Episode #73 The Rise of the Interim CISO with Jacinta Whelan
Jacinta Whelan is an author, thought leader and popular speaker on the concept of Interim Executives, Portfolio Careers and future ways of working. A partner with Watermark Executive Search leading the Melbourne office, she has over 25 years’ experience starting and leading Interim businesses in Hong Kong, New York and Australia. Jacinta advises corporates and governments on the Executive Interim marketplace. She is regularly asked to speak to Boards and business leaders looking to stay abreast of the way organisations are engaging executive talent.
Jacinta shares her story, the framework of her book, and the interim executive role in cyber security.
Link:
Transcript
CP: Hello, and welcome to The Security Collective podcast, I'm your host Claire Pales, and today's guest is Jacinta Whelan. Jacinta is a partner at Watermark Executive Search and an author, thought leader and popular speaker on the concept of interim executives, portfolio careers and the future ways of working. She leads the Melbourne office of Watermark and has 25 years experience starting and leading interim businesses in Hong Kong, New York and Australia. Jacinta advises corporates and governments on the executive interim marketplace and is regularly asked to speak to boards and business leaders looking to stay abreast of the ways organisations are engaging executive talent. The future of work has well and truly arrived. And it is the now of work, the paradigm has shifted in how we engage with work, and both individuals and companies are questioning what it means for them. Jacinta has a BA in Business, is an graduate of the Australian Institute of Company Directors, and is a Harvard Business School alumni. Jacinta it is great to catch up with you today.
JW: Lovely to see you, Claire.
CP: Oh thank you! And look, the best place for me to start is where I always start with my guests. And that is how did you get to where you are today? I love the story in your book, and we're going to talk a bit more about your book today. I love the story about how you got into recruitment. So maybe you can share that with the listeners who haven't read the book. And for those who have, remind us of how you got into this space.
JW: Yeah, definitely, it's serendipity. But sometimes when you look back and a pattern emerges, maybe it wasn't at all. But I'm an accountant by background and was doing the overseas experience in London and stopped off on the way home in Hong Kong. And had no intention of working in Hong Kong or anything, but was waiting for a friend in the foyer of a recruitment agency. And someone walked past and asked me what I was doing. And I said, I'm waiting for someone. And they said, what's your background And I said this is my back ground, I'm an accountant. And that day, 12 interviews later, they asked me to move to Hong Kong and to start the interim business which didn't exist. Now, I know the person well and I've stayed in touch over the 20 years. And I only caught up with the managing partner for that office a couple of weeks ago. And I said what did you see? You know, I'm still not sure. And, and he said I saw sort of a can do attitude, someone who could probably take on a challenge, really sort of run towards something they didn't know. And, and it's funny, because I wouldn't have thought that at the time. But he saw exactly what I could bring. So I spent three or four years setting up that business in Hong Kong. And then they asked me to go and do the same in New York. They probably you know, in reality, I was probably naive, didn't know what I didn't know all the good things that probably help you be a success, because it doesn't matter if you fail. And that lack of fear of failure probably helped me succeed.
CP: And from your perspective, having had this career across the world, do you feel like you are now looking for those traits in others? Have you sort of learned that what people saw in you way back then, is that something that you have now started to look for in others and aspiring candidates that you're talking to each day?
JW: I think you're definitely in business we're in you develop a muscle which is intuitively being able to understand motivators, and people, and then you've got tools around that around your competency based interviews, etc. So you know, the questions to ask and the buttons to press to really sort of try and unpack what it is that motivates people. And so yes, in that way, I think I've developed it, I don't know that I would have had it then. But I've been doing this a long time now over 20-30 years, and particularly in this interim space, which is a bit different than, you know, a permanent search marketplace where the motivations for doing this need to be pretty robust. And I almost feel I can sniff it from 100 paces, you know, are people running towards this as something they really want to do? Or are they running away from something that doesn't work? So an example of that is, you know, some people come and say, it's really hard to find a permanent job, and maybe this, you know, this will work until I get a permanent job. And so I get how that suits you over your side of the fence, but it's actually not the business model. We want people who this is your plan A and this is what you actively choose to do. And I think over that 30 year journey, the biggest difference is the number of people on what I call the supply side or the candidate side, who can and do now think differently about how they work. I think the models of you know one job in a permanent capacity has shifted fundamentally long before COVID and even probably long before GFC. And it's opened up new models of how we can work. One of them is interim. And that's what you know, I wrote a book about, that's what we can talk about. But there's this huge shift to people are interested in the work and what they do. And this is absolutely for your IT people.
