VSEVOLOD (SAM) SHABAD

CIO at Acronis

Can you please provide a little introduction about yourself

I am a Senior Information Technology Manager with IT, Cybersecurity, Cloud Computing and Data Science skills and 20+ years of leadership in small and large (350+) distributed international teams. I designed, updated and implemented a risk-driven IT strategy to follow stakeholder needs, compliance rules, and technology innovations. The key added values from my work are a performance boost, speeding up resolving incidents and service requests and IT budget savings for start-ups and large corporations. I love to improve processes with advanced Agile and ITIL approaches and have done it in broad industries (Finance, Technology, Oil & Gas, Metallurgy). 

I am currently based in Almaty (Kazakhstan) and will relocate to the UK following spring.

What has your journey to your position been like? What path have you taken?

My professional career in the IT industry started in 1985, in the middle of Moscow high school. 

First eleven years, I worked as a software developer; we made an excellent toolkit for the development of embedded automation devices based on Intel MCS-96 and Intel MCS-51 microcontrollers (cross-compiler for 'C' language, assembler with macro capabilities, etc.) 

In parallel, when the Internet came to Russia at the start of the 1990s, I started working as a network engineer and later, this direction of work consumed more and more time and attention, so I completely switched on this kind of work and finished working as a pure software developer. Of course, I wrote some small automation scripts and fixed some errors in the source code of the early versions of the FreeBSD operating system that we used as a base of our network and mailing hubs and routers. Still, my main focus shifted to network solution architecting and implementation.

Our team grew, and I became the head of the network department of the wholesale computer hardware distributor. Later I established my own company focused on network integration and became CEO of this company in 2000. Firstly, we focused on establishing disaster tolerance for some metallurgical automation systems but later changed our focus to the Oil & Gas industry. Last five years of my company life (up to 2018), we were one of the most successful builders of high-performance clusters for seismic processing and reservoir modelling.

In 2018 I was invited to become CIO of Sberbank Kazakhstan - the 3rd rank bank in this country, so I relocated from Moscow (Russia) to Almaty (Kazakhstan). During my one-year contract, I successfully completed the challenging project of mass migration banking applications from bare-metal Itanium2 servers under HP-UX to the virtualised x86 servers under RedHat Linux. One of the most impressive results was a 19-fold increase in the speed of batch payments through the card system - employees of the bank's most prominent corporate clients finally began to receive their salaries on time.

When my contract ended, I returned to Russia to become the CIO of BI.ZONE, a fast-growing cybersecurity startup, is an Interpol contractor with a turnover of over $120 million. With revenue consistently doubling year-on-year and about 20% headcount growth every quarter, BI.ZONE needed to mature its IT processes to support this growth, mainly to ensure that new hires are up and running as quickly as possible. Through the implementation of the Incident Management and Problem Management ITIL practices, I reduced the share of overdue incidents by a factor of three, and thanks to the optimisation and automation of the IAM process, I reduced the waiting time for new employees to get access to crucial information systems from 4 working days to 1 hour. 

Starting in 2021, I relocated back to Kazakhstan to oversight the IT and Cybersecurity activities as the CEO advisor of the largest Kazakhstan bank - Halyk Bank (LSE: HSBK), with more than 13,000 employees and over 1,000 IT person staff. Due to the objective conflict of interests between IT and Cybersecurity, I decided to oversight only Cybersecurity (and added Fraud Prevention activities to my scope) and took the position of CISO. Since I am an IT person and not a typical security professional with decades of military or counterintelligence experience, I used my IT background and IT approaches to improve cybersecurity and fraud-prevention processes. As a result of implementing Kanban and some other Agile ideas and practices, I decreased the resolution time for 90% of cyber incidents from 29 days to one day and the average amount of customer losses by 15%. Moreover, following some SAFe practices, I revitalised efforts coordination between IT and Cybersecurity teams that 2x accelerated change requests.

In October 2021, I started my practice as an independent vCISO, GRC Expert, and Cloud Solutions Architect, and I continue to support companies worldwide to mature their IT and Cybersecurity processes. For instance, working as a Solution Architect and vCISO of a US-based software vendor Kublr, I designed from scratch and implemented a holistic SOC2-compliant management system – a body of policies, standards, and procedures baked into DevSecOps processes. I really enjoyed the opportunity to jointly apply my knowledge and skills in IT, Cybersecurity, Risk Management, Compliance, and Data Science, recall my previous programming skills and automate many procedures in Python. And most importantly, I managed to implement the developed policies and procedures without having any administrative power in the team's daily work and cultivate a genuine security culture.

Last year, I worked for three months as a CIO of Acronis - a global fast-growing technology company (cyber protection solutions) run in 150+ countries, 3.5B USD value. This company is going through a challenging transformation, and my role was to support this transformation from the IT side. In less than six weeks, I decreased the number of overdue incidents twice, and the efficiency of IT processes still grew. One of the notable projects that we did hand-on-hand with the security team was zero-trust access implementation instead of aged and non-ergonomic VPN solutions. With this solution, Acronis got the opportunity to hire the most brilliant people worldwide and didn't worry about provisioning enterprise-grade notebooks for them in the middle of nowhere without any security compromises. 

Has it always been your vision to reach the position you’re at? Was your current role part of your vision to become a tech leader?

