After 25 years of holding senior positions in Australia for tech vendors, Sean Duca is striking out on his own.
Duca - who wrapped up a nearly two-year stint at Cisco in February that saw him serve as CTO for CX for APJC, plus CISO and security practice leader for CX before that – has launched The Duca Group, a Singapore-based boutique, technology-focused advisory firm.
Duca said that the company isn’t advising based on theory, but rather from what he has seen from ‘the other side of the table’.
“The gap in the market that I see is that organisations get sold technology strategies by people who have probably never implemented it,” he said.
“The differentiator [of Duca Group] comes down to that independence: I don't have any vendor affiliations, I don't have a product agenda, I don't have a junior team and the person you engage is the person who shows up.”
He explained that the idea for a venture into entrepreneurship after a quarter of a century working for others – he was also formerly VP, regional chief security officer for APJ at Palo Alto Networks and CTO for APAC at McAfee when it was known as Intel Security – came partly from turning 50 in June of last year, with the thought of ‘what do I want to do with the other half of my life?’.
“The type of work that I think about is the thing that has always excited me, which is the strategy piece - let's call it the voice of reason, a sounding board, and giving clear judgement around what they need to do,” he said.
“The model for me is not really the implementation side or the build work - I could help them if there was something around a project that required a proof of concept, working with someone's team, but I'm not going to be doing the build itself. It's more the strategic and the design authority pieces with the level that I work at, and that's the boards, executives, the C-suites, even technology companies as well.”
Duca said he doesn’t plan to be selective around particular industries or verticals to work with, but rather wants to be able to help anyone he can.
“I've always been the type of person where, if I've got free time up my sleeve and someone was to reach out and say ‘have you got five minutes or 10 minutes to help us out here?’, I don't care if it's big, small - I just want to help people,” he told techpartner.news.
“I'm not looking to play a volume game. I want to play the quality game, and if I could choose larger organisations, I think that's probably where I'm going to land, but there's no specific target market or sector.”
“Massive governance gap” in AI
Two of the big opportunities that Duca sees in terms of advisory work comes from a pair of hot topics in the industry - AI and cyber – with the founder stating that “there's a massive governance gap” when it comes to AI and a “level of preparedness that probably isn't there” when it comes to cyber.
“If you think about the cyber industry as a whole, you've got 3,000 vendors that are knocking on everyone's door trying to vie for their attention, [saying] ‘I have a solution that is going to solve your problem’, and sometimes they don't even know what the problem actually is for that organisation,” he explained.
Duca also made the point that risk identification does not equal risk reduction.
"Most companies can say they've done a risk assessment, but nothing has actually changed on the systems themselves,” he said.
“AI governance is just something that's just constantly talked about all the time, and for me, governance needs to be embedded into the architecture itself, how the data flows, what decisions are logged, where humans can intervene, how incidents are detected.
“Boards are asking whether they've got an AI policy; the better question is whether they've got AI systems that were designed to be governed in the first place - most of them were not.”
Duca doesn’t buy into the narrative that AI is going to result in mass job losses either, saying that humans are going to have “a lot more work to do" with the mass adoption and implementation of AI.
“We’re going to be sitting in a lot more of an oversight position. I think a lot of the mundane tasks will get taken away, and it just means that we're going to spend more time thinking,” he said.
“What you're going to find is that you'll probably have linearity with your headcount, but your productivity is going to probably exponentially increase from that. The roles that people do today, take a step back [from that]. Don't even look at the roles. Look at what's the strategy, what's the capability, what's the skill set that we need, and then work out what are those roles of the future.
“Go and score your individual team members that you've got, and you may work out there's some people that probably can't get carried over into this new world, but there's going to be a whole heap of people where you say ‘we've got a competency gap here, we've got a skill gap here, let's now elevate and train our people to actually step up and do this’.”
_(38).jpg&h=142&w=230&c=1&s=1)
_(25).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0){kind=logo}
