WEBVTT 00:00:08.500 --> 00:00:13.500 I guess today is David Walker. 00:00:13.500 --> 00:00:14.600 Who is based in Hong Kong? 00:00:14.600 --> 00:00:18.400 David is Chief data security and Innovation, 00:00:18.400 --> 00:00:22.500 and Jay will be chatting about the role of the sea. 00:00:22.500 --> 00:00:24.000 So welcome to the show. 00:00:24.000 --> 00:00:24.500 David. 00:00:28.600 --> 00:00:31.300 So, David, I'm curious about the maturity of the cyber security 00:00:31.300 --> 00:00:33.400 profession. In Hong Kong. 00:00:33.400 --> 00:00:38.200 What are you doing at the moment companies including FM, 00:00:38.200 --> 00:00:43.700 he's hiring dedicated cybersecurity and appointing a CCO or a cfmo. 00:00:43.700 --> 00:00:51.500 I think it's very lucky cuz it does have a hub of a lot 00:00:51.500 --> 00:00:53.400 of Specialists. Not just from Hong Kong, 00:00:53.400 --> 00:00:57.800 but from all over the world is collaborating with a number 00:00:57.800 --> 00:00:59.300 of other side with professionals. 00:00:59.300 --> 00:01:02.200 Like I do feel very fortunate to working in, 00:01:02.200 --> 00:01:04.500 you know, with a lot of other very smart minds. 00:01:04.500 --> 00:01:08.900 I think it's a fantastic opportunity for you join us. 00:01:08.900 --> 00:01:11.200 I end of The Saga well to advance their knowledge. 00:01:11.200 --> 00:01:14.100 In particular about the size of ours are, 00:01:14.100 --> 00:01:15.800 I do see a lot more companies, 00:01:15.800 --> 00:01:20.700 putting a lot more Farkas into the right position and all sides of 00:01:20.700 --> 00:01:24.400 our demo budget towards cyber security and I'm not just from 00:01:24.400 --> 00:01:27.800 Lodge Enterprise prospective but it should have had his down 00:01:27.800 --> 00:01:28.300 towards that. 00:01:28.600 --> 00:01:30.300 Text Ivan esmb side. 00:01:30.300 --> 00:01:34.500 So I definitely do see a positive trend in that market and I think 00:01:34.500 --> 00:01:40.100 it's absolutely needed for the smaller businesses to to employee 00:01:40.100 --> 00:01:46.300 Security Experts to establish the security controls and to consider 00:01:46.300 --> 00:01:49.900 what that key risk saw and Tobias Lee me to get those key risk. 00:01:49.900 --> 00:01:53.600 Sorry, I'm, I, I definitely say that Trend I'm moving in a positive 00:01:53.600 --> 00:02:06.100 positive manner in Hong Kong, and just the job, 00:02:06.100 --> 00:02:09.800 or actually isn't even reasonable to expect this, 00:02:09.800 --> 00:02:14.000 because we wouldn't necessarily ask this of sage accounting 00:02:14.000 --> 00:02:15.400 for HR practitioners. 00:02:16.800 --> 00:02:21.300 Yeah. It's I mean, from I reflect on a lot of things personally 00:02:21.300 --> 00:02:24.700 in from a personal perspective and and reflecting on a lot of 00:02:24.700 --> 00:02:27.200 the side with professionals, I've worked with, 00:02:27.200 --> 00:02:28.500 and been lucky to work with. 00:02:28.500 --> 00:02:32.400 In my career, I would say that the one thing that all of them 00:02:32.400 --> 00:02:34.900 have is that really passionate about Sabah security, 00:02:34.900 --> 00:02:40.500 and I think they will demonstrate that natural color of protective 00:02:40.500 --> 00:02:43.400 Instinct. And essentially, that's what we're doing is we're 00:02:43.400 --> 00:02:48.800 protecting the organization, protecting the costume is the employees, 00:02:48.800 --> 00:02:50.100 so it's always that mindset. 