Recording date: Feb 14, 2022
With intros over, Nick asks Andy about metrics, and Andy immediately responds by saying “stop calling it technical debt”. Executives have an understanding of ‘debt’, and it’s not a bad word for them, it’s what fuels everything around them. This leads into discussion of when’s the right time to ship software. Something unfinished might feel too early, but how else do you get feedback from users?
“Risk is the net present value of bad things happening in the future”
We then get into Andy’s model of deferred risk, and how that can drive a conversation about what to do now, and what to put off until later. This eventually takes us to talking about Dungeons and Dragons alignment charts, and how it’s good to have a diverse team who bring a variety of viewpoints.
Andy then gets into how people want to quantify risk, but often that’s impossible. But there are ways to position risks in a visualisation, which can help people reason about the range of risks they’re dealing with. When it comes to assigning resources to the work on risk mitigation Andy runs through some approaches that have worked for him, which include ‘borrowing’ people to get things started then ‘giving them back’ to ensure that the effort is sustained. That brings us to our close, with Nick complaining about the knives in his house being dull, even though his son makes and sharpens knives…
Andy Ellis is the author of 1% Leadership. He is the Advisory CISO at Orca Security and the Operating Partner at YL Ventures, and is an advisor to several cyber security startups, including Vulcan, Uptycs, Grip, Perygee, Vendict, Valence, Piiano, and Eureka. He is the founder and CEO of Duha, a leadership development company that focuses on bringing training to people earlier in their careers, and is writing a book on leadership. Andy writes the Straight Up Security column for CSO Online.
Andy Ellis is a seasoned technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. A graduate of MIT and former US Air Force officer, Andy designed, built, and brought to market many of Akamai’s security products. His leadership helped propel the Fortune 1000 company from its start as a content delivery network into an industry powerhouse with a billion-dollar dedicated cybersecurity business. In his twenty-year tenure, Andy led Akamai’s information security organization from a single individual to a 90+ person team, over 40% of whom were women. In running Akamai’s security program, Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision-making.
Long active in internet policy and governance circles, Andy supported Akamai CEOs in roles on the NIAC and NSTAC, as well as directly served on the FCC’s Communications Security, Reliability, and Interoperability Council. A recognized thought leader on security issues, Andy has spoken at conferences like RSA and Business of Software, and lectured at the Harvard Kennedy School, Harvard Business School, Army War College, BC Law, and the MIT Sloan School.
Andy has received a wide variety of accolades, including the CSO Compass Award, Air Force Commendation Medal, Spirit of Disneyland Award, Wine Spectator Award of Excellence (for The Arlington Inn), and was the winner of the Sherman Oaks Galleria Spelling Bee. He was inducted into the CSO Hall of Fame in 2021.
He currently serves on Harvard University’s Visiting Committee to IT. After receiving a degree in computer science from MIT, Andy served as an officer in the United States Air Force with the 609th Information Warfare Squadron and the Electronic Systems Center.
Chris is a frequent speaker on topics such as serverless, DevOps, cloud, containers, security, networking and the Internet of Things. He’s also a cloud editor for InfoQ and a contributor to open source projects such as Docker, CoreOS and DXC’s Online DevOps Dojo.
Nick is Vice President of Assurance at Trail of Bits. He was formerly Chief Security Officer at a financial technology firm. Prior to that he was Director of Cyber Intelligence and Investigations at the New York Police Department. He is co-author of many books, including Cyber Attack Survival Manual; In Context: Understanding Police Killings of Unarmed Civilians and Blackhatonomics: An Inside Look at the Economics of Cybercrime.