How to Think Like a 7-time CIO: A Discussion with Mark Settle

35:08 VIDEO

This episode features an interview with author and 7-time CIO Mark Settle. Mark has served as CIO at companies like Okta, Visa and Arrow Electronics. And he has published two books: Truth from the Trenches: A Practical Guide to the Art of IT Management and Truth from the Valley: A Practical Primer on Future IT Management Trends. On this episode, Mark talks about the competencies you need to have if you want to be in an IT leadership role, how to communicate effectively with the board and the rest of the C-suite, and the lessons he’s learned as a 7-time CIO.

Time Stamps

[1:08 ]
What does it take to be an IT leader?
What is the future of IT management?
How to convey IT priorities to your CFO
What are emerging security concerns?
How is security a business enabler?
How companies could benefit from adopting consumer-grade end user authentication procedures
Why delegation is important as a CIO
What was Mark’s path to becoming a CIO?
Open Transcript

[00:00:00] Mark Settle: if you really wanna have an impact over time and really start realizing your, your market equity, your, your brand equity, but like what you bring to that next job over time will be less and less about what you know about blockchain or large language models. And more and more and more if you understand like, how do we really make money here, right? And like, where are the high leverage points, for us to succeed?

[00:00:26] Tim Chase: Hello and welcome to Code to Cloud. I’m your host, Tim Chase. I’m a Global Field CISO at Lacework, and today I’m excited to talk with Mark Settle. Mark is a seven time CIO having served at companies like Okta and Visa. He’s also an author. Mark has published two books, Truth From The Trenches: A Practical Guide To The Art OF IT Management and Truth From the Valley: A Practical Primer on Future IT Management Trends. Mark, welcome to the show.

[00:00:52] Mark Settle: Thank you. Glad to be here.

[00:00:54] Tim Chase: I’d love to kind of ask a couple of questions, you know, around those books. Like what would you say is the Art of IT management? Give us a little bit of a, breakdown of what that means.

[00:01:03] Mark Settle: so the first book was intended to talk about the leadership skills, the competencies that you need as an individual. if you aspire to have leadership roles within the IT profession. I people, you know, being an executive in it, It’s not a technical job. I mean, you’re managing people and budgets and relationships within the enterprise and you’re in some ways probably relying more on your knowledge of the business operations within your company than you are on, your technical skills or knowledge, and so, I don’t know if people in the early stages of their career really understand, uh, the opportunity that they have to expand their market equity, their value on the market. By learning how a business operates and learning to work, effectively with other people by not just hideaway in conference rooms, letting technical members of their technical team brief them incessantly on practical topics.

[00:01:54] Tim Chase: I love that because, goes back to even something. That, I heard at a conference this past week I was at, healthcare iac, and I went to a presentation I’m presenting to the board, and how that works and, and all of that. And what you said really kind of speaks to that because I feel like one of the skills that we have to have are these soft skills, which is, to be an IT leader, IT management, like. You have to be able to speak to the board in a way that they’re gonna, understand that seems like that’s a skill that, that’s more important than being able to, understand the entire, you know, network chain, of an attack down to the bits and the bites. Right. Um, because that’s one of the keys I think, when you’re looking at security to an organization become more secure and help, effectively communicate to the board as having the skills that you just talked about.

[00:02:40] Mark Settle: Yep. Absolutely. 

[00:02:41] Tim Chase: and as far as the, what does you see as the future of IT management? So where do you go, in that book?

[00:02:47] Mark Settle: if you’re managing an IT team on a strategic basis and not just lurching from one, budget to another, or tactical crisis to another, you really wanna think into the future two or three years. And I, tell people it’s instructive. You know, take a blank sheet of paper, a whiteboard or whatever, and sketch out the organization you think your company needs in, you know, two years from now or three years from now, and what skills you’re gonna need. Because otherwise, the tech debt that you have manifests itself in the skills of your team. You keep 

[00:03:17] Mark Settle: Restaffing jobs, you know, into technology areas that really don’t represent the biggest opportunities for return on investment for the company. you know, the status quo sort of takes over and you just keep reinforcing the status quo. and so in that book, I make the argument you can’t be best in class at all things, you know, you can’t be world class in. API management and uh, you know, business process automation and security and privacy engineering, et cetera, et cetera. You really have to look at the smorgasbord of technical capabilities and, categories that are out there. And really decide where do I want to place my bets? You need to have enough business insight and acumen to be able to make those judgments yourself because really the system that you find yourself in is gonna drive you to make tactical decisions, respond to the crisis of a quarter, fight for headcount every budget cycle. If it’s just a manifestation of like your most pressing near term needs. I think a lot of CIOs, uh, really the competent people that have become seasoned over time. they have a kind of a more, uh, long range perspective when it comes to building their organizations.

