 from our studios, in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. Welcome to this special CUBE Conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We're here with Fletcher Previn, who's the CIO of IBM, part of a series we're calling A New Brand of Tech Leaders, where we profile leaders in technology and business with his innovation and a changing of the guard of approaches and results. Fletcher, thanks for joining me today. Thanks for having me. So we were talking before we came on camera, you have an interesting background. You kind of went to an art school, got into entertainment as an intern, Conan O'Brien. David Letterman. David Letterman, you're a fast track to be a comedian and get into the business of entertainment and you ended up as the CIO. How does that happen? Tell us the story. The comedy's better in tech. These days, and certainly watching the Senate here, it's phenomenal. Yeah, well, so as you said, I thought I very well might go into entertainment. That's kind of more the family business and spent a lot of time on movie sets and worked as a production assistant on a couple movies and then was an intern at the David Letterman show and Conan during college. But I did always have this strong other thread of really loving technology and being drawn into it. And first family computer was a Commodore 64, but my first real computer for me was the original Mac 128K. And I knew something was awry when I was working at the Letterman show. I was kind of more interested in the phone system than who the guest that night was. And so when I graduated, I just accepted it. Why keep fighting this? I'm going to go out to the West Coast and start my career in tech. It's interesting. You always gravitate towards where your affinity is. I think a lot of people look at today's work environments and environment where there's so many shifts and new kind of waves. I mean, to me, we've always said on theCUBE, this wave that we're living on, tech wave is kind of the combination of mainframe, mini computers, local area networks and PCs all kind of rolled up in one because there's so many different touch points that's changing things. You don't need to be a coder to be successful in cybersecurity. You can be a policy person. A lot of societal changes with self-driving cars, what side of the street do they drive? All these new things are happening. And so it's really putting the pressure on digital and the notion of data. IT has become a central part of it. You're the CAO at IBM. How do you look at that world? Because now being a technologist, we'll get to the IBM in a minute, but the topics, but as a technologist, as someone who's chief information officer, when you look at the world today and you look at the wave around, what is the wave of technology mean to you? Yeah, well, I think, as you said, there is no part of our modern life that is not touched and hopefully augmented in some way by technology. And so that's the answer to the question, why am I at IBM is because the kinds of businesses that IBM is involved in, the kinds of enabling technology that it provides, really underlies a lot of the critical infrastructure and systems for our modern way of life. And so being able to be at a company that has a narrative position in what our collective future looks like is what drives me. Yeah, a lot of the application developers, you guys have a huge portfolio of applications. You got cloud computing, you got on-premise, you got IoT, a lot of things with AI changing, changing the nature of application development, but also the role of data. At IBM as the CIO, what is your strategy in looking at all these changes and how do you implement it with IBM? What is specifically your strategy? Well, certainly, our strategy is there will be no part of the IT portfolio that is not augmented with IBM technology and in particular AI. And an AI strategy is a data strategy for us to be able to really collect, organize, harness the power of that data and then leverage it in innovative ways to be a more effective, efficient business. More broadly though, in terms of what is my strategy to deliver IT services to a huge company of IT professionals, it's to lead with design. And there's a lot underneath that, but one of the first changes that I made when I became CIO of IBM was adding as a direct report to myself, a person responsible for design and user experience. And IBM's got a huge focus on design thinking and leading with the user experience, but for us to be successful, we got to create an environment where successful, oh, excuse me, we're talented people want to work. And that requires us to have empathy and engineer from the user in instead of IT out. And making services a big part of it is it got consumption, people consuming IT. Yeah, exactly. The barrier to entry for people to make decisions about what they use or don't use is very different. I think people coming to the business 10 years ago, very different set of expectation, even five or three years ago. And so it's got to be carrot, it can't be stick. People just won't do something because you tell them to do it. They have to perceive that this is making their work life better in some way. Culture is a huge thing. I want to get your thoughts on engineering for excellence, this is something that you believe in. What's your view on that? What does that mean? What does engineering for excellence mean for you as CIO? Yeah, well, we spend a lot of time thinking of IT as a driver of culture change. And when people say we're a culture that values engineering excellence, what does that really mean? And it means that we recognize and reward people who are really passionate about what they do for a living, deep subject matter experts in their field. You know, I sometimes get asked, what are you looking for when you hire people? And I'm looking to hire people who are kind, passionate about what they do for a living and believe in our purpose as a company. And if we surround ourselves with those kind of people, we will be successful in whatever problem we happen to be trying to solve at that moment. What are some of the guiding principles in an organization that's engineered for excellence? What are some of the guiding principles that you hire and push for three organization? Yeah, I think it's, well, as I said, you know, the, that we are trying to attract and retain and ultimately reward the people who are deeply passionate about what they do and believe in our collective