Transformation in Turbulent Times with Former Telstra CEO Andy Penn - Redefiners

Summary7 min read

Redefiners Podcast – Episode Summary
Transformation in Turbulent Times with Former Telstra CEO Andy Penn
Date: February 25, 2026
Hosts: Marla Oates (A), Dr. Tomas Chamorro-Premuzic (B)
Guest: Andy Penn (C), Former CEO, Telstra

Episode Overview

This episode of Redefiners features Andy Penn, the former CEO and Managing Director of Telstra, Australia’s leading telecom company. The conversation focuses on leading large-scale transformations during challenging times, drawing on Penn’s unconventional career path from CFO to CEO and highlighting his expertise in digital and business transformation, culture change, and cyber risk management. Listeners gain practical advice on leadership, overcoming organizational inertia, and navigating the complexities of AI and cybersecurity in today’s business landscape.

Key Discussion Points, Insights & Timestamps

1. Andy Penn's Unconventional Leadership Journey

Andy left school at 15, started as a shipping clerk in London with a humble salary, and supplemented his income with a second job. He later completed his education through evening classes and ultimately built a career that led to C-suite roles in two major industries.
- Quote [03:00]:
  
  "I dropped out of school when I was 15... My first job in London was as a shipping clerk... I had to get a second job to supplement my income... But I found motivation at work and then took myself back to evening classes." – Andy Penn
His foundation in finance served him well but his curiosity drew him into broader management and strategy roles.
- Quote [04:30]:
  
  "I've always then tried to push myself to move more into management and strategic roles... finance and accounting has always been a great and solid foundation." – Andy Penn
Transitioning from CFO to CEO was a “bigger step than you anticipate,” especially regarding stakeholder management and organizational complexity.
- Quote [05:31]:
  
  "Moving into the CEO role... is always a bigger step than you anticipate... being self-aware enough to know that you’ve got a lot to learn, even if you make the transition through that pathway, is super helpful." – Andy Penn
Advice for CFOs aspiring to be CEOs: Leverage the holistic business perspective finance offers, but be ready for the expanded scope, especially stakeholder engagement.

2. Lessons from Leading in Multiple Industries [06:07]

Andy highlighted both transferable leadership lessons and the necessity of quickly learning industry-specific details, especially given today’s deep specialization.
- "How do you take what I know and what I've learned and then apply it in a new sector? But then how do I take the time to actually learn the new sector? ...the degree of specialization...is pretty important as well." – Andy Penn [07:21]

3. Transforming Telstra: Diagnosing and Tackling the Real Problem [07:42]

Upon taking over as CEO of Telstra in 2015, Andy faced multiple crises—customer complaints, outages, regulatory issues—but traced them back to a core lack of business and digital transformation.
- Quote [08:07]:
  
  "...fundamentally, the organization had not really tackled an upgrading and transformation of its core business..." – Andy Penn
Telstra’s response to industry disruption had been to pursue adjacent opportunities instead of confronting transformation head-on. This diluted focus.
The transformation needed wasn’t just digital, but a radical simplification of business operations.

4. Business Simplification: The Key to Digital Transformation [09:14]

Digital transformation often fails because companies try to fix systems without confronting the underlying business complexity.
- Quote [09:37]:
  
  "Most digital transformations fail because people believe the problem is the systems. It doesn’t originate in the systems, it originates in the complexity, in the way in which we’ve chosen to do business over many, many years." – Andy Penn
Example: Telstra simplified its 1,800 customer plans down to just 20, leading to dramatic gains.
- NPS up 20 points, costs down 40%, 90% fewer calls, 50% fewer complaints, market and profit gains.
- Quote [10:20]:
  
  "We simplified... from 1,800 plans to 20... Our NPS went up 20 points, costs came down 40%, 90% reduction in calls... 50% reduction in complaints... win-win for everyone." – Andy Penn

5. Overcoming Resistance to Change and the Power of Agile [10:40]

Resistance to change often materializes as the “withholding of resources”—money, people, or emotional energy—but not openly.
- Quote [11:18]:
  
