Why Ruby Life CISO George Al Koura puts people first

Beyond one’s own personal relationships, opinions on how others conduct theirs are usually none of anyone’s business. But when it comes to actual business, George Al Koura, CISO of online dating company Ruby Life, has built a career on how long-term success depends on building team cohesion within the organization, and elevating the relationship with partners outside it.

“We’re effectively a software company, but we have to humanize one another,” he says. “When we look at today’s hot resource market, competing for talent on traditional lines has been a bit of an archaic and sometimes toxic game where personnel leave organizations within months of joining due to offers of substantially greater compensation or benefits. This situation isn’t strategically feasible at the industry level.”

Also unsustainable are interactions with vendors that are only there to make their quarterly quota and no sense of loyalty. “That’s not the best way of doing business nor the best career fostering real improvement opportunities,” he says.

Turning a vendor into a partner, he says, takes an understanding of business outcomes and anticipating change in the sector that need a pivot or reaction, and then help you understand that. “There’s still work to do in that area of collaboration but there are positive signs,” he says.

For Al Koura, it’s a constant learning process inherent to a leadership journey that was never straightforward or predetermined from the start, with a non-traditional path to entry for a tech career.

“I actually don’t have a formal STEM education,” he says. “I studied political science psychology at military college and served in the Army regular forces until about 2016. I had a technical job as a communications research operator, but after a while, I wanted a new challenge. I started a couple of businesses but ultimately nothing stuck. Yet there’s something to be said about failing fast and failing often. Looking back at those times, I was learning a lot of great lessons that would serve me later in life. But those lessons were definitely learned the hard way.”

CIO Leadership Live’s Rennick recently spoke with Al Koura about the importance of collaboration with colleagues and forging reliable, long-lasting relationships with business partners. Watch the full video below for more insights.

On learning on the job: I was a junior analyst doing shift work at a 24/7 global operation. While I enjoyed my time in software, I knew I was capable of more. So I spent a bunch of my overnight shifts reviewing all the SLAs for the company’s entire 80 plus clients to understand the business of cyber and what the organization actually did. In doing so, I found they sold some managed threat intelligence services that we weren’t delivering on. It was a light-bulb moment and I realized I had an opportunity to build those services and advance my career further. At the time, one of my VPs was John Proctor, who’s now CEO of Martello Technologies. He and I go back over 10 years serving in the Army together, and he was a bit of a trade mentor for me then. We always had a good relationship and I told him about what I saw and he gave me an opportunity to build that capability out. What’s interesting is I had no formal education or training on threat intelligence, and I was learning security operations in the cyber role on the fly at the time. So my version of a CTI service was built around something different from anything else you’d find in the market because I was leaning on a decade of military intelligence training and converting that knowledge into customer value within a CTI context. The success of that service company was promoted out of the SOC and into a senior consultant role where I had my first commercial team. A lot of good and bad times in those days, but most importantly I was learning and getting better every day.

On the CISO-CIO relationship: At both my current and previous employer, I had the privilege of working with two outstanding CIOs. Our infrastructure was handled by IT veteran Tim Farrington, who’s been doing this for over 20 years in SMEs throughout Ontario. He was very resourceful and organized in his approach to infrastructure management. Together we got the organization ISO 27001 certified, which took about two years. So a lot of important leadership lessons were learned through that process. Now I work with our current CIO, Srdjan Milutinovic, who’s also very highly experienced. He’s been an empowering mentor and believes in hiring the right people in the right roles and letting them drive what needs to happen in their respective areas. He’s personally driven the transition of our entire company into an agile and safe methodology of software development, meaning he understands and expects empathetic, results-driven leadership out of all his respective department heads. I consider him a mentor and I enjoy the opportunity to soak up as much knowledge and trade experience I can with him. And if I look at the qualities and people he’s brought in, you can see the sense of loyalty and respect he commands. That’s what you’re looking for in a CIO.

On collaboration: I can’t get too deep into our own tech stuff specifically, but an example of a great collaborative partner or vendor partner I have is my relationship with Record Future. They have the best CTI platform, but they also have talented account and technical support. I’ve worked with them and their platform across every one of my employers throughout my entire InfoSec career. A lot of vendor relationships are very transactional and I find that’s not very genuine in terms of the care they give you. But my discussions with RF are never driven around whatever new widget or service they’re pushing. Rather, they continually assess where they can provide additional value to the state of my operations by having sales growth and development conversations focused on improving our current level of maturity. It’s a committed collaboration partner with a stake in seeing us succeed, and not simply in making their quarterly quotas. And I think that’s what it takes.

On team building: My approach has been to lean on my network, to scout, develop and capture talent by creating my own social pipeline. When someone is in school or a new grad or mid-career, the key thing I focus on is building genuine relationships with them. That investment in time, effort and care is the differentiating factor that makes them want to work with me, even if I can’t pay the same as a Silicon Valley company. In a market where employers and employees are all playing the numbers game against one another to untenable levels, the focus should be on real human relationships and looking at employment as a vehicle to a better quality of life for your people. That’s what makes it worth the time to actually pursue and fill that new head count with that individual. Once you build a pool of known, hopefully trusted talent already waiting for the opportunity to work directly with you, it’s just a matter of making sure the opportunity is right for them and working together to achieve that.