(upbeat music) >> Commentator: From our studios in the heart of Silicon Valley, Palo Alto, California, this is a Cube conversation. >> Welcome to this special Cube conversation here in Palo Alto, California. I'm John Furrier, host of the Cube. We're here with Fletcher Previn, who's the CIO of IBM, part of a series we're calling a new brand of tech leaders, where we profile leaders in technology and business, where there's innovation and a changing of the guard of approaches and results. Fletcher, thanks for joining me today. >> Thanks for having me. >> So we were talking before you came on camera, you have an interesting background. You kind of went to an arts school, got into entertainment as an intern, Conan O'Brien... >> David Letterman. >> David Letterman. You were fast track to be a comedian and get into the business of entertainment, (laughter) and you ended up as the CIO. How does that happen? Tell us the story. >> The comedy's better in tech. (laughter) >> These days, certainly, watching the Senate hearings, it's phenomenal. >> Well, yeah. As you said, I thought I very well might go into entertainment, that's kind of more of the family business. And I spent a lot of time on movie sets and worked as a production assistant on a couple movies, and then was an intern at the David Letterman Show and Conon during college. But I did always have this strong other thread of really loving technology and being drawn into it. First family computer was a Commodore 64, but my first real computer for me was the original Mac 128K. And I knew something was awry when I was working at the Letterman Show, I was kind of more interested in the phone system than who the guest that night was. And so, when I graduated, I just accepted it. Why keep fighting this? I'm going to go out to the West coast and start my career in tech. >> That's interesting, you know you always gravitate towards what your affinity is, and I think a lot of people look at today's work environment as an environment where there's so many shifts and new kind of waves. To me, we've always said on theCube, you know, this wave that we're living on, tech wave, is kind of a combination of main frame, mini computers, localary networks and PCs all kind of rolled up in one. Because there's so many different touchpoints that's changing things. You know, you don't need to be a coder to be successful in cyber security, you can be a policy person. Lot of societal changes with self-driving cars, which side of the street do they drive on? All these new things are happening. And so it's really putting the pressure on digital, and the notion of data, IT has become a central part of it. You're the CIO at IBM, how do you look at that world? Because now, being a technologist, we'll get to the idea of it in a minute, but as a technologist, as someone who's the Chief Information Officer, when you look at the world today, you look at the wave we're on, what does that wave of technology mean to you? >> Yeah, well I think as you said, there is no part of our modern life that is not touched, and hopefully augmented in some way, by technology. And so, you know, that's the answer to the question why am I at IBM. Because the kinds of businesses that IBM is involved in, the kinds of enabling technology that it provides, really underlies a lot of the critical infrastructure and systems for our modern way of life. And so, being able to be at a company that has a narrative position in what our collective future looks like is what drives me. >> Yeah, a lot of the application developers, you guys have a huge portfolio of applications. You got cloud computer, you got on-premise, you got IOT, a lot of things, AI changing. You're changing the nature of application development, but also the role of data. At IBM as the CIO, what is your strategy in looking at all these changes? And how do you implement it with IBM? What is specifically your strategy? >> Well, certainly our strategy is there will be no part of the IT portfolio that is not augmented with IBM technology, and in particular AI. And an AI strategy is a data strategy, for us to be able to really collect, organize, harness the power of that data and then leverage it in innovative ways to be a more effective and efficient business. More broadly though, in terms of what is my strategy to deliver IT services to a huge company of IT professionals, it's to lead with design. And there's a lot underneath that, but one of the first changes that I made when I became CIO of IBM was adding, as a direct report to myself, a person responsible for design and user experience. And IBM's got a huge focus on design thinking and leading with the user experience, but for us to be successful, we got to create an environment where successful, excuse me, where talented people want to work. And that requires us to have empathy, and engineer from the user in instead of IT out. >> And making service is a big part, because we've got consumption, people consuming IT. >> Yeah, exactly. The barrier to entry for people to make decisions about what they use or don't use is very different. I think people coming to the business 10 years ago, very different set of expectations, even 5 or 3 years ago. And so, it's got to be carrot, it can't be stick. People just won't do something