00:02:50.100 --> 00:02:52.700 Sorry from the top down. 00:02:52.700 --> 00:02:57.200 I think it's important to cyber security teams understand 00:02:57.200 --> 00:03:00.000 that we provide a really important function and enabler. 00:03:00.000 --> 00:03:04.700 So the organization, and I think I'm having that mindset 00:03:04.700 --> 00:03:08.400 will absolutely go along way, that people want to look at as a 00:03:08.400 --> 00:03:11.200 profession, but they're really passionate about what they do. 00:03:11.200 --> 00:03:13.100 They enjoy waking up in the morning. 00:03:13.100 --> 00:03:13.800 To go to work. 00:03:13.800 --> 00:03:15.800 It is stressful. 00:03:16.400 --> 00:03:19.700 I'm it's tired tourism as well, but at the end of the day, I 00:03:19.700 --> 00:03:23.200 think it can be very mentally rewarding as well. 00:03:24.900 --> 00:03:29.900 Earlier this year, you moved from a dedicated Cecil roll into, 00:03:29.900 --> 00:03:32.900 now, that you dated security and Innovation officer role at, 00:03:32.900 --> 00:03:36.000 that's an interesting transition. 00:03:36.000 --> 00:03:40.000 Can you tell us about that, as well as your thoughts on double 00:03:40.000 --> 00:03:41.600 triple having especially. 00:03:41.600 --> 00:03:42.000 It's curable. 00:03:43.900 --> 00:03:49.400 Yeah. So I did from my role perspective that transition 00:03:49.400 --> 00:03:53.700 from from the dedicated say sorry to a chief data security 00:03:53.700 --> 00:03:58.500 and Innovation at least three departments really well together. 00:03:58.500 --> 00:04:03.000 So when we look at cybersecurity then we will get the data or 00:04:03.000 --> 00:04:08.500 data privacy handling data, how utilize beta you know maximizing 00:04:08.500 --> 00:04:12.300 that the usage of data within your organization to understand 00:04:12.300 --> 00:04:15.800 it and then when you wrap the Innovation sodding 2 a.m. 00:04:15.800 --> 00:04:19.500 Innovation from a business perspective and cost of a perspective 00:04:19.500 --> 00:04:24.400 I think H3 the main really complement one another and that sucks 00:04:24.400 --> 00:04:28.700 cuz I kind of thought that's the reflection of how seriously. 00:04:28.700 --> 00:04:31.400 We do take cyber security here at Monk's. 00:04:31.400 --> 00:04:36.100 I have very regular conversations at at board. 00:04:36.100 --> 00:04:39.600 And that all those committees, I'm sorry that constantly 00:04:39.600 --> 00:04:43.000 hearing about Sabe hearing about the threads hearing about 00:04:43.000 --> 00:04:45.200 advancement. Chanel, control maturity. 00:04:45.200 --> 00:04:48.400 Sorry. I think that's a huge positive. 00:04:48.400 --> 00:04:53.300 How seriously we take it from from that double had in question. 00:04:53.300 --> 00:04:58.300 I, you know what, I think people should have asked quite calmly 00:04:58.300 --> 00:05:01.000 can see, I always will see to your house. 00:05:01.000 --> 00:05:02.300 Can they see the Double Hat? 00:05:02.300 --> 00:05:05.900 In some cases they can but realistically, 00:05:05.900 --> 00:05:08.400 I don't think sorry. 00:05:08.400 --> 00:05:13.800 You know, I think you'd look at the ircc. 00:05:13.800 --> 00:05:16.800 Air is inside one thing in common, 00:05:16.800 --> 00:05:17.800 the passion for technology. 00:05:17.800 --> 00:05:23.000 And if I look at it that each of them, 00:05:23.000 --> 00:05:26.200 as a say sweet, they all have their own agendas and Farkas, 00:05:26.200 --> 00:05:31.800 sorry size, they have a very far or experience in Korea. 00:05:31.800 --> 00:05:34.900 Most of them have worked and you know, 00:05:34.900 --> 00:05:39.900 functions of Sai Baba from the IU to design architecture. 