CIO Spotlight: Carl Froggett, Deep Instinct

What advice would you give to aspiring IT leaders? “Act like you’re already in the next position you aspire to be in. Do that by understanding your values and style and observe leaders/people who are already in that position or similar.”

Headshot of Carl Froggett, CIO at Deep Instinct
Deep Instinct

Name: Carl Froggett

Company: Deep Instinct

Job title: CIO

Date started current role: July 2022

Location: Florida, US (originally London, UK)

Carl Froggett has a proven track record in building teams, systems architectures, large scale enterprise software implementations, as well as aligning processes and tools with business requirements. He was most recently Head of Global Infrastructure Defense, CISO Cyber Security Services at Citi. In previous roles, Froggett was responsible for delivering integrated risk reduction capabilities and services aligned to the architectural, business, and CISO priorities across Citi’s devices and networks in 100+ countries.

What was your first job? Since the age of about 12 I’ve always worked, and like so many I started off with a newspaper round. Eventually I got a job with Wilkinson’s (a British high street retailer) stocking shelves but eventually filling many different roles as I worked there during college and university. Those kinds of jobs involve a lot of customer service, and I think a lot of the skills I started building then have been useful ever since.

Did you always want to work in IT? Absolutely, information technology has been a lifelong passion. If I had to pinpoint a single moment that started me down this path, it would be my dad bringing home a ZX81 – one of the very early iterations of the home computer. He was a teacher and his school had bought several units, so he brought one home to learn how he would incorporate it into his lessons. I was always into electronics and gadgets at home, I still love a good old fashioned video game arcade outing, so he asked if I could take a look.  That was it – I was hooked.

I became deeply invested in understanding everything about early home computers and how they worked. A friend had an Amiga, which functioned very differently, and I was fascinated by working out the differences. We had a lot of fun coding games and developing our own and sharing the code. This was in the day when you would purchase a magazine and type the code in yourself! The great thing about that is, it wasn’t your code, and the act of typing it in really helped you understand the structures and how that developer accomplished the end result – constant learning and exploration.

The joy of discovery and exploration that IT offers has been a guiding force in my life ever since those days.

What was your education? Do you hold any certifications? What are they? After school, I chose a BTech (Business and Technology Education Council) rather than the usual A-Levels, although I did take an A-level in Computer Science as well. It was shocking to me at the time how far behind the course was compared to the reality of where IT stood at the time. I’ve always been very practically orientated, and at university we were learning about obsolete technology as they struggled to keep up with the innovation in the entire space.

At university I studied for a Bachelor of Science: Computer Science, during which time I spent a year to gain work experience with NCR doing IT support at their innovation centre. I loved the practical element of this and being able to put my skills to use in a real environment.

Today I hold both Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) qualifications.

Explain your career path. Did you take any detours? If so, discuss. Deep Instinct is my detour!

As I finished my degree, I worked at American Express during my final year. The contacts I made there were invaluable and led me when I graduated, to getting a contract at Salomon Brothers – which ultimately became Citi. Little did I know at the time that I would end up staying with the company for 27 years, during which time I worked across 14 different technology roles. I gained a breadth and depth of understanding about the technology field, and how it related to the wider business.

I moved into a leadership role quite early on and was eventually managing some very large teams. My time with Citi also took me all over the world. While primarily based in London, I lived in the US for a while, and went all over Europe including, Paris, Madrid, Barcelona, and so on working on projects.

Citi was particularly good to me, but eventually I started thinking about the future and had feeling that I really wanted to do something different, taking my knowledge, leadership and experience and applying it in a different environment but I wanted to stay in IT and Cyber Security.  I wanted to get closer to the technology and innovation while using my skills.   

So, when the opportunity to join a start-up as interesting and innovative as Deep Instinct came up, I went for it. And here I am as CIO, but also working with Product Management, Marketing, Customer Success and being able to contribute in many different ways.

What business or technology initiatives will be most significant in driving IT investments in your organisation in the coming year? Our main investment focus is the continued development of our malware prevention capabilities made possible with deep learning technology. I joined Deep Instinct because I believe this is the next evolution in the prevention of threats, addressing the short comings of today’s solutions. Deep learning represents the most advanced form of AI technology currently available, and can perform analyses that are faster, more complex, and more accurate than standard machine learning tools. It enables our products to prevent unknown malware as well as known much earlier than any existing technology. This powerful technology is at the heart of Deep Instinct, so we’re continually investing in unlocking its potential. There are other features of Deep Learning that enable our products to have unique characteristics that make it resilient, yet Enterprise friendly.

What are the CEO's top priorities for you in the coming year? How do you plan to support the business with IT? User experience is an important priority for us right now. We know deep learning technology is powerful and is continually improving, but we also need to focus on making the service easy to consume.

