Daniel Hartert: You know, I'm coming from industries where manufacturing and health and safety was a big point. So in these industries, there is a mindset around ehs, environmental health and safety. I see a strong analogy because watching out for a malicious email or malicious emails is very similar to using the hand railing when walking down the staircase.
So this is what we need to build. The DNA of an organization is permanent security awareness, and if we can build this, then this protection level of a company will immensely increase because in the end, the doors from malicious actions are always the people.
Narrator: Hello and welcome to Security Visionaries you just heard from today's guest, Daniel Hartert, CXO advisor at Netskope. The future of security weighs heavily on two things, zero trust and diversity. First, as companies move forward in this digital age with remote workers and hybrid cloud environments, it's critical to address these challenges by having a zero trust framework in place. Second, industry leaders need to make security attractive.
It's more than just staring at a computer screen all day. Having advocates in your organization starts by bringing on people with diverse backgrounds and experie. Before we dive into Daniel's interview, here's a brief word from our sponsor. The Security Visionaries Podcast is powered by the team at Netskope.
At Netskope, we are redefining cloud data and network security with a platform that provides optimized access and zero trust, security for people, devices, and data anywhere they go. To learn more about how Nets go, helps customers be ready for anything on their sassy journey. Visit N E T S K O P E dot com without further ado, please enjoy episode 15 of Security Visionaries with Daniel Hartert, CXO advisor at Netskope, and your host Mike Anderson
Mike Anderson: Welcome to today's episode of the Security Visionaries podcast. I'm your host, Mike Anderson. I'm the Chief digital and information Officer here at Netskope. I am excited today to be joined by Daniel Hartert daniel is truly an industry luminary when it comes to the CIO role, having led uh, IT organizations for some of the largest companies in the world. And I'm excited to have Daniel here today to talk about security and share some insights and thoughts with us. So Daniel, welcome. Tell the the listeners a little bit about your background, your journey to becoming a cio, and then we can pivot to some, some more of the security conversation. Sure.
Daniel Hartert: Hi Mike. Yeah, so after having started out as a passionate software developer in the late eighties, early nineties, I got increasingly involved with it becoming a key enabler for the business. So step by step, my responsibility to IT management increased, and by the year 2000, I became the CIO of Berman, a global German media company, then known for its global music for publishing television business.
A few years later, I joined Phillips as the global cio. At the time when they were still actively in semi-conductor business, consumer electronics, lighting, and metech. And after five years, I transitioned actually to become the CEO for that MedTech business, basically in the Boston area. And then in 2009 I moved back to Germany.
To assume the positions of CIO of Bayer and the CEO of Bayer Business Services, which was responsible for all financial, purchasing, hr, other shared services, and including the 11 years at Bayer. Within those 30 years, I've been in many different industries, as you hear, and my main takeaway is no matter where you are, IT and digital have become everywhere, a key driver for innovation and new business.
Mike Anderson: That's great. I mean, it's such a, uh, an amazing career and journey and you know, you've obviously, going back to over your career seen security evolve immensely and in the last couple of years you transitioned more into advisory roles. You've taken on the advisory role here to advise C-level executives from a net scope standpoint and our customers around the security and digital transformation. I know that you also started a group in Germany. Fellow CIOs to really tackle and band together around this cyber topic. Maybe can you tell us a little bit about that and then we'll transition to more the new advisory type journey? That's
Daniel Hartert: right. Back in 2015, I was sitting together with some other CIOs from other German industry companies, and we all detected, we all had the same challenges. It was an uphill battle regarding cybersecurity. Where to get the talents, how to really understand what is the protection level at a give moment in time and so forth. And out of this conversation, four CIOs actually came together and these were the CIOs of Ali, of bsf, of Fox One and Bayer to actually create a joint venture. So this was just more than working together. We. Actually created a legal entity based in Berlin, which in the meantime has about 120 employee cyber security specialists. And this company was built in order to protect the German industry landscape, and they gained over time. Also many more customers outside of the range of the fore founders. So I'm, I'm pretty proud of this because it's a center of expertise in Germany, which is often cited also on TV in terms of what is their opinion on the latest threat situations.