purpose. And so I think the era of the generalist is probably a bygone era. You know, I'm looking to attract people that are doing in their spare time and in their hobbies and at home, the same thing that we're paying them to do at work because they love it and they feel fulfilled by it. And the roles are changing too. Talk about the skills gap. This is a big talk track we hear at every event we go to and executives we talk to. The new brand of tech leaders have to address the skill gap because there's more job openings in jobs that don't have a degree requirement, meaning the job doesn't have a certificate or a diploma because it's new, whether it's cybersecurity or data science, new kinds of roles and the skill gaps there. What, talk about that challenge opportunity. Yeah, well, these new and emerging fields, AI, blockchain, cloud or otherwise, you're right. A lot of those are new and there are not well-established four-year degrees around those kinds of professions. And so I was very heavily involved in what we call the PTEC or the Pathway to Technology program where people can have a successful career in technology without having a traditional four-year college degree. But more broadly, yeah, there is a gap or a gap between the demand and the supply for people in these fields. And so the best protection all of us have against obsolescence is continuous upskilling in education and that happens organically if you're passionate about what you do because you're eating, breathing and sleeping the area that you work in. Yeah, and sometimes learning on the job too is key and using, you know, getting content on the internet as people can self-learn and apply that. Talk about how the organization is structured for learning, how do you retain the best talent? What are some of the strategies you deploy to keep people motivated, keep them informed and keep them engaged with a good assignment? Yeah, well that is a challenge in any large organization and IBM is 350,000 plus people in 170 countries and so the era of us being able to get everybody together in a town hall meeting is long gone and so how we communicate and get everybody on the same page around mission alignment, what is our strategy and what skills do you need and how do you stay informed and educated? That's an ongoing challenge. I think ultimately we try to attract people with our purpose as a company. It's an employer of purpose. The kinds of work that IBM's involved in attracts people that are mission-driven and then there's a tremendous focus on providing distance-based self-paced learning, online learning, in-person learning, badging programs, the P-Tech program that I mentioned and to make sure that a person who is motivated and wants to grow their skills and that they have all the vehicles to do that but I think the other thing I spend a lot of time focused on is does everybody in this organization have a good understanding of what our purpose as a company is and how what they do contributes to that purpose and can they map back really clearly I'm not just a widget and a machine doing something and I have no idea what the impact of it is. I see that what I'm doing contributes to our collective success. People want to work for a mission-driven company. That's a new data point we've been seeing. Yes. Talk about the outcome of focus. You hear digital transformation being kicked around. I think it's happening now more than ever. Obviously it's been hyped up but now you're starting to see companies really digging in. You guys are going through digital transformation over many years. You supply technology for companies that are transforming digitally. The notion of business outcomes becomes a big part of that. How have you evolved your organization from an outcome standpoint that's new and different from the old ways? Can you give an example and talk about that old way of doing things and the new way of doing things? How do you talk about technology for business outcomes in a new way? Well ultimately it's a business problem that you're solving and so there has to be a business driver behind any project that we engage in and having good discipline around, organizations tend to die of indigestion not starvation and getting really disciplined about what we say no to in some cases is more important than what we agree to do and it's much harder to stop work than it is to start work in a large organization. And so we've really leveraged Agile as a new way of working to say we have a well-defined methodology for one funnel of work that gets prioritized in partnership with the business in a transparent way where we say you've submit this many units of demand. We have this much unit of supply. Let's go through the story definitions, backlog grooming, feature presentations, retrospectives, the mechanics of working in an Agile way to be really disciplined about everyone's on the same page about what we are going to do and what we're not going to do. That's a great point. We hear this all the time. Certainly in Silicon Valley here where I'm located in the notion of Agile, fail fast, a lean startup. You know I never bought into the whole fail fast thing. No one wants the fail. But in the spirit of learning, Agile, failure is a part of the process. So getting to yes is what people want to get to but you can't say yes to everything. IT has failed in that area. You can't say yes to everything. So you've got to say no. And you've got to also get to what you don't want to do. So knowing what is not the right way to go is where Agile kicks in. So Agile, you want to get to a fail point and know what not to do. At the same time, you've got to say no to all the requests that you possibly need to do. Yes. It's kind of the formula. Talk about that dynamic because this is where Agile translates or DevOps translates into business. It's the same kind of concept applied to organizations, process, and people. Yeah, so I think, you know, in terms of how do we have good discipline around what we do and don't do, it's very important that people understand what their role in the company is and what their lane is and what their mission is. And if we say no to something, it's not an indictment that that piece of work is not valuable. It just may not be something that is aligned to our mission or something that we're supposed to do. And I think those things can get blurry if you don't have really well-defined Agile frameworks and ways of working and everybody on the same page. And so, all