00:05:39.900 --> 00:05:43.300 I'm Pullman Tatian governance, risk strategy. 00:05:43.800 --> 00:05:48.200 I see that fool into end of design and controls and configuring in 00:05:48.200 --> 00:05:50.500 June and controls to me to guiding and protecting. 00:05:50.500 --> 00:05:54.800 Sorry, I really think that the size of really, 00:05:54.800 --> 00:05:58.000 really well grounded in shaping Sade program. 00:05:58.000 --> 00:06:01.900 I'm handling incidents articulating cyber threats and risks 00:06:01.900 --> 00:06:03.200 of senior stakeholders. 00:06:03.200 --> 00:06:07.700 So you know if someone does have experience to reserve their 00:06:07.700 --> 00:06:13.000 minds and they are I'm double adding more taking on responsibilities 00:06:13.000 --> 00:06:14.900 from a CTR perspectival CIA. 00:06:14.900 --> 00:06:18.600 Then I think it works that way but I'm in The Saga profession 00:06:18.600 --> 00:06:22.300 than mine. I really still believe that it's a environment 00:06:22.300 --> 00:06:23.900 to having special set of had that experience. 00:06:25.300 --> 00:06:28.900 Wait, so your mind. 00:06:28.900 --> 00:06:30.900 What would be the ideal reporting structure? 00:06:33.800 --> 00:06:35.300 I'm reporting out. 00:06:35.300 --> 00:06:38.800 He's a very obese when I'm very passionate and supportive of 00:06:38.800 --> 00:06:42.300 it. I absolutely think that the size I should be reporting 00:06:42.300 --> 00:06:43.300 under the executive team. 00:06:43.300 --> 00:06:46.500 If I look, we're putting up that. 00:06:46.500 --> 00:06:47.400 Absolutely. 00:06:48.800 --> 00:06:52.300 The Cyber risks and threats will be best articulated 00:06:52.300 --> 00:06:53.600 by the professional. 00:06:53.600 --> 00:06:59.100 And I think it's best to hear from directly from the person 00:06:59.100 --> 00:07:01.200 and sit here around you. 00:07:01.200 --> 00:07:03.600 No constraints requirements. 00:07:03.600 --> 00:07:05.500 Budgetary constraints resource constraints. 00:07:05.500 --> 00:07:09.100 But if they don't address it, while the actual results will 00:07:09.100 --> 00:07:12.900 be sorry, I think, you know, cyber risk. 00:07:12.900 --> 00:07:17.200 He's one of the, the highest risks in the demand for oil companies 00:07:17.200 --> 00:07:21.800 and organizations. So I think that equates to having that responsibility 00:07:21.800 --> 00:07:24.800 at the executive level, if I look down, 00:07:24.800 --> 00:07:27.200 wood said there's a number of ways that you can trucks. 00:07:27.200 --> 00:07:30.800 You a 10-minute really comes down to how big and braw the organisations 00:07:30.800 --> 00:07:36.800 is, I'm I like to structure quite simplistically cyber defense 00:07:36.800 --> 00:07:41.600 operations. I saw grow operation cyber engineering obviously 00:07:41.600 --> 00:07:43.100 with a lot of the cloud advancements. 00:07:43.100 --> 00:07:46.200 Having that engineering pool of resources is nothing crucial 00:07:46.200 --> 00:07:48.000 and important especially with training. 00:07:48.700 --> 00:07:50.900 Papa K in Fiber store. 00:07:50.900 --> 00:07:55.300 In cyber risk data privacy, is a number of ways if you consider 00:07:55.300 --> 00:07:59.500 structure it, but I think they are probably the key to the house. 00:08:00.900 --> 00:08:06.500 And now you might have touched on this a bit, 00:08:06.500 --> 00:08:10.700 when we were talking about a double wedding but organisations, 00:08:10.700 --> 00:08:14.900 that are not quite ready to commit to hiring a full-time. 00:08:14.900 --> 00:08:19.600 In-house see. So, sometimes consider Caesar as a service. 