  "...resistance to change... actually the withholding of resources... By resources, I mean money... people... emotional energy." – Andy Penn
Implementing Agile as a systematic approach to force resource alignment and break functional silos enabled transformation.
- Quote [13:05]:
  
  "We implemented Agile... the Agile system effectively controls that process, it controls the allocation of resources..." – Andy Penn

6. Building the Right Culture and Senior Team [16:40]

Culture isn’t a parallel project—it’s reflected in day-to-day actions and business decisions.
- Quote [17:02]:
  
  "Culture is a function of the things that you do and say every single day. It’s not some abstract sort of concept... culture is a manifestation of how you do business." – Andy Penn
Getting senior leadership right is about openness, trust, and consistently working on relationships—"culture is like a marriage."
- Quote [18:34]:
  
  "It requires a lot of work. It requires a lot of openness or honesty, authenticity... culture's like a marriage. Got to keep the communication going." – Andy Penn & Marla Oates

7. AI Transformation: Lessons and Governance [19:11]

AI’s promise is real, but relies on simplified digital foundations.
- Quote [19:11]:
  
  "If you don't tackle [digital simplification]... it makes the job of leveraging AI much harder." – Andy Penn
Companies expecting to build AI capability organically are likely mistaken; upskilling and/or outside help are needed.
Ethical governance is critical: AI is literal (“it won’t check if the answer is right or ethical”) and must not be a black box; organizations must ensure explainability and test for ethical impacts.
- Quote [20:40]:
  
  "AI is literal... you need to cater for that. And then secondly, AI can be a black box, or rather you cannot afford to let it be a black box." – Andy Penn

8. Cybersecurity Resilience for Business & Nation [21:48]

As Telstra’s CEO, Andy was responsible for Australia’s critical national infrastructure, seeing firsthand the rise in cyber attacks.
Cyber risk management, he argues, is like any other risk—there’s no silver bullet, and total elimination is a myth.
Andy’s Four-Point Cybersecurity Plan:
1. Inventory all digital assets—know exactly what you must protect.
2. Prioritize asset protection—a differentiated approach based on sensitivity/importance.
  - Quote [24:17]:
    
    "Some things are more important than others... you could take a different approach to protecting sensitive data versus a Netflix account." – Andy Penn
3. Crisis planning and simulation—prepare before a crisis hits; scenario testing must be visceral to be effective.
  - Quote [25:16]:
    
    "The worst possible time to develop a crisis response plan is in the middle of a crisis... the more visceral you can make that, the more the learnings stick." – Andy Penn
4. Stay vigilant—what’s safe today may not be safe tomorrow. Monitor emerging threats like quantum computing.

9. Leadership Philosophy, Career Reflection & Advice [28:22]

The move from financial services to leading in a technology-driven business was transformative.
- Quote [28:34]:
  
  "The factor that's had the biggest impact on business... the last 40 years has been technology and it's the most underestimated in terms of potential impact." – Andy Penn
For future leaders: focus on technology, as its significance will only grow.

Memorable Rapid-Fire Answers [29:49]

Favorite way to decompress: Painting (the artistic kind).
Language to be fluent in: Spanish (currently learning).
Success in five words or less: “Making a positive contribution.”
Favorite interview question:

“Think of a time in your career when you were really happy...what was going on? Who were you working with? What were you working on?”
Motivation is key and cannot be taught.
Childhood nostalgia item: Camping holidays in the south of France with family.

Notable Quotes & Highlights (with Timestamps)

"I've always been inspired to learn new things and learning new industries has been one aspect of that." – Andy Penn [06:21]
"Do not fall into the trap of thinking a digital transformation is just changing your systems unless you do a major business simplification first." – Andy Penn [10:05]
"If you say diversity is important, but your daily business decisions don’t support it, you’re sending a different message." – Andy Penn [17:32]
"There is no internet without a telecommunications network... you basically are responsible for the network where most malicious cyber activity is actually going." – Andy Penn [22:25]
“What is safe today may not be safe tomorrow... quantum computers are not that far away.” – Andy Penn [27:13]

Tangible Takeaways for Leaders

Transformational change starts with business simplification, not tech fixes.
Organizational resistance hides in resource allocation, not outspoken opposition—align resources through systems like Agile.
Culture is daily practice, not side projects; it requires constant, open work—especially among senior teams.
AI and cybersecurity strategies must be grounded in business fundamentals and ethics, not just technology.
There’s no shame in unconventional paths—curiosity, resilience, and lifelong learning pay off.

