CISO to CIO: Personal Vision, Legacy, and How to Leave a Positive Impact as the Top IT Leader


My guest this week is Riz Jan, the Vice President, Chief Information Officer at The Henry M. Jackson Foundation (HJF) For the Advancement of Military Medicine.

Riz is a dynamic technology and security executive leading an extensive strategic digital transformation to simplify and modernize the technology architecture within HJF.

In this interview, Riz and I focus on what it takes to be a great IT leader and the crucial investments you need to make in yourself.

What I love about Riz’s leadership philosophy that stems from his immigrant background is his no fear approach in taking risks. Listen to this episode to learn more about the role of legacy and making a positive impact as an IT leader.

What you will learn from this is:

  • The impact of fearlessness and stepping into the edge of your comfort zone in Riz’s ascendance from CISO to CIO
  • Ongoing learning and resilience as a leader
  • The role of having a vision of what your personal legacy will be and the imprint you will leave on people when you die.
  • The power of Networking
  • The incredible role of mentors and surrounding yourself with great people
  • How application security can be your gateway to understanding the business and delivering tremendous value to it
  • How to work for strong leaders like 2 star generals
  • Important leadership skills like empathy, ‘water cooler’ and EQ skills
  • Stress management

Here are some other points of interest you will like from:

  • What Riz learned as an immigrant and what formed him as a human being and as a leader.
  • Why is it important to have “no fear” and taking risks as a leader?
  • The importance of networking “the hell out of everyone” he learned in college @13:35
  • The ongoing learning: why you should be curious to learn about other people? @14:15
  • How being on application side of the house helped Riz learn and engage with “the business portion” of his organization @ 19:05
  • Why IT Leaders need to break out of the bubble of being an IT guru and engage with organization’s stakeholders and educate them on security @19:45
  • Ways application security helped Riz engage with the business:
    • How to build a product solution for the business?
    • What is the business trying to accomplish?
    • What are you doing with the collected data and what do you want to get out of it?
    • What is your end goal result?
    • How are you going to improve the business by specific application or tool?
  • Riz’s take on the mentors that “raised” him and why continuous mentor – mentee relationship is extremely important @ 22:20
  • Learn about Riz’s “Water cooler approach” to leadership @23:40
  • What does it take to be an IT leader under a two-star general? @27:58
  • Great advice from a two-star general on reporting about an issue: “I want to know 30% of why it happened and 70% of why it won’t happen” @29:10
  • How do you focus and deliver for a demanding leader? @31:55
  • Why a Project Manager is “key to everything” when interacting with the business and what it takes to have a successful PM to implement a culture change@ 33:05
  • What Riz loves about the job and why he takes the time to re-invest and re-invigorate his team members @34:55
  • Retaining your IT talent with empathy, soft skills, and EQ skills @37:13
  • Leadership stress management : lifting, running, meditation, and Insight Timer App
  • How to move IT security at the pace of your Business: IT Security has to be “baked” into the business @45:30
  • How to leave a legacy as an IT Leader: “Do something you really, really like and kickass in it at the end of the day.”@47:15 

About Riz Jan

Rizwan A. Jan, CISSP, PCIP, CTPRP, is the Vice President, Chief Information Officer at The Henry M. Jackson Foundation (HJF) For the Advancement of Military Medicine.

Jan is a dynamic technology and security executive leading an extensive strategic digital transformation to simplify and modernize the technology architecture within HJF. He has developed an IT roadmap with a healthy investment strategy focusing on technology issues such as governance and policy, resource allocation, information technology protocols, and HJF’s technology organization.

Jan has held several leadership roles in the healthcare industry and has spent close to two decades in the planning, development, delivery and monitoring of technical solutions that address the needs of Fortune 500 companies and not-for-profit organizations. Most recently, as the Chief Information Security Officer for HJF, Jan erected a robust Global Information Security Office to protect HJF’s information according to Federal cybersecurity regulations. The office ensures the stability and security of HJF’s information assets and infrastructure.

Jan takes an active role in providing his professional perspective to industry challenges in community forums such as Gartner, a research and advisory company, (ISC)², an international nonprofit association for leading information security leaders and Information Systems Audit and Control Association (ISACA) CSX Working Group. He also serves on the Enterprise Mobility Advisory Board.

Jan is a thought leader whose insight and knowledge are featured in industry media outlets and speaking engagements. Sync-Magazine highlighted Jan for his leadership in building strategic relationships that create a culture that fuels ownership, accountability, responsiveness and innovation.

