An abstract mathematician who could find comfort in the confines of the academic world, Dr. Martijn Dekker found excitement, encouragement, and success in the cutthroat competitive corporate world after he successfully embraced the world of Information Technology and mastered it. Today he has built one of the best opportunities to work for IT professionals at the ABN AMRO Bank NV of The Netherlands.
For the cyber security expert, by education, training, and profession, Dr. Martijn Dekker, Executive Vice President and CISO, ABN Bank N.V., a bank with a rich history of 300 years behind its origins, success is all about having a positive impact on the society and achieving new levels of understanding. But in the initial phase, like every other corporate leader, Dekker perceived success only as accomplishments, results, personal progress, and social and professional recognition. He is glad he could break away from such a limiting thought process. Over the years, he evolved to bring about a change in societal behavior and help create environments facilitating this activity, enabling team members to grow and become more knowledgeable about everything that surrounds them.
But more than helping others learn, in the beginning, Dekker says he was lucky to have worked with strong and smart people – colleagues and managers. Because they trusted him, he acquired confidence after learning the ropes and the trade tricks that came in handy when he got a chance to lead teams.
“What inspired me was the encouragement from my managers and others, the trust they gave me. But also, I really was lucky to work with strong and smart people, who taught me so many things,” he says after a quick glance into the rear-view mirror.
Switching roles early on in his career helped, and he never felt scared of dealing with information security when he started in this domain. Launching into his early days, Dekker says:
“I did not know much about it when I started in that domain. ABN AMRO was at that time outsourcing their data centers, which resulted in creating a new and dedicated security team to control the outsourced services. As a young manager with a mathematics background, people thought I would be a good candidate to set up this new department. I decided to do it. I like complex topics and creating new things. And indeed, as a mathematician, I anticipated loving the topic of information security as cryptography etc., would be part of it,” he shares.
Later he discovered and is convinced that information security is about many other more important things.
Learn to delegate work.
Now two and half decades into IT and IT security, Dekker has become a veteran in overcoming challenges of any kind and, more specifically, relishes the role of problem solver he dons as he goes along. All this has been possible only because of the countless lessons he learnt on the job, lessons in behavior and the importance of having the flexibility of approach for getting the job on hand done. However, Martijn found early in his career that it was only sometimes that even a well-executed plan meant success in adding value.
“There were instances when the value was zero despite the plan’s execution. Reason? The deliverable was no longer relevant. This may sound obvious, but I learned it takes courage to change a plan or cancel an initiative altogether! Adapting to new information was and is a crucial learning for me,” he says.
To succeed as a leader, it is a must to remember that some initiatives take longer to implement and need more support from senior management. But for successful implementation, a leader should be a team person, not a lone ranger, and learn to delegate responsibilities. Of course, the trick is identifying the right people and then trusting them to the hilt, just like Dekker says that he received trust and faith from his managers, and he did the same with the team he was building.
“I learned that it is humanly impossible to do everything by myself. I am not very good at managing operational delivery for example. I gave it a shot but concluded that I was not good at it. Realization dawned upon me that a leader needn’t be a multitasker and omnipresent. Instead, as a leader, I must ensure the team has the aptitudes. And I learned that I was able to build good teams with the required skills,” he says, reiterating that the lesson is that as a leader, you do not have to lead all the activities yourself. You should assemble a group that can do that. Often this means that a team should be as diverse as possible regarding style, culture, talent and skills. But it is also a fact that leading such a team is not invariably easy, says Martijn from his own experiences.
IT security, the most desired domain
Under his leadership, ABN AMRO Bank NV has ventured strongly into the digital space and has a robust digital strategy in place. It is a bank with a record of over three centuries characterized by acquisitions, splits, and mergers. It is taking its entire personal banking history of over 50 years into cyberspace.
In its current form, ABN AMRO Bank NV was started in 2010 with the merger with Fortis Bank Nederland after Fortis, Royal Bank of Scotland, and Banco Santander bought ABN AMRO in 2007. Today, the IT intensity of the bank is very high and can satisfy the customers’ need for being a secure entity in the age of cyber fraud and crimes. Under Dekker, it has developed into a bank in which its customers and society repose their trust, considering its robust security. This is why security becomes the most essential and critical element in all its business initiatives.
“As the head of the Corporate Information Security Office. I report directly to the executive board of the bank. My team manages a wide range of security services: security operation center, perimeter security, cryptography, identity & access, payment fraud detection, security strategy, security assessments, security governance, policies and standards and more. My team runs those services and develops and maintains the supporting IT systems,” Dekker says.
He and his team have clear-cut accountability for the organization’s security – and he built his team comprising professionals capable of handling an assortment of security requirements in the IT space. Besides, he created a dedicated space for the consolidated security team. In the world of IT security, it has become the best place security professionals want to work over the years. “Because they know they will become even better and can have a career within the department,” Dekker says.
