CTO Sessions: Joel Burleson-Davis, SecureLink

Which emerging technology are you most excited about the prospect of? “I am both excited for and terrified about the evolution of quantum computing and what it’s going to mean for our globally connected information systems.”


Name: Joel Burleson-Davis

Company: SecureLink

Job title: Chief Technology Officer

Date started current role: January 2019

Location: Austin, Texas – USA

Joel Burleson-Davis is the Chief Technology Officer at SecureLink, a leader in third party risk management based in Austin, Texas. In his current role, Burleson-Davis is responsible for the technology strategy and operations for SecureLink, overseeing several teams in the organisation including R&D, QA, systems engineering, InfoSec, project management, technical operations and customer success. Prior to SecureLink, Burleson-Davis worked and lived in Australia for six years as an engineering manager. He has a Master of Liberal Arts from St. Edward's University where he focused primarily on philosophy and behavioral sciences as applied to technology.

What was your first job? I started my computer career helping out the network administrators at my school, whether it was running wires in the ceilings, sitting in a rack with a punch down tool, or getting some new Netgear NICs to play well with Netware and Debian Potato.

Did you always want to work in IT? Yes! Technology has always been a natural fit for me. After my first class writing assembly for x86 in high school I haven’t looked back much.

What was your education? Do you hold any certifications? What are they? Alongside technology, I’ve always had a passion for philosophy. I achieved my BA in philosophy and religious studies, and then went on to get a Masters in Liberal Arts from St. Edward’s University in philosophy and behavioral sciences applied to technology. There is infinite fun to be had when looking at the convergence of humans and technology, from stone tools all the way through to modern machine learning.

I, at one point, held an uncomfortable amount of industry certifications whether they were from PMI, Microsoft, RedHat, or Cisco. I’ve always had the perspective that learning is always good, and mastery is fun, so I tended to go all in for the technology I was working on at the time.

I am also a member of the Linux Foundation and over the last 8 years I’ve participated as a member of a task force that creates programs and certifications inside the Linux Foundation for Linux administrators and engineers.

Explain your career path. Did you take any detours? If so, discuss. In college I took a break from tech work to do other things that played well with a plan to graduate in three years with a double major. Tutoring english, philosophy, theology, and Koine Greek mixed with being an RA fit pretty well into that plan, with the occasional stint being a waiter at a local bistro.

After undergraduate however, I’ve been on a steady diet of technology. Having moved to Australia with my wife straight out of college it was both the easiest way to pay the bills in a foreign country and the most comfortable - comfort having a high value when you’re 21, mostly alone, and an immigrant. I may have gone a bit overboard for those first few years though. At one point holding three jobs, working for an ISP with their business fibre customers, working for a MacOS Consultant to Medical facilities doing image archiving and virtualisation, and working for a mining services company rolling our job management software and custom extensions using VBA and Access 97.

I eventually settled on just one job, working as the engineering manager for a mining services company in Western Australia (and moving as much Access 97 and VBA as I could to Python and SQL server). I was there for almost six years before joining the small group of folks at SecureLink as the lone Systems Engineer. After eight years here at SecureLink I’ve grown with the business, moving from that engineer role, through security and operations all the way to my current role as CTO.

What type of CTO are you? I am a CTO who wears many hats. In my current role I am responsible for the technology strategy and operations for SecureLink, overseeing several teams in the organisation including R&D, QA, systems engineering, InfoSec, project management, technical operations and customer success. These responsibilities tend to be much broader than what’s usually required of a CTO, but I love being able to have a hand in all areas of the business, and I feel that being able to see the full picture gives me the perspective I need to do the best job I can for our employees and customers.

Which emerging technology are you most excited about the prospect of? I am both excited for and terrified about the evolution of quantum computing and what it’s going to mean for our globally connected information systems. As a security company, we rely heavily on the viability of encryption, and are always pushing for the latest and greatest technology in that arena. But there is a good chance that quantum computing upends encryption and security as we know it and we’ll collectively have to sort out a new paradigm of security for ourselves and our customers.

Are there any technologies which you think are overhyped? Why? No. Most technology is useful and we humans have been really creative with it. So hype or not, I see all of this emerging technology as a continuation of our long, long history of innovation and creativity. I may not have a use for or understand the uses of an emerging technology, but I’m happy to see that engine of innovation fully at play still.