Mike Anderson: That's amazing. It truly brings together a theme, we'll, talking about a little bit later, about this whole security as a team sport. Before, before we go there, you've transitioned from CIO from major global Fortune 500 companies to now advising, you know, your peers in this advisory roles. Tell me more about that, the journey, how that's going, and how you, you're helping the community at large in your. After
Daniel Hartert: 20 years of vegan global CIO roles in three different companies, actually, it was really time to think more about what I do for myself. And you know, when you are in these large corporations, I mean, you are a hundred percent of your time dedicated Monday morning to Friday evening. And if necessary, also the weekends there's not much time left to do something else. So I look for changing the perspective a little bit and to experience something new. And with all the things I've seen the years before, I thought I, I could create maybe more value. Buting my time to broader portfolio of activities instead of just working for one company full time and to those activities that really matter. And one of them is actually cyber security. And as I explained with the DC O in Germany, it's a topic that goes to my heart and it is one that for many, many years, I think has been underweighted. It is relevant also in these large corpor. But now with everybody going digital, going into the cloud and expressing fears that with cloud security becomes even a more difficult topic, I really want to be kind of an evangelist also to educate CX all levels up to non-exec board levels about cyber security. And there's no reason to worry too much about if you put in the right solutions. And these are obviously available, and that's why I joined. Also, net scope as in cxo.
Mike Anderson: That is great. Definitely. You know, we need all the help we can get on that topic. It's interesting. One of the things I think you and I have talked about once before is, you know, in the security spaces, a lot of times the, it can become a very technical conversation, but when you translate it to people that aren't in the security every day, like you mentioned, board of directors and other sealable executives, the conversation's a bit different cuz we get inundated. A lot of times from the security community, I mean net scope, we're guilt of that as well of talking about products and features and not the outcomes that we're trying to drive from a cyber standpoint. But we'll come back and touch on that later. Maybe some concepts or things that you use to translate that as well. If we pivot a little bit to this whole topic of security as a team sport in the new way that you're advising companies, why do you feel like that's an important concept? And maybe give us a few examples of some advice maybe you've given to some companies in that regard. Security is
Daniel Hartert: really the last thing that you can simply be dedicated to one team. I mean, first of. They are users of information systems. If you don't include them, you will never reach the desired security levels if you include them, you are already a large team. And then you need to be aware that security is a horizontal topic. It really goes across any aspect you know, of developing, provisioning, operating and using information systems. So you really need to think of an interdisciplinary. They can bring together people from all functions, our
Mike Anderson: people, right? You know, we often say, or the weakest link in our security programs, it's the people in the chair that are interacting with those systems. And so we had to help them along that journey. It takes everyone, both in our company and outside our company. Honestly, it takes a community approach. Yeah, and you know,
Daniel Hartert: and sometimes you tend to forget about this, when you are so highly specialized and you're working in a team of security experts, of course you see all the technology and, and all the tools and all the data, but in the end, you're only there to help your company. And your company is the people who work there, who work with the data. You help them to be better protected. That always has to be in your mind when you, when you enter the office or when you switch on your laptop in the morning in your home.
Mike Anderson: Absolutely. So let's pivot a little bit to this topic around working cross-functionally. You mentioned the different functions in the company, some in it, some outside of it. How have you seen the security organizations evolve across, you know, some industries, you've been in pharmaceuticals and you know, obviously in IT and healthcare. How have you seen that security role evolve over your career and, and maybe give us some foresight in how you see that continuing to.