For more insight-packed leadership dialogue, find all Redefiners and Leadership Lounge episodes on YouTube and your preferred podcast platforms.

Loading summary

Transcript50 lines

[00:00]
A
Call them change makers.
[00:02]
B
Call them rule breakers.
[00:04]
A
We call them redefiners. Hi, everyone, and welcome back to another episode of Redefiners. I'm Marla Oates, a leadership advisor at Russell Reynolds. I'm thrilled to be joined today by my fabulous co host, Russell Reynolds Associates, one and only Chief Science officer, Tomas Chamaro Pramuzik.
[00:29]
B
Hey, Marla. It's great to be here. How are you?
[00:32]
A
I'm good. It's so nice to see you.
[00:34]
B
Thank you, thank you. I'm excited to be here.
[00:36]
A
Are you ready for your first Redefiners episode?
[00:39]
B
I prepared a lot. I have to say I've been a fan of the podcast for some time, so I'm a little nervous, but I'll do my best and I know that you'll guide me through this and you're an experienced host, so I'll try my best to keep up with you.
[00:52]
A
You're going to do great. Well, look, before we get started, just a quick reminder to our listeners that you can find all episod of Redefiners and Leadership Lounge on YouTube. If you're currently watching on YouTube, don't forget to hit that subscribe button so you don't miss an episode. And for our audio listeners, don't forget to rate Redefiners. We love to see your feedback. Well, Tomas, today we're really in for a wealth of insights from down under with a CEO who led a massive transformation for a major telecom company. He took over the reins as CEO during a really tumultuous and tough time for the company, and he transformed this organization into a company that was much more streamlined and digitally enabled.
[01:34]
B
Yeah. There's a couple of things that really excite me about today's guest. The first is, of course, as you just said, that he's really managed to execute a large transformation project at scale, which as we know, is something that many of our clients are struggling with. The second one is that he had a really unconventional, almost squiggly unusual path to the C suite first and then to becoming CEO.
[01:56]
A
It's going to be a great discussion. So for our listeners, our terrific guest today is Andy Penn, who was formerly the CEO and Managing Director of Telstra, Australia's largest telecommunications company. Before his CEO role, Andy actually started as a CFO. And before joining Telstra, he spent 23 years in leadership roles at AXA, one of the world's largest insurance and investment groups. Currently, Andy is a non executive director of the Kohl's group, Chair of Visit Victoria, and a senior advisor with McKinsey Company.
[02:30]
B
So, Andy, welcome to Redefiners.
[02:32]
C
Thank you very much. It's great to be here.
[02:34]
B
There's several reasons why we're very excited to have you, but I think as a starting point, one of the main reasons that your profile was so interesting to us is that you kind of had a little bit of an unusual pathway or track to the C suite first and then to becoming CEO. We start with that and maybe you want to recap what that kind of relatively squiggly or unpredictable path was.
[03:01]
C
I dropped out of school when I was 15 in the UK or in London. And I can remember my first job in London was as a. Basically as a shipping clerk, which was a very junior administration person. But I remember it vividly because my starting salary at the time was £2,424 a year. And the first problem I confronted was that my daily train ticket was ten pounds a day, which, if you do the math, you can work out was more than I was actually earning. So I had to get a second job to supplement my income to be able to do that. But I think the thing that I learned and it taught me was that ultimately you can't teach motivation, you can't teach people what to be passionate about. And for whatever reason, I wasn't motivated during my schooling time. But then when I commenced work, albeit in a very, very junior role, I actually found motivation and I enjoyed it. And then as a consequence, I did take myself back to evening classes and weekends where I studied my final schooling and I did a first degree, then I qualified as the campus, then I did a master's degree and so I sort of did do all of that, but rather unconventionally.
[04:11]
A
You were group CFO at axa, and then you became Group CEO of AXA Asia and you joined Telstra and then you were cfo, Right? And then you moved into that CEO role. Was this a conscious decision? And do you think that understanding the CFO and finance side of the house really helped you assess the opportunities and challenges more quickly?
[04:31]
C
The one thing I've had some natural ability for is finance, but I was always, I guess, in a sense, a little more inquisitive than just doing purely finance. And so over my career, whilst I've done a lot of finance roles, I've always then sort of tried to push myself to move more into management and strategic roles as well, but finding that finance and accounting has always been a very, very great and solid foundation for me. And then, of course, to your question, did I find that helpful in terms of doing other roles? Absolutely. When you're the Chief Financial Officer as an example, you get to have an opportunity to view the whole of the business. There's not many other roles other than the CEO where you have the privilege to be able to do that. And then of course, you also see it through the lens of the economics of the company, which aren't necessarily the only thing that's important, but they're a pretty important part of a business. Obviously.