Read Full Transcript

Bill: 00:03 Okay. Riz, I want to welcome you to the show today.
Riz: 00:07 Thank you, Bill, for having me. I sincerely appreciate it. Happy to be here.
Bill: 00:11 Well, I tell you what. I've been really looking forward to this because you have just recently been named the CIO of HJF.
Riz: 00:21 That's correct.
Bill: 00:22 Okay. What does HJF stand for?
Riz: 00:23 Henry M. Jackson Foundation.
Bill: 00:25 Henry M. Jack- What is the Henry M. Jackson Foundation?
Riz: 00:29 What we do is we do military research for the U.S. Military. Medical research for the U.S. Military all around the world, so anything from clinical trials to infectious diseases, that type of work. We're in the healthcare in DOD sector.
Bill: 00:46 Okay. Would you consider it a private company then or-
Riz: 00:48 It's a nonprofit.
Bill: 00:48 Nonprofit, okay.
Riz: 00:50 Yup. We are fully funded by the government. We are congressionally authorized to do the task that we have been tasked to do.
Bill: 00:59 Okay. How many employees are in the company?
Riz: 01:02 We're about 2,600 employees. If you take our international operations into account with contingent workers, we're about 4,000 employees.
Bill: 01:13 The goal is to take new research that was applied on the military side and bring it to the civilian side?
Riz: 01:23 Correct. That's the thing. Anything that we find, right? What we do is, for an example HIV research. If we do find a cure for that, that would trickle to the military and then eventually trickle down to the civilian population. Anything we're trying to solve out in the military space will always go down and bleed down to the civilian population.
Bill: 01:45 That's interesting. That's a big mission. I mean, potentially you can benefit billions of people just by some of the breakthroughs on them. I mean, there's a lot of breakthroughs that have happened on the military side.
Riz: 01:57 Oh, absolutely.
Bill: 01:57 I think I saw a slide deck recently of all the components that make up an iPhone in 2007. Let's say there is 20 components. A large chunk of those components from the GPS systems and such came out of the military.
Riz: 02:12 Absolutely. That's it. That's it.
Bill: 02:14 That's interesting. Interesting. Did you ever… Right now you're the CIO but you weren't the CIO prior. You are more in the security side of defense, right?
Riz: 02:26 That is right. I was the chief information security officer for HAF for the last two years and came into the CI role within the last three week, so I am brand spanking new to this world.
Bill: 02:38 Yeah, this is great. We're having a lot of fun with this story.
Now this doesn't happen often that I've seen at least the CISO takes on the CI role but I know it's hotly contested for this and you won, which is great. Let's talk a little bit about your trajectory there and talk about the backstory and then we'll bring it forward to-
Riz: 03:06 Sure.
Bill: 03:08 I want to give people, our listeners, a chance to see what it is like and what's possible. I think part of this is what's possible, and what you can do and what your goals are for your career.
Where's your family originally from?
Riz: 03:26 Pakistan.
Bill: 03:27 Pakistan.
Riz: 03:27 Yes.
Bill: 03:27 So, your dad came over? You were born in Pakistan?
Riz: 03:31 I was born in Pakistan, my sister was born in Pakistan, and my brother. I was four… We're all two years apart. I was four when I came here, my sister was two, and my brother was about six months when we came to the States.
Bill: 03:43 All right, six months. Into the New York City?
Riz: 03:46 New York City. That's it. My father was in the finance sector, worked for the National Bank of Pakistan. He was transferred out here. He actually had two options; it was either we could have landed in Frankfurt, Germany or New York. We landed in New York and we came here in 1981.
Bill: 04:04 1981. Why did he leave? Just because of the opportunity in finance outside of Pakistan?
Riz: 04:12 It was a two-prong approach; one, his career and then part two was just a better life for his family.
Bill: 04:19 Okay.
Riz: 04:20 To go to the land of opportunity.
Bill: 04:23 Interesting. You came in here at four?
Riz: 04:26 Correct.
Bill: 04:27 Okay. What was it like when you got here? Did you understand and speak English?
Riz: 04:34 No, I did not.
Bill: 04:37 Okay.
Riz: 04:38 That was one hurdle I had to get over. I was straight mother tongue. I speak fluent Urdu. I came in here, I did not speak English. I had some issues in school. I was not a very quick leaner so they did hold me back one grade just so I could start learning English. That was the language barrier stuff. Yeah, we are all two years apart but I'm only three years and one year ahead of my siblings in grade, in school.
Bill: 05:10 Your father, I think you shared with me, he had some health problems.
Riz: 05:16 Correct. My father has retinitis pigmentosis. It was essentially a disease where your vision goes so my father was completely blind by the age of 38. He stopped working. He is blind now and still can't work. I mean, he did work through his blindness but now he's in retirement and so he's not working.
Bill: 05:39 My grandfather came over from Ireland, who I knew very well, and started here in Boston. It was not a friendly place to land in Boston as an Irish. I heard the stories. I saw where they grew up in the house and my father, really, I guess first generation. I'm not an immigrant but that mentality, it must have had a big impact coming here.
Looking back, what do you feel is some of the things you learned by coming here for?
Riz: 06:16 Oh sure. No excuses, that's what I learned. This goes through to both my parents. We just touched upon my father is blind. My mom, she did not come from a background of education. You're coming from a country where education is not across the board. I mean, they will not pump education to women.
I remember coming… We lived in a two-bedroom Staten Island apartment and it was not just the five of us either. My dad's sister moved in with her two daughters after she had gotten a divorce so it was eight of us. I mean, truly immigrant story, eight of us in two-bedroom apartment.
I remember my mom working at Dunkin Donuts third shift would not see her and then when she'd come home my dad is getting up and she's now driving him to the train station because he can't drive to go to work.
Seeing that…
Bill: 07:13 The drive.
Riz: 07:14 The drive, you just scratch and claw.