[00:04:28] Tim Chase: that’s a. Great way of looking at it. I think that it comes back to, it and security being business enablers, right? Which is where we need to be. We can’t be the roadblock, we can’t be the, the party of of no. And so having that vision, and being aligned with the other executives, I think really is important. if you know that in the next year and two years, you’re gonna go on, um, acquisition spree. Like, that’s important for you to know as an IT leader, as a security leader to know, okay, then I’m probably gonna need to staff up somebody who can really look at all of this. I’m gonna need somebody who can look at the risk holistically. I’m gonna need someone to manage this. Right? 

[00:05:05] Tim Chase: I’m probably gonna need more tools to be able to, accommodate, um, the additional, applications that we’re bringing in, so on and so forth. Does that kind of, a decent example of, what you’re thinking.

[00:05:15] Mark Settle: Yeah. You know, I think AI is a perfect example of this. I mean, if you’ve, 

[00:05:18] Mark Settle: gone through the last three or four budget cycles as a CIO and you’ve said to yourself, well, we really don’t need, any machine learning modeling capabilities within the company today. I can kick that can down the road, another three or four budget cycles. And then your CEO comes in and says, what are we doing about generative ai? What’s this chat G P T thing? Like what,

[00:05:37] Mark Settle: that’s not a good, that’s not a good situation to be in. So, So sometimes I think, you know, CIOs unfairly paint CFOs as these, you know, narrow-minded green and shade, uh, accountants, you know, that are just trying to find ways to pick the IT function apart and limit staffing and, you know, avoid buying new tools, et cetera. And, maybe I’ve had a charmed existence, but that’s really not been my experience at all. They’re actually very strategic thinkers. I had one CFO told me, he said, you know, after this big, uh, e r P implementation, I don’t wanna spend any more money in the back office. I mean, we just gave them a whole new platform of tools. let them take three years and figure out how to, you know, get some business benefits out of that. I’m worried about the sales team and the front office, like, let’s, kind of like change the balance here and, do something, for those guys. So I think if

[00:06:28] Tim Chase: I, I, I agree. I, I had the, I had the same conversation the other day. with some other CISOs cuz we were talking about where should the CISO report in an organization, you know, is it a cio, is it cfo? The cto, like what makes sense and what works and what doesn’t? And what have we seen? And one of the more common ones that, we seem to be successful is, is they’re not reporting to the president or the c e o, like the c F O is an interesting place for them to sit. and one is because it provides autonomy where if you’re sitting with the CTO or the cio, you could be pitted against the development team. And there’s a natural kind of, conflict that can happen there. You know, like, we gotta get this out. Sorry. Security will catch you next time. if you’re sitting over to the other side, you can be like, no, like you’re not going. and you kind of have that more autonomy since you’re not reporting to the same person. But the other part is the budget part, and being able to understand that because I, I think a lot of times, they’re reasonable and it forces us to think like the business, right? The business thinks in terms of opportunity. It thinks in terms of, money and, and what can we do. And so you do have to justify if you’re with the cfo, but that also helps you maybe. you know, not blindly spend money on tools. Right? If you’re gonna say, look, we’re gonna go to the cloud. If we’re gonna spend a, you know, $10 million a year on the cloud, it’s reasonable that I have to spend, a million dollars to, protect it. Right? And so you can kind of justify that. I think easier, cuz I’ve not had a problem reporting into the CFOs and, talking with folks that have it. they’re very, pragmatic thinkers, right?