because you tell them to do it, they have to perceive that this is making their work life better in some way. >> Culture's a huge thing, I want to get your thoughts on engineering for excellence, this is something that you believe in. What's your view on that? What does that mean? What does engineering for excellence mean for you as CIO? >> Yeah, well we spend a lot of time thinking of IT as the driver of culture change. And when people say we're a culture that values engineering excellence, what does that really mean? And it means that we recognize and reward people who are really passionate about what they do for a living, deep subject matter experts in their field. You know, I sometimes get asked, what are you looking for when you're hiring people? And I'm looking to hire people who are kind, passionate about what they do for a living, and believe in our purpose as a company. And if we surround ourselves with those kind of people, we will be successful in whatever kind of problem we happen to be trying to solve at that moment. >> What are some of the guiding principles in an organization that's engineered for excellence? What are some of the guiding principles that you hire and push forth through your organization? >> Yeah, well as I said, we are trying to attract and retain, and ultimately reward the people who are deeply passionate about what they do and believe in our collective purpose. And so I think the era of the generalist is probably a bygone era. I'm looking to attract people that are doing in their spare time and in their hobbies and at home the same thing that we're paying them to do at work, because they love it and they feel fulfilled by it. >> And the roles are changing too. Talk about the skill gap, this is a big talk track we hear at every event we go to and exec we talk to. The new brand of tech leaders have to address the skill gap because there's more job openings in jobs that don't have a degree requirement. Meaning, the job doesn't have a certificate or a diploma because it's new. Whether it's cyber security, or data science, new kinds of roles and the skill gaps there. Talk about that, that challenge, that opportunity. >> Yeah, well these new and emerging fields, AI, blockchain, cloud, or otherwise, you're right. A lot of those are new, and there are not well established four-year degrees around those kinds of professions. And so, IBM is very heavily involved in what we call the P Tech, or the Pathway to Technology Program, where people can have a successful career in technology without having a traditional four-year college degree. But more broadly, yeah, there is a gap. A gap between the demand and the supply for people in these fields, and so the best protection all of us have against obsolescence is continuous upscaling and education. And that happens organically if you're passionate about what you do, because you're eating, breathing and sleeping the area that you work in. >> Yeah, and sometimes learning on the job too is key, and getting content on the internet, people can self-learn and apply that. Talk about how your organization's structured for learning. How do you retain the best talent? What are some of the strategies you deploy to keep people motivated, keep them informed, and keep them engaged with a good assignment? >> Yeah, well that is a challenge in any large organization, and IBM is 350,000 plus people in 170 countries. And so the era of us being able to get everybody together in a town hall meeting is long gone. And so, how we communicate and get everybody on the same page around mission alignment, what is our strategy, and what skills do you need, and how do you stay informed and educated. That's an ongoing challenge. I think, ultimately, we try to attract people with our purpose as a company. It's an employer of purpose, the kinds of work IBM's involved in attracts people that are mission driven. And then, there is a tremendous focus on providing distance based self-paced learning, online learning, in person learning, badgen programs, the P Tech Program that I mentioned. And to make sure that a person who is motivated and wants to grow their skills, that they have all the vehicles to do that. But I think the other thing I spend a lot of time focused on is, does everybody in this organization have a good understanding of what our purpose as a company is, and how what they do contributes to that purpose, and can they map back really clearly I'm not just a widget in a machine doing something and I have no idea what the impact of it is. I see that what I'm doing contributes to our collective success. >> People want to work for a mission driven company, that's a new data point we've been seeing. >> Fletcher: Yes. >> Talk about the outcome of focus. You know, you hear digital transformation being kicked around, I think it's happening now more than ever, obviously been hyped up. But now you're starting to see companies really digging in. You guys are going through a digital transformation over many years. You supply technology for companies that are transforming digitally. The notion of business outcomes becomes a big part of that. How have you evolved your organization, from an outcome standpoint, that's new and different from the old ways? Can you give an example and talk about