I’m working closely with our product and threat research teams to continue the development of the infrastructure so that our customers can more easily take advantage of deep learning to prevent threats faster and at greater scale. As CIO I also have a lot of internal customers – our employees, so I too am focused on ensuring IT are a business enabler with a great experience.

Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include? The CIO role has changed a lot over the last few years. For example, much of the operational side of technology is now merged with development thanks to agile and DevOps practices, whereas that was previously likely to be solely the CIO’s domain.

Likewise, the conventional CIO role has always been more focused on technology for the internal organisation, and very inwards facing. But I also work with our external audiences. I think the CIO can often bring a lot of value to the customer experience by talking to them about their own experiences and pain points. This helps me to understand our customer challenges and to be a more practical and valuable partner.

This has always been a big part of how I conduct myself – at Citi I supported multiple business teams to help solve customer needs. I think it’s increasingly important for CIOs to take on this role and apply their knowledge and experience – they can’t afford to focus purely on technology. But I’m also not fussy on the label of the CIO – give me whatever title you like; I am focused on the value I can bring to the company and our customers.

Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? Digital transformation has come to encompass almost every part of our lives, personal and professional. And it’s a big driver in cybersecurity. We aim to help our customers drive their own digital transformation efforts, since a secure organisation has more freedom to explore and innovate without being held back by increased risk exposure. Our solutions are flexible and adaptable to different use cases.

Describe the maturity of your digital business. For example, do you have KPIs to quantify the value of IT? KPIs are extremely important to my role, but as we’re a security vendor, they look quite different than they might for an internally focused CIO since IT is at the heart of everything we do. I need to track not only performance and stability, but also the end-to-end-impact from DevOps, Customer Success and so forth.

What does good culture fit look like in your organisation? How do you cultivate it? For me, the ideal culture needs a strong sense of accountability and clearly defined roles coupled with the ability to adapt and change to keep up with the rapid pace of today’s modern business world. I like the team-of-teams approach which puts less emphasis on a rigid hierarchy. Agility and trust are key above all else.

This was the culture I strove to develop with my previous team at Citi, you never finish this journey, and the fact Deep Instinct already had a similar approach in place is one of the things that attracted me.

To make it work, you need a combination of reliable performance and stability, along with the flexibility to adapt to any situation that arises. Building that culture naturally flows into creating trust. The culture starts at the top you can’t force it on your team. It needs to be a collaborative effort to encourage collaboration, help stop the behaviours you don’t want to see, and guide everyone towards key values.

I think it’s massively important for a senior leader to get out there and be visible. You often see the situation where a C-level person will only ever talk to managers and team leads, and delegate all communication to the rest of the team through them. That’s a mistake. If you need some information from someone in your team, just go talk to them directly; don’t waste time sending it through the hierarchy.

Traditional organisation charts are really financial structures, only useful for particular processes like determining who approves vacation but should not be how modern teams work on a daily basis.

The most important part of forging a strong culture is genuinely investing in your people. Without a motivated, trusted team of people there is no success, period.  As a leader, you need to take responsibility for failures, but also celebrate individual successes. You protect the team, but also hold them accountable. Empathy is invaluable - life happens, and as a leader you need to help your employee through challenges, not punish them.

Finally, remember that as the leader of technical teams, your role is not to be the smartest technical person in the room. I have technical expertise, but over the years I’ve found my greatest contribution to be holistic end-to-end experience. You hire the smartest and more capable people you can find, and your role is to get them working together so that the whole is greater than the sum of its parts.

What roles or skills are you finding (or anticipate being) the most difficult to fill? Finding cyber security talent has been a challenge for some time. The industry has been experiencing a skills drought for several years now, so qualified and experienced security professionals are becoming harder to come by.

What's the best career advice you ever received? When opportunity knocks, you say ‘come in!’ What some perceive as “luck,” is just people who took an opportunity – they did something new; they gained new experiences; they met new people and widened their network of connections that led to the next opportunity and momentum.

Alongside that, I was advised that if you’re doing something that you’re very passionate about, it isn’t really work! That’s certainly a principle that’s had a strong influence on my career, even my new current role!

Do you have a succession plan? If so, discuss the importance of and challenges with training up high-performing staff. A good succession plan is critical – any mature leader of any level will have a succession will need one. There are three main reasons. One – you’re training the future leadership of the company and investing in employees. Two – as per my advice on being passionate about what you do, if you don’t have a clear succession plan, you can’t take on new responsibilities or challenges, and you risk stagnating. And most important three – a good successor means you can go on vacation and enjoy it without constantly worrying about how your team will respond and function without you.

What advice would you give to aspiring IT leaders? Act like you’re already in the next position you aspire to be in. Do that by understanding your values and style and observe leaders/people who are already in that position or similar.  Discover what they do in leadership and situations that resonates with you in a positive way and adopt that. And similarly, if there is something negative that doesn’t resonate with your values, find a way to cut it out. 

1 2 Page 1
Page 1 of 2