[00:07:59] Mark Settle: My other bit of advice would be, you know, if you paint a two or three year vision for the C F O, and then you tell ’em, I need a down payment on this vision in the next fiscal year. Right? I’m gonna go get the first three machine learning people in here and we’re gonna go buy two, I think this group should be like, I don’t know, 30 people and we’re gonna need a tech stack with about 10 different things, but that’s not what I’m asking for. This is the down payment. I’m gonna give you three proof points. At the end of this year, we will be able to do X, Y, and Z, and then I’m gonna come back and ask for more. and I highly recommend that because if you only expose that first year plan, To them. It all sounds like more of the same. Well, I gave you three of 

[00:08:37] Mark Settle: those guys last, budget. Now you want more. Like, I never knew you were gonna come back for more. We never talked about this before. So, so I think if you, you know, show them you know, the takeoff, you know, the, like, the 

[00:08:47] Mark Settle: airplane, but then show ’em the runway. Like we’re gonna get to V1 and be able to get the wheels up off the runway at the end of this year. but we’re gonna like, you know, get up to 33,000 feet eventually. cuz they think strategically they’re not, they get really badly miscolored as like being quarter to quarter type people. And some 

[00:09:03] Mark Settle: probably are, but that’s not fair.

[00:09:06] Tim Chase: And, and I’d argue sometimes CISOs need to think more strategically. Like we need to think better that way and not just be tool centric or people centric or throwing, things at a, at a problem trying to solve it. but speaking of which, I know you talked about chat, G p T and a generative ai. So I don’t know if this will go into it, but what do you think, from the books you’ve written from talks that you’ve done and, and people you’ve talked to, like, what do you think from a threat perspective is one of the emerging ones that we’re seeing today that we’re gonna see really soon?

[00:09:32] Mark Settle: I just kind of think of it. In terms of the chaotic landscape, of applications and on-prem resources and cloud infrastructure, it just gets to be such a extended landscape. the bad guys don’t need to really dream up a whole lot of new ways of coming in the door because like, we’re building new doors every, day. Which maybe I’m sounding a bit of agen, but that kinda gets you back to basic blocking and tackling, right? I mean, if you’re internal discipline about, following procedures and putting the right safeguards in place and all that kind of stuff. I mean, it’s the things that fail are not always so much because they’re new or different. It’s just because we didn’t really do what we knew we were supposed to do.

[00:10:12] Tim Chase: Yeah, it’s still, to me the basic hygiene of stuff it’s not that all of a sudden we’ve got different threats coming at us. I think we could probably sit here and talk about, you know, is AI gonna be the next big thing and. it might be, it’s probably gonna present some problems to us, but we still got the basic problems. Uh, a lot of the folks that I talk to, at RSA and, and other conferences, you know, they’re still working on what you were kind of mentioning, which is visibility, right? You’ve got on-prem, you’ve got cloud. We don’t know what we’ve got in the cloud. We’ve got, you know, two providers, three providers, four providers. we’re building faster than we can protect. So it, it seems like today, It’s not an emerging threat, but the problem that still exists out there is, is just knowing what we have to protect. Right? You can’t protect what you, don’t know about.

[00:10:58] Mark Settle: right. Yep.

[00:10:59] Tim Chase: so we talked about this a a little bit, but I’d be curious to hear your thoughts. you know, as a CIO who’s worked with security and things, you how can security teams. be a, a business enabler?

[00:11:11] Mark Settle: I think one of the problems with security is it’s just assumed that we will put the right safeguards in place and hopefully nothing too bad will happen. it’s hard to differentiate on security cuz everybody expects. We’re a hundred percent secure, right? So like if, you’re a hundred to 2% secure, nobody cares as long as the word. A hundred percent. And no, people only care if it falls below that. And I 

[00:11:32] Mark Settle: actually think privacy. Privacy engineering, privacy safeguards. There’s a huge overlap in terms of the tools and the procedures, you know, the operations procedures that should be in place to safeguard against inappropriate use of sensitive P I I type information in the same way that you safeguard other kinds of company, assets and as well, and that’s where I think the differentiator potential is from a business perspective. Especially in a B2C business, your customers are gonna have some expectations about careful management of their pii. But if you can exceed those, You have a little like emblem in the bottom of your landing page, you know, your, customer facing landing page that says, you know, this is certified. all 

[00:12:19] Mark Settle: of our safeguards are in place and your data will never go outside the walls of this corporation. It’s kinda like bonded, So I, I think that’s where. As far as having a business impact from security as opposed to just being kind of a necessary insurance policy expense, right? We’ve gotta pay this money for security to make sure nothing bad happens if you try to differentiate on, uh, safeguards that you’re putting in place. I think privacy offers tremendous opportunities.