CP: I've been working as an Interim Executive for five years. And I love it. Because you know, to your point, for me, I'm solving a really clear problem for my clients. So there's an empty role, and these CISO roles can be left empty for a long period of time while they look for the right person. And so the risk of that role being empty grows every day. And it puts pressure on other leaders to hold the fort. You know, you might have the CIO up at midnight writing a board paper for cyber. And so in my experience, when I'm engaged as an interim, CISO, it's because there's a very real need. And it's a means to an end. I'm there until an appropriate permanent successor can be sourced. Do you find that most organisations that's the driving force behind bringing in an Interim Executive, is that they have a particular outcome they need to achieve? And they do that with an interim. Or is there another driving force to bring someone like that in?
JW: There's two key reasons that clients call us. So one is that there's a gap that needs to be filled, and they're going to market for firms, I call that a hold the fort role. And if that sits on the left of our continuum, hold the fort. The other reason that clients call us is to solve a problem. So they've actually got the executive team there. But there's something outside their business as usual, that they don't have the capacity or the capability to solve and, and they come to the market and say, is there anyone out there that solved this before that we could borrow? You know, and bring in for a short amount of time. So under both of those, under that hold the fort or solve a problem, there's actually sort of different reasons that the clients present to us, you know, in the challenges of why it's come to this moment in time. Essentially there is usually some sort of burning platform, and an interim trades on the urgency of that. Because if it wasn't some sort of urgency, then you'd probably solve it a different way. So let's say it's a maternity leave cover, for instance, then you've had nine months to plan for that. So to get to the last day and not know that it's happening is quite naive, really. And the shift of interim is interesting, because once upon a time, this was do you back your maternity covers? And you're like, well, you know, 20 years ago, yes. Now, as I said, if you get to the end of someone's maternity leave and you haven't solved this, then you know, there's probably bigger, bigger, bigger problems. So what happens is, those two reasons.
CP: So when I first saw your book, I was really interested to see who you'd written it for. So had you written your book for people who were pursuing an interim career? Or had you written a book for companies to help them understand why they would need, or why would they would call you? So how did you land on which purpose to go for? Because I'm sure you've got the content in your mind. And with your co author, around either side of that purpose. How did you sort of land on okay, this is the book we're going to write.
JW: Yeah, the book is written from the candidate point of view. And it's written from the viewpoint of a framework for people to think about this, is that right for them. I have this conversation 100 times a day. And so it felt like a valuable way to put that in writing, so that people could take it and absorb it at their own pace, but put a framework around it. So there's some tools and there's some practical things that you can sort of test yourself with is this right for you. So it's written from a candidate point of view. But the really interesting thing of the executive interim is candidate and client is the flip of the same coin. Because if you understand this as an individual and self interest, and that's actually the biggest motivator for anyone, anywhere, anytime, is self interest. And so even when I'm at a client meeting, and talking about interim, I often find the CEO or the CFO, whoever I'm talking to CIO, whoever I'm talking to, gets it from a business hat. They've got the business head on for a moment, and they sort of got yeah, we could use that, yes, we've got a need. So by talking to the candidate or the individual, that's what the book's written for. But we're actually also talking to the decision maker who's in their day job sits over as the client. But it felt like there was a believe or not, a gap in the marketplace for helping people as they're thinking about this.
CP: Yeah. And I think too, it helps the client to understand why a person as an interim, would potentially not accept a permanent role. Like, you know, they get in there, they deliver things, they're proactive, they're motivated because they love that interim lifestyle and work style. And often they'll get offered the job and so for an employer or a hiring manager of an interim person, reading this book would help them to understand the mindset of someone who wants to have that sort of career. And I'm not going to ask you to tell the story about how old interim is and what country it started in, people can go and read your book, I loved that. But I do want to ask you about the three E's framework, and how you sort of came to think that that was the right framework for the book.