One more reason for the keenness of IT professionals to work here is that Martijn always took on newer challenges for which existing security controls were insufficient and never shied away from building new systems. Never saying no to business initiatives was his motto, and he always used to encourage the team with his positive outlook and approach, “let’s work together and try to develop new security controls that would enable the new business.” Such has been the performance of the IT department under Dekker that it has earned respect within the organization, and its opinions really count. And it influences business decision-making.
Innovations & changing landscape of industries
Technology is becoming a more substantial part of any industry in general and the services industry in particular. This is nothing but an acceleration of an older trend. Data as a key enabler of new business models, better decision making etc., is being recognized by all industries. It means that securing the data is becoming even more critical. Also, society and customers are much more aware of the significance of values like privacy and security and expect companies to be able to handle their data accordingly. At the same time, we see an acceleration of cyber threats and cybercrimes. These pose new challenges to security establishments. CISO leaders must create environments within the corporates where security teams can do that. At the same time, the security problem is no longer restricted within corporate boundaries. Value chains are long and getting longer. CISOs should develop an external leadership network and stimulate and set up cooperation platforms with other companies and, very importantly, academic institutions and innovation partners. As industry verticals are disappearing, CISOs should engage, work with, and learn from, other industries.
For Martijn personally and professionally, the ABN AMRO realisation that information security was its strategic asset at the highest level and core to the bank was the most remarkable achievement. As a successful leader, he created, for the first time in its 300-year history, the post of Chief Information Security Officer in 2014. Also, it became the first bank in the Netherlands to have a CISO at the executive vice president level reporting directly to the board.
“I consider this a personal achievement as it was the result of years of me building the CISO department, and I was so proud that it was recognized so clearly,” he shares with justified pride.
But it is not all work and no play for him, who tries to maintain a healthy work-life balance – even though work never stops, for him, as the stakes are always high. Since one cannot always be “on”, Dekker says, he too needs some “off” time when he can relax and distance himself from work every now and then.
“So, I prioritized ensuring my teams are well equipped, have backups, etc. I pay a lot of attention to the well-being of the people. To make sure we can handle the load and unexpected events,” he conveys.
However, it is not always that a leader can succeed in this, but efforts must invariably address the workers’ grievances. “I do realize that in the current times, security teams are under a heavy stress and burden, and that is a risk you cannot fully mitigate,” he says.
He spends a lot of time that he can snatch, reading, studying and being outdoors. “I invest time in learning. For example, by seeking advice, having a personal coach etc., what I need to sustain, what are the sources of my energy and what drains it. I value my energy, and its management is my key priority. For example, I learned that reading and studying boost it immensely. Thus, I make sure to spend enough time doing it,” he says. And I try to satisfy my love for nature by being outdoors as much as I can, walking, running or riding my bicycle.
Life before ABN AMRO Bank
With a master’s and Doctorate in Abstract Mathematics, IT is undoubtedly not the place one can end up. But Dekker did precisely that at ABN AMRO, which he joined when he was 28. A mathematician who dreamt of the subject all his life found that, at times, it was lonely, especially while he was doing his PhD thesis work. The young man then wanted to develop other skills as well. After a few years at ABN AMRO, he again discovered that scientific interest and attitude are what made him what he is today – the core part of what he is today – and how lucky he was that these two helped him at the bank as the CISO. His core strength is sustaining his leadership and ability to manage things and people, which can be very complex. He is happy that complex and cool topics, innovations, and science all come together for him at ABN AMRO.
As CISO, his day is spent discussing IT strategy, organization, governance, and change portfolio. His job is to ensure the information flow from the top of the organization to the bottom (and vice versa!). And now, in a higher leadership role, he also spends time with the executive and supervisory board. He has been representing the company at outside meetings with other banks and organizations (academia, government, regulators, etc.) to help build new frameworks and drive more comprehensive strategies.
Be prepared for the leadership role
CISOs are becoming business leaders in any industry. The assets they are protecting extend beyond corporate and even industry vertical boundaries. Information Security is the result of all the behavior and measures taken in the whole end-to-end value chain. The role of CISO is therefore transcending the boxed domain of a leader that connects and drives. It facilitates innovation by designing safe environments where experts can grow, thrive, and create. At the same time, CISOs must be able to demonstrate control and build trust and accountability while enabling new business. He has handy tips and erudition to share. As a piece of signing-off advice, he sums up:
“This is a complex role. Aspiring leaders in the infosec industry should realize this. They must be willing to look beyond the technical domain, adapt their vocabulary to their growing audiences and be prepared to unlearn and learn continuously. I also think CISOs should be optimistic. Be uncoerced to learn to use the latest technologies; your adversaries are doing the same. New tech often cannot be secured by old tech. And the threat landscape is evolving rapidly, but you can keep up. The adversary is swift, and most companies are slow. Being slow, a good strategy to beat a quicker opponent is to be early. And that means CISOs should be early adopters of technology.”