Daniel Hartert: First of all, I think independent from any industry, the role of information security has gained a lot of awareness, importance, and necessary funding. Lately, also, the letter on the funding I think still remains an issue, so I've experienced myself the increasing levels of relevance and interest for top management. 10, 15 years ago, I would say security was mainly a capsule within it. With little direct connection to the business, but over time, companies installed information reports. For example, with CXO level participation at Bayer, the CFOs of the divisions, the head of corporate audit, together with the CIO and cso. Form such a board with the purpose, define priorities and necessary investments, and that was really helpful because you were able to bring the relevant topics up to that level and up to the board level, even if it required investments that exceeded certain thresholds. But then for strongly regulated businesses such as. Healthcare, pharmaceuticals, the requirements are even higher, in particular when it comes to document and proof. Your information risk strategy and what are you related to implementations, but also what people often forget. I see a lot of strong involvement by governments lately in the context of m and a transactions, especially when companies to be acquired are seen as critical infrastructure or if the acquired companies. In another country or even in another continent and government want to make sure that you are taking care for any potential situation. That data could be breached or data that is lying in your current environment could be opened up due to this acquisitions. So it's a lot more attention to cybersecurity, definitely from the board
Mike Anderson: level as. You know, it's interesting. Yeah. You bring up governments. One of things that you know is a big topic today, and it covers not just security, but you know, when we think about cloud and data centers, is data sovereignty and how do you tackle that problem? Because obviously GDPR created a lot of data sovereignty questions and data privacy questions, and obviously Germany has probably, I would say, some of the strictest governance around that from that standpoint. Any thoughts or nuggets on on that one, or things that guidance you would give people on that topic? It's a
Daniel Hartert: good point that you're raising and it's a very critical one because on one side we all want to benefit globally from the unlimited borders or borderless business from scale factors that you can only get to when you implement something on a global level. But, uh, in, in many countries, and you mentioned Germany, there's quite a fear regarding the data. And I just had meetings last week from fellows in, uh, SAP and other companies that are now trying to build a sovereign cloud. For the German government and all IT administration offices. It's a huge sector in Germany. While I see that the reasons to think about building something like that are too certain to be valid, I think, uh, the administration, the governments limit themselves a lot. By building these type of operating clouds, if they will work at all. It still remains to be seen, I must say. So I, I look at this on one side of, with some understanding in terms of data protection, but also very critically in terms of whether this will be viable platforms and whether these platforms will be able to benefit from the same level of innovation that the open cloud environments are getting.
Mike Anderson: No, it's creating a complex environment and I remember 20 years ago we had the book come out the World as Flat, and now the world's not so flat anymore. You know, it's creating a lot of challenges. You know, some of 'em are just, it's gonna be interesting to see how they evolve and how they affect what we do from a, not only a, a technology standpoint, but how that impacts our ability to be a digital business. It's interesting, we look at this cross-functional side, you know, is it when I look at just inside the IT organization, Right. If I think about our network, you know, network teams and security teams are often right in the middle of this conversation. The best way example I was given recently is, is network teams are interested in moving bits, and security teams are interested in blocking bits, right? So if you're, if you've got those two pieces, you have inherent friction that's created just inside that, and then you. Expand that to the application development teams, right? They're just trying to ship new code and get new releases in production. And oftentimes, security has been kind of the gate at the end of the process to get that new innovation, that new release out. Can you give some examples in, in your time as a CIO and things you've observed, what have people done to reduce that friction inside the organization? Maybe start with it and then maybe let's take that conversation beyond that to maybe other functions in the organization.
Daniel Hartert: I would go even so far to say, Working cross-functionally is one of the key critical success factors for the CIO job. Your role is to deliver value to your business and to any function, and each of them have their own priorities, which often conflict even with each other. And the CIO is really the only neutral force. In these constellations. So you need to balance the interest and determine what is the best cause of action in the interest of the entire company. Of course, it starts in your own shop. You, you are seen as this neutral, you know, moderator across the different functions like purchasing, finance, uh, Supply chain and so forth. But if you don't keep your own house in order and you manage the frictions between applications, infrastructure, and so forth, you will not have the credibility. I was always alluding, you know, in my teams, to my team members to that one plus one needs to be free. And this is only possible if you work strongly together and if you are self. If you have a common goal, a common purpose, and you figure out together what's the best way to get there, and in most cases it means that you work across departments, uh, in order to reach those goals. And you know, in the end the people have more fun. And a party that you can have after success is always nicer if you have more than one department than just having one department having a party by.
Mike Anderson: No, absolutely. It's, and it's, it's great when you can do that too. Cause I mean, our, our natural inclination is there's the, you know, author Matt Lama had used this thing around agility and he said there's these laws of organizational gravity, and one of those is that people get, you know, so focused in the silo in which they're in from a functional standpoint. And when you can go against that organizational gravity and get those teams to work together, the potential you can. By not just people aligned to a common purpose, like you said, but also reducing the handoffs and the delays because then you're, you know, I think about the back of the pandemic, right? Pandemic happened immediately. Overnight. Teams just said, we gotta get people able to work from home. And so everyone jumped in and, and you had that, that was a great example of cross-functional working. And my hope was that as we got past the pandemic, and I think we're on the other side, as we get to the other side of that, You know, now it's, you know, how do we make sure we keep that same kind of common purpose and goal? I think that's gonna be key for us moving forward. Absolutely.
