Archie Jackson, senior director and head of special initiatives, corporate IT, and cybersecurity at consulting and technology services firm Incedo, has had the good fortune to work with great mentors at key stages of his career. Over the years he has learned the importance of purpose \u2014 why he does what he does \u2014 and how creating an effective team can be like raising a family.\n\nAfter graduating top of his class in electronics and communication engineering, Jackson joined a wiring harness manufacturing plant as an engineer where his job was to manage the IT, network, operations, and sales.\n\nHe found his first purpose when he joined the HP global tech support team where he was responsible for solving customer problems and answering them. After being rejected for his communication skills not being of international standards, he describes this as the first of his many successes.\n\n\u201cI gave it all I had. I remember the longest I had stayed on is for 16 hours, for a troubleshooting phone call. I was the only technical person globally who could troubleshoot the issues of HP\u2019s first wireless printer and make it work,\u201d Jackson recalls.\n\nJackson met his first mentor when he moved to DXC Technology. \u201cSome of his words I still remember are \u2018walk the talk\u2019, \u2018deserve and then desire\u2019, \u2018perform or perish\u2019. He helped me build confidence and to remain focused to do something new, something better every day. He helped me learn how to build great teams.\u201d\n\nAnd that\u2019s what Jackson continues to even today: \u201cThe energy and enthusiasm that keeps me going are to continue to do something new, something good, and something better each day,\u201d he tells CIO India. Here are edited excerpts of his conversation.\n\nCIO India: How did you begin your journey as an IT and cybersecurity leader?\n\nArchie Jackson: I had an opportunity to manage people at a very early stage of my career. At DXC, I was part of the pilot Global Infrastructure Services team, which had only four European clients. My mentor said he wanted a manager to lead the existing team, but instead of hiring somebody from outside, he wanted to move someone up the ladder.\n\nHe asked the team to decide on who they wanted as their leader. He created a transparent decision-making system where he chose three people from the team of 20 who would lead the team each for one month. I was the third, and I executed the focus from a client perspective, team perspective, and did all I could. Eventually, when the voting happened, it was in my favour, and I became the leader.\n\nWithin one year, I took over my mentor\u2019s role, while he moved to the next level. The GIS team now had 45 global clients with a size of 450 people. Soon I was playing three roles in the company: one, managing the team and clients for GIS; two, presales, driving new client acquisitions; and three, program-managing the setup of global resource management. Here I interfaced with the supply chain, demand management, and forecasting.\n\nI was reluctant to take on a leadership role initially because I always wanted to be connected with technology and had an apprehension that my time would instead go into people management. Fortunately, that did not happen. I realised that even if you're leading people, you can always stay very well connected with technology.\n\nCIO India: Now you are both an IT and a cybersecurity leader. How is that different from a regular CIO or CSO role?\n\nJackson: An IT leader would be more focused on enabling the business productivity with the help of technology , while a security leader would have fine focus towards securing the business and technology as a whole.\n\nI'm playing multiple roles here: The primary role is taking care of the corporate IT as well as corporate security of the organization globally. Second, I'm heading the cybersecurity practice within the organization, by which I mean a business unit that provides cybersecurity services to our customers. And third, I'm part of the special initiatives and CEO office.\n\nBeing a decision-maker for IT as well as security helps me have a balanced view. Whatever I'm doing is focused on the business outcome, productivity, and performance. For instance, during an application development project or a project where some in-house applications are being worked upon, as a custodian of security, I could embed security from the inception of the project instead of taking it to the security person at the end of the project. That makes sure that everything we build has security in its DNA.\n\nCIO India: What\u2019s the toughest decision you\u2019ve had to take in your IT career, and how did you make it?\n\nJackson: Being a leader not only means to be a people person or a great team builder, being a leader means to do the best possible in the current moment with an insightful vision of the future and the capability to change and flex in \u201cVUCA\u201d situations (of volatility, uncertainty, complexity, and ambiguity).\n\nNobody had planned the first wave of the COVID-19 pandemic. We had multiple projects in the pipeline which were driven through on-premises applications and reliant on the office network. Many applications are required to be operated out of the office network. We had to transform the entire infrastructure.