Fast forward 40 years later, 36 years later, where we are, where I am right now. My brother and sister are very successful as well. My sister works for the DOD and my brother is an entrepreneur. He has his own real estate business. My parents are happily retired in a nice gated community living their dreams.
It all goes down to just keep fighting. It truly is, I really sincerely believe this in my heart that you come to the U.S., you could do whatever you want.
Bill: 07:50 I think we lose sight of that, but immigrants have not lost sight of that. It's a really… What's interesting too is that you've experienced basically having nothing and so in some respect there is very little to fear because you experienced nothing.
Riz: 08:13 Yeah.
Bill: 08:14 From a risk point of view, there's nothing to lose because you already experienced the worst-
Riz: 08:18 Absolutely.
Bill: 08:20 case other than being homeless maybe. Still, for a lot of people they can't imagine being in a two-bedroom apartment with essentially very little amenities around you.
Riz: 08:29 Sure.
Bill: 08:30 From a risk point of view… and I covered this in the last CIO group we had. I asked people how many of you have actually taken… when was the last significant risk you've taken career wise or are we turtling or covering our assets? I wonder if that comes into play with risk taking with you. Have you ever thought of them from that angle?
Riz: 08:59 Interesting point that you bring that up, but yeah. I mean, definitely you have no fear. At the end of the day my mentality is if I screw something up… we're not doing brain surgery here; I could always redo it. You learn from it. You learn from your mistakes. You got to make mistakes to learn, and that's how you're going to get better.
Bill: 09:20 That's great. I think part of what you and I talked about, these early experiences that you had and then you went on to college. Did you go to college? You went to college in Maryland, right?
Riz: 09:32 I did. I did.
Bill: 09:32 Okay.
Riz: 09:32 I went to Frostburg State University. It's a little small school in western Maryland.
Bill: 09:37 The top of the mountain, right?
Riz: 09:38 That's it. Nothing there. Nothing there.
Bill: 09:43 Was there anything significant after the high school years in college that you took away? When did you start, from a leadership point of view, start to formulate your own ideas about how you wanted to be in the world from a business point of view?
Riz: 10:01 I think definitely in college when… Coming, again being an immigrant, you're watching those movies Growing Up, Animal House, and all that stuff and you're saying, "Oh my God, this is cool. I want to go to college, I want to join a fraternity."
I did. I joined a fraternity in college and that's what… It wasn't always drinking and having fun and running around acting like an idiot. It was really what my specific fraternity did was they instilled a network with everybody.
Bill: 10:30 Okay.
Riz: 10:31 Network the hell out of everyone because you're never going to know who you're going to interact with or talk to.
That's what I did. Made as many friends as I possibly could and try to learn from those friends and vice versa. They could probably learn from my story and that's it. Human network. That's where it gets you where you want to go in life. I truly believe that.
Bill: 10:53 The networking piece… It's interesting you brought that up because that's something now from a DNA perspective. You're like you always have the gear for being open to meeting.
Riz: 11:03 Always.
Bill: 11:04 Okay.
Riz: 11:04 Always. Not only that, I'm truly interested in learning about the other person. What's their background? What makes them tick? Again, I'm always constantly in the learning phase. I want to see what their stories and what they could bring to the table where I could actually learn something in catalog, something from their life to improve my abilities at the end of the day.
Bill: 11:29 It's interesting you bring that because a lot of the guys that, I know a lot, but I have a significant, maybe 20% of the folks that come to my CIO Innovation lunches are ones that I know in the audience. They are looking for a new job either because it's time for them to move on and then they start reaching out and try to build… reaching out. Sometimes I'm thinking that they're welcome to come but I think it's harder to dig a well last minute.
Riz: 12:03 Sure.
Bill: 12:03 It's almost like the well should be constantly fresh with relationships and reaching out. It should be a part of an ongoing process, so it's interesting that you brought that up.
Riz: 12:14 Yup.
Bill: 12:17 Did you always want to be in the security?
Riz: 12:22 I fell into security.
Bill: 12:24 Fell into security.
Riz: 12:24 Yeah, I fell into security. I did graduate with a finance degree and that was partly from my father. Typical kid, like everybody else; going to college, going to school, don't know what you want to do in life. Got out, hated it. I ended up hating it. I went to Ocean City for a year. Basically didn't [crosstalk 00:12:45].
Bill: 12:24 You cannot hate Ocean City.
Riz: 12:45 Yeah, you can't hate Ocean City. Worked at Home Depot on Saturdays just so I could have enough money scrounged by for the week and just hang around there. No goals. Nothing in life at that point. I'm a 21-year-old kid.
About 12 months goes by and my father called. He was like, "Riz, it's time to get home. Get your head straight."
I came home and my uncle who works for [Rizon 00:13:15] still to this date in IT, he said, "Riz, why don't you just go into IT?" This is when Y2K was really big, everyone's transitioning from NT to Windows 2000. I set up a little lab in my basement and started to tinker around, set up networks and got my MCSE at that time. The big day. MCSE was a big, big deal, right?
Bill: 13:38 Right. It was a big deal.
Riz: 13:42 Memorize those questions, go in and bang out that test in three minutes. Those were those exams. Paper MCSE at that point. Then I got really, really lucky HP actually called.
Bill: 13:56 Oh wow.
Riz: 13:56 They were doing a huge project here in the State of Maryland to redo the entire infrastructure for the motor vehicle department and redo their licensing and stuff. I was part of that. I helped them build out their helpdesk processes. The entire MVA, I helped them build that.
That was my first little leadership project that was given to me. That really, really helped-
Bill: 14:21 That was with HP?
Riz: 14:22 Correct.
Bill: 14:22 Wow.
Riz: 14:23 That's where, like any other IT guy, I started off at the helpdesk with HP. Two years later HP ended up buying out Compaq. Remember Compaq?
Bill: 14:34 Yeah, Compaq.