00:08:19.600 --> 00:08:24.800 Do you think this looks in a fuel that requires organizations 00:08:24.800 --> 00:08:26.500 to be vigilant at all times? 00:08:28.700 --> 00:08:34.300 I think it's short for large organizations Banks, 00:08:34.300 --> 00:08:37.400 infrastructure, line National infrastructure. 00:08:37.400 --> 00:08:39.900 I think, for any of those kind of organisations, 00:08:39.900 --> 00:08:43.000 absolutely not. It needs to be permanent. 00:08:43.000 --> 00:08:47.200 Needs to be a full-time resource and a team of racehorses. 00:08:47.200 --> 00:08:50.900 Sorry. From that perspective, nine. 00:08:50.900 --> 00:08:53.800 There's also a regulatory requirements mad at regular time instead 00:08:53.800 --> 00:08:56.800 to have the rolls are smaller businesses. 00:08:56.800 --> 00:09:01.500 I'm having periodic senior executive and inside there was a Service 00:09:01.500 --> 00:09:05.200 Centre is what I deem senior executive consultation 00:09:05.200 --> 00:09:09.400 having that assistance to help review control maturity, 00:09:09.400 --> 00:09:14.400 you know, stablished outside by strategy, might help it but I still 00:09:14.400 --> 00:09:19.100 wholly believe that they're going to have employed as an employee 00:09:19.100 --> 00:09:19.900 outside the team. 00:09:19.900 --> 00:09:24.200 I'm if it's a matter of having some experts coming to guide 00:09:24.200 --> 00:09:28.100 them and give them from entering and Gardens perspective, 00:09:28.600 --> 00:09:31.800 I think there is an appetite for that for small businesses 00:09:31.800 --> 00:09:36.100 that might not necessarily have the budgets full for a permanent 00:09:36.100 --> 00:09:41.000 oz are in bed, but there's definitely an aid for him and insecurity 00:09:41.000 --> 00:09:43.900 representation in an old companies, no matter the size. 00:09:45.400 --> 00:09:50.200 And inside the security, we talked a lot about diversity, 00:09:50.200 --> 00:09:55.700 but what are the actual tangible advantages for the benefit 00:09:55.700 --> 00:09:57.000 of those who are still on the fence? 00:09:57.000 --> 00:09:59.700 All the think it's all just posturing. 00:10:01.600 --> 00:10:06.600 I'm on a massive in Amish huge advocate of diversity in the workforce. 00:10:06.600 --> 00:10:07.900 Not just in cybersecurity. 00:10:07.900 --> 00:10:13.300 I think having that diverse team from nationality orientation 00:10:13.300 --> 00:10:14.000 or gender perspective. 00:10:14.000 --> 00:10:18.700 It brings a variety of creative and Innovative thinking 00:10:18.700 --> 00:10:23.700 went when you consider the saibaba when dealing with a lot of 00:10:23.700 --> 00:10:26.700 fiber precious I think having that Variety in different 00:10:26.700 --> 00:10:30.500 perspectives. Essentially means that you know it results 00:10:30.500 --> 00:10:32.400 in better outcomes and better decisions. 00:10:36.400 --> 00:10:38.400 What do you think? 00:10:38.400 --> 00:10:41.500 Peaches have a security careers will look like, 00:10:41.500 --> 00:10:45.700 do you have any strategies to share with us to future-proof 00:10:45.700 --> 00:10:46.900 the Korean dispute? 00:10:48.700 --> 00:10:51.300 Yeah, for future, perfect careers. 