\n\nThis has been the greatest challenge because in the office we have uninterrupted and completely dedicated connectivity, fully monitored through security controls. As people moved remote, each person acted as an office, so at the end of the day we have 3,000 offices to manage. We need to make sure that the connection is secure enough and productivity doesn't get impacted.\n\nWe were able to mitigate that risk to a very large extent by working with alternate solutions. We switched to a dedicated broadband line at each home. From a security perspective, every employee has minimal security controls on their home routers. Plus, we implemented a lot of proactive threat intelligence and advanced threat protection enablement. We also worked extensively to make sure people are aware of phishing, security, and privacy and take all basic steps to avoid any shadow IT or insider threats.\n\nAlthough the first wave helped us to be proactive for future waves. Now, with the third wave, we can handle situations much more efficiently.\n\nCIO India: What\u2019s the best career advice you ever received?\n\nJackson: Once, my mentor (Nitin Seth) told me that I am a pool of creativity and I have a lot of energy that I can invest into solving problems. He suggested that instead of being like a flashlight that spreads across the entire area, I should converge my focus into specific areas like a laser, depth over breadth, and that would help me get better outcomes.\n\nCIO India: What are the prospects for career mobility for a CIO? What roles would you aspire to?\n\nJackson: I usually do not work looking at designations or roles. If we are building something for the business, that's my core focus and outcome.\n\nLet's say if a CSO is reporting to a CIO or a CTO, in such architectures the security-specific decision making may get influenced by more weight to technology, sometimes it would have a lesser focus on security unless a CSO has a strong say.\n\nIf there are separate roles in an organization, all of them should be at par. And both of these roles should have a seat in the board decisions.\n\nCIO India: How do you groom the next level of leadership for the CIO role?\n\nJackson: I believe that we cannot grow unless we learn to take next-level capabilities and pass on our competence to our successor team. Delegation of tasks while the R (for \u201cresponsible\u201d) and the A (\u201cfor accountable\u201d) of RACI remains with you is something that helps build a strong team. Let the team be comfortable to commit mistakes the first time and uncomfortable if they repeat it \u2014 a slightly hard way to sharpen the saw of the team. It\u2019s quite like parenting.\n\nGive them the freedom to fail and come back to you with their failures. If you create a fear of failure, then they will stop being creative. However, they should not repeat the errors for which they have already been given guidance. A parallel room for failures and room for improving themselves, giving them the platform to fail and come up and share that. A bond is created if you share the risk appetite with them.\n\nCIO India: How do you build motivation and the right culture in the IT department?\n\nJackson: A leader must share the learnings and the intent. To gather trust and achieve reliance from the team, it's essential to keep them well informed. They should know what they are doing and why they are doing it.\n\nLike Simon Sinek says, why-how-what should be the approach, but many times people approach it backwards: what, how, and then why. It's very important to help that core DNA of thought process dissipate through them and they'll be able to execute much better than when you were just giving them directions and asking them for the results.\n\nI interact with employees of multiple layers of hierarchy. I allow them to act directly. If I reach out and solve problems myself, then the opportunity for them to make decisions would not be that effective.\n\nCIO India: Looking back with 20:20 hindsight, what would you have done differently?\n\nJackson: Nothing differently. Everything happens for a reason. It\u2019s either \u201cI won\u201d or \u201cI've learned.\u201d So both ways, it's an opportunity. It either gives you experience or learning.\n\nCIO India: What myths about technology, IT\/IS management, digital transformation, and the CIO role would you like to debunk?\n\nJackson: From a security perspective, people have a lot of myths. There are multiple kinds of security professionals. One type of security professional is more into audit and compliance. They go by a set of rules and presume if it is clear, everything is secure. However, in reality, it's not that. There is another set of people who are more into toolsets. They believe that having the best security tools makes the environment secure.\n\nAnd then there is the third set of professionals who have security as a mindset. They who look at at things from architecture perspective. These are the people who break the barrier of all these such myths.\n\nSecurity professionals will not be holistically successful unless they have a security mindset, where you look at situations and then take proactive measures.