[05:22]
A
20% of CFOs now step into the CEO seat. What advice do you have for CFOs that are making that move into the CEO seat?
[05:31]
C
Well, I think moving into the CEO role, which I've done twice in a major public limited company, is always a bigger step than you anticipate. Even when I did it second time around. The CEO role is a very, very different role, particularly in a publicly limited company where, you know, complex stakeholder management is actually a really important part of it. And so I just think, you know, being self aware enough to know that you've got a lot to learn, even if you make the transition through that pathway, it's not the only pathway, but it's super helpful.
[06:08]
B
I assume the fact that you worked in different industries informed how you approach your role as a CEO. Are there any commonalities, any things that basically influence your style or your approach?
[06:22]
C
Firstly, I've always been very curious and inquisitive and so I've always been inspired to learn new things and learning new industries has been one aspect of that. But also I think that even when you transition into a new industry, there's a lot of patterns and a lot of experiences that you can take from one to the other. So for example, I moved from financial services into telecommunications. Very different product proposition for customers. But you know, the concept of the regulatory environment in which you're operating, the responsibilities that that brings about, the governance aspects that you need to deal with, just basic people leadership and leading large teams through complex situations. The technology environments, the core fundamental base of it may be different, but some of the principles, some of the things you learn. And so, you know, I've always found that super interesting. How do you take what I know and what I've learned and then apply it in a new sector? But then how do I take the time to actually learn the new sector? And that is super important as well, because a lot of industries, and I don't know if this is becoming more the case than in the past, probably it is, but the degree of specialization and I Guess uniqueness within industries, whether it's telecommunications or financial services, whatever it may be, I think is pretty important as well.
[07:42]
A
Let's talk about your CEO role at Telstra. So you stepped into the role in 2015, pretty turbulent time for the company. And shortly after taking the helm, you had to deal with number of network outages, angry customers, analysts questioning the company's response, the strategy. How did you react to that so early in your CEO tenure? And what did you do to start turning things around?
[08:08]
C
Whilst they were very different sort of issues, customer complaints, regulatory issues, network outages, those types of things, it became apparent pretty quickly that they were all rooted in the same problem, which was that fundamentally the organization had not really tackled a upgrading and transformation of its core business. And there was a major structural change that was happening in the industry which was effectively being implemented by the government, which had profound impact on the organization. I won't necessarily go into the detail of it, and I think what the company had done in response to that was to look for new avenues of growth, growth, new avenues of investment, but that were not part of the core business. And ultimately we all know what sort of happens when companies go into adjacencies in new areas, that's not always successful. And that was partly the case in Telstra's case. But the bigger point was it was also distracting attention from dealing. What we fundamentally had to deal with was a major transformation.
[09:14]
B
A lot of our clients, listeners are still struggling with, with transformation. Now it might be AI before it was digital, so would love to hear how you tackled it. And Generally speaking, if CEOs or leaders are planning to embark on a big transformation project, whether it's digital or AI, what are some of the lessons that you can share with them?
[09:37]
C