00:10:51.300 --> 00:10:57.100 I'm personally really excited to see a lot more opportunities 00:10:57.100 --> 00:11:03.000 in schools and universities dating back a long time ago. 00:11:03.000 --> 00:11:07.800 But didn't necessarily exist in any of those you do computer 00:11:07.800 --> 00:11:08.900 science, and that was it. 00:11:08.900 --> 00:11:11.200 And then you should have been cheated on from there, 00:11:11.200 --> 00:11:16.200 you know, I think getting young people excited and passionate 00:11:16.200 --> 00:11:19.400 and interested in Sabah Securities is definitely crucial 00:11:19.400 --> 00:11:19.900 for our industry. 00:11:19.900 --> 00:11:23.900 And that's a trend that I'm saying I'm in a lot of countries. 00:11:23.900 --> 00:11:26.400 I'm saying that representation at the school, 00:11:26.400 --> 00:11:28.200 level in, at the University, level in, 00:11:28.200 --> 00:11:33.300 and I think people it is insomnia. 00:11:33.300 --> 00:11:35.800 I, when I, when I do a lot of presentations in your organization, 00:11:35.800 --> 00:11:40.100 I probably get a really good Gathering of people because 00:11:40.100 --> 00:11:43.000 it's one of those topics paper really interested to hear about 00:11:43.000 --> 00:11:43.900 and learn about 00:11:46.300 --> 00:11:51.000 and what was the most important security lesson that you lend 00:11:51.000 --> 00:11:53.900 last year as a cybersecurity betta 00:11:55.500 --> 00:12:00.800 I'm not saying it's really important to celebrate the small 00:12:00.800 --> 00:12:05.200 wins sounds Sound small, but I think it's really mentally 00:12:05.200 --> 00:12:09.700 and emotionally important to, to celebrate, you know, 00:12:09.700 --> 00:12:12.500 we are really highly scrutinized environment. 00:12:12.500 --> 00:12:16.500 It is very high pressure, sorry, you're not having a small 00:12:16.500 --> 00:12:18.700 little wings, celebrate and enjoy it. 00:12:18.700 --> 00:12:21.200 I think, you know, for me personally, 00:12:21.200 --> 00:12:25.400 I ain't charged continuous learning and that's through providing 00:12:25.400 --> 00:12:27.700 opportunities to my team, to learn and grow, 00:12:27.700 --> 00:12:31.200 you know, some other lessons. I 00:12:31.200 --> 00:12:36.000 learned, I would say with some of the challenges in the environment 00:12:36.000 --> 00:12:37.500 at the moment globally. 00:12:37.500 --> 00:12:43.100 I, I think I and I are having a highly resilient a shape tame 00:12:43.100 --> 00:12:44.900 a multi-skilled experts. 00:12:44.900 --> 00:12:48.100 I can easily adapt to changing external pressures. 00:12:48.100 --> 00:12:51.500 He's definitely something that I learned to super important 00:12:51.500 --> 00:12:53.700 than something that others should definitely consider. 00:12:54.400 --> 00:12:56.000 I'm in awe. 00:12:56.000 --> 00:12:59.400 I definitely say empowering your team, I am protecting 00:12:59.400 --> 00:13:00.700 their well-being as well. 00:13:00.700 --> 00:13:05.200 I think all of those items is is through the last 12 months 00:13:05.200 --> 00:13:09.600 areas that I will continue to focus on him to provide for my team 00:13:09.600 --> 00:13:15.100 and and and then I will say that they are reporting team members 00:13:15.100 --> 00:13:15.400 as well. 00:13:17.300 --> 00:13:19.800 Sound advice, thanks David. 00:13:19.800 --> 00:13:22.100 I'm afraid that's all the time we have today, 00:13:22.100 --> 00:13:24.200 but I don't feel like to thank you for this. 00:13:24.200 --> 00:13:29.100 I'd like to thank you for this engaging in chat and too obvious. 00:13:29.100 --> 00:13:31.300 If he has any thoughts to chat on, 00:13:31.300 --> 00:13:33.700 on top of today, I'll be back on the show, 00:13:33.700 --> 00:13:37.800 feel free to reach out to me on Wednesday to see on the next 00:13:37.800 --> 00:13:38.700 episode and