What is one unique initiative that you’ve employed over the last 12 months that you’re really proud of? We’ve really doubled down on automation in the last 12 months, taking on the perspective of, “If it can be automated, it should be.” We’ve also taken a really expansive approach to automation, adding it to marketing systems, IT systems, R&D systems, our product, and more. There’s always more to do and we’re forging ahead, but automation has been a tremendous focus and success of our team's efforts over the last 12 months.

Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? Here at SecureLink we have a value of “embracing change” and it comes often, and from every area and level of the business. Is there transformation going on that is good for customer experience? Yes. Is there transformation going on that benefits growth or efficiency? Yes. Is that something fundamentally different than or remarkable from what I’ve known us to do for the last 8 years? Not really.

What is the biggest issue that you’re helping customers with at the moment? At SecureLink we are helping organisations manage third party remote access. An average of 67 vendors require remote access to a company's internal network, which is essentially thousands of users connecting, and with 59% of data breaches traced to third-party vendors, these statistics highlight that third party risk management needs to be a top security priority for organisations. While awareness about the threat posed by third-party remote vendors has been growing, recent high-impact data breaches like SolarWinds have thrown an even greater spotlight on the scale and far-reaching impact of unsecured third-party relationships.

How do you align your technology use to meet business goals? Two ways. First, we determine what the goals or outcomes for an initiative are before looking at technology. We don’t want tool selection to drive the process; we need to make sure we have a clear idea of the business needs. Second, we do a quarterly alignment here at SecureLink. Bottom-up, top-down and cross functionally so expectations, priorities, and resources are set and well understood by all stakeholders for an initiative.

Do you have any trouble matching product/service strategy with tech strategy? No, but it’s never perfect. Having clear, direct communication is a life saver when it comes to this though. All stakeholders need to be able to openly discuss and iterate over operational and technology gaps. As long as that communication is there, with people being unafraid to point out mis-alignment, there isn’t much opportunity for these to diverge.

What makes an effective tech strategy? I often remember the words of one of my graduate school professors, “The job of an engineer is to optimise with constraints.” That wisdom has stuck with me and is really informative for an effective tech strategy. Optimisation has embedded in it an understanding that there is a goal we’re after, we’re optimising for something be it security, value, growth. Second, it’s hard to know what is even in the realm of feasibility without understanding the constraints that are present to meet the end goal. However, knowing what we’re after, and the limitations we’re given, as effective technology leaders, we can build a strategy that threads the needle between those as efficiently and effectively as possible.

What predictions do you have for the role of the CTO in the future? Security is going to take up an even big chunk of the CTO role. For a long time, the common wisdom pushed by Security leaders was that, “Everyone is responsible for security.” It’s going to come to a point I think that the new wisdom will be, “Every job is a security job,” much like many jobs at this point have some degree of coding that had historically never been “programming” jobs. We’re too connected as a society and there is too much at risk for this to not be the obvious progression of the role.

What has been your greatest career achievement? Helping to build SecureLink into the company it is today. When I started with the company we were only a handful of people with what seemed like an insurmountable challenge ahead of us to build and grow like it seemed we should be able to. Eight years later we’re going strong with nearly ten times the employees than when I started and that insurmountable challenge that was ahead of us now just looks like fun and opportunity.

Looking back with 20:20 hindsight, what would you have done differently? Last year, not a lot. SecureLink was well positioned to go to a fully remote workforce almost overnight (which we kind of did), my sourdough starter was already 6 years old and my beard was well on its way before COVID hit. But more seriously, I would have triple downed instead of just double downed on our automation efforts. It probably was reasonable to do so, even in hindsight, but seeing the impact it is having on our product and operations makes me feel impatient for the future I can see.

What are you reading now? I’m re-reading a book suggested to me some time ago by a colleague called Domain-driven Design by Eric Evans. The domain model and understanding how critical domain expertise and domain language is to the creation of an effective product has been a core reason SecureLink has been so successful.

Most people don't know that I… like small cars and small houses. A 900 sq.ft. house for me, my wife, our two daughters and bulldog, perfect. Mini cooper for transport, brilliant.

In my spare time, I like to…Spare-time is a bit tough to come by these days with a young family, but when I do have those moments to tend to my hobbies. I gravitate to my love of food and try to sort out what to cook and or bake next. Like I said, I have a 6 year old sourdough culture and it has been steadily popping out bread, pizza, and pastries almost every week since I started it.

Ask me to do anything but… Sing. I can’t think of anything that I don’t want to do more than that. And trust me, I’m doing myself and the world a favour from refraining from it.