Aflac Incorporated (AFL) Earnings Call Transcript & Summary

Next up, Securing the Future of Work. We have Ben Agner, Ben from Aflac. Ben, welcome to the program.

Thanks, Hunter.

Good to see you. Happy client here of Aflac, by the way. Quack, quack, right?

Got to love the duck.

Got to love the duck.

Hey, when you think about securing the future of work, what's on your mind?

Really, it's about kind of the shift to new normal, right? It's the fact that those physical barriers that we used to have for security are gone now, right? And that trusted space that we all used to work from, we all used to come from, no longer exists. And really, I think it kind of gives us an opportunity to rethink how we do security and how we secure our workforce because, fundamentally, I think that this is going to shift the way that people do work from perpetually at this point.

Excellent. Yes. Do you see any upside to this new model? Any benefits?

There definitely is. I personally work remote, right? Aflac is based out of Columbus, Georgia, and I'm based out of Charlotte, North Carolina, right? And historically, there's been some lack of communication there, right, because I wasn't physically in the meetings. I wasn't getting coffee at the coffee pot, right? And what this has done is kind of opened up barriers, right? The things -- I'm seeing more than I used to see, and I'm connecting dots better than I used to connect dots because people are kind of shifting to the work model that I've been used to for years. And now it's the -- I'm no longer digging for information. People are coming to meet with it and that's a huge thing. That, combined with, I mean, obviously, the increased funding for digital transformation and everything that's happening across the board. There's -- it's just been -- it's been nice to have the purse strings open up a little bit to get some stuff accomplished we've been looking to accomplish for a while.

Excellent. Hey Ben, stay with us, I'll just circle back to you. Next up, we have Lisa Tuttle. Lisa is the CISO for SPX Corporation. Hey, Lisa, a little bit about SPX and set the context on your role?

Sure. SPX is an international company. We're an industrial manufacturer across several segments, doing mostly configured-to-order equipment, but everything from commercial HVAC to transformers to a segment we call Detection & Measurement, which is obstruction lighting, underground utility location, transit systems and drone detection.

Wow. So a global company, right?

Very much so, yes.

Interesting. So what -- in this new work-from-home environment, what are some of the strategies that you've instituted? And what's the success there?

Actually, it was a fairly smooth transition. We were fortunate in that, last year, we started shifting much of our security endpoint protection to a cloud solution. So that was right for remote work capabilities, that off-network protection that we were now able to provide outside of VPN. So that was a really big win for us. We're also a company who does a lot of M&A. So that was another driver for getting us to more cloud-based solutions. So when we want to integrate networks, we're not waiting for several months before we feel that full connection of the network can occur. We're leveraging a cloud solution to provide immediate protection.

That's amazing. Any thoughts regarding this pandemic helping you drive innovation with the business?

Absolutely. While there's certainly Zoom fatigue, the adoption of it has been great, and in a way that I think we would never have realized had we not all been in this position. So the collaboration has definitely improved. People across our businesses who I've worked with a lot of years via e-mail or conference calls, all of a sudden, you're having these face-to-face conversations. And so much so that I've even established a relationship with some folks in the business, where we do once a month an accountability check. How are we doing maybe on a specific project, but then how are we doing just from a leadership perspective?

Interesting stuff. Thanks so much, Lisa, for coming on in the program. Stay with us. I'll circle back to you in just a minute. Hey, next up, Michael Piacente. Michael is a partner at Hitch Partners. Michael, welcome to the program.

Hey, Hunter. How is it going? That was probably one of the best examples or explanations from Naveed that I have heard on that topic.

Oh, you agree?

So -- absolutely. That was great. I actually wrote everything down.

Very solid, really good...

Yes. It was great.

Thought leadership. Thanks, Mike. Hey, when you think about -- you're the one outlier on this panel. By the way, Michael is a top search exec. So yes, Mike. I wanted to take a note of what he's about to talk about. What are the trends, Michael?

Yes. I think -- well, first of all, Ben and Lisa, great to hear your stories, and it certainly resonates with what we're seeing on a kind of global level. I mean, we focus on cloud-based companies, and specifically CISOs, companies that are cloud-native or cloud-first. And so that's really our niche. But we -- and being a niche player in that, we've seen kind of a tenfold increase in cloud solutions, not just companies putting their infrastructure in the cloud, which is really the productivity and collaboration tools around that. Specifically, companies, and I think Lisa kind of pointed out, is getting closer to the business and also getting closer to product and being more involved in the product innovation. If you think about a lot of enterprises over the past 9, 10 months have become larger software development companies than they were just a year ago at this time. They've always been developing technology, but now it's at a totally different level. And so this opposition to digital channels or tools has really been waning. And so we're seeing much bigger emphasis on the reliance of cloud security. That's probably the biggest single area. The other thing that the pandemic is really driving the future work is around hiring and management practices. If you think about the CISO and the CIO during this pandemic have really been 2 -- the key hiring managers. And in fact, many -- the only hiring manager for strategic positions in companies. Where we've seen many of the go-to-market functions sort of shutting down or freezing, the CISO, for instance, has still been hiring in a rapid pace. And how they're doing it -- and they're not actually meeting their candidates, and the candidates are not actually meeting them. They're not enjoying this cultural connection of walking into an office and feeling like they belong, and the same thing for hiring managers. So they really had to adjust to that. We've seen some really interesting techniques. And same thing goes on the actual management of teams, spending a lot more one-on-one time, spending a lot more time with the vendors, hearing presentations. So it's -- I think everything around these 2 areas have really intensified and changed in 2020 and, for the most part, for the good. So...