Riz: 14:34 They're like, "Hey Riz, you're 22 years old we don't need you anymore." They laid me off. I ended up moving up to Connecticut and got a job at AIG as desktop support. Normal career, right?
Bill: 14:34 Right.
Riz: 14:49 Helpdesk, desktop support. Then my buddy was working at Aetna at the time. He was like, "Riz, why don't you hop on over here at the desktop support?" I hopped over to desktop support, a year there, and then the security operations position opened up.
Bill: 15:06 Okay. This is really [crosstalk 00:15:08].
Riz: 15:08 This is very, very… I mean, this is 2007 when things are picking up. I fell in there, and it was like Mickey Mouse security at that point. I'm just hardening service at this point, disabling services that should not be running, that type of stuff. That's how I fell into security. That was the beginning stages of security. From there, I started to spider out. I got into a little bit of applications security and started learning really the STLC process and the waterfall approach to now Agile.
That helped me tremendously because even when you're on the application side of the house that gives you visibility into the business and you started learning the business portion of it.
Bill: 15:56 Of course you have to… I mean, security on the application side is a challenge because they wanted to develop fast and put code out there. You're sitting there wanting to secure it as fast as possible but there's like a healthy friction that's always happening.
Riz: 16:12 Yes, so that was really eye opening for me.
Bill: 16:17 In what way?
Riz: 16:18 In a way of starting to learn the business. You're in your own little bubble when you're on the helpdesk and desktop. You're just an IT guru trying to get that stuff done. You're not really learning about why, why are you there. Your initial thought is I'm just here to support, but you're never thinking about what are you supporting and why are you supporting this and what's the mission.
That's what started to really get me going was the application security side of the house because you start to engage in the business stakeholders at that point as well to start educating them on security.
Bill: 17:04 In what way did applications security helped you engage with the business? What were the triggers that you felt at the end of the day that you were actually meeting with the business? Was it problem resolution? Was it just understanding the application and how they wanted to deploy it and in the process you learn about… How did that lead to learning about the business?
Riz: 17:28 It was more of the product solution of how to build it for them and what they're trying to accomplish. What are you doing with this data? What is your end goal result and how are you going to improve the business by this specific application whatever it may be.
That's what started to engage me to grab business requirements, what you're doing with your data, what do you want to get out of your data, that type of stuff.
Bill: 18:03 Okay. Wow, so that was the big inflection point.
Riz: 18:06 It really is.
Bill: 18:06 That was with the insurance company.
Riz: 18:08 Correct. That was with Aetna at that time. Then from there… Aetna really raised me in the security world house because then I started jumping all over security. From applications security to third party risk all the way to PCI.
I did PCI and then mergers and acquisitions as well where you're really looking at the security controls of other entities we may be acquiring or merging with so we could just bring them into our environment in a streamline approach-
Bill: 18:38 [crosstalk 00:18:38] due diligence.
Riz: 18:38 Correct. Correct. I kind of touched everywhere in security. From there, I jumped over to Booz Allen where I led their entire incident response provision there.
Bill: 18:52 You led that for Booz Allen or for the customers?
Riz: 18:55 For our commercial customers.
Bill: 18:56 Okay.
Riz: 18:57 We were more of a retainer rate. A bunch of our clients out there if…
Bill: 19:03 Forensic or something.
Riz: 19:04 Forensics all the way to tabletop exercises to even remediation of potential breaches that may have occurred.
Bill: 19:12 Was it helpful to have that consulting… to have a dose of consulting [crosstalk 00:19:18]?
Riz: 19:18 Absolutely. Me personally? I personally don't like consulting because that was a lesson learned for me and we can get into that a little bit, but yes it tremendously helped me because it taught me to talk not so technically to the business stakeholders and to really engage various businesses and what they're doing, what they're struggling with. It gave me a good landscape, a holistic landscape of the various entities out there, their pain points and really helped saying, "Okay, we're not the only ones struggling with this." Everyone is struggling with security and those dynamics out there.
Bill: 20:03 Where did you learn to ask the best questions?
Riz: 20:07 I would say my mentors.
Bill: 20:07 Mentors.
Riz: 20:09 Mentors, yes because they're the ones who "raised me" and put those pieces of thoughts in my head of what to ask and what not to ask. Again, I'll lean back on the application security side because those are the questions, the probing questions, you're asking and that snowballed. To that point, I was mentored when I got into application security side house and those were the questions peppered to me; this is what you should be asking or this is what you should be looking for.
You start standing up on your two feet and then really start going really fine grain into why and the specifics.
Bill: 20:51 Was it the business analysts that were coaching you or the CISO at Aetna? Who was the actual mentor? Or someone outside?
Riz: 20:57 It was just a peer of mine who's been in the game a lot longer than me. My mentor… It's funny that my mentor actually works for me now. I brought him over from Aetna. He is 20 years on me.
Bill: 20:57 He's in Connecticut, right?
Riz: 21:14 He is in Connecticut.
Bill: 21:16 Oh, I met him at [crosstalk 00:21:16].
Riz: 21:18 Yes, yes, yes.
Bill: 21:18 That's where I met him.
Riz: 21:18 Yes, yes.
Bill: 21:19 Okay, okay. Yes, smart guy.
Riz: 21:20 Yeah. The brilliant, brilliant guy. Him, and then I had another mentor probably the same age as me.
I was very blessed and lucky because they proactively reached out to me and said, "Hey Riz, I see something you could do better." That's where I started to learn, okay the mentor and mentee relationship is extremely important and valuable. How these guys did it, they actually proactively reached out to me. I carry that with me.