I cannot confirm this. The first time I worked as an engineer, I was frustrated with the boring projects that my managers brought us, and I decided to choose exciting projects myself - this led to my promotion to the head of the department and then to the position of Chief Revenue Officer. Later, when my partner left our company, and I became CEO, I was forced to become a real manager and develop in this direction. I liked it! Since our company was relatively small, I combined the CEO role with the roles of project manager and system architect and grew my skills and experience in these directions too.

When I tried to go to the customer side in 2018, I realised that I liked it too, and the CIO position in a relatively big company is not worse than the CEO position in a small company. My later focus on Cybersecurity and Risk Management didn't replace my IT experience but enriched it. So, every turn in my career has given me the perfect opportunity to add new colours to my palette and a new tool to my portfolio.

CIO Guest interview 2

Have you had a role model or mentor that has helped you on your journey?

I don't have any role models in my professional career, but my life is not limited only to work. In my youth, I spent five exciting years in skydiving (with more than 500 parachute jumps); later, I became an ultra-marathoner and long-sprint runner (and even won a silver medal in the Russia 2020 Master Indoor Athlete Championship). My parachute coach Alexander Parfyonov made a lot to mature my mindset.

Later, I loved to read the memoirs of some prominent people and try on their experiences and approaches to my life. For example, I took a lot from the book by Lee Kuan Yew, the former Prime Minister of Singapore, regarding managing multinational teams, and I took a lot from the book by Golda Meir, the former Prime Minister of Israel, regarding the balance between ethical constraints and the desire to achieve challenging goals.

How do you see the role of the technology leader evolving over the next 5 years?

I think the term "technology leader" is often overused. Some technology leaders are visionary and persuade senior management and boards of directors to invest resources in developing and deploying promising technologies and products. Some other technology leaders are focusing on current business performance and deliberately slowing down the adoption of super-duper cutting-edge technologies to achieve better returns on investments already made.

You should know the well-known triad "People-processes-tools", and sometimes the attention to the tools and technologies is too much. I believe true technology leaders will sustain focus on people and processes efficiency and the right balance between innovations and current performance. In recent years, we have often seen general enthusiasm for advanced technologies and products - blockchain, NFT, and now ChatGPT. Also, I am so old to remember public enthusiasm for dot-coms, the dot-com bubble and the large-scale dot-com collapse. Excessive hopes lead to massive disappointments, accompanied by budget cuts, staff layoffs etc., so I hope that tech leaders will learn to limit the enthusiasm of executives based on articles in popular magazines and achieve this most reasonable balance with an emphasis on people and processes.

What skills do you think leaders of the future will need in order to thrive?

I believe the most prominent skill for any leader is the skill of learning. All technologies and products become obsolete faster than expected, and the right leader should be a constant learner to be on edge.

The next crucial skill is the management of multicultural, diverse teams. Despite any current pandemics and wars, the globalisation process is unstoppable, giving impetus to shift from the localised teams to genuinely global. In this case, the leader should be able to ride this wave and make his international team successfully reach the joint goals.

How do you keep current with new skills, technologies and personal development?

I am an avid learner :) 

When fate threw me into the information security area, I found and completed an authorised 512-hour professional retraining program in less than six months. While working at Halyk Bank, I was directly involved in ensuring the cybersecurity of its Data Fabric, so after leaving the bank, I realised the full power of Data Science and Machine Learning and began to study it at the best distance program in Russia. In total, my investment in education in 2021 exceeded 1000 hours - including both evenings and weekends, alas, to the detriment of sports and communication with children.

Later I spent a lot of effort diving into Cloud Technologies, Blockchain, Cyber Risk and its supervision, and I don't plan to stop. 

Let me add some words about my public speaking at different conferences and on social networks. I love it, and preparation for each article presentation or publication forces me to structure my knowledge, find and fill the gaps, and sharpen my communication and writing skills.

It pays off.

What do you see as the next leap in technology that will impact your business or industry in particular?

I believe in blockchain technology as a key driving force not only in the financial industry. The crypto bubble burst, and that cured the industry in many ways. I see great potential for CBDC (central bank digital currency) and expect significant changes in the roles of commercial banks and fintech companies soon. Sober calculations are replacing inflated expectations; limitless grid systems are gradually replacing massive ageing centralised systems. 

These changes raise new challenges for the IT industry. Security, performance, energy consumption - in each of these areas, a new reality requires new processes and new technologies. Our profession is definitely not in danger of death :)

"I will advise them to focus on people and processes and give his team the freedom to create."
If you were mentoring a leader of the future, what advice or guidance would you give to help them on their way?

I will advise them to focus on people and processes (it is not easy for the former engineers!) and give his team the freedom to create. I also advise them to consider the specific organisation's context to not ruin the current processes by implementing prominent prospective ideas and technologies and sustain a smart balance between innovations and stability.

If you could change one thing in the world, what would it be?

I'm always interested in new challenges, and I feel too old to be driven only by money - I am interested in making this world a better place. 

So, currently, I'm looking for new management roles worldwide (except in Russia) in an ambitious company with an exciting mission. I'll love the opportunity to take the next step aside - for instance, to Cyber Risk management, to technology team scaling, etc.

A big thank you to Vsevolod (Sam) Shabad from Acronis for sharing his journey to date.

If you would like to gain more perspective from Tech Leaders and CIOs you can read some of our other interviews here.

Subscribe to newsletter 2

The CIO Circle Editor
Post by The CIO Circle Editor
June 14, 2023