In Telstra's case, the root cause of the problem was that we were providing a poor level of service because we had a complex systems environment and we had under invested in addressing many of the challenges which existed there. At its heart, it was a digital transformation because we could see our competitors, not only our competitors, but other organizations that were providing a much better level of customer experience than we were. And that's what we were being benchmarked against. And to address that, we really needed to upgrade our digital environment. And this was a major learning for me, which is that I think that most digital transformations fail because people believe the problem is the systems. It doesn't originate in the systems, it originates in the complexity, in the way in which we've chosen to do business over many, many years. And unless you Proceed. A digital transformation with a major business simplification. My view is it will fail if you think about a company like Telstra. At the time we launched the T22 program, we had 1800 different plans for our customers. So these are both the mobile phone plans, home Internet plans, media plans, really simple things, but we had over 1,800 of them. In Telstra's case, we decided we would simplify and we went from 1,800 plans to 20. And we committed to never committing that sin again. And that if we were ever going to change things, the price or the features, we would do it for everybody. And the results were remarkable in the sense our NPS went up 20 points, costs came down 40%, we had a 90%, 90% reduction in calls to the call center, a 50% reduction in complaints. And so we had happy customers, we grew market share, we made more profit, and it was just a win win for everyone. And at its heart, it was that massive simplification. And so do not fall into the trap of thinking a digital transformation is just changing your systems unless you do a major business simplification first. When I took over, we had 80,000 people in the organization. So staff and I always used to sort of joke that I could be the last person left in the office at the end of the day and make a decision as the CEO after everybody else has gone home and somehow the company would still reject it. And I sort of started to ponder this concept around resistance to change, because a lot of people sort of talk about resistance to change or the frozen middle or whatever it may be. And I used to say, well, show it to me. Where is it? How does it manifest itself? How do I change it? And what I came to conclude was that it is actually the withholding of resources. It is the withholding of resources somewhere in the organization. So that as a senior team or as a chief executive or whoever it is, you make a decision that you're going to do something and you promulgate that decision in the organization. But somehow the resources that are required to support it are not forthcoming. And by resources, I mean money. So the capital, I mean the people. So people resources, or I mean the emotional energy. And so you think you've announced this thing you're going to implement, but actually when it dissipates into the organization and it becomes the organization's responsibility to implement it, actually what really happens is it doesn't get supported in one way shape or another. So the key to me was, how do I therefore tackle this issue? Of allocation of resources and this issue around resistance to change. And one of the things that we did do, which was incredibly powerful in this regard, was we implemented Agile. Typically an organization is functionally orientated. However, most of the things as an organization you're trying to deliver are actually horizontal. You're trying to deliver new solutions to customers or deliver new systems. And so they're cross functional in nature. And so typically what tends to happen in the planning sense is you identify your strategy, you plan the things you want to implement which are cross functional, and then you hope that the functional teams are actually going to apply their resources to their bit of implementing. What actually you do in Agile is the Agile system effectively controls that process, it controls the allocation of resources. So when you make a decision at a cross functional level, the actual system ensures that the resources are allocated to it and the functional leads, if you like, can't resist that. And so the mechanism actually makes that happen. And we implemented Agile because philosophically we thought it was the right thing to. My point is just to understand what's going on. If you can better align the allocation of resources, people, money and emotion to the cross functional initiatives, the more you can do to mechanistically make that happen, the easier you will find the transformation.
[14:40]
A
We'll be right back with Andy Penn. But first let's hear from Tuck Rickards, leadership advisor at Russell Reynolds Associates. He's well versed in advising tech companies on CEO succession and board advisory. Today he'll discuss what he believes is the leadership formula for effective AI transformation.
[14:59]
D
As CEOs look into 2026, they are realizing that the weight and responsibility of AI transformation sits squarely on their shoulders, no one else's. Across industries, we see CEOs and their teams experimenting with AI, running pilots and proofs of concept without truly confronting what it really demands, which is a fundamental rethink of of their business model and leadership capabilities. The result is a widening gap between those who are experimenting with AI and those who are truly transforming their organizations. To close that gap, CEOs need to focus on three leadership essentials. The first is clarity. Successful CEOs are clear about how they will rethink their organization's business model. And they know this requires rethinking how the organization is designed, not just the technology that supports it. The second is conviction. Transforming an organization requires courage, the willingness to take risks, make bold choices, and lead through uncertainty before the answers are obvious. For CEOs, this is all about ensuring their legacy. And third, capabilities. That means ensuring you have the right leadership team in place and who are equipped to guide a more tech data, AI centric future. To learn more about how clarity, conviction and capabilities separate CEOs who adapt from those who stall with AI, you can find the full article in our show notes or@russellreynolds.com and now back to our