Daniel Hartert: You know, internal borders, uh, to make that statement is the most stupid thing to have. And I have seen constellations, for example, when Bayer acquired Monsanto. Think about this. You know, there are two different companies, two different geographies with very different culture. And now you have an IT team in Monsanto and you have an IT team within Bayer and they start working. They haven't known each other before at all. Nobody but these teams, through these m and a processes, they find a way to work together to express common goals and to succeed. And if that is possible, then I wonder why can network and security within your own shop. Not cooperate and go for the biggest
Mike Anderson: bang. No, absolutely. I get the conver the conversation you mentioned earlier around, um, the investment around cyber. You know, I get conversations all the time where my peers will ask me, I'm sure you get this. How do we know we're doing enough? What's the right amount of investment? And I, I quickly pivot the conversation. So let me guess. Your CFO is asking you, when is cybersecurity gonna be a predictable percentage of revenue, like everything else, so you can benchmark it across your peer set. And, you know, we're unfortunately, it, it's not that simple, you know, we're, it's still an evolving area and there's never. Honestly, a dollar amount you can invest that's gonna make you a hundred percent safe. You know, we see that in all different other types of our organizations as well, which kind of pivots me to a different conversation. Right. When you think about board members, and not even that, the people you sit in the, in the C-suites with your supply chain officers, you mentioned before, or finance executives. When you think about security, how do you communicate to them that importance in ways that they understand that's not getting into the bits and bites? But more around the outcomes or how it can impact what they're trying to achieve. Yeah. You know, that's real
Daniel Hartert: great point. I mean, communication is so important to create a common understanding, and if security leaders are communicating in whatever way these board members, then that's already a good thing. But to do this effectively, You really need to focus on output factors rather than imper factors. What I mean with that is don't bore a board member with all the things you are doing in order to increase protection levels. Rather explain what is or will be the result of all of you doing will over put overall protection level for the company. Improve. Are your production sites becoming more secure? Will users in the home offers be less of a risk due to your actions? That is what counts and where board members can also relate to in terms of the financial requirements.
Mike Anderson: It's a good point. You know, when I think about manufacturing companies, if my factories go down, I can't generate revenue, but at the same time, I have my own factory. But if I have other people that provide raw materials to me, Or components that I rely on and they don't have a good cybersecurity posture, that also has a crippling effect on my supply chain. Right. And so thinking about translating, as you said, into the output is, if we don't do this, if we don't, for example, Look at the security posture as part of our procurement process. As we think about sourcing strategies and supply chain, that can create a single point of failure where if that part goes down, if I can't get sheet metal and I rely on sheet metal, that can cripple our company. And so I think that output was one that I used as I, you, it was a Schneider Electric before when we talked to supply chain. It's like, what's the. How's that gonna impact our business if our cyber postures not good with our key suppliers?
Daniel Hartert: Yeah, absolutely. And these discussions in particular, when you about production and supply chain, you often have, as a CIO or ciso, the priority discussion. You know, with the production heads, they always have so many things to change and to do their production sites, and then you come and you explain you should change your. Microsoft Windows based systems to more actual system levels. So you can put adequate protection levels on these for them. It's not a priority, but you need to really be able to articulate what are the risks related to this current setup, and that any investment there is more important than maybe extending the production site at this moment, because what does it have to you if you have a larger side, but it's.