kinds of things can sound like a good idea, potentially, but if it's ultimately not really what we're supposed to be doing, that's what creates friction, right? So. I'd love to get your thoughts just as a person in tech who's got a lot of responsibility at IBM, but you can talk about IBM from an IBM capacity or as a person, but we have a lot of conversations here on theCUBE from Netflix to IBM to practitioners in the field around the role of data. Everyone wants to be data-driven. So there's no debate there. Data-driven is a good approach to take on things. But how you look at data depends on what you're looking at. You can correlate data and you got causation. So a lot of conversations have been around don't get too caught up in the data for the data's sake because if you look at just correlation, you might not know what's causing something. So most data science love correlation because it's numbers, they're there. You can look at all this correlation but not understand the cause of something. Can you talk about how you view this because this has become an important part of decision making with data? Yeah, for sure. And AI very closely related to having a good data and data governance and taxonomy strategy to really be able to harness the insights from all of that data. You got to have a good data governance strategy behind it. But behind every piece of data is a business process. And so ultimately being able to really map back and understand which business processes are generating this data is sort of the methodology for trying to wrangle some, put your arms around all of the massive amounts of data that have been collected. And I think our old strategy was we'll have a data lake and we'll just dump everything into it. The advent of AI sort of requires a different data strategy and says we need to have a good governance process around this and have a data platform, not a data lake that we can then build automation against, run AI against it and be a business that makes better, more informed decisions based on that data and then help our customers do the same thing. And this has certainly come up a lot in AI around bias and contextual relevance. Being a big part of what's behind the data. Right. And you need to have explainability and transparency into the recommendations that AI is making. You know, if it's a black box, that's an issue. If AI came back and told you, I think you should make your product more expensive. Your first question would be why? And if you can't answer that. And so AI's, autonomous driving is a good example of that where you put a human being in the seat and he or she drives the car and then the system compares the inputs that they would make versus what the human is doing and can explain why they had variances. But if it's just a complete mystery, that's not going to work. The contextual and why is a great question. I want to get your thoughts on security. But you had made a comment earlier around the general purpose IT person is kind of a thing of the past. Meaning that specialism and or variety and diversity of skills are always going to be out there. With security, no one company has the same security makeup because their posture and or their organization structures are different because their organization mission is different. No one company is the same. It's kind of like we as individuals, DNA, everyone's different. So that means that security is not always the same in every company. As a CIO and IBM, you guys are out at large, multinational, you're actually huge. Other companies might have different approaches. How do you see security playing out? Because in some cases CIOs manage security. Some cases the CISO is bolted out separately. Either way we know security is a board issue as is IT. What's your view on security and the role of security within an organization? Security is a huge focus for us. It consumes a large amount of my time. And as much as we worry about our data, we really worry about customer data. And the kinds of threats that we're seeing are evolving rapidly. And as an industry statement, I would say the advantage continues to go to bad guys, not good guys. Red is easier than blue. And so this really becomes an exercise in, do we understand our networks and the systems that underlie those networks better than the people who are trying to break into it? And in particular, some of the more Apex Predator advanced nation state activities. In terms of the organizational construct of CISO and where it fits in the company, we've had different models. Where we're at today is that the CISO is a peer of mine and we work very closely together. And the CISO really for the most part defines risk and understands what is the attack surface and threat profile of any particular area. And then anything operational falls to the IT department. And so in our environment, IBM's 350,000 plus employees. The IT department that I lead is about 12,000 people. And so we have to work very closely together on very different threat profiles of general back office workers, people building commercial software, researchers building quantum computers, people doing outsourced IT. All of them have very different security profiles and we have to be able to meet those requirements for each of those segments. We could do a whole hour just on security is one of my favorite topics, but you guys do have a large surface area. Yes. Employee base, diverse virtual workforce and offices, you got applications. I mean, this is a really complicated security framework you guys have. Well, not framework, but just in terms of challenge, opportunity. It's a large surface area. Hopefully the framework is not complicated, but it does require vigilance and focus. And so as an example, I am a customer of IBM's X-Force and managed security services. IBM's a market leader in the security services business and they're my kind of perimeter defense on some of these things. But no, you're right, it's something that we can't take our focus off of. You know, I had a conversation just recently with General Keith Alexander, formerly the original commander of Cyber Command. Now he's a CEO, a startup doing similar kind of a private version of NSA. Signaling is huge in security and I know you're one of your hobbies is to study kind of the general national security thing as a techie. The enterprise is, they're private organizations. You know, the government's job is to protect IBM. But you guys have to protect yourself. So you