[00:12:45] Tim Chase: No. Yeah, I, I’m a big fan, of that. I think privacy’s only becoming more and more, of a issue. I’ve seen it raise more and more to the board level. dedicated privacy teams obviously, you know, have been around for a little bit, but they’re becoming more and more. Common as more states and countries and 

[00:13:03] Tim Chase: groups of countries kind of pass their own privacy laws, it’s becoming more problematic. but to kind of dig in on that a little bit more, cuz I think, your newest project that you’ve kind of been working on is investigating the differences in the end user authentication for commercial, setting versus consumers. So I’d just be curious to dive in on that a little bit more. You kind of talked about it as an enabler, so I’d love to just hear more about like what you’ve learned and what you’ve been doing in that space.

[00:13:26] Mark Settle: so what’s interesting is, you know, in the enterprise space, Most of the identity based security systems are very centralized systems. And so whether you’re using an Okta, universal Directory database, or you’re using a Microsoft, you know, ad kind of a database, 

[00:13:41] Mark Settle: or if you’re doing business with Bank of America or Amazon or whatever they have, they have their own centralized databases with your, identification information that they’re gonna use for, business purposes. if you go over to the. World of financial services and, some of the other kind of consumer, Capabilities, they’re moving towards much more decentralized kinds of identity systems where different pieces of personal information are embedded in some kind of a distributed set of ledgers or, you know, storage areas in which you actually discreetly agree to allow certain aspects of, your personal information to be shared for specific kinds of transactions. And so I think that that kind of begs the question. And I kid about this. I mean, if you look in the enterprise world, you know, we’re still arguing about mfa, implementing mfa, but, uh, if you look over in the, the world of the financial services, I mean that’s not even table stakes hardly anymore. They’re doing far more sophisticated kind of things.

[00:14:40] Tim Chase: Not anymore. that’s interesting. So, that feels like where a lot of the privacy, laws and regulations are coming in today. Right. Is is to give. Customers more control of that. So, you know, in the commercial setting, I kind of understand that people are going toward the octas and the more you know, centralized method, on the consumer side. I think there’s a failing there and that’s why your CCPA is, and your GDPR is really focused on the, the right to know, the right to be forgotten, sort of aspects. And so, you know, do you feel that those tie together and they’re trying to, To solve a problem which is kind of what you were talking about in the, consumer side of things. 

[00:15:18] Mark Settle: yeah, maybe an example here would be a little easier for the audience to wrap their heads around. So you’re familiar with this digital wallet concept, and if you think about it 

[00:15:27] Mark Settle: conceptually, there’s no reason why in an enterprise setting dealing with employees, you couldn’t establish a wallet. And the company, your employer would effectively put certificates in your wallet that says things like you’ve received a performance evaluation, you have, completed your new employee orientation training, you know, just a series of activities that you routinely supply. And then to validate your identity, you no longer need to go into. My HR records or, you know, anything else, you just need to be able to verify that those certificates are real and that they exist and that there’s no, you know, one time exchange of any kind of p i i about me at all. It’s just a certificate, validation exercise that you go through. So, I mean, that whole 

[00:16:10] Mark Settle: attack surface that’s out there, kind of evaporates completely. if you think of some of these kind of decentralized, identifier. Concepts and in more of a enterprise kind of a setting.

[00:16:22] Tim Chase: Yeah, that makes sense. So more of a, digital wallet versus, an Octa sort of a consumer versus. enterprise? No, that, that makes sense. And are you seeing us lean more that way? Do you think? Like where is the market at there, because I, I don’t have a digital wallet and I’m just curious, is that something that’s kind of on the forefront? are we headed that direction? how far down that path do you think we are? 

[00:16:43] Mark Settle: in the consumer financial service world. I think that’s a pretty, popular concept, and There’s plenty of implementations in products. So if you wanted to rush out and do that today, you wouldn’t be a early adopter. but it is in a fairly early stage back on the enterprise side, and probably the two companies are the vendors that you’d be most familiar with. Microsoft has a product, as well as Ping Identity is introduced, a new product called Neo, but is basically a digital wallet kind of capability. Now I’m not aware of the extent to which either of those products have been implemented, you know, within the enterprise. but the capability is definitely better. The technical capability exists.

[00:17:17] Tim Chase: That’d be interesting to see how that, plays out in, in the next few years. Cause I definitely think a definite need for some sort of a centralized, mechanism in the consumer side. The organization, the enterprise side kind of has it figured out to where even, you know, smaller companies that maybe a hundred or 200 people have some sort of a centralized way to handle all of that. but the, the consumer side, from a safety perspective, it seems like they gotta catch up in, I’ll be curious to see how that goes over the next, uh, 

[00:17:44] Tim Chase: few, few years. I’ll have to do a follow up. so just kind of talking about your overall learning. So we talked about, you know, what you’ve been doing in your investigation. but just to kind of take it up a level, what would you say has been the biggest learning of your career?