Mike Anderson: No, absolutely. It's, and that risk one's key is like what's the, and anything in a business, right? We think about one of our key drivers is how do I reduce risk in my business and what's my appetite for risk? And so when I think about, you know, it's not just security, it's everything, right? How do I reduce the risk of what's going on from, uh, a global economic standpoint or the wars we're seeing that are going on in Ukraine right now? We'd reduced that risk. And so I think that's a key point to talk about is what. Appetite for risk within our organization and at a board level, what's the appetite for risk? Absolutely. Yeah. You know, we talked about the pandemic and that had a lot of impacts, you know, obviously brought us together around a common purpose. But in that, we've seen this acceleration to move things to cloud, right? And cloud can have, you know, a lot of different meanings depending on who you're talking. , you know, how did your team use this as an opportunity to transform security? And if so, how did they do that? You know,
Daniel Hartert: with, with Covid, basically all employees from one day to the other were sitting at home, and the first priority was to continue to communicate with your team to jointly get the work done. So for it, we were equally working from home. The immediate challenge was to enable. Infrastructure to accommodate tens of thousands of mostly teams and Zoom sessions at the same time. And remember, we all thought this is going to be a thing for two or three weeks and then we will be back to our offices. The great point was that top management was extremely supportive to provide the financial resources for it to do what they had to do, and the, uh, overall situation That even led to some stage to pride, pride about the fact that the entire company was able to overcome. This initial challenge, but now this digital workplace has become reality linked to work life balance, lower office real estate costs, higher degrees of a utilities, and with all of these significant budgets as ic, were made available, you know, made available to infrastructure teams, to security teams to actually run the projects that have been on hold for some time. I wouldn't say that at that time the transformation of security was already that visible. They did a lot of things, but only when the long term consequence of covid, namely hybrid work started to become a reality. Then the necessity to embark on the new paradigm. Sassy, for example. Became obvious, and this is now the driver for all of these security transformations. The reality that we are living in a digital world and we will never revert back to where we have been
Mike Anderson: before. Absolutely. You know, when you think about that hybrid work, you know, one of the things that you know, we discuss here at NETSCOPE all the time is if your security controls impact the ability for an employee to get their job done and be productive, they try to find ways to bypass that. And oftentimes the same thing can hold true inside our own shops, where our network teams want to make sure that they don't want people complaining cuz things are slow or people can't get to things if you don't have that strong a. , you know, you can end up investing a lot in security controls that get bypassed not just by the user, but in, in some cases your own, your own teams. And so that transforming it to where security is present. I would say in net scope, selfishly, you pick the right partner to work with to make sure that you're not having security get in the way of productivity is, is is key, especially in hybrid work. Absolutely. Yeah. So you know, one of the things we have at Nets scope, and I don't know if we came up with this ourself, cuz I have a friend, Kim McIn Ross, she's the CIO over at Textron. She used this with me. But we call ourselves, it's the human firewall. How do I turn my organization, the people that sit in the chair into a human firewall, Lamont. Orange. A ciso, you know, sent out t-shirts that said Human Firewall. I know a text on Kim had said that she sent out hats with a personal letter from the CISO about if someone was displaying good security hygiene, good digital citizen, she was providing a hat with a personal letter. So we talk about that human firewall. What are some ways you think about enabling people through security? So that we truly create human firewalls within our organiz. In the end,
Daniel Hartert: it's the great concept, this human firewall, because information security's purpose is to protect the company's data assets. However, the users and in particular the owners of these data assets are all sitting somewhere in the business in various functions. So therefore, it's strongly recommended. And in the meantime, it is also becoming best practice to educate end users to implement a higher level of, of security awareness and building what I would call a security. Organizational mindset, and you can do that with a lot of training, with a lot of creations of examples that really mean something to the individual. So there are some takeaways and that I also mean to create and any place, any time, any situation, awareness about potential security impacts. You know, I'm coming from industries where manufacturing and health and safety was a big point. So, In these industries, there is a mindset around ehs environmental health and safety. This means that employees are constantly being remembered to respect their safety requirements. And for me, I see a strong analogy because watching out for a malicious email or malicious emails is very similar to using the hand railing when walking down the staircase. So this is what we need to build. The DNA of an organization, this permanent security awareness, and if we can build this, then this protection level of a company will immensely increase because in the end, the doors to malicious actions are always the people.