I make it a point when I go to work every day I do drop by, every day in the morning. Now I have a rather large organization. We're actually on two floors where I am, but I will go to both floors in the morning, stop by and say "good morning, everybody" and see what the water cooler talk is.
Bill: 22:15 Yeah.
Riz: 22:15 This is their time to vent to me because that's really … I don't have much time. I'm out of the water with meetings all day long, but I want to give them that time. It's just casual conversation; what's on your mind, where can I help. That type of stuff.
I think that goes a long way because I really pride myself to have a peer-to-peer. That's how I look at my staff, it's hey you're not working for me guys. You're my advisors, advise me. We'll make the best decision possible. It's a collaborative effort, but tell me because I don't know what's going on, on the frontlines. You guys know. I'm never going to act like I know everything so you guys are the subject matter experts. Tell me. My job here is to remove barriers from you to empower you to make decisions and get the job done.
Bill: 23:07 Do you know Team of Rivals? The book written by… I forgot the name of the author but it's about Abraham Lincoln.
Riz: 23:14 Yeah, and his cabinet right?
Bill: 23:15 And his cabinet.
Riz: 23:15 Yeah.
Bill: 23:17 The interesting thing, he went directly… He wasn't trusting his generals to give him good feedback on the troops so he literally went into the frontlines himself to get the feedback. It's an interesting approach not being afraid to go right down to the front and get your own feedback.
Riz: 23:43 Right.
Bill: 23:45 It's an interesting approach that you have a kind of … meandering about for a period of time just to make yourself available.
Riz: 23:53 Yeah. Absolutely. I think it establishes trust at that level as well. They don't look at, "Hey, the big angry boss is coming down here." I think that mindset, it makes you more approachable and they'll open up to you a lot faster.
Bill: 24:10 Interesting. Well, you've just been written up in a magazine article which I'll put a link to on the blog for the people listening. It talked about your real strength with working with people. I know that's your passion.
Riz: 24:25 Yes.
Bill: 24:25 Maybe we can jump off of this. Did you… Are you just leaning into your strengths or did someone tell you that you got to develop these strengths? Because normally you wouldn't think them from the CISO side of defense. I'm just watching people [inaudible 00:24:41] usually are left brain. They're more… the gear is more, they're into more the tech part.
Riz: 24:49 Sure.
Bill: 24:50 They're trying to build out the softer skills but it seems like you have a real balance between both.
Riz: 24:57 Yeah. I mean, I was very lucky. To climb up the ladders and actually get your hands dirty and do it and then start falling into the business side of the house to learn what your stakeholders, what your peers need, and how business actually functions. It really jelled the two together for me.
I'm not your typical CIO that comes in there just talking business. You get those whispers on the lower level, "Oh this guy doesn't know what I do. He doesn't care what I do."
I think it's really important to be well rounded. You should be able to connect with your people but then you should be able to connect to the people externally to your organization like the business folks; that they're not going to know the tacky language.
Bill: 25:45 You have a leader in your organization. The CEO is the general, right?
Riz: 25:51 Correct. He's a two-star general.
Bill: 25:53 I mean, he didn't even take a gap between being a general and [inaudible 00:25:56] into the private sector, right?
Riz: 25:59 No.
Bill: 26:00 He's right off… He came right out of the desert [crosstalk 00:26:02].
Riz: 26:03 That's it. That's it. He was in the army for 30 years. Retired on a Friday and started with our organization on Monday. I mean, he had a weekend to think about what he was jumping into.
Bill: 26:17 What does it take to be a leader for a general? I'm assuming when you're in battle, your direct reports operated in a certain way.
Riz: 26:29 Yes.
Bill: 26:30 I'm assuming that the general with surround themselves with people that operate in a certain way. What did you need to adjust or change? What does it take to be a leader for someone like that?
Riz: 26:44 Full transparency. It's not easy, but I think with the leader like that you better have thick skin, be persistent and be… and I'm still learning this, is be really concise and clear with your message because-
Bill: 27:00 It's a great thing.
Riz: 27:02 when … My experience so far is when generals are coming on, especially two-star generals and up, they have a whole crew around them. They're having information fed into them as they're walking down the hallway of the purpose of the meeting, what the content of the meeting is, that type of stuff.
That, coupled with… what I really had to do was to even more so bring down the technical jargon to extremely layman's terms with him, not only him but the entire executive staff, of what we're trying to accomplish, why we're trying to accomplish it.
With generals, I think they have a tendency to … they want to know. They want to know why and how and what's it going to take to ride the ship. What he usually tells me, and this is actually really good advice of what he's telling me, is 30% of why it happened, give me 70% of why it won't happen again.
Bill: 28:13 So then, 30% of why it happened, but give me 70% of why it won't happen.
Riz: 28:18 Yes. I thought about that for a while and I'm like, "Huh?" It's interesting but it makes sense. Why dwell on something? Just give him… Okay, this is what happened but really let's focus on what we're going to do to improve the process. Why be stuck in the past?
That's how I'm trying to come in terms with that lingo that he provided me and I think it makes sense.
Bill: 28:43 Basically it's complete accountability for what happened, but here's how I'm going to dig it out and how we're going to make it win.
Riz: 28:48 That's it. That's it.
Bill: 28:49 That's interesting. It's like you're going to take some… Someone in his position has taken a lot of losses but he doesn't care about the losses. He does care that it's addressed but then what's the forward momentum?
Riz: 29:01 That's it. That's it.
Bill: 29:02 It's an interesting perspective because the CIO, with any other position right now, I believe takes the most losses, takes the most hits, takes the most … You got to emotionally be very, very stable because you're getting helpdesk issues all the way from the troops up through new project requirements, new applica- I mean, you're getting so many-