[00:17:56] Mark Settle: I learned to delegate, so I, I went 

[00:17:58] Mark Settle: through a transition, which I think is very typical. It’s not unique to the field of it, but you know, when I had my first, uh, CIO opportunities, I always thought that I had to be the smartest guy in the room and that any decision of any significance I had to personally kind of review and, sign off on kinda like the Chief Quality Assurance officer of, you know, everything that was going on. And, you know, one of my favorite quotes from Steve Jobs is he said, we don’t hire smart people and tell them what to do. We hire smart people so they can tell us what to do.

[00:18:32] Tim Chase: That’s what to do.

[00:18:33] Mark Settle: And, uh, you know, I, I think everybody goes through that evolution. the first, and I will take a couple of my CIO jobs, I followed first time CIO and, They had some of those, compulsions of feeling like they were responsible for everything, wanting to get involved in everything, reviewing everything. And they pretty much drove their teams crazy. And they also stifled creativity cuz like, why should I worry about it or think about it or propose something? You’re gonna come and tell me how you want it done, what we should 

[00:19:07] Mark Settle: do next, you know, whatever. So, you know, 

[00:19:10] Tim Chase: In burnout too, right? That’s the thing that, what you’re giving advice on is one of the things when people come to me as like first time managers or newer managers, that’s one of the things that, I always see people struggle with, and I give them the advice is like, learn to delegate. Right? You don’t have to be on every meeting. you’re gonna stretch yourself too thin. If you’re on every meeting, you won’t have time to do the things that matter, because one of the things that I find is, As a manager, I’m a people person. Right. And I think it’s important to give people what they need to succeed, that feedback, goals and objectives, all of that. If you spend too much time down in the weeds, you don’t have time to do the other stuff that will make them successful and use successful. Right. And you’ll ultimately will, will burn out and, probably leave that role right. 

[00:19:55] Mark Settle: Yeah, I, the other thing people don’t really appreciate is, you know, the positional responsibilities that they have. And what I mean by that is if you’re a director, we’ll get an IT director. You know, you should have pretty ready access to anybody in any other functional department at the director level, 

[00:20:11] Mark Settle:

[00:20:11] Mark Settle: So if you in that role, or as a vp, if you spend all your time just with your own people, you’re not gathering the information that could be used to make sure that you know you’re aligned in applying the skills of your group in the appropriate way, and you’re not getting the feedback. You need to know what people are saying about you and your team. Right. 

[00:20:31] Mark Settle: So I mean you’re the goodwill ambassador and the, you know, the kind of the marketer, if you will, of the capabilities of your team and the educator about what’s possible and not possible, so I think, you know, if you’ve got a team of, let’s say, have a dozen people, you’re gonna be a player coach and you’re gonna have your fingers on the keyboard and you’re probably contributing something technically, but you get up to a dozen people or so. And the value you can create, By, advertising the capabilities of your team, making sure you create your own goalposts. Like, you know, we succeed, my team succeeds. If we do A, B, and C. You may have a D expectation, but I don’t consider that a realistic expectation for our team. You know, we can’t do that or won’t do that, or aren’t, staffed up to do that, et cetera. So, I mean, you know, you’re really undercutting your own people if you choose not to, really spend time, Interacting with the other people at your level of management within your company.

[00:21:24] Tim Chase: Sure. Yeah, that makes sense. to kind of follow up on that even more, like, what do you think are some of the skills and, qualities that are necessary to be successful in it today? 

[00:21:36] Mark Settle: So to really succeed, and we’ve touched on this before, your really over the course of your career, your technical knowledge and skills and aptitude. Will actually have less value than your business knowledge skills and aptitude. And as you progress through your career, you work in different parts of a single company, or you change jobs and you go between companies, you have that opportunity to obtain for yourself at no charge to you. A master’s degree in business administration. Like you can learn how sales works, you can learn how we manufacture things. You know how a 

[00:22:14] Mark Settle: dis distribution network works now you can go screen 10 different supply chain vendors and try to learn about distribution there, or you can get out into your own warehouses and ride around in the trucks, you know, with the people that are taking the product up to the stores, et cetera, and you’ll learn a whole lot more. And setting in a closed, echo chamber talking to other IT people about the way the world is supposed to work. So I think, if you really wanna have an impact over time and, and really start realizing your, your market equity, your, your brand equity, but like what you bring to that next job over time will be less and less about what you know about blockchain or large language models. And more and more and more if you understand like, how do we really make money here, right? And like, where are the high leverage points, for us to succeed?