Mike Anderson: Yeah, a hundred percent. You know, one, one of the things that's interesting, the evolution that we're seeing in the IT industry now is, especially, it's been accelerated, I would say. What happened with Covid is the citizen developer is now becoming a bigger piece. You know, if you look at some of the predictions, more and more of technology innovation will happen at the edge of our companies outside of it, and it plays a, a key role in that. But it, it, it really brings home the point we need people to be a human firewall. Cuz if we have people that aren't technologists by back. Building capabilities. We have to make sure those capabilities are secure and don't create risk in our organization. And so this whole idea around, you know, how do I create better digital citizens in my organization? Cuz our dream would be everybody. People don't click on the links, they're not supposed to. And everyone uses the applications we have and before they bring new things in, we go have conversations about the problems they wanna solve. Right? That would be the ideal digital citizen. Unfortunately, it's not the world we live in, so we have to continue, promote that mindset. Maybe what are some ways or advice you would give on how, how you would go about that or how you've gone about. I have
Daniel Hartert: one example where I am a non-exec board member. It's a food logistics company, uh, in Germany, about 2 billion size of revenue. And you know, this company has a lot of facilities. For the logistics purposes. They're running 7,000 trucks that are constantly on the road, and the trucks themselves, you know, are now. Becoming to be highly networked. So the IT organization was thinking about how can we instill this mindset of we are in the midst of a digital transformation phase, and at the same time we need to become more aware about security rig requirements. So, They defined across the entire organization, regardless what function, regardless what level specific people that are part of the organizations who are seen as the champions for digital transformation and the champions for this new security mindset. These people go out and start educating their colleagues. They create examples in team meetings. They're watching out for event. That they can use good events, bad events that they can use as trigger points to better educate. And I think this is a great way because you mobilize people, you give them a task to yield something better, and they retrieve a lot of pride by seeing that the entire organization is following them.
Mike Anderson: That's amazing. You know, having those advocates out there so you have, you know, the advocacy and ambassadors out there in the organization. Bringing that forward is definitely a great thing to do. I think about the human firewall as well, and I think about manufacturing as we go forward and they talk about the weaponizing of OT environments, right? We saw that with stucks net was a great example of weaponizing OT to, to, to achieve a, in that case more of a, a military based outcome. But, you know, that's gonna. Extremely important for people in manufacturing environments to have that mindset. You know, that it's not just about your digital safety, it gets into the physical safety, just like you talked about the handrail before there, you know, security is part of being safe and I think that's a, a mindset we have to bring in, especially into companies that have a operational technology in the organizations. And you know, these
Daniel Hartert: c. They're always under pressure. I mean the people every second, they are deep into the operations and to make them aware of the fact that there are these other factors that they have to take into account is not easy and posters and so on will not really do it. It's people. That's why I think this advocacy linked to people who feel responsible to be, that is the best way to.
Mike Anderson: Absolutely. So let's pivot a little bit. You know, we talk about what some of the trends in the future are. If you pull out your crystal ball and you fast forward to 2025 or 2030, what, what do you think CIOs will have wished they invested in now if they were to look back in time five to 10 years from now? Great
Daniel Hartert: question, Mike. Yes, the crystal ball. I think there are some obvious points when we put ourselves five, 10 years into the future. I believe by digital transformation is for many company, something that they have will have accomplished. Many will have more data with business models, more digital based business models. So I believe that looking back CIOs will have wished that. Done digital transformation with even higher speed than what they are planning at this point in time. Hand in hand with this goes the hybrid workforce and enabling the hybrid workforce to the highest level of productivity is something that you also have to invest into. And I don't mean this in terms of laptops or the individual people. I mean this in the context also of your. Digital working model, and that includes cybersecurity, cyber security to protect this new hybrid and digital cloud, cloud based setup. And I strongly believe you know that the future will see many, many more data driven business models. Actually, I just talked. Yesterday with a CEO in the automotive business who joined a company. It's called Klor. Preza in Germany. It's a several billion company producing brakes for cars, but also for trains. And he said the main reason why he joined was because this company. He's embarking on new data driven business models, and they see these models as a competitive weapon. But when you are data driven, I mean, the first thing you have to think about is how to protect your data. And I believe CIOs really have to invest now into a new paradigm in cyber security. In the cloud based setup platforms that are based on sasi and if they don't invest into this now I, I'm definitely sure they're gonna regret in five or 10 years not having done that earlier
Mike Anderson: or better. No, absolutely. I mean, there's all those analogies, you know, the data's the new oil of our business. Maybe that's not a sustainable statement if we say it's oil, but if we think about. Data. It's, you know, we always think about crown jewels and we think about systems, but crown jewels are also the data in those systems and the data that gives us that competitive advantage. I think that's a, that's a great prediction and obviously it, it's near and dear to our heart here at at that scope as well. One of the things that we're often challenged with on the cyber side is talent. Finding it talent is tough. Finding cybersecurity talent is even more challenging. And one of the things that we also need is to be able to think different and what brings. Different thinking is diversity and diversity comes not just in gender, but in backgrounds and you know where you come from. What are some things we can do to get more diversity into our security leadership roles? Yeah, that's
Daniel Hartert: also a great question, uh, because there's a strong need to bring more diversity to dysfunction. Then in the past, cyber security was often seen as, as the place for nerds, if I say so. We love to see it somewhere in the dark in front of their screens, but security has. The most business relevant and critical role, actually enabling business to go digital and to implement data-driven business models. And with this elevated positioning of information security, it has also become more attractive to become part of it. For people with very different backgrounds, so you do not have to be just a cyber specialist. If you understand how business works and how business can relate to managing certain type of risks, then your place can be in a cyber security team. And I also believe that security leaders should actively promote the more D diverse team and therefore plant the seeds for higher degree of diversity in security leadership roles. Later on, so to, to make it short, put cyber security and, and the security teams out of the world. Darker light into the front place and make it attractive for people to join who understand the topic and who do not have to be a certain expert only on technology, but who understand how relate security to the business. That will help a lot to create desire, degree of diversity.