have a new world now where there's a private public partnerships going on where signaling is a super important. Where's the data coming from real time? And sometimes systems can slow that down in the sake of protecting, but at the same time you need real time, not just for security, but in business retail to users. The real time's become a big part of it. What's your thoughts on the notion of real time and security? It's huge because our capacity to detect, respond and remediate threat in real time or as near real time as we can is the name of the game. And you're exactly right. They're the partnership between governments and public sector and private sector. I think is evolving in a positive way where we're beginning to see as an industry statement more of these kind of advanced nation state type tactics even being used outside of governments. And so that requires a different kind of response. And then we got to kind of move forward from an environment where things that are publicly available get enriched and analyzed some way and then become classified and we can't have access to it. And so the kind of information sharing between companies and governments is really helpful in being able to detect threat on the internet in a real time way. And by the way, if you think we got threats now, when you get to AI and then eventually quantum, threat in the future is not going to be about getting you to click on a link in your email that you think is a legitimate email and install some piece of malware. It's going to be about injecting the minimum amount of data required to teach a system something incorrect or different. So if you think of image classification in autonomous driving with a very small piece of data, you can teach it that a stop sign is a yield sign. And that's a fairly kind of benign use case or simple one. But now imagine financial systems, healthcare systems. So that is leading to quantum resistant cryptography, which is how long do you need to retain data? And then what is your encryption strategy around it? Yeah, it's interesting the concept of malware injection can be implied to anything with this. So I got to ask you because you guys are leading a lot in quantum, Bob and Gianno and I've had many conversations you guys got a great group over there. You got power, amazing stuff happening in quantum. Quantum does change security. What specifically should people know about when they hear quantum? Good for security, potentially harmful for security. I'll see you, it's an opportunity in both ways. You have a quantum computer, you can crack things much faster. The notion of passwords pretty much goes away. So I need, you know, multi-factor authentication. I mean, the whole world is changing with quantum. What's your view? Well, like all technology, it can be leveraged for good or less good and it's a reflection of what the human beings who are using that technology intend to do with it. At IBM, we are working on both sides of that issue. We're developing quantum computers and then on the other side of it, developing encryption methodologies that are quantum resistant or quantum proof. So things like lattice cryptography where you can mathematically prove you can hide keys in n number of layers such that even a quantum computer can't decrypt it. And so then how long do you really need to keep that data if it's two or three years? Maybe quantum resistant cryptography is less of an issue for you. If you are the Social Security Administration and you got to keep data for the next 50 years, you got to start investing now in what does the quantum future look like and what are the implications to me from a data and encryption perspective? Quantum is super exciting. Fletcher, thanks for coming on and sharing your insight. Final question for you. As a person in the tech industry, you've had a chance to see the waves and you got a big one coming up from quantum to cloud to AI. What are you most excited about? What should people be paying attention to in terms of the macro trends? Not necessarily just IBM, just your personal view of to be a new brand of tech leader, what are some of the things that people should pay attention to and what are you excited about? Well, what I'm excited about is what all of this technology is going to bring to bear on our lives. I mean, autonomous driving is going to be life changing for people. The insights that AI will derive and think about how much time all of us spend doing menial, non-value-added tasks at work and in our personal lives and those things will, we won't have to worry about as much with RPA and AI and all kinds of technologies and I think that will free us to be more creative and be more fulfilled and I feel very optimistic about the future. In terms of second part of your question, what advice would I have for tech leaders? I think it's do what you're passionate about and I spend a lot of time focused on trying to create an environment where I think talented people want to work and that means understanding our purpose, communicating that purpose well and as I say, kind, passionate about what you do and believe in the company's purpose. Yeah, that's the thing you mentioned, tech for good is always an underbelly in every new trend and if you look at what happened like say Facebook, I mean we were talking in 2012 around how data could be weaponized. That was years before the so-called election and other things meddling. I think there's a community obligation from sharing data for security risks to seeing the good as a vision but also identifying bad actors that are going to weaponize the good first. There's always, you always have those kind of early adopters, might not be the best characters. So there's a kind of a community has to come together and be faster to identify those. Yeah, I do think all of us as leaders have an obligation to understand that risk and then make decisions around we as the designers of these systems have to make sure that we're engineering them with fairness and without bias and then are the people that we're consuming technology from or the people creating that technology are their business models compatible with the people who are consuming that technology and making decisions around who is an ethical trustworthy partner that I want to be in business with to develop the future. Fletcher, thanks for coming on. CIO of IBM here inside theCUBE as far as this special program, New Brain of Tech Leaders. I'm John Furrier, thanks for watching.