JW: You know, on some levels it's a pretty simple concept. Our three E's are the environment, the executive, and the experience. And under the environment, we have, what's the macro? What are the reasons this exists? Why does this even happen? So that's a sort of a bigger picture. And then we go to the executive, why would people, what's the motivation? Why would you even do this? So when you're thinking about this, what do you need to consider? So that brings it more to the individual. And then you've got the experience. So once you've understood the macro, you understand what you do when you're there? Also why you're motivated to do it? Then what does it look like when you actually do it? You know, what is the mechanics of it look like? What day rate would I be earning? What sectors are busy? How long between assignments? Some of the sort of more, they might seem you know, little questions, but they're actually some of these are the biggest questions you ask to see whether you're going do it or not. So it felt like you needed to put a frame around it so people could almost go to the point that they want to know about, because we're all drawn to the, so if you already understand the macro, then maybe you're more interested in what type of jobs would I be doing? Or what rate would I be? But if you are really new to it, maybe you actually need the framework up front, the macro, where did this start? What country did it start in? And how old is it? So maybe you need that part first. So it feels like you can enter the book wherever you most need it, or where it calls to you.
CP: I love the idea that the book helps people to understand the myths as well around Interim Executive Leadership and dispels them, I suppose. I think you did a really good job of making sure that that was in the book for people to reflect on.
JW: The other piece that gets some good feedback is we asked some proven executives to tell us their story and give us a tip, because this is all well and good for me in theory, this is my job. But who really does this? You know, what are the people look like? What do they think of it? And so we wanted to put that voice in there as well to hear from people who've, and we deliberately picked people some who are pretty new to the experience, some have been doing it for a long time. And, you know, didn't edit what they what they told us was their tip, you know, and didn't craft what we wanted them to say. We just say could you write about your experience and provide a tip to people.
CP: So Jacinta, my listeners are obviously very security focused. And so it would be remiss of me not to talk about cybersecurity and the Interim Executive industry, and I guess, cyber security roles. So what are you seeing in terms of the rise in demand for cyber maybe compared to other professions? Where does cyber sit in terms of the Interim Executive?
JW: Yeah Claire, it's so it's an interesting one, and I'll reference it probably in closest relationship to the CIO role. This, the CISO role is a pretty recent addition to the executive level role. And so what my interim model relies on is enough people having been in the role permanently and then cycling through the role and popping out at the other end and saying, I no longer choose the permanent role, I now choose to work differently in the interim space. And I'm not sure that the CISO, pure CISO is actually cycled through the system enough. I feel like it's such a rare skill, that people are holding it pretty tight, companies still essentially want to own that skill rather than borrow it. And I think because of the lack of skills, the current marketplace still needs to go to the more traditional consulting houses for this. So you probably go to a big four an IT house to just borrow your CISO, because the skills aren't there. I think that maybe ties in with some of your work around, you're working with companies to sort of develop that skill from an earlier skill set, pulling the people who are younger and training them up so that they are their goals. Would that be fair?
CP: Yeah. So I think that there's definitely a lack of cybersecurity skills at that top end, and there's far less CISOs or heads of with that capability than it is at the more junior levels. You know, we have a lot more technical people coming out of university and lots more opportunities for grads and people who are having a second shot at their careers as well who are retraining. There's a lot more opportunity at that level, and a lot more capability. Once you get to the more senior levels the worry with interim and people moving out of our industry and into the Interim Executive industry is exactly what you just said. We actually need those skills in the organisation's, we need permanent, dedicated cyber security strategic leadership. So the more people that move out and into the interim world, the less we have in the permanent world, which is where it's so desperately needed.
JW: Yeah, to that, I would say, though, that I think we need to sort of remove the notion of how the contractor work with their company sits. So as long as we've got the skills in the market, then I think it matters less whether they're engaged as a permanent or an interim, because what we're really trying to get the skill sets out. And I think, to your point there, CISO skills cycling up from the bottom up, which is fabulous, because what we will then have in time is a dedicated CISO at the executive level, which is where it should sit. At the moment, when I am asked to do a CIO role, the CIO one of the remits is usually the security or the cyber aspect. And it falls under them, rather than having the cyber person sit alongside them. So that's probably sort of a key difference that I would see in the current landscape. You know, each week I'm asked about this skill set, and it's a tough one the markets hot for it. Definitely. And I think both you and I are sort of really keen to see how do we develop the skill set that's different than how it fits into the marketplace.