that? Old way of doing things and the new way of doing things. How do you talk about technology for business outcomes in a new way? >> Well, ultimately it's a business problem that you're solving. And so there has to be a business driver behind any project that we engage in. And having good discipline around... organizations tend to die of indigestion, not starvation, and getting really disciplined about what we say no to, in some cases is more important than what we agree to do. And it's much harder to stop work than it is to start work in a large organization. And so we've really leveraged Agile as a new way of working to say, "We have a well-defined methodology for "one funnel of work, that gets prioritized "in partnership with the business in a transparent way." where we say, "You submit this many units of demand, "we have this much unit of supply, let's go through "the story definitions, backlog grooming, "future presentations, retrospectives, the mechanics "of working in an Agile way, to be really disciplined "about everyone's on the same page about what "we are going to do and what we're not going to do." >> Yeah, that's a great point. We hear this all the time. Certainly, it's looking valid here, where I'm located. The notion of Agile, fail fast, the lean startup. You know, I never bought into the fail fast thing. No one wants to fail, but in the spirit of learning Agile, failure is a part of the process. So getting to yes is what people want to get to, but you can't say yes to everything. IT has failed in that area. You can't say yes to everything. So you got to say no. >> Yep. >> You got to also get to what you don't want to do. So knowing what is not the right way to go is where Agile kicks in. So Agile, you want to get to a fail point and know what not to do, at the same time you got to say no to all the requests that you possibly could do. >> Yes. >> Is kind of the formula. Talk about that dynamic. Because this is where Agile translates or DevOps translates into business. It's the same kind of concept applied to organizations, process, and people. >> Yeah, so I think in terms of how do we have good discipline around what we do and don't do. It's very important that people understand what their role in the company is and what their lane is and what their mission is. And if we say no to something, it's not an indictment that that piece of work is not valuable. It just may not be something that is aligned to our mission or something that we're supposed to do. And I think those things can get blurry if you don't have really well defined Agile frameworks and ways of working and everybody on the same page. And so all kinds of things can sound like a good idea potentially, but if it's ultimately not really what we're supposed to be doing, that's what creates friction, right? >> I'd love to get your thoughts just as a person in tech who's got a lot of responsibility in IBM. But you talk about IBM, from an IBM capacity or as a person, but we have a lot of conversations here in the Cube, from Netflix to IBM, to practitioners in the field around the role of data. [Fletcher] Mhmm. Everyone wants to be data driven, so there's no debate there. Data driven is a good approach to take on things. >> Fletcher: Yes. >> But how you look at data depends on what you're lookin' at. You can correlate data and you've got causation. So a lot of conversation's been around don't get too caught up in the data for data's sake. Because if you look at just correlation, you might not know what's causing something. So most data scientists love correlation because it's numbers, they're there, you can look at all those correlations, but not understand the cause of something. Can you talk about how you view this? Because this has become an important part of decision making with data. >> Yeah, for sure. And AI very closely related to having a good data and data governance and taxonomy strategy. To really be able to harness the insights from all that data, you got to have a good data governance strategy behind it. But behind every piece of data is a business process. And so ultimately, being able to really map back and understand which business processes are generating this data is sort of the methodology for trying to put your arms around all the massive amounts of data that are being collected. And I think our old strategy was, we'll have a data lake and we'll just dump everything into it. The advent of AI sort of requires a different data strategy and says we need to have a good governance process around this and have a data platform, not a data lake. That we can then build automation against, run AI against it, and be a business that makes better, more informed decisions based on that data, and then help our customers do the same thing. >> And this has certainly come up a lot in AI around bias and contextual relevance, I think it's a big part of what's behind the data. >> Yeah, right. And you need to have explainability and transparency into the recommendations that AI is making. You know, if it's a black box, that's an issue. If AI came back and told you, "I think you should make "your product more expensive." Your first question would be why? And if you can't answer that... And so, AI's autonomous driving is a good example of that. Where you put a