[16:40]
A
conversation with Andy Pivoting and to talk a little bit about culture and leadership. Look, we know transformation is hard, culture takes time, and it's a team effort. What advice do you have about getting the right leadership team in place and how to make the organization successful with that leadership team undertaking that reinvention?
[17:02]
C
On the culture point, I'm a firm believer the culture is a function of the things that you do and say every single day. It's not some abstract sort of concept. And I think often organizations and teams, they sort of, they work on the business of business and then they've got this sort of second stream of work over there, which is called culture. And we'll implement a bunch of things on culture. But actually culture is a manifestation of how you do business. So for example, if you say that diversity is important, but then every single day the decisions that you make on a project or in how you organize yourself are not supportive of diversity, you're just sending a different message. And so for me, I was more focused on the way in which we did things which would then lead to the manifestation of our culture, than I was about defining the culture that we want. And then the other thing that we were touching on was senior leadership. Working with the senior team is obviously something that's really important. Getting a team that is cohesive. And I think it's like any type of personal relationship, it requires a lot of work. It requires a lot of openness or honesty, authenticity. You know, if you can have an open relationship with your colleagues, if you can be authentic and you call issues out before they become big issues, then that helps a lot. I think also as well, the reality is, is that things are going to change and they're going to be outside of your control.
[18:34]
A
I love that analogy. Culture's like a marriage. Got to keep the communication going.
[18:39]
B
Work on it, Andy, before we segue into cyber, which we know is one of the things that you're very focused on right now. Just a final question on transformation. Obviously, the Telstra case study, an example, and what you illustrated might be a really great example of digital transformation. Now, a lot of organizations, especially if they have managed, that are thinking about the AI aspect of it. How would you advise CEOs that are kind of grappling with AI transformation.
[19:12]
C
Now, AI is obviously a particular set of technology capabilities that we can apply to how we do business for a whole bunch of potential benefits. But ultimately, again, if I just come back to the digital transformation piece, if you don't tackle that and you're up basically operating an environment of complex systems, legacy systems, which are distributed, don't talk to each other very, very well, then actually it makes the job of leveraging AI much harder. I think there is a core sort of foundational piece which is not necessarily new, which is how do I do a digital transformation in partnership with the business simplification? And if I can do that, then all of a sudden my technology platform enables me to then apply and leverage AI much more effectively than I might otherwise be able to do. And of course much more ethically and safely as well. And so I think there's that piece, then I think there's the AI element as well. And of course it's an incredibly powerful tool. But I do think, therefore, you know, there needs to be a big capability investment. It's a new way of thinking about things, a new way of developing products and solutions and ideas. And I think traditional companies that think that they're going to lead in AI as a strategic differentiator are probably deluding themselves if they think they're going to get there organically. They're going to need some outside help one way, shape, form or another, because that's just not historically how they've grown up. And then of course, there's a big governance and ethical piece to it as well. And I really bring it back to too simple points, which is, firstly, AI is literal. In other words, the answer that an AI engine will come up with will be a function of the algorithms that you're using. It won't then go back and double check it and say, oh, yeah, but is that a good answer or is that an ethical answer, or is that the right answer? So you need to cater for that. And then secondly, AI can be a black box, or rather you cannot afford to let it be a black box. So I think if you've got the principle in an organization that says that we need to be able to understand and rationalize why the answers that are coming out of AI are what they are, and we can reverse engineer that, and then we can test those answers to make sure that they're not causing us to do inappropriate or unethical things, then I think that's the philosophical approach that we need from a governance perspective
