicated.

What are some of the hurdles, though, that you might be facing right now? Technology is changing so quickly. We do have this ai and machine learning that we should be taking advantage of. But what are some the hurdles that you find? Is, do we have the right skills and are existing organizations to handle this? You do we have the right people in place? Do we have the right resources, and what were some things that you're running into? What's an interesting question. I think any organization can find talent or grow talent organically. You know, like some of the advanced technologies. We use them in our product, you know, and not that we don't have people that have that skill, but we also have a huge partner network. So you know you can find skill. It doesn't always have to be within your own four walls. You know, skill to me isn't talent, isn't the challenge. For me it's more regulation, believe it or not, keeping up with a constant, constant introduction of new compliance regulations. You know, it's not something that that you can't do, but it takes a lot of time and you know, like even in the United States, fifty states are now looking at their own data privacy loss. Like, why couldn't we just pick one? So I'll let you in on my secret formula, because I would make myself crazy or my hair would go straight. I saw for the toughest regulation and that's gdpr right now, and everything else is falling underneath it. But I keep watched because at some point Ma Gdpr may be taken over by something else and then I will solve for that next highest reg and it's working for me. It's been working for over three years now. That's my secret sauce. I'm going to stay with it, but you can't solve for every single regulation. It just did. It's not going to work. So pick the strongest, most stringent one and go from there. Yeah, I want to just the go off course. I'll a little bit because you're one of the few women I've interviewed in the cereal world. I'm looking for more. If you're listening, I can do if you what what are some specific challenges and in your career that you've had a face the the sometimes probably the...

...only woman at the table in a technical, a traditionally male dominated space. You're going to get me in trouble here. Okay, so the men that I work with our terrific, right, they really are terrific, but behind the scenes there are a lot of guys that don't have a lot of selfconfidence. Yeah, they need to be and I wish I could teach them, and I can, you know, slowly but surely, but they need to hear the affirmation. They need to be the loudest voice in the crowd, you know, they need to be the smartest, you know, bulb out there and you know, and it's that's been my biggest frustration in tech is, and I say this to every woman, you can't control what you can't control. So know your know your trade and when you speak, know what you're speaking about. Like, don't make it up. You don't need to be a guy, be a girl, but know your stuff and you will get respect when you do know what you're talking about. And again, it's my sacred sauce. Somebody doesn't like it too bad, and it's worked. Be Strong, up skin in this in this industry, absolutely absolutely, and ready to yeah, a peg. Well, whenever you get to a certain level. It's true. Right, yeah, you have to get the tough skin on and make decisions based on the business and not take it personally. Don't take it personally, but be strong, be respectable, try to be kind as much as you can, and you know that's I don't know what else to tell people. I mean, don't give up. You know, I wish more women would come into tech, into the leadership ranks. It's a great place to be. It's hard to get there for anyone, but you know, it's doable. It's doable and I think right now, in this this day and age where there's so many movements and, you know, so many people being recognized and appreciated, it's okay to raise your hand and say I haven't been recognized, why and get feedback. Right, am I...

...doing something wrong? Can you shift me in a different direction, but be open and be honest, be very transparent. I think that's what we'll get you somewhere. You know, I look at people that you know, they ram people over. They you know, they run over them with steam train to, you know, get themselves to the top. You know what my feeling is, have at it right like if you need to play that kind of game to get ahead. I need to like myself in the person I see mirror every day. I don't need to take people down for that. What kind of advice would you give to someone who is just promoted or moving into a CIO role? What advice would you give this person at first time CIO? I think the best advice I could give a new CIO is don't lead with the shiny new toy. So it's fun. Technology is fun. We all love it. We've made a career on it. But listen to root cause. Your Business is trying to explain what the problem is, and sometimes it's people, sometimes it's process. The shiny new toy will always follow, more that often than not. But don't lead with the toy because you may get yourself caught short. Listen to what the business has to say and I'll take you far great thanks so much for joining us today. So thank you, and that's the end of today's episode. Thanks for joining us. You've been listening to unleash. I T to ensure that you never miss an episode. Subscribe to the show in your favorite podcast player. If you'd like to learn more about enterprise architecture and tools to help unleash your businesses digital capabilities, visit lean ix dotnet. Thank you so much for listening. Until next time,.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (24)