Every Monday morning we fire five questions at a C-suite technology industry interviewee. Today we’re pleased to be joined by Joan Pepin, CISO and VP of Operations at Auth0.
Biggest Challenge for your Clients?
Picture this. A customer decides they need to build a consumer-facing app. It has to have database connections, dynamic content, a great user experience, and a super flashy interface. The deadline is two-to-three months away, and things are looking pretty good, so they decide it’s time to wire-up the login and identity portion of the app.
They know they’ll get higher click-through if they let people log in using their Facebook, Google, or LinkedIn credentials – but they don’t know how to do that. They ask questions like, “should we put identity information in our database” or “which database should we use?” and “What if someone signs up with Facebook or Google and then wants to change their password? How does that work?” They don’t know what to encrypt or which encryption or hashing algorithm to use. Suddenly, with two-to-three months to go, they realise that identity is super complicated, a whole technical specialisation that their generalist app development team aren’t experts in.
There’s another side of the market: huge, established organisations that have acquired 100 companies in the last 25 years who want to consolidate hundreds of apps, all with different brands and databases, to give their customers one identity to access all of their products. It’s a similar challenge for a different type of customer.
Technology that Excites You Most?
I have a controversial answer: AI-based personal assistants. I use them extensively. Are there big privacy concerns about the way these services are designed, built, and managed? Yes. Did I always understand that Amazon would have snippets of me telling my personal assistant she’s wrong and that samples of my voice would be heard by a human while they train and improve my device? Of course – but I’m an expert user who understands the risks. We can’t assume this of all users and need to figure out how to better communicate the trade-offs as an industry and as a society.
From my perspective, there are accessibility, productivity, and conservation gains. My 75-year-old mother lives alone and now has a device that tells her when her shows are on, what the weather is like, and news while she’s making her breakfast. That has been huge for her. By comparison, I use them as a productivity tool to multi-task or rattle off a to-do list while I’m working on something else: it’s my “office automation.” Then there’s the electricity I save when I say, “I’m leaving the office” and it shuts everything off for me. Obviously, AI-based personal assistants aren’t perfect and we can make jokes all day long about the mistakes they make. But if they’re providing value to an expert user like me, who has done machine learning work, and my mother with no technical background, they’re worth another look.
My proudest successes are people who’ve worked for me and gone on to do amazing things with their career and with their lives. Of course, it’s intertwined, and I’ve only been able to take people on, mentor them, work with them, and help them get ready for that next promotion because I’ve been the CISO at two unicorns. While security professionals need to be technical, they must also exhibit a range of soft skills to educate the organization about security and advocate budget and best practices. Without those soft skills, I wouldn’t have been able to make the impact I have. I’m able to develop people, which means I have a good team wherever I go. I help them, help me; as I move up, I pull them up with me.
I’ve definitely had failures to communicate, and it’s a weakness of mine I need to be on-guard for. I make assumptions that certain things are obvious to people in the room and don’t explicitly state them. To me, this feels like I’m respecting someone’s intelligence, not cataloging a list of obvious things and being condescending. Turns out, those things often aren’t obvious to other people.
What feels to me like respect, feels to them like I’m withholding or hiding something, and two meetings later when I present the end result, they’re surprised – and not in a good way. I’m learning to over-communicate without being condescending, what to over-communicate, and when I need to look at each person in the eye to make sure they understand, because I have a history of surprising people in ways I never intended.
In Another Life, I’d Be…?
A baker. I spend so much time working so hard to grow a company, grow a team, finish a project, and do all these other things that at the end of the day, don’t always have immediate results. To bake a delicious loaf of whole grain bread that is healthy, that people can smell, see, touch, and taste, and that leaves them feeling satisfied – there is a tangibleness and immediacy to that on all five senses and an interpersonal relationship that ties it all together. Maybe I’d open a bed-and-breakfast, with homemade bread every morning.