Mike Anderson: That is definitely great advice and something that we could all do. I definitely relate to the security and it being, you know, people think that the propeller head is always the term that comes to mind too when they say the nerds that sit in the back room. So I'm proud to be a nerd myself. So, you know, I wear it with pride.
Daniel Hartert: Yes. The thing, Mike, is if people develop from being this nerd in front of a screen and then learning by the time that what they. It's even more relevant than they thought, and that this relevance really brings them closer to management. Mike Anderson: Absolutely. It was funny, just a funny thing I heard from a former peer that I worked with when I was at Schneider Electric. He went to Northwestern. There were a lot of other Big 10 schools in there. And you know, speaking of nerds, he said, Northwestern, you may beat me in sports. He said, beat me today, work for me tomorrow was his motto. So he happened to be the president of the US business when I was there, so I thought that was pretty funny on that side. So the latest buzzword. In security, just like cloud became the word and digital transformation and everyone takes their own meaning to it. The new one is zero trust, it's on everything. Right. And so I'm sure as you talk to peers and you talk to CEOs and even boards, is it a, a phrase that they people ask you about? And then two, how do you communicate that in context of, you know, the security program? And, you know, going back to protecting the data in the organization is they become data. Companies, you know, how do you advise people on that? What's your definition of Zero Trust and how do you explain it to
Daniel Hartert: those folks? I first try to explain what is the situation around the overall threat level, and then come to Zero Trust because the terms zero trust is not so easy to understand if you don't bring it into the right context. So, With a cloud and digital transformation in addition to an ever increasing cyber threat landscape, the risk profile of companies has increased significantly. No doubt about this, but many still try to mitigate the risk with their pre-cloud tool sets. So next to digital transformation, a network and cyber security transformation is equally important. And I explained this to CIOs in many different companies who might not be so close to the latest developments in cyber. Say you transform digitally, your company, you cannot stay analog with cybersecurity. You need to do something about this. So I believe a cybersecurity strategy with zero trust at its center will become the gold standard. I truly believe this because zero trust is so much more powerful, is more granular, more real time. Also more user friendly. They're much more effective than whatever we had before. So I believe in a few years we will look back and think, how could we ever manage cyber security without zero trust? So this is what I'm trying to explain, uh, to the CIOs that with digital transformation and clouds, the commonly broad perception of, oh my God, it's getting even more risky. We are moving into the cloud. No, no. When you move into the cloud, there is now a new paradigm that will provide. And even better protection level than what you had on premise. And this is my core message and people start to understand this and, and that's why I also believe that we will see a great level of companies embarking on Zero trust going
Mike Anderson: forward. No, that's great. Great advice. So speaking of advice, let's pivot to a few quick hits here as we start to wrap up our conversation. So you know, the first one I always like to ask, what's the best leadership advice you've ever gotten regarding
Daniel Hartert: personal characteristic? Integrity, integrity, integrity, very, very important as a leader regarding what you try to achieve. Empower your team to drive for results and as a leader, lead courageously, make decisions, and most importantly, develop the next generation
Mike Anderson: of leaders. That definitely great advice, and I know you've developed a, a number of great leaders out there today that lead our CIOs for, you know, major global companies and, and you've definitely done that in your career as well. So next one is, if you had your last meal, what is it gonna be?