human being in the seat and he or she drives the car, and the system compares the inputs that they would make versus what the human is doing, and can explain why they had variances. But if it's just a complete mystery, that's not going to work. >> Yeah, the contextual why is a great question. I want to get your thoughts on security. [Fletcher] Mhmm. But you had made a comment earlier around the general purpose, IT person is kind of a thing of the past. Meaning that specialism and or variety and diversity of skills are always going to be out there. >> Fletcher: Yeah. >> With security, no one company has the same security makeup. Because their posture and or their organization structures are different because their organization mission is different. No one company is the same. >> Right. >> It's kind of like we as individuals, our DNA, everyone's different. So that means that security's not always the same in every company. As the CIO of IBM, you guys are a large multi-national, you're obviously huge. >> Other companies might have different approaches. How do you see security playing out? Because in some cases, CIOs manage security, in some cases the CSO is bolted out separately. >> Fletcher: Right. >> Either way, we know security's a board issue, as is IT. What's your view on security and the role of security within an organization. >> Security's a huge focus for us, it consumes a large amount of my time. And as much as we worry about our data, we really worry about customer data. And the kinds of threats that we're seeing are evolving rapidly, and as an industry statement I would say the advantage continues to go to bad guys, not good guys. Red is easier than blue. And so this really becomes an exercise in do we understand our networks and the systems that underlie those networks better than the people who are trying to break into it? And in particular, some of the more Apex predator, advanced nation state activities. In terms of the organizational construct of CSO, and where it fits in the company, we've had different models. Where we're at today is that the CSO is a peer of mine, and we work very closely together. And the CSO really, for the most part, defines risk and understands what is the attack surface and threat profile of any particular area. And then anything operational falls to the IT department. And so, in our environment, you know IBM's 350,000 plus employees, the IT department that I lead is about 12,000 people. And so, we have to work very closely together on very different threat profiles of general back office workers, people building commercial software, researchers building quantum computers, people doing outsourced IT. All of them have very different security profiles, and we have to be able to meet those requirements for each of those segments. >> We could do a whole hour just on security, one of my favorite topics. But you guys do have large surface area. >> Fletcher: Yes. >> You got a large employee base, diverse virtual workforce and offices. >> Mhmm. >> You got applications. I mean this is a really complicated security framework you guys have. Well, not framework, but just in terms of challenge, opportunity. >> It's a large surface area, hopefully the framework is not complicated, but it does require vigilance and focus. And so as an example, I am a customer of IBM's Xforce and managed security services. IBM's a market leader in the security services business and they're my kind of perimeter defense on some of these things. But no, you're right. It's something that we can't take our focus off of. >> You know, I had a conversation recently with General Keith Alexander, formally the original commander of cyber command, now he's CEO of a startup, doing a private version of NSA. Signaling is huge in security. >> Fletcher: Yep. >> And I know one of your hobbies is to study kind of the general national security thing as a techie. >> Fletcher: Mhmm. >> The enterprises, they're private organizations. You know, the government's job is to protect IBM. But you guys have to protect yourselves. So you have a new world now where there's a private, public partnerships going on where signaling is super important. Where's the data coming, so real time, and sometimes systems can slow that down for the sake of protecting. But at the same time, you need real time. Not just for security, but in business. Retail, to users. So real time's become a big part of it. What's your thoughts on the notion of real time and security? >> It's huge. Our capacity to detect, respond, and remediate a threat in real time, or as near real time as we can, is the name of the game. You're exactly right, the partnership between governments and public sector and private sector, I think is evolving in a positive way. Where we're beginning to see, as an industry statement, more of these kind of advanced nation state type tactics even being used outside of governments. And so that requires a different kind of response. And then we've got to kind of move forward from an environment where things that are publicly available get enriched and analyzed in some way and then become classified and we can't have access to it. And so the kind of information sharing between companies and governments is really helpful in being able to detect threat on the