Riz: 29:24 That's right.
Bill: 29:25 potential losses but your ability to flip that and you're going to look at it from a 70/30 or 30/70.
Riz: 29:29 That's it. That's it.
Bill: 29:30 I mean that's a really interesting perspective.
Riz: 29:33 You know what, he actually was empathetic. He says, "Riz, listen, I get it." I mean, IT, you guys get a bad rap. When everything is working, no one says a thing; one thing stops working, I mean-
Bill: 29:48 [crosstalk 00:29:48].
Riz: 29:47 Yeah. That's it. That's it.
He does get it. I mean, he's empathetic to that but at the end of the day he just wants information. More information, the better. Just break it down to regular people talk and he's good.
That's one of the things I'm learning. Just proactively engage and just give him information. Even if you personally don't think that this is not significant information, maybe he may not need to know it, get it out there.
Bill: 30:18 Get it out there?
Riz: 30:18 Get it out there.
Bill: 30:18 Right.
Riz: 30:19 Yeah.
Bill: 30:19 Interesting. Now, do you think when he started and … Again, I'm using the general as a metaphor-
Riz: 30:31 Sure.
Bill: 30:31 Okay?
Riz: 30:32 Sure.
Bill: 30:32 The metaphor, the most demanding type of a leader because they're thinking about from a battle point of view. How did you have to approach when you were the CISO at this point-
Riz: 30:32 Correct.
Bill: 30:45 You're the acting CIO. How did you execute and what was your thought process of executing day in and day out while this guy is there and you're trying to learn his style, you have a lot of stuff to do with the 4000-person company, how did you focus? What was the thing that you… How did you settle in to actually delivering?
Riz: 31:10 I inherited an organization that never followed any standardizations whatsoever. What tremendously helped me is when I set up, any people might laugh listening to this, we did not have a project management office.
There were project span of… you get thousand projects moving but nothing crossing the finish line. When I established the PMO office that was my crutch because now I had visibility into timelines of various projects going on, I could deliver that to the business stakeholders and start building that trust. Prior to me, my predecessor… I mean, the trust with IT, the business stakeholders, our customers, there was none. They were just destroyed.
This is where your shadow IT people start popping up, "Ray, your customers are…" You start growing your ingrown IT person so…
Bill: 32:11 Because that culture was not solved. I mean, you coming in and there have been years of…
Riz: 32:16 Years. About 30 years. Thirty-
Bill: 32:19 Not a lot of real heroic IT work going on.
Riz: 32:22 That's it.
Bill: 32:22 Okay.
Riz: 32:23 We started small and I'll tell you project manager is key to everything. I mean, those guys are your interface with the business folks. They're your interface with your IT folks. They will help learn the business on your behalf so listen to them, lean on them and really empower them too.
A lot of people, I'm sure, look at project managers like these guys are bugging me. They're on a tough spot because they don't have a team. Their team is stakeholders so they're in a tough spot. There were some growing pains there as well because you start hearing from them, "Hey, no one wants to do this," "Riz, they don't want to do that for me. I've setup this."
I told them just be persistent. These guys are coming from a place where they've never experienced this before. It's an education that goes into it to changes does not happen overnight.
Not only that, you're fighting culture resistance as well when people are starting to do… We're creatures of habit, right? You wake up in the morning, you floss, brush your teeth or whatever it maybe and someone comes across and say, "Hey, we have a new way of doing that. We have a new way that you could floss your teeth, brush your teeth. Don't do that anymore." It's a culture. It's a shock to your system to start changing that way.
Bill: 33:48 So you're introducing a lot of culture shifts.
Riz: 33:51 A lot. On all fronts.
Bill: 33:52 There was nothing that you're really keeping. I mean, you're completely almost giving a reboot?
Riz: 33:57 Yeah, absolutely from the ground up. I mean, we have a digital innovations team we just recreated. Simple things the ITs and steering committees were not meeting. It was not even established. We established that to really involve the businesses and to talk to them and start building that relationship.
Bill: 34:17 What is the one thing that you get completely pumped up about the job, about the job of being the top dog in the organization? What gets you to pumped up to be in that role you're in?
Riz: 34:34 I just love when my guys come to me with a smile in their face and saying, "Hey, we just did this. We just finished this and the customer is happy." That's what makes me happy. This is to know… I get it. The customer is happy, we're all good but I'm coming from a point of view where my guys made the customer happy. I am proud.
That's what makes me happy, is the persistence and the bold moves that these guys are working. I mean, these guys scratch and claw and work hard. These guys are 24/7 on call. I mean if there's an outage or… I mean, everyone depends on these guys. It's not an easy job that the guys on the frontlines have.
That's what gets me pumped up, is investing in my folks rather be with retraining, to us talking things out to whatever it may be, to promotion, to shifting one person from what they're doing, what they've been used to to another position.
For an example, I saw one guy on my level two support. He's been there for a very long time. Sour grapes, comes in there, poor attitude. I'm like, "Hey, what's going on here?" Ruffling a little feathers among the team and pull them aside. I'm like, "What's going on?"
What happened was me started hearing their stories like, "Hey, I've been doing this for 10 years and no one knows that I'm here, no one really cares of what I'm doing so why should I care?" That mentality. Beaten up guy, right? It took a toll on him. All around, people don't want to work with him. I said, "Listen, here's an opportunity on the security side of the house. Are you interested?"
Completely different. I go, "You have zero background in security but at least you know the tools from a technical standpoint. I will pump training into you, I will surround you with good people. Are you willing to do this? Because I think you can do better."