CP: I just want to ask you one more question on that, where you see some of the big consulting houses sitting when it comes to providing interim skill sets? And you know, whether it's cyber or otherwise, is that sort of something that you're seeing more and more of as well that, you know, these trusted partnerships with big organisations are either offering or being drawn upon to provide that interim leadership where there's a gap, is that something that's also evolving? Or are you seeing more this sort of, you know, people like yourselves and independent interim recruiters providing the services.
JW: You know the key difference when clients come to us, why they go to a big four consultancy house or us, is often the consultancy house will give you the theory of the framework, and an Interim Executive sits and does the job. And so someone described it to me, how interim sits in the seat that is needed that is vacant. So whether it's the CIO, the CISO, the CFO, whatever job. Whereas a consultant usually essentially looks over the shoulder of the person sitting in that seat and says I'd do it like this, or I'd do it like that, or maybe have you considered this. So it's the difference between the theory and the execution. Some of the consultancy houses dropped down to execution, it doesn't feel like it's the main game. So if they feel like they still would prefer to have a piece of work that's providing the framework for a company, whether that's CISO or anything else. And why clients often come to us, they've actually been with a big consulting house and said, we've got a report on how we need to do it. Now, can you have someone who helps us do it. Own it, implement it and execute it.
CP: And so with security, I suppose, is there anything that security leaders could do now, that would equip themselves for a world where this is a much more highly in demand type of Interim Executive role?
JW: Yes, absolutely, I think they will have, by nature of the market, are right at the table. So then they have to step into that, and own it. You know, so you have to, if you've got your chance to be at the table, the executive table, then do some leadership training or come to that seat and don't waste it. Very rarely does a new seat get created at that executive level, there's some pretty defined functions. And if the CISO is going to have a role that's next to the CIO, they actually have to really lean into that space, and own it, and create it and make it really viable because we're here, we've got every right to be here, and you need us here. And so rather than apologise for it, I really front into it, and alongside your technical skills, I'd really be trying to develop some of those leadership skills, because that's, that will be the piece you will have with some of the highest seats on the table, so then use it well.
CP: Yeah, I think it's always good advice for anyone to take on an opportunity to step up or take interim internally or secondments. But also the best advice around take on leadership training, you know, seek it out when you can, or if it's offered to you take it on, because everything you do in those sorts of training environments, you can apply later, or the next day in your career. There's always key takeaways from a leadership perspective. So I think that from a security perspective, there's a lot of technical experts and some very amazing people. But at the leadership level, that ability to lead and just because you find yourself in a management position doesn't necessarily make you a leader.
JW: And I would say that of the people I've met and some of the feedback I get from clients is your technical skills isn't enough anymore. So you have to have that end. In so in this space, I think people gravitate back to but I'm really strong technically. And it serves them for so long. You know, it almost gets them to the Peter Principle, well, if you know that you get to the highest level of your incompetence, and your incompetence, usually in this kicks in in your management.
CP: But I think, you know, as a security industry, we have been trying so hard for security skills to infiltrate other parts of the organisation, you know, we want the Marketing Leaders to wear data protection hats, and we want the CFOs, and CEOs to be thinking about the risk implications of cyber security in the work that the whole organisation is doing enterprise wide. So, you know, CIOs I'm sure some of them would prefer not to have security report to them, it's certainly an advantage because over time, they're adding that to their tool belt, this suite of skills to take into these interim gigs, where they have an opportunity to be a technology leader, who's got that experience leading security teams as well.
Thank you. We've chatted for longer than I expected as I always do, my podcasts are getting longer and longer. I really appreciate your time Jacinta, it's such an interesting topic. Obviously. I'm very interested in interim leadership and where it's going. We will put the details of how to buy your book ' The Rise of the Interim Executive' into the show notes. And again, thanks so much for your time today.
JW: My pleasure.