Starting out as ‘tape-ape’ in the days of AS/400s, Kerry Bray now sees himself in the role of CIO at Reservoir Group. Speaking to Pulse Q&A CEO Mayank Mehta, Bray narrated his journey so far: including why he’s firmly devoted to the cloud and how being preoccupied with security can sometimes involve having to do shady deals in parking lots with Bitcoin.
Mayank Mehta: What would you say are the top two or three things that have really helped you get to this level over some of your peers?
Kerry Bray: It would have to be the hands-on experience. I think a lot of companies have come to understand they’d rather have hands-on experience rather than theoretical experience. There’s a difference between doing and there’s a difference between knowing. That’s really helped me.
As I’ve made my way up, I had the experience of doing everything in every position. I was working with exchange servers, working with server, iSCSI storage array. It wasn’t because I had to. It was because I wanted to keep my skills sharp and I was genuinely interested in that technology.
I tell people all the time that I don’t actually do anything that makes money.
Number two would be advice. Listening to mentors, finding the right people that can help pull me up. You have to build those relationships in the business side as well as in the technology side. Not only did I get to know quite a few higher-level technology people, I really focused on what they had to say. Because advice is free so take as much as you can.
I’d also try and form relationships on the business side. I’d get to know the business leaders, ask them what their problem points were. I wasn’t really just running an IT department the way I wanted to run it, I was always trying to look at the business and focus on what they needed.
Mehta: Onto some of the questions that have actually come in from the community. What does it mean for you to run a technology organization like a business?
Bray: What it means for me is making sure that we have cost controls in place. If you’re Amazon, IT is your business. But when you’re IT in an organization, like a services company or manufacturing, you don’t produce any product that makes money. I say that a lot of times when I have to give presentations to the business as the CIO. I tell people all the time that I don’t actually do anything that makes money.
My job is dependent on sales guys, engineers and field staff doing their job. Completing a job and earning the cash that comes into this company. What do I do? My job is to make sure these guys can do their jobs. I’m always looking for ways to make sure that my staff or colleagues within the company can do their jobs efficiently. But to run it like a business, I also have to be cost conscious. I don’t have a blank checkbook. So I’m always focusing on cost control.
My philosophy is that these large providers…spend more on security than I could ever dream to spend on security in my small little company.
Going to the cloud has been great because I can dial up or dial down. I don’t really have to look at a budget and say I’m going to need $150,000 to forklift upgrade this storage array. Running it as a business, I previously would have had to think about those things. Refresh cycles for new equipment, both storage arrays, servers, backups, disaster recovery. A lot of that stuff I’d have to budget in. I’d have to look for the best cost savings and best cost value for each one.
Mehta: How do you think about Shadow IT and how the consumerization of IT has really enabled departments to get up and running? How do you think about striking the balance between enabling the business and getting them up and running quickly?
Bray: “Any idiot with a credit card nowadays is a CIO.” That the truth, that’s exactly what it’s become. If you have a credit card, you can buy your own IT and do what you want for yourself or your department. That really struck home with me. I heard that speech in 2010 and that really struck home because that was when the cloud was being born.
Shadow IT has always been an issue. That’s one of the driving forces behind my strategy to go to the cloud because I want to be an enabler. I want to make sure that I’m a yes-man, not a no-man. I know that we’re never going to be able to get rid of Shadow IT. But if I take my data and I put it in areas that I can control access to the data but still allow the users to access it, then I can control that Shadow IT to a point where it’s not affecting me.
I actually had to meet somebody in a parking lot to do a shady deal to get a bitcoin. It was horrible. It was like right out of a spy movie.
For me, taking that data and putting it in Box, I have full control through Box and I understand where my data’s at. The access to that data is a simple app that’s maintained by Box. For me now I don’t care what device you’re using. I don’t care because now I’m just worried about controlling that data.
Box has been really cool and has really let me sleep at night when CryptoLocker and ransomware are out there. I was hit by it when I was with my last company and it’s not fun. I actually had to meet somebody in a parking lot to do a shady deal to get a bitcoin. It was horrible. It was like right out of a spy movie.
Mehta: How do you interface with the security counterpart?
Bray: That falls under me right now. We’re not a huge company, we’ve got about 500-plus employees. I am the CIO, the CISO, as well as the chief data protection officer, CDPO.
Mehta: How do you think about point solutions versus platform, because this is becoming increasingly a big security nightmare.
Bray: My philosophy is that these large providers–Amazon, Box, Microsoft Office 365 environment, Azure–spend more on security than I could ever dream to spend on security in my small little company. They’re spending more on security than my budget for ten years. My philosophy is, if I can utilize their service then I can also get their security.
There’s a lot of trust that goes along with that, but what it does for me is basically their CISO or their security policies become my security policies. It allows me to leverage millions and millions of dollars and hundreds of hours of somebody else’s knowledge around security for myself.
That’s one of the reasons we made the change to go to our 100% cloud-based platform. I couldn’t employee the security team that I would need in order to keep our data safe. We have quite a bit of data and we have IP where we do engineering across all of our product lines, and in order to make sure that this stays safe and secure, the best way was to move it to a company that already has the security in place.
Mehta: Lastly, what are the top questions that you and your team are grappling with this year that perhaps the community can chime in on?
Bray: One of the biggest questions for me is going to be how do I further make the march towards mobile devices in a business world? I’m talking to you right now on my HP EliteBook. These things aren’t cheap and I’ve got salespeople, 6% of my workforce is out in the field, they’re mobile.
Actually 70% of my workforce is mobile so that means very expensive laptops marching around. That means we have to have patching and maintenance. We have to have antivirus and all these things that go on it because CryptoLocker can still lock a PC and people are the largest threat vector so they’re constantly being attacked on their PC.
Another reason I’m looking at mobile is because Apple is pretty immune to viruses. If you do happen to get a virus you can restore that device from the cloud very easy. Apple has made it very easy for IT people to help users restore your life in a very quick and easy format.