[00:23:04] Tim Chase: Yeah, that’s spot on. I just had a, conversation with a CISO of a medical company and she said exactly the same thing where it was, it was a really a, breakthrough for her and one of her colleagues when, you know, her friend was a nurse and. She just couldn’t understand it. And why are they always pushing all these patches on me? Like, you’re making my life miserable. It’s so hard. Right? And then she decided to, quit and go over to it to make it better. and she understood. So she went over there with kind of both mind frames. She goes, I understand why we have to do the patches, but they don’t understand the business. They don’t understand why it’s so disruptive. And so she spends a lot of her time now consulting and trying to bridge that gap because if you understand. Your customers internal and external. I think you can be more successful, in an it. And that’s just, that’s one of those things that I think, is invaluable. I call ’em soft skills, if that’s the right term. I don’t know. But, um, but can you tell me just a little bit about. your journey, to being a cio. I’d love to just know more about how did you first get involved in IT and security.

[00:24:10] Mark Settle: So I have a very opportunistic, career path and when I talk to other CIOs, I kind of find the same thing as true anybody that’s trying to. You know, come up with the formula, of how you’re gonna end up being a cio. I don’t think there’s too many normative paths, through, so, you asked about my introduction to security. So early in my career, I actually was in the Air Force for four years and then I worked at NASA headquarters after that. And, Especially in the Air Force, just about everything we were doing was classified to one degree or another. And you know, it’s a little bit ironic and maybe even comical. but in those days, I mean, that was like real security, you know? I mean, 

[00:24:47] Mark Settle: if there were lights in the ceiling that went off, if somebody walked through your area, didn’t have top secret with tickets, you know, so I’ve been exposed to that kind of world, um, early on.

[00:24:57] Tim Chase: No. Fantastic. And then after nasa, opportunities opened up in, front of you because obviously, from nasa you kind of went on from there and you worked at Visa and then eventually ended up at Okta, and so I’d love to know like how you ended up at Okta. That’s obviously a, a great company that’s had a, a very successful, kind of start in, in run.

[00:25:15] Mark Settle: Yeah, I mean if you click back to the transition, so when I came outta nasa, I had been working on a so-called Earth Observations program. So we were developing technology that could be used from space. To assess different kind of geological conditions and formations and, um, strategic resources. And, a lot of the technology we developed was being introduced into the private sector. and I, my background’s in geology, my, actually my degrees are in

[00:25:38] Tim Chase: Hmm.

[00:25:39] Mark Settle: and so I was hired by Arco Oil and Gas. So when I came out and I had a 10 year career with them. And, my first CIO job was with Ental Petroleum in Los Angeles. And again, some of your, our listeners here might be somewhat amused by this story. So the job that, that I had interviewed for there was called Vice President of Corporate it, and it was, located in their corporate headquarters right on the edge of the UCLA campus. And when I interviewed with the cfo, he told me, he said, well, you know, we have these three divisions and we have three divisional CIOs and we think they’re spending too much money and they’re making some terrible decisions out there, so we want you to come in here and knock their heads together, and solve some of this problem. And I said, so you think I’m gonna be able to do that with a title like, VP of corporate it? I said, I think you’re gonna gimme the CIO title. 

[00:26:27] Mark Settle: I don’t know how I’m gonna. 

[00:26:28] Tim Chase: need a better title.

[00:26:29] Mark Settle: Yeah, I can’t go out there and, you know, lecture them or whatever. I’m much younger those days and, uh, you know, I kind of taught myself into the title. I mean, that was my first, CIO job. And then, I progressed through a series of other jobs. And actually, so Okta was interesting. I had, worked at BMC software, which many of our listeners again will know is, it, Product company based outta Houston. And, there was a, a gentleman there named Adam Aarons. And Adam was the, uh, sales leader for West Coast sales for bmc. And I supported many different sales activities that were going on. because again, we were using our own commercial products internally within the company, and we were a bit of a showcase and we had benefits that we could share with prospective customers. So, uh, Adam matriculated to become the Chief Revenue Officer at Okta. And as they grew, he reached out to me and said, you did a great job at bmc, we could really use your help here. And so that was my, calling card, I guess, if you will. My ticket, to join Okta. 