Daniel Hartert: Something very simple. Mike? I would choose spaghetti. I u e. Oyo. Very
Mike Anderson: spicy. Oh wow. I'm a spice fan myself. So next time we get together and break bread, we'll have to have some spicy spaghetti. Oh yes. With Daniel Hartert: some nice chili. Yeah, love to do
Mike Anderson: that for sure. Music, favorite song and what does it tell us about you, ?
Daniel Hartert: Yeah, with that question you pretend you would know my favorite song. You know, , you know, there are more than a hundred million songs online out there and you know, while I like many genres like rock pop, ambient House, electronic, it's often the. Known songs that fascinate me. One, for example, is, is a very nice title. It's called Kiss of Life. Not sure whether you know it. It's from a band called Jean Lu Jebel in the nineties. It's a great piece of music, but it also played a role in the context of meeting my wife and music and emotions going very nicely
Mike Anderson: together. No, absolutely. That's great. I may have heard the song, but I probably need to go. I'm gonna go listen to it after we get done with our conversation so I can remind it. But that's great, especially that emotional connection, you know, you always have that. That takes you back to that memory. So next one would be favorite book you've read this year.
Daniel Hartert: There's one book that I really love, it's called Hologram Mada. Not sure whether you know about it. I mean, it's a strong recommendation to read it. It's from the author Tom Hillenbrand, and it's kind of a reality science fiction. It plays, I think, 20 70, 20 80, and it's playing in our future digital world. And it sounds really realistic. And for example, In those years, the United Nations have forbidden artificial intelligence, but there's some criminal forces who keep AI alive, and that comes with a lot of consequences. So it's a real thriller. It's a thriller in the digital age of the
Mike Anderson: future. That's great. I have not read that one, but again, I'm gonna add that to my list on Amazon to go read next. So last quick hit question. Who do you admire most and why? It's
Daniel Hartert: really, uh, people like Gandhi, leaders who were standing and fighting for freedom for human rights. No violence. Selfless leaders that carry your vision and. Have the personality to execute. And this is something that I wish to see more frequently, you know, in politics, but also in company leaders, personalities that are selfless. They think the bigger picture and they have the means to execute together with
Mike Anderson: their teams. No, absolutely. I mean, that speaks to, you know, also servant leadership and kind of raising the next level of leaders, right? It's, it flips that, how you think as a leader. So that's a, that's definitely a great person to admire and appreciate you for sharing. So wrapping up our conversation every time we talk, Daniel, I, I learn more about you and I just really appreciate the advice and taking the time. You know, a few takeaways that I, I got from our conversation. When I think about the CIO role, your advice around, the most critical thing you need to do is be able to work cross-functionally. You know, your job is to be the cross-function leader, especially in this, what we think about from a digital age, we're the best one equipped to help drive that cross-functional thinking on cyber and that topic. The second thing I got from our conversation today is that, you know, when we think about the human firewall, you know, is translating that into advocacy within the organization so that it's not just the cyber teams that are driving that mindset, but it's having advocates in every function in the organization. The people in our operations being advocates for. And then, you know, the last takeaway I got is we think about, I'm gonna blend these together. It's really around diversity and zero trust, right? Because I, you know, zero trust is gonna be a key thing that we have to think about, but it's also, we have to have diversity. In order to do that and to get that diversity, we have to make security more attractive than, you know, the nerds in the back room look staring at a computer screen. So, and there's so many other nuggets I could go. For another 10 or 15 minutes about all the great insights I got today. But I just want to, you know, just say thank you so much Daniel, for taking the time. And is there anything else, any parting thoughts or things you'd like to share with our listeners? I
Daniel Hartert: think you made already great summary. That's, I think great for our listeners. It was really fun, great questions, and you know, looking further up to contribute on our path for
Mike Anderson: cybersecurity. Thank you very much.
Daniel Hartert: The Security Visionaries Podcast is powered by the team at Net Scope, fast and easy to use. The net scope platform provides optimized access and zero trust. Security for people, devices, and data anywhere they go. Helping customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, or private application activity. To learn more about how Netskope helps customers be ready for anything on their sassy journey, visit n e t s K O p e.com. Thank you for listening to Security visionaries. Please take a moment to write and review the show and share it with someone you know who might enjoy it. Stay tuned for episodes releasing every other week, and we'll see you in the next one.