Pretty exciting time. Wouldn't you agree, Michael?

It is. I've said it before on your channels. It's -- I think it's a strange year for everyone. But for CIOs and CISOs, this is definitely a golden age. The notice, the level of communication, it's very exciting. It's sort of -- and it's going to continue. I think we're going to see this trend moving on.

I mean, it's the timing, it's the year of the CISO and the CIO being the rock star, right? Ben, you want to jump in on that one?

Yes. Absolutely. We've seen kind of -- so I work heavily with our subsidiaries as well. And we kind of use our subsidiaries as sort of incubators for technologies and security plays and some of the more emerging tech. And I was -- but prior to coming on to Aflac corporate proper, I was the Head of Security for one of our subsidiaries here in Charlotte, called Empowered. And they're a software-as-a-service company and super agile, super fast and have some very interesting technologies. And we were able to implement a Zero Trust, BeyondCorp, whatever you want to call that, 3, 4 years ago. And looking at what their response to the pandemic has been, it's basically just been business as usual. Like, the security controls haven't changed. We know what the users are. And the user experience hasn't changed. The only difference is that instead of them sitting in 3-person pods doing their stand ups, right, they get on a Webex call or a BlueJeans meeting and go around there, right, or a RingCentral, right? But that's -- it's been very interesting to see us be able to model off of some of those incubated companies for what we're looking to do for Aflac corporate proper, right? As we tear down the global barriers that we've got, and as people are able to work kind of seamlessly across time zones and across the globe, we're able to take those models that we've had previously and kind of implement them across the company.

Thanks, Ben. What's your stature in the company in terms of -- or your position about getting buy-in for everyone being part of the security solution, right? You can't possibly do it yourself. It's really building a team of warriors out there helping, keeping the enterprise safe and secure. Ben?

Yes, absolutely. We've been shifting towards the DevSecOps model for years. And that is -- that's really been an enabler. We need to -- we work very closely with digital services and the teams there. And even at that, the incubated company that were talking about, Empowered, they don't have a traditional security team to speak of, right? It's all just kind of integrated pods, and everybody talks to everybody else. And it's not about, hey, security will get that handled. It's about security ownership across the organization. And I think people are kind of seeing that now as it's brought more to the forefront that digital enablement just kind of requires security from the forefront.

Ben, I love winning. And more than winning myself, I love having clients and people in the network win, right, really demonstrate amazing results and impact in the enterprise. And Lisa, when you think about you're building a culture of people that are onboard, helping see -- keep the enterprise safe and secure and educating the C-suite and the Board, what do you think about?

Well, part of it is learning to speak their language. We're so close to the tools, sometimes we forget how to create that walk or that journey for them. So one of the things I've always believed is if you want somebody to be your partner, you have to create a win for them because there's an inherent, probably internal, reaction that, "Ugh, security." It's just going to be more than I have to do that I don't see value from. So where you can create those openings, whether it's a compliance regulation, a customer request, something that's driving a need to get you to the table, I think that's the beginning of that journey. The Board wants to hear more now. Everybody is, like you said, it's kind of the golden age for the CISO right now. Everybody's got their ears up, and how you deliver that message, for better or for worse, is going to determine, I think, the effectiveness you have. You want to be that seat at the table. So for compliance, there's been some IoT laws that California passed. So that was an opening in with our development teams to say regulation is coming. They don't want to have to be the expert in that and use that opportunity to learn about what they're doing, what their road map is, help promote a little bit. Did you know part of your shared service includes we can do penetration testing? We can do vulnerability scanning, things that, again, they may have always considered us the back office corporate people and now helping them understand we're really there to be the front lines with you.

Interesting times, right?

Yes.

Do you get called into the C-suite much to explain what's going on?

I do. I have a regular quarterly cadence of meetings with them as well as with the Board of Directors. So again, a large shift over many years ago when I started in security, those opportunities weren't being asked from us.

Excellent. Good job, Lisa. Awesome. Hey, Michael, you have an annual survey that you're pretty fond of. What are the trends that you're seeing out there in terms of hiring?