[00:27:25] Mark Settle: I joined in 2016. It was a rocket ship ride. I mean, I had 

[00:27:30] Mark Settle: never been in a company that grew that fast. You know, we’d get the sales team together every quarter and say, This was the best quarter we ever had, and you guys still didn’t meet your quotas, so we want you to get right back out there.

[00:27:43] Tim Chase: Do it again and, and

[00:27:44] Mark Settle: you need to do a better job next quarter. and the

[00:27:47] Mark Settle: other thing, 

[00:27:48] Tim Chase: of a salesperson?

[00:27:50] Mark Settle: at the risk of being long-winded here, the other interesting thing I kind of discovered was in that situation there was a lot of internal forgiveness about, it. Deficiencies or slip-ups, if you will. And I think, you know, at that stage we had about 800 people in the company and every department was understaffed and overworked. And when you know, things didn’t go exactly right or you missed a deadline or something kind of fouled up, everybody knew that people were giving their best effort and there wasn’t like a lot of internal. critiquing, if you 

[00:28:22] Mark Settle: will. But what I kind of found interesting was as the company grew to about twice that size, a lot of those old ingrained behaviors and perceptions about it always, uh, getting in the way, taking too long, not understanding user needs, et cetera. All those old bad behaviors started to creep back in. Like just there must have been a genetic code, that people just couldn’t get over.

[00:28:46] Tim Chase: I, I think there is, I think, that could even be a, a whole nother line of chatting, because I, I’ve noticed that too, just being a part of. Some different startups that, that sometimes their reaches kind of this inflection point where it’s not as startup mode and you kind of go from startup to enterprise and some people don’t like that transition. That’s why you see some people really make their life in like these series A in series Bs and that’s what they love. The change, the speed, the rapid, development. And once you start shifting over to where you have more processes and it’s harder to get things done, they kind of tend to move on. 

[00:29:18] Mark Settle: and the other part that I would just to kind of finish this up, is, make your own career path, right? I think sometimes people fall into it. Right. But you say you fell into it, but I don’t think you necessarily fell into it all the way. Like I think you made a decision with that story that you told to say, well, this title. I’ll never get the job done, so I want this title. Right. So people who wanna get into the cyber industry, or CSO or CIO, kind of as a path, like don’t be afraid to challenge people and tell people what you want. from my experience, you know, I started out as a performance tester and a functional tester like, I was like, this is not what I wanna do 20 years from now. Like some people love it and wanna do it, and that’s fine. But I wanted to do security, so I became best friends with the CISO and offered to do security testing on the side. Right. Eventually, over the, the course of my career, it became an opportunity to do it full-time, and that sounds like something similar, you know, to you is like, don’t be afraid to, kind of challenge, you know, and say, this is what I want to do, and go above and beyond to kind of make it happen.

[00:30:16] Tim Chase: so for anyone that wants to connect with you, uh, what’s, what’s the best way?

[00:30:20] Mark Settle: Uh, LinkedIn, they could reach out on LinkedIn. 

[00:30:22] Tim Chase: Perfect. Also, mark it, it’s been wonderful having you on the show. Thank you to the listeners for tuning in, and we will see you next time on Code to Cloud Podcast.

[00:30:33] Mark Settle: Thank you, Tim.

About the guest

Mark Settle
Mark Settle

Mark Settle is a seven time CIO with broad business experience in information services, enterprise software, consumer products, high tech distribution, financial services, and oil & gas. He has led IT organizations that supported the global operations of Fortune 500 companies; maintained the R&D infrastructure required for software product development; and hosted customer-facing delivery systems for commercial products and services. He has received multiple industry awards and is a three time CIO 100 honoree.Settle sits on the advisory boards of several Silicon Valley venture capital firms and pioneered the adoption of service management and cloud computing technologies within several large enterprises. He is the author of Truth from the Trenches: A Practical Guide to the Art of IT Management and Truth from the Valley: A Practical Primer on Future IT Management Trends. Settle’s formal training is in the Geological Sciences. He received his Bachelor’s and Master’s degrees from MIT and a PhD from Brown University. Settle is a former Air Force officer and NASA Program Scientist.

Try Lacework for free

Spot unknowns sooner and continuously watch for signs of compromise. Take us on a test drive to see for yourself.