Smile ear to ear because these guys we're never even sat down, spoken to, asking them what do you want? Where do you see your career going? If you could just invest some time in career development and really show empathetic peace in you, that you truly care about somebody, their mood changes instantly.
Bill: 37:13 So, he's been-
Riz: 37:14 He's instantly changed. Instantly changed from that conversation. I walked out, he was smiling ear to ear. I can't believe it. Someone actually heard him and sat down and took the time to talk to him.
It's the little things like that that go a really long way.
Bill: 37:29 It's interesting you bring that because one of the innovation teams… People are like, where do I find these real innovators? Where do I find these real… First of all my initial [thought about it 00:37:41] is you need to start with you. When we get beyond that ...
Riz: 37:44 Sure.
Bill: 37:44 ... let's find some people and staff that are like the Patrick's, one of the gentlemen are just, in other words, wired that way.
Well, one of the strategies I learned from singularity is you actually try to find the people that are on HR probation within your organization. Find the folks that are literally about to be escorted to the door. There's going to be a large chunk of them that should be escorted-
Riz: 38:09 Sure. Absolutely.
Bill: 38:09 but some, to your point, are just really either bored. One little conversation with them will set them in a different direction. [inaudible 00:38:19] boom there is spark or gasoline on the fire of what you're trying to do and they can put them into something that would get you into momentum. That's an interesting approach you had there. Kind of like strong EQ skills-
Riz: 38:30 That's it.
Bill: 38:31 and empathy. You've seen that work a lot.
Riz: 38:34 Yeah. Absolutely.
Bill: 38:35 That's right. What about stress management? Has that ever come into play? This is interesting. It's like you had to execute for your boss who has certain expectations and they you've got to get some wins but then everybody around is looking for you to be this stable leader. You can't be bouncing like a cat on a hot roof. How do you balance that yin-yang sort of thing? Is there something you do to help-
Riz: 39:08 Yeah. Listen, we're all human at the end of the day. It wasn't easy. I could tell you right now, I have a tendency to wear my emotions on my sleeve. In the beginning stages I was bouncing around a little bit, reacting. What I've tried to teach myself was, "all right, I got to settle down."
You cannot react instantly to try to come up with an answer within two seconds of a very challenging question. Just try to ease my mind. Really slow down my mind because my mind, me personally, my mind is always going. I'm trying to think about what's coming, what's next, so what do I have to do?
I downloaded an app, Inside Timer. That's what that app is called.
Bill: 39:55 Oh yeah, Inside timer. Yeah.
Riz: 40:01 Meditation helps and your breathing technique helps but I don't want to go full Buddha here either. I mean…
Bill: 40:09 I've been meditating for 20, 25 years.
Riz: 40:11 Yeah, it helps.
Bill: 40:13 It does help, yeah.
Riz: 40:14 Just calms you down and really helps you put things in perspective. Part two to that is I've always been a gym rat in the gym but what I changed is, I was always lifting heavy weights and all that stuff. I mean, I just started running. First time I started running in like 22 plus years.
Bill: 40:35 Really?
Riz: 40:36 Yeah, self-train. I'm training myself to run half marathon. Little things like that. I cannot tell you how great it is to run. I mean, all your mind is clear, you sleep better at night, your endorphins are going, you're feeling good about yourself.
That mental positive energy in your head is going to come out. You're now coming in to work in happier state. My team sees that I'm a lot calmer. Definitely, things like that tremendously help. Yoga. Yoga helps.
Bill: 41:14 Oh, yeah.
Riz: 41:15 Yeah.
Bill: 41:15 I know yoga is hard.
Riz: 41:17 Yoga is hard.
Bill: 41:18 Oh, my God [crosstalk 00:41:19].
Riz: 41:19 I'm sore. Yeah, it's hard.
Bill: 41:22 But I think it's good, though. [inaudible 00:41:24] talk about running. I'm a big runner myself and yoga has been great for mobility…
Riz: 41:32 Yes.
Bill: 41:32 because our hip flexors, when we're seated right now, that's actually not a great…
Riz: 41:38 It's not?
Bill: 41:39 for the hip flexor when you're a runner. Yoga does open your hips up and open your… make you be more mobile.
Riz: 41:48 Yeah, absolutely. Yeah, just stay active. It helps. It definitely does.
Bill: 41:54 Now, one interesting things about running that I've observed too is that… I did some intervals this morning over at the track and it really moves your breath that you can't think which is essentially a form of meditation because even if you are thinking it's sort of daydreaming. It's not… Many times you just focus on your breath because you're breathless.
Riz: 42:18 Right.
Bill: 42:19 It's like… You find it… You only see it when you're running but when you stop there's a calmness to it.
Riz: 42:27 Absolutely.
Bill: 42:27 That's what I've observed as well about physical activity and such but I think for the modern CIO that got to respect the body and figure out some way to release stress. I mean, I believe the CIOs are going to be the CEOs of the future…
Riz: 42:27 Right.
Bill: 42:46 because you said you get access to all the lines of business, you're lateral across the business but you've got to be able to be able to take feedback from the CEO and be all about getting the CEO what he wants…
Riz: 43:10 Right.
Bill: 43:10 but then you got to be aware of how people observe you from your team. How many folks do you have on your team? A hundred?
Riz: 43:18 About… a little bit sort of thing. A hundred, yes. You're taking onto account all of our contingent employees as well, contractors on. Yeah, we're near that number.
Bill: 43:29 Yeah.
Riz: 43:30 Yup.
Bill: 43:32 Wow! What would be… Did you always have a goal of being the CIO or is this like the way you find mentors? It's sort of serendipity strikes?
Riz: 43:45 No. Never. Never a goal.
Bill: 43:49 It was never a goal?
Riz: 43:49 Never a goal.
Bill: 43:50 Really?
Riz: 43:51 That's the crazy thing.
Bill: 43:52 Wow!
Riz: 43:53 When I was leaving… Let's go to Booz Allen.
Bill: 43:53 Okay.
Riz: 43:56 The CISO [inaudible 00:43:57], he's still there, we had a conversation. He was like, "Riz, I don't want you to go."
