Andy Ellis on Pushing Innovation with Apology Budgets

Happy first Tuesday of March 🌸 For our readers also in New York, we're almost out of winter!

To warm ourselves up, this week's edition of Cloud Control features a cybersecurity hall of famer with a fiery career starting in the Air Force and eventually becoming CSO at Akamai, Andy Ellis. In our conversation, he dives into the transformative power of "apology budgets" in fostering a culture of risk-taking and innovation within teams. Ellis shares insights from his pioneering journey at Akamai, where he championed new security technologies and strategies.

Andy is a true master of leadership and risk management, and teaches how to pave the way for growth and innovation by encouraging your team to make mistakes. You'll also learn about his outlook on evolving technologies and his visions for the future of cybersecurity. The only way to learn how is to read the full interview, below👇

P.S. Was this email forwarded to you? If so, sign up to receive Cloud Control interviews delivered to your email each week here.

Question 1 💭

Andy, you've witnessed and led the evolution of cybersecurity at Akamai from its early stages to a billion-dollar business. What were the biggest challenges in pioneering new security technologies within an established company? How did you navigate these challenges?

Answer 1 🎯

The biggest challenge is often just dealing with the surprise factor – you want to do something that wasn’t in anyone’s plans, and even if it isn’t disruptive, it feels disruptive. That causes people to start minimizing the work as early as they can rather than embracing and extending. Learning to gradually tell a security story became a powerful tool.

Question 2 💭

Throughout your career, you've played a leading role in developing Akamai’s cybersecurity products and steering the company into a cybersecurity leader. Can you share your approach to building new security solutions while ensuring they align with broader business goals? How did you encourage your team to take risks and push the boundaries?

Answer 2 🎯

Start with the second question first: apology budgets. Teach your team that it’s okay to make mistakes that affect other teams, because you’ve budgeted for that! If you never apologize, then they aren’t actually taking enough risk. Pioneering new solutions often just starts with observing people - how are they working around the process? What do they really want to do? Can we help them do it faster and safer?

Question 3 💭

Now, you're also author of an amazing book '1% Leadership'. I'm sure along the way you encountered many challenges, especially working with various stakeholders. Tell me about an instance where you encountered such a challenge. Did you need to adapt your leadership style or methods to effectively manage the team?

Answer 3 🎯

There is a simplistic approach you often hear advocated for to be more professionally inclusive: just ask everyone in the room to speak up! As an aside: “just” is the most dangerous word in leadership. Nothing is that simple. You’ve got folks with anxiety, or who don’t communicate well on the spot, or who are careful thinkers, or … you get the picture. The bigger your meeting, the more likely that you’re actually harming your team with a universal ”everyone talks now!” I’ve found that advance warning helps, but what helped even more was creating an electronic backchannel that everyone could use to share their questions and comments.

Question 4 💭

In our industry, diversity of thought is as crucial as technical skill. How do you challenge your own leadership biases and assumptions to stay effective and relevant for your team's needs?

Answer 4 🎯

Always ask “How could I be wrong in this situation?” and “What could be true that makes someone else think they are right?” You’ll discover that people’s perceptions are often biased by their life experience and worldview, and just because you find their current arguments incomprehensible, it doesn’t mean that you can’t learn something from them.

Question 5 💭

Transitioning from the disciplined structure of military service to the fast-paced corporate world presents unique challenges and learning opportunities. Given your background, Andy, how has your time in both these environments shaped your perception and management of risk tolerance, especially when dealing with uncertain cyber threats?

Answer 5 🎯

It’s always important to remember that most organizations don’t articulate clearly their own understanding of risk tolerance – it’s a vague and emergent idea that arises out of each decision maker's belief about what risks they think the organization would tolerate (hint: as long as the blame doesn’t land on them, the risk tolerance is really high). The real key is to understand that humans are really good at adapting to a changing perception of risk, and the best way to get someone to avoid risk is to educate them in a way that resonates for them.

Read the Full Q&A on Gomboc.ai

What’s New at Gomboc

In the magical land of Silicon Valley, where dreams and code converge, a tale is about to unfold…Imagine a sunny day in the Valley, with Kubernetes on the horizon, ready to set sail into production waters. But, as fate would have it, chaos ensues, and our beloved character, Streamline Willie, finds himself in the midst of a cloud conundrum 🚢💻

Watch Mickey as he goes on a rollercoaster of tech shenanigans, only to be saved by Gomboc 💪

Latest AWS and Azure Updates You Don’t Want to Miss

1. Sellers can now resell third-party professional services in AWS Marketplace

2. Stream data into Snowflake using Kinesis Data Firehose and Snowflake Snowpipe Streaming (Preview)

3. Amazon ECS and AWS Fargate now integrate with Amazon EBS

4. Cloud Services (classic) deployment model is retiring on 31 August 2024

5. General Availability: Encryption at host for Premium SSD v2 and Ultra Disks is now available in more regions

Top Articles and Resources of the Week

Articles

1. Enhancing cloud security: the role of FPGA technology and emerging threats

2. UK to exchange experience with Azerbaijan in cyber security field, Ambassador says

3. NIST cybersecurity framework 2.0 officially released

4. Cyber insights 2024: artificial intelligence

5. Safely navigating the multi-cloud security landscape: strategies for protecting data integrity in healthcare

Resources

1. Major Cloud Security Events and Conferences

   1. Opt-in to this resource to receive updates on events and conferences in cloud security. Meet like-minded cloud-security professionals from around the globe to learn, exchange ideas, network, and more.

2. Top 50 InfoSec Networking Groups to Join

   1. Join these top 50 associations, LinkedIn groups, and meetups to stay ahead of the curve on all things InfoSec.

3. CIS Benchmarks

   1. The Center for Internet Security (CIS) is a fantastic resource for initiating, implementing, and upholding a robust cloud security strategy. Access their detailed benchmarks tailored for AWS, GCP, Azure, and more. For a deeper understanding, explore the CIS Controls Cloud Companion Guide.

4. SANS Practical Guide to Security in the AWS Cloud

   1. In collaboration with AWS Marketplace, SANS introduces an in-depth guide tailored for AWS enthusiasts. Whether you're a novice or an expert, this extensive resource delves into the intricacies of AWS security.

5. Security Best Practices for Azure Solutions

   1. Learn key security practices tailored for Azure solutions and understand their significance. This comprehensive guide offers insights into developing and deploying a secure Azure environment.