Tech Debt Burndown Podcast Series 2 E2: Andy Ellis

Posted on Monday, Feb 13, 2023
Nick and Chris talk to Andy Ellis about using the right language with the business, and supporting how they manage risk.

Show Notes

Recording date: Feb 14, 2022

Download at Apple Podcasts, Google Podcasts, Spotify, iHeartRadio, Spreaker or wherever you get your podcasts.

“Stop calling it technical debt” - Andy Ellis

With intros over, Nick asks Andy about metrics, and Andy immediately responds by saying “stop calling it technical debt”. Executives have an understanding of ‘debt’, and it’s not a bad word for them, it’s what fuels everything around them. This leads into discussion of when’s the right time to ship software. Something unfinished might feel too early, but how else do you get feedback from users?

“Risk is the net present value of bad things happening in the future”

We then get into Andy’s model of deferred risk, and how that can drive a conversation about what to do now, and what to put off until later. This eventually takes us to talking about Dungeons and Dragons alignment charts, and how it’s good to have a diverse team who bring a variety of viewpoints.

Andy then gets into how people want to quantify risk, but often that’s impossible. But there are ways to position risks in a visualisation, which can help people reason about the range of risks they’re dealing with. When it comes to assigning resources to the work on risk mitigation Andy runs through some approaches that have worked for him, which include ‘borrowing’ people to get things started then ‘giving them back’ to ensure that the effort is sustained. That brings us to our close, with Nick complaining about the knives in his house being dull, even though his son makes and sharpens knives…

Guests

Andy Ellis

Andy Ellis

Andy Ellis is the author of 1% Leadership. He is the Advisory CISO at Orca Security and the Operating Partner at YL Ventures, and is an advisor to several cyber security startups, including Vulcan, Uptycs, Grip, Perygee, Vendict, Valence, Piiano, and Eureka. He is the founder and CEO of Duha, a leadership development company that focuses on bringing training to people earlier in their careers, and is writing a book on leadership. Andy writes the Straight Up Security column for CSO Online.

Andy Ellis is a seasoned technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. A graduate of MIT and former US Air Force officer, Andy designed, built, and brought to market many of Akamai’s security products. His leadership helped propel the Fortune 1000 company from its start as a content delivery network into an industry powerhouse with a billion-dollar dedicated cybersecurity business. In his twenty-year tenure, Andy led Akamai’s information security organization from a single individual to a 90+ person team, over 40% of whom were women. In running Akamai’s security program, Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision-making.

Long active in internet policy and governance circles, Andy supported Akamai CEOs in roles on the NIAC and NSTAC, as well as directly served on the FCC’s Communications Security, Reliability, and Interoperability Council. A recognized thought leader on security issues, Andy has spoken at conferences like RSA and Business of Software, and lectured at the Harvard Kennedy School, Harvard Business School, Army War College, BC Law, and the MIT Sloan School.

Andy has received a wide variety of accolades, including the CSO Compass Award, Air Force Commendation Medal, Spirit of Disneyland Award, Wine Spectator Award of Excellence (for The Arlington Inn), and was the winner of the Sherman Oaks Galleria Spelling Bee. He was inducted into the CSO Hall of Fame in 2021.

He currently serves on Harvard University’s Visiting Committee to IT. After receiving a degree in computer science from MIT, Andy served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.

Hosts

Chris Swan

Chris Swan

Chris is a frequent speaker on topics such as serverless, DevOps, cloud, containers, security, networking and the Internet of Things. He’s also a cloud editor for InfoQ and a contributor to open source projects such as Docker, CoreOS and DXC’s Online DevOps Dojo.

Nick Selby

Nick Selby

Nick provides information security, disaster- and cyber incident-readiness assessments at Fuzz Technology, a subsidiary of EPSD, Inc. From 2021 to 2023, Nick served as VP of the Software Assurance Practice at Trail of Bits (where he was the voice and executive producer of its podcast), and from 2019 to 2021 as Chief Security Officer at Paxos Trust Company.

From 2018 to 2020, Nick served as Director of Cyber Intelligence and Investigations at the NYPD Intelligence Bureau, where he helped the department understand how it investigates online, and how Cyber Enabled crime affects New Yorkers.

In 2005 he founded the information security practice at industry analyst firm 451 Research, (now S&P Global Market Intelligence) where he served until 2009 as 451’s Vice President, Research Operations.