Yes. It's -- first of all, I want to just point out, Lisa, you're spot on from what we're seeing. I'm based in California, and we're always messing things up with compliance and governance standards. So you're welcome to the rest of the country. But no, that was great. On the hiring part, we have our 2021 just getting organized. The big emphasis this year on our compensation -- it's actually a reporting structure survey, too. One thing we found 4 years ago was that CISOs weren't quite sure what they were supposed to be making because it was all over the map. And they weren't quite sure where they were supposed to be reporting because that was also all over the map. And it's only gotten more intensified and obscure in 2020, and I think we'll see that trend until it settles down a bit. But the main focus that we have for this year's study, just happy to share with everyone, is around CISO protections. One of the big trends right now, I think probably the last 7 or 8 searches we've had, had some level of renegotiated severance, some level of double-trigger forward vesting in the change of an event on equity, RSUs or others or options. And then the other piece was ensuring that the CISO and/or the CIO are placed on the D&O insurance. And these are requests from the community, and they're very serious about it. And we think -- I think that the days of the CISO and CIO coming in and sign off on this FedRAMP or SOC 2 or ISO and, I think, maybe the sacrificial lamb of the business are no longer. I think we've seen some really interesting high-profile situations. And so that's really the emphasis on this hiring trend. I think in others, we're just -- I mentioned it earlier, but we're seeing a rapid increase from the enterprise, not so much -- I mean, we see it on the start-ups, which we work with. But on the enterprise, looking around to Ben's point, looking at putting more structure around what was a maybe kind of a grassroots DevSecOps environment now becoming more of the enterprise way of going and finding that clear cloud leader, cloud security leader, someone that -- and look across architectures and really describe the business risks. So we're seeing that as a focus area as well. I think the other thing is on the hiring kind of on the soft skills, the last piece I'll start -- end with is, there's 3 distinct requirements that we're seeing in interviews. One, how are CISOs and CIOS dealing with the new level of conflict as they move up the chain in the communication process to the Board, to Lisa's point, on the E-suite? What's that level of conflict? How do they narrow it and almost be a referee of that conflict? And so it takes a lot of focus on that. The other one is just really knowing your audience. The audience has shifted quite a bit just over the last 18 months, specifically since the pandemic started. And knowing what level of audience you could walk into different meetings and have a variety of audiences. And the last one is just really understanding your level of humility. And that's -- it's no longer about we are going to implement something and everyone's going to just adopt it. That really takes an enormous amount of awareness, security training and other tools. And so the humanizing factor for the CISOs and the CIOs right now we're seeing come up in new kinds of interviews, which is pretty fascinating. So...

Hey, Michael, one quick question, hopefully, a quick answer here. How important is, on the way in, negotiating stock equity as well as a change-in-control agreement? Is it an important [ lesson ]?

I think it -- yes, I would say that, today, it's almost critical. Because if you think of companies today, especially start-ups there, you're basically being asked as an executive. Let's say, you're coming from an enterprise into a kind of budding start-up, you're being asked to leave money on the table. And where is the delta coming up from? It's usually coming in an investment in the company's equity over a 3- to 4-year period. And so, really, negotiating what that looks like and making sure that you really are seeing a fair negotiation but also making sure you're protected in the change of control. CISOs and CIOs are sometimes the first to go in a replicated environment. And so making sure that what you started building a couple years ago that you at least have the opportunity to make your own choice of exit as opposed to being absorbed somewhere else. I think there's just so much...

I just don't want to [ underestimate ] any fear there. I just wanted to punctuate that. I think that's an important idea in one's career ascent to have that asked in the mix, right?

Yes. I mean CISOs and CIOs are builders. They're problem solvers. They're also very good people, and they want to do the right thing for the organization. They're really there to help -- to really solve the most complex problems. And so they want to be in an environment where they're going to do that. Once they get into a maintenance mode or something that's more neutral, they want to look out for the next opportunity that gives them that. So it's pretty natural behavior.

Excellent. Hey, Michael, thanks for coming to the program. Ben, final comment around the changing environment and strategically things that folks should have on their radar?

I think we've pretty much covered it, right? Like, look at Zero Trust, if you haven't. Look at your cloud programs and make sure that security is involved in that. And look at your people and make sure that your workforce is happy, and that they're working and that they're doing so securely.

Exciting time to be in tech, Ben?

Very exciting time, yes.

Very cool. Excellent. Lisa, exciting time to be in tech?

Yes. More exciting than ever. 20 years ago, I wouldn't have imagined where we would be today. So the career has definitely changed.

Awesome. Hey, Lisa, great to have you on the program. Thanks, Ben. Michael, always good to see you. Hey, stay tuned on this next segment. I think you'll like it.

Thanks, Hunter.

Thanks, guys.

Thanks, Hunter. Take care.