internet in a real time way. And by the way, if you think we got threats now, when you get to AI and then eventually quantum, threat in the future is not going to be about getting you to click on a link in your email that you think is a legitimate email and install some piece of malware. It's going to be about injecting the minimum amount of data required to teach a system something incorrect or different. So you think of image classification in autonomous driving, with a very small piece of data you can teach it that a stop sign is a yield sign. And that's a fairly benign kind of use case, a simple one, but now imagine financial systems, healthcare systems. So that is leading to quantum resistance cryptography, which is how long do you need to retain data and then what is your encryption strategy around it. >> You know it's interesting. The cost of malware injection can be applied to anything with this. So, I got to ask you, 'cause you guys are leading a lot in quantum, Baba Giano and I have had many conversations. You guys got a great group over there, you got power, amazing stuff happening in quantum. Quantum does change security. What specifically should people know about when they hear quantum. Good for security? Potentially harmful for security? It's an opportunity in both ways. You have a quantum computer, you can crack things much faster. The notion of passwords pretty much goes away. So I need multi-factorial authentication. I mean the whole world's changing with quantum. What's your view? >> Well, like all technology, it can be leveraged for good or less good, and it's a reflection of what the human beings who are using that technology intend to do with it. At IBM, we are working on both sides of that issue. We are developing quantum computers, and then on the other side of it developing encryption methodologies that are quantum resistant or quantum proof. So things like lattice cryptography, where you can mathematically prove you can hide keys in N number of layers such that even a quantum computer can't decrypt it. And so then, how long do you really need to keep that data? If it's two or three years, maybe quantum resistant cryptography is less of an issue for you. If you are the social security administration and you got to keep data for the next 50 years, you got to start investing now in what does the quantum future look like and what are the implications to me from a data and encryption perspective? >> Quantam's super exciting. Fletcher, thanks for coming on and sharing your insight, final question for you. As a person in the tech industry, you've had a chance to see the waves, you got a big one coming up from quantum cloud to AI. What are you most excited about? What should people be paying attention to? In terms of the macro trends. Not necessarily just IBM, just your personal view. To be a new brand of tech leader, what are some of the things that people should pay attention to? And what are you excited about? >> Well, what I'm excited about is what all of this technology is going to bring to bear on our lives. I mean, autonomous driving is going to be life changing for people. The insights that AI will drive. And think about how much time all of us spend doing menial, non-value added tasks at work and in our personal lives. And those things we won't have to worry about as much, with RPA and AI and all kinds of technologies. And I think that will free us to be more creative and be more fulfilled, and I feel very optimistic about the future. In terms of the second part of your question, what advice would I have for tech leaders, I think it's do what you're passionate about. I spend a lot of time focused on trying to create an environment where I think talented people want to work, and that means understanding our purpose, communicating that purpose well. And as I say, kind, passionate about what you do, and believe in the company's purpose. >> Yeah, that's interesting. You mentioned tech for good is always an underbelly in every new trend. And if you look at what happened with, say Facebook, I mean we were talking in 2012 around how data could be weaponized. That was years before so called election or other things meddling. >> Fletcher: Yeah. >> I think there's a community obligation, from sharing data for security risks to seeing the good as a vision, but also identifying bad actors that are going to weaponize the good first. Right? You always have those kind of early adopters. Might not be the best characters. So there's kind of a community has to come together and be faster to identify those. >> Yeah, I do think all of us as leaders have an obligation to understand that risk, and then make decisions around, we as the designers of these systems have to make sure that we're engineering them with fairness and without bias. And then, are the people that we're consuming technology from, are the people creating that technology, are their business models compatible with people who are consuming that technology? And making decisions around who is an ethical, trustworthy partner that I want to be in business with to develop the future. >> Fletcher, thanks for coming on. CIO of IBM here inside theCube, as part of this special program, new brand of tech leaders. I'm John Furrier, thanks for watching. (upbeat music)