David Gee, former Global Head of Tech, Cyber & Data Risk at Macquarie stresses the importance of shared responsibility and open communication to overcome the tension between CIOs and CISOs amidst rising cyber threats.

Well known Australian tech and cyber executive David Gee retired last month after a career spanning over 40 years in various roles across multiple countries, most recently serving as Global Head Technology, Cyber & Data Risk at Macquarie Group.

David was never happy to be stuck in any role and during the 1980s, he decided against what may have been the easiest choice of working in tech at a bank and taking advantage of a “half price” housing loan.

At one stage, he declined a partnership at consultancy EY, choosing instead to pursue global CIO positions at pharmaceutical giant, Eli Lilly and Company, where he stayed for more than 14 years.

The above video is only an excerpt. Only ADAPT Advantage clients can watch the full video on a Day in the Life of a CIO.

“Transforming myself was always my goal…when I had that first opportunity to be a CIO and walk away from EY was a hard choice for me to make. Going into that job, they said, ‘Dave, you are going to be a CIO, we will put you through an MBA, send you overseas, which is what I did.’”

This reinforced a pattern in his career where he would stay in a role for a few years, build a strategy and team, execute on a 90-day plan, find a successor and move on.

“I did that for 15 years in five locations and five CIO roles,” he says, referring to his stint at Eli Lilly and Company.

 

Tension between two key roles

ADAPT’s data suggests that the priorities of CIOs and CISOs are closer than they have been as cyber criminals turn their attention to Australia.

David says that governments and regulators are putting pressure on boards and management to strengthen their cyber postures, but there remains a fundamental tension between CISOs and CIOs.

He was in CISO roles at HSBC and Macquarie Group. During that time, he was surprised how CIOs in different organisations “don’t get security”, how they see it as being in conflict with their own roles.

“They [CIOs] have got their agenda items too – to keep digital transformation going…so creating friction can be difficult for a CIO because their stakeholders don’t want friction. So, there’s a counterbalance. That surprised me because I was always a CIO that cared about cyber security deeply.

“It is what it is, we just need to make sure that people are joined up at the hip and understanding…how these things fit together and how we have to share responsibility. Once people understand that rather than pointing the finger, then we are going to get things done.”

 

Share and share alike

CISOs working at different organisations are increasingly sharing their cyber learnings. David says the cyber community is stronger if it shares intelligence, particularly around third-party concerns.

During this first month at HSBC, David was asked to do a four-hour cyber briefing to 65 key stakeholders at the bank. It worked well and was a session that ended up being duplicated every month at HSBC where people were given the opportunity to discuss and ask questions about cyber challenges.

“It was about being totally transparent and honest about where we are and saying, ‘we need to get this done, otherwise we won’t be able to overcome the issues we are having as an organisation.’”

“That worked well because people wanted to be engaged, they wanted to be smarter about things versus reading about it in a report. I am a big believer in that approach,” he says.

 

Know the buyer’s motivations

Finally, David has some pertinent advice for sales execs looking for better ways to connect with the CIO and CISO personas. He says that CIOs tend to have a two to three-year average life at an organisation, CISOs one to two years.

According to Gee, the first questions that sellers need to ask are: Where is this person you are talking to in their career? Have they just started, are they trying to prove themselves? Are they at the end of their career and probably more conservative?

He says that sellers need to identify the buyer’s motivations. Are they looking for something that’s safe because they are worried about their careers? Or something that’s a big hit, a win that they can take to their next job?

“Some of that thinking around these stakeholder management aspects of it are important,” he says.

He also advises that sellers think about who influences the CIO and CISO buyers to determine “where your solutions fit in.”

“I jokingly always talk about [the fact that] vendors are never in my 90-day plan. The truth is that you would talk to specific vendors in your first 90 days, but you won’t actually go in and try to meet all of them.”

The sweet spot for sellers, he says, is understanding if an organisation has an existing strategic roadmap and what it will look like 12 to 15 months down the track.

“If there’s a roadmap in place and you are trying to plug a product in…you are wasting your time. If it’s three years out, it could be speculative.”

“There’s a sweet spot around a bit more than 12 months, 15 months and a is person saying, ‘I am really interested in this widget and I’ve got my radars up for ideas around whatever that is.’ That’s where you will get some traction from CIOs and CISOs saying, ‘I’m interested in that topic, talk to me about that.’”

The above video is only an excerpt. Only ADAPT Advantage clients can watch the full video on a Day in the Life of a CIO.

Contributors
David Gee Former Global Head Technology, Cyber & Data Risk, Macquarie Group
David J. Gee has 20+ years experience as CIO and CISO. He joined Macquarie Group in early 2021 as Global Head Technology,... More

David J. Gee has 20+ years experience as CIO and CISO. He joined Macquarie Group in early 2021 as Global Head Technology, Cyber and Data Risk. David is responsible for protecting Macquarie Group using his significant expertise in technology and cybersecurity. He has served as CISO for HSBC Asia Pacific, based in HK and responsible for the most critical and profitable countries for this large investment bank. David drove the cybersecurity maturity uplift and led all aspects of cyber for HSBC in these 19 countries. Prior to HSBC, David had an extensive Transformational CIO experience across numerous significant roles.

At MetLife Japan, David was Statutory Executive Officer, Senior Vice President and CIO. This is the second largest market for MetLife – a US$70B enterprise. David led the digital transformation for this large insurer with a significant focus on digitizing end to end customer engagement processes. At MetLife Japan managed a team of 230 IT Staff supported by 1200-1300 external resources, with an Annual IT spend in excess of U$300m.

David is Board Advisor to Sekuro, a successful cybersecurity company. A number of other Advisory roles are to be announced.

He is also past CIO at Credit Union of Australia where he successfully led a major transformation of all systems and technology. In this role he won CIO of the Year for Financial Services in Australia.

David has also been Executive Advisor for large scale transformation with KPMG, Ernst & Young and ICG. He has deep experience with Fintech and innovation ecosystems. Mentor at Stone & Chalk and Tyro Fintech Hub. Venture Partner with Sapien Ventures and Advisory Board of Venturetec.Accelerator. David also has been Fintech Advisor for a number of startups.

He is a digital industry thought leader and regular columnist with ITnews, CSO (Cyber), CIO Magazine and Computerworld, with more than 100+ articles published.

David was Information Officer and CIO for Lilly USA ($12B sales) & member of Lilly USA management. He has also enjoyed international expatriate assignments in Tokyo, Shanghai, Hong Kong and Kobe and in the USA.

Less
Byron Connolly Head of Programs & Value Engagement at ADAPT
Byron is a highly experienced technology and business journalist, editor, corporate writer, and event producer.​ Prior to joining ADAPT, he was the... More

Byron is a highly experienced technology and business journalist, editor, corporate writer, and event producer.

Prior to joining ADAPT, he was the editor-in-chief at CIO Australia and associate editor at CSO Australia. He also created and led the well-known CIO50 awards program in Australia and The CIO Show podcast.

Byron creates valuable insights for our community of senior technology and business professionals that help them reach their organisational and professional goals. He has a passion for uncovering stories about the careers and personal philosophies of Australia’s top technology and digital executives.

When he is not working, Byron enjoys hot yoga, swimming, running and spending time with his family. He completed the North Face 100km ultra marathon in the NSW Blue Mountains in 2012 and 2013.

Less
security leadership management