[21:48]
A
as Tomas hinted at. I mean, you know a lot about cybersecurity. You're currently on the board of the Office of National Intelligence and you're part of Australia's top secret cloud program. You've also previously served as chair of the expert advisory boards for Australia's 2022 and 2023 National Cybersecurity Strategies. You know, with technology permeating every facet of an organization, and organizations thinking about, hey, how do I leverage AI while still balancing the cybersecurity risk? Any advice on how they balance and navigate?
[22:25]
C
At a practical level, there is no Internet without a telecommunications network. All of the traffic across the Internet goes across the telecommunications network. So when you're the CEO of the biggest telecommunication network and the national network in the country, you basically are responsible for the network where most malicious cyber activity is actually going. And so as a consequence of that, I needed to be very thoughtful about it because I became the CEO in 2015, and from that period of time, cyber malicious activity really increased quite dramatically, sort of internationally. And so I was both concerned from protecting our own customers perspective, but then I started to work very closely with the government from a national policy perspective and how do we help defend the country and how do we get on top and address this challenge? And then through that, as you say, I chaired the expert advisory boards and subsequently since stepping down from Toronto, I've had a number of roles in this whole landscape. At the end of the day, though, this risk, in a sense has got parallels with any other type of risk that boards and management have to deal with cybersecurity. I think often people are looking for some sort of silver bullet solution. Well, there is no single silver bullet solution because the problems or the vulnerabilities exist all over your infrastructure. And so actually it requires quite a comprehensive program of activity. It's not a surprise, is it, that as we have chosen to do more and more things online, such as banking, shopping, making our reservations, doing business online, studying online, it's unsurprising that the people that used to do bad things to us in the physical world have followed us online. It's entirely sort of, if you like, predictable. And so I think, you know, part of my philosophy on this is that I think again, sometimes people fall into the trap of saying, right, well, you know, we've got to eliminate the risk of any malicious cyber activity ever happening. That's just deluding ourselves. We don't live in a world where we sort of say, you know, there's going to be no crime out there. Unfortunately, There is every single day, houses get robbed, cars get stolen. But the question is, is how do we manage our society or how do we manage our business, or how do we manage our personal lives to mitigate the risk of those things happening to us? And I think the philosophy on cybersecurity is exactly the same. And I have a four point plan to tackle that. So basically the first thing is you can't protect what you don't know that you have. First thing you've got to do is put together an inventory of all of your digital assets. So what do I mean by your digital assets? What I mean is your devices, your, your applications, your software, the data sets that you have online. You're trying to protect all of your digital assets and they're all a bit different, but you've got lots of them and it's a big job. So now I actually have an inventory of all of my digital assets. The second thing I would say is that not all digital assets are the same, but they are all defendable. And by that what I mean is, is that some things are more important than others and how you choose to defend them. You could take a different approach. So, for example, really sensitive data, if you're, for example, the Department of Defense or Department of War, you know, some of that data is incredibly support, even to the point where you would actually keep it offline. So it would actually never touch a public Internet. Whereas other pieces of information, such as at a personal level, my Netflix account, yeah, of course I want to protect it, but it's. I don't worry as much about my Netflix account as I do my bank account. And so once you've got your inventory of digital assets, you can actually start to adopt a differentiated approach to having a different security posture on each asset. Define what you want that to be and make sure that you've got those protections in place. The third thing I would say is that the worst possible time to develop a crisis response plan is in the middle of a crisis. Somebody once sort of said to me that you need to touch the Bunsen burner to know that it's hot. In other words, as a kid doing chemistry, you can be told that the Bunsen burner is hot, but of course you still touch it and then you realize it's hot. And it's that experience, that visceral experience that is the learning. And so actually