Prior to that, he would have these skip level meetings. He want to meet with is staff and he would say, "You know, you're going to be CISO one day." I'd laugh my head, like "Come on man, get out of here. I'm an engineer. I like what I'm doing."
Fast forward, I landed the CISO job with Booz Allen. That jelled into, "Hey, I want to really lead now because I've tasted a slice of pie," each piece so we want to glue it together and fell into the CISO gig. Now when I was at the CISO level, that's were my juices start to flow like, okay I think I could do CIO.
Bill: 44:51 Okay.
Riz: 44:55 My predecessor, remember? CISO is always stuffed under the CIO and some organizations. That trend is now coming where they're snapping that off and they would have a seat at the table with the CEO but you're staffed essentially historically under the CIO.
When our new CEO came on board, I had a conversation with him and really said, "Hey, this should be snapped off." I try to make a power play at that point too is because I wanted to be heard from a security perspective.
CIOs have budget and they want to invest in money where it's going to have your biggest bang for your buck. The CIO, what they're trying to appease is the business. Security is an afterthought. You're thinking money and no one sees the benefits of it.
That's what got me going is, okay I want to have the impact now to the customers. I want to have that visibility into the customers. Security is great, I love it. It is my passion still to this date but I want to be externally facing with the customers a lot more than-
Bill: 46:02 [crosstalk 00:46:02]. Do you believe that security can move at the pace that you want to be moving in right now? Do you believe it can be lock step?
Riz: 46:12 Yes. I believe so but it's… Well, let me rephrase. I hope so, right? It's hard.
Bill: 46:12 Is that going to be what you expect of the future of the entire…
Riz: 46:12 Yes. Yes, yes. Absolutely.
Bill: 46:12 Okay.
Riz: 46:20 It's going to be lock step. I mean, whatever we're doing from an IT perspective, security has to be baked in.
Bill: 46:20 Yeah, yup.
Riz: 46:31 Right? It's got to be lock step. We're in the middle of starting to look for our CISO, the next CISO but that's a conversation I have to have with the leadership team and if they have the buy in for the person I want to recommend.
Bill: 46:47 That's great.
Riz: 46:47 Yeah, definitely it has to be lock step.
Bill: 46:49 What message do you have as we wrap up? What do you think a good takeaway would be for someone that's 10 years younger than you, 30 maybe 25, maybe 35 and they're looking at the arc of their career? What could be… What's a word of advice, a book, a course, self-reflection that you looking back could sit down? If you were sitting with someone, what would you tell them if they said someday I want to be a CISO or someday I want to be a CIO? What would be of the 10 things, one or two, that you would say to them to really focus on?
Riz: 47:33 I think trust yourself and trust your ability. Do not let fear stop you. I was told life starts at the edge of your comfort zone so get after it. Go after it. At the end of the day, this is an old cliché but this is the land of opportunity. You could do whatever you want to do but invest in yourself. At the end of the day, surround yourself with good people who have the best interest in your successes and vice versa. You want to have some sort of impact on another person. That's how I look at it.
I'm kind of getting a little melancholy here a little bit but I mean, they say you die twice. When you die and then the second time you die, the last person you know says your name. That's the legacy you want to carry and push forward where people are talking about you for a very long time and the positive impact that you've had on people.
I think that's what I would say would be the best advice as far as…
Bill: 48:47 It's a bigger mission.
Riz: 48:47 Yeah.
Bill: 48:48 A bigger mission for your life.
Riz: 48:51 Yes. Yeah. Do what you want to do at the end of the day. Just don't do something, just say, "Hey, this is a job. I got to do a job and be complacent." I mean, do something that you really, really like and kickass in it at the end of the day.
Bill: 49:08 But I think it was interesting we talked about fear. Who knows where the Genesis of everybody's aspects of fearlessness are because sometimes people show fearlessness in different parts of their life…
Riz: 49:19 Sure.
Bill: 49:20 but for you the last launch we had I said when was the last career risk that you guys took. People getting to their 40s and their 50s and they're less inclined to take risk. Why? Fear.
I get it. Fear losing a job, not being able to put kids in college, fear or retiring. I mean, there's a lot of fears but what you're saying is really look at that bigger legacy. When they put you in a box and put you down, what has been your mission-
Riz: 49:50 Sure.
Bill: 49:50 and your impact in the world? I think they showed the story about the CIO of Johnson & Johnson? I don't know if they're being shared on the show. She's on my board now of my company. Her name is Karen [Sorensen 00:50:03]. Her mission was… She was the CIO of 40 companies that Johnson & Johnson owned. They're all billion dollar companies. She was the CIO of the CIOs which is an interesting job.
Riz: 50:17 Yes.
Bill: 50:18 She said, "I don't really think about… I think about what the impact of that business that's making the dressings for people when they come in to the burn unit. I'm thinking about how can I help that company make a better dressing, make a better wound bandage so that it's less impactful for that patient." What's her role…
She was always mission driven about what's the mission of that particular… That was what really motivated her. To this day, when I talked to her, she's all wired about impact and vision which is just really interesting way. It's funny how you, funny but interesting, how you ended our show by focusing on that as well.
Riz: 51:02 Sure.
Bill: 51:02 I want to thank you for coming on the show today.
Riz: 51:06 Anytime, Bill. I appreciate the time. This was tremendous and it's great. My first podcast.
Bill: 51:11 Yeah [crosstalk 00:51:11].
Riz: 51:12 Thanks. Thank you.
Bill: 51:13 Until next time. Okay.
Riz: 51:15 Absolutely.
Bill: 51:15 Take care.
Riz: 51:15 Thanks Bill.

How to get in touch with Riz Jan

Key Resources:

This episode is sponsored by the CIO Innovation Insider Council, dedicated to Business Digital Leaders who want to be a part of 20% of the planet and help their businesses win with innovation and transformation.

* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.