when companies do scenario testing and they sort of role play, if you like a cyber security incident, the more visceral you can make that, the more the learnings from it will stick. And then the last thing I would say is that what is safe today may not be safe tomorrow. You may have put in place a comprehensive cybersecurity risk management plan and it's, you know, it's pretty robust, can't guarantee nothing bad's going to happen. But you, you can put your hand on your heart and say I've taken all reasonable steps but actually the world's changing. And so we talked about AI, malicious cyber actors, more tools with which to do as harm. Another great example would be quantum computing. The risk of quantum computing through the security of encryption keys that we have distributed in systems is quite significant. It's something that's getting a lot of attention at the moment. So we think that our data is safe because it's encrypted today. What if somebody using a quantum computer could crack that encryption code and suddenly release all that information? And quantum computers are not that far away. And so that's the fourth point really. You just need to keep an eye on new technologies and developments that are happening to keep on top of the whole cybersecurity risk management plan.
[28:22]
A
We've covered a lot of topics, but I want to take it back to the top now. Looking back, was there a redefiner moment that really shaped your journey and how you think about leadership and the world in general?
[28:35]
C
My transition from financial services to telecommunications was pretty profound in the sense that I suddenly moved from a world where we're a financial services business and technology was important, but it wasn't the foundation of the business to a world where actually technology was rapidly becoming the foundation of the business. And if I reflect back on my career 40 plus years from the day I started as a, as a humble sort of shipping clerk, when actually at that time companies were still using punch card and paper tape to input data into computers. The factor that's had the biggest things impact, I think on business and the way in which business is done. And in fact our world over the last 40 years has been technology and it has been the single thing that has been the most underestimated in terms of its potential impact. And if I look forward into the future, I can only see that accelerating. When I think about if I was embarking on my career today as opposed to sort of finishing my career or at least finishing my full time executive career, that is where I would be paying a lot more attention into the future.
[29:50]
B
Fantastic. Andy, we're nearly done and we really, really appreciate your time. Are you ready for the rapid fire section?
[29:56]
C
Yeah, please.
[29:57]
B
Very Good. So, you know, first thing that comes to mind. Very fast, quick, short answers. Let me start with the first one, which is, what's your favorite way to decompress at the end of a busy day?
[30:11]
C
Painting. As in artistic painting, as opposed to painting the house.
[30:18]
A
Very good, Andy. If you could become fluent in one language, what language would that be?
[30:23]
C
Well, I'm currently learning Spanish and I wouldn't say I'm fluent, but I'm making progress, which I'm really proud of.
[30:29]
B
Fantastic. What does success mean to you in five words or less?
[30:34]
C
I think it's just being able to look back with a sense of pride, of making a positive contribution.
[30:41]
B
One question that you ask in every job interview or that you love to
[30:45]
C
ask in interviews, Think of a time in your career when you were really happy and things were going well. What was going on around you? Who were you working with? What were you working on? Because of the point I made earlier that you can't teach motivation. And finding the secret to people's motivation is key to getting the most from them.
[31:06]
A
Thinking back before everything went digital, what's the one thing from your childhood you wish we still had today?
[31:13]
C
Holidays with my family in the south of France, camping.
[31:17]
A
Look, you've given us so many nuggets today. You know, the unconventional path is okay. Be inquisitive, ask good questions. CFO to CEO is very different. Role and self awareness matters, no matter what role you're changing. Transforming industries is possible, but the specialization required in industries today definitely makes it more tricky. And digital transformation, it's not because of the systems that things are failing. Right. It's because of a lack of prioritization. Simplification is absolutely critical and you really need to get the resource allocation right. I loved what you said about culture. Culture is a marriage. You need to consistently work on this. Don't let these issues fester. And then just so much fascinating knowledge on cyber and how to manage that risk and that it's impossible to eliminate. But where to place the appropriate bets? So, Andy, thank you so much for joining Redefiners today. It was a pleasure to meet you and I'm looking forward to seeing you in Austin. Thank you, Andy.
[32:17]
C
Thank you so much. It was a lot of fun. I really appreciate it. Thank you for your time.