As some of you may have noticed, it’s getting a bit tricky to hire software engineers. Understatement of the year out of the way, it’s true, demand for technical talent globally is fierce. With that in mind, we thought it would be useful to talk to Rowena Everson.
Rowena is the Head of Digital Channels & Data Analytics at Standard Chartered and the founding board member of Standard Chartered Poland. Rowena successfully recruited and built a highly technical team, from scratch, in Poland so we thought it would be useful to know how.
Welcome to Quant Focus - Rowena Everson.
In June 2018 you landed in Warsaw on a mission to build Standard Chartered’s first offshore presence in Poland. Please set the scene for what you walked into and what you were tasked with.
This was an entirely greenfield site for the bank: in 165+ years of the bank’s history, we had never had a presence in Poland, so it’s fair to say I landed at Chopin airport with a big task, a lot of anticipation and a certain amount of trepidation.
The program was to deliver a new, high-tech hub of 750 people within a 3 year period and on a fairly tight budget. The entity would comprise, among other rare skillsets, a Cyber Security CoE (centre of excellence), a data science team, a risk modelling team and a financial crime compliance and surveillance unit.
Cyber security is a very technical field. Can you elaborate on the specific technical skills and experience that you needed?
The remit was for a full range of cyber security roles including Red and Blue teams, Malware protection, Cyber Security Engineers, Threat Hunters, Phishing specialists and roles dedicated to internal education.
Now that the division is over 200 people and has been operating for almost 4 years, we have started a graduate scheme, bringing in fresh grads with degrees in science, maths and social sciences and training them in the skills required for these roles. But at the start we needed to find people who already had these skills who were either doing similar roles at other private or public sector organisations.
The sort of skills we look for in an experienced cyber security professional include security penetration testing and knowledge of Red Team processes, technologies and industry frameworks such as MITRE ATT&CK and CBEST. Familiarity with languages such as C / C# / C++/ Java and scripting languages like Perl and Python are also desirable.
Outside the industry, I think most people imagine Cyber Security focuses solely on technology, but technology is merely the tool to implement the behaviours of the user. So in the case of bad actors or threat actors, understanding, anticipating and knowing how to spot those behaviours are equally as critical. Experience of scenario based testing based on threat actor behaviours described by Tactics, Techniques and Procedures (TTPs) was also something we were looking for.
What does the cyber security talent pool look like in Poland?
One of the reasons for selecting Poland, specifically Warsaw, as the location for the Bank’s new Hub was the depth and richness of talent in rare skill sets like Cyber Security.
The Military University of Technology is one of the pre-eminent schools for study of Cryptology and is an academic institution that we have formed a good relationship with.
Culturally, Poland is proud of its long history of contribution to the sciences from the Astrologer Copernicus to the code breakers who broke the first Enigma machine, and up to the present day. Warsaw’s high density of quality Universities but relatively lower cost of living compared to other European capitals also makes it a draw for international talent, many of whom complete their studies in the city and then join the workforce.
But whilst it’s a great location for talent in Cyber Security, that talent pool is spread across a wide variety of industries from domestic banks to government offices to private contractors who may operate in a range of different technology fields. Most of the other global banks who have established hubs in Poland have focused on lower end skill sets, whereas for Standard Chartered, the hub was designed specifically to house roles that might not normally be considered for an offshore hub such as risk modelling and Cyber-Sec.
What was your playbook for reaching this talent pool?
I could probably write an entire piece purely on this activity. First and foremost, it’s important to remember that not only were we looking for rare talents that are not necessarily operating in defined roles, but this 165 year old global bank had never had a presence in Poland. So establishing a brand presence that positioned the bank values and business to the broader community, and then more specifically positioned us as an innovative and exciting place to operate if you were looking to extend your career in Cyber Security and the other target professions we were seeking to attract.
Our Community branding was focused through social activities like lead sponsorship of the Fundacja Poland Business Run, which I secured in our first 12 months of operations and remains a cornerstone of our branding campaign.
Targeted events like the annual Cyber security symposium The Hack Summit (aka What the H@ck and Oh my H@ck) gave us a platform for advocacy by some of our Cyber professionals to reach out to the broader hacker community.
To attract gender diversity (which is historically tricky in certain industry sectors) we leveraged our existing female talent, including myself, which meant me upskilling to be able to engage with interested professionals and peers.
As a STEM graduate, working in the Digital Banking sector, I also spoke at events like Perspektywy Women in Tech, which we continue to sponsor and helps to position us as an advocate for more women in technology roles.
Being open to finding talent in non-traditional ways, like offering speed mentoring at industry events, sponsoring small hobby groups like Hacker clubs and hacking competitions, which could cost simply a few pizzas and refreshments.
Lastly, word of mouth is extremely important in Warsaw; it’s a very inter-twined business and professional community and more than once I found myself at events talking to complete strangers who knew a spooky amount about me and my business, because we were less than 3 degrees of separation apart. So demonstrating that commitment to creating an innovative environment by offering flexible working hours and contracts, building an entirely ring fenced Hacker lab inside the office and people related strategies such as developing a neural quiet zone with no digital tools allowed, muted lighting and no smells. All of these and more, helped show that we were committed to doing what we had promised.
Given the highly technical nature of the roles what was the technical screening process?
From a HR perspective the standard personality and conduct screening applies.
But educational specifics needed to be more flexible as degrees are less relevant unless you have studied something very specific like Cryptology, however certifications such as Splunk Core certification are important and forms part of the criteria for certain roles. As I mentioned, some people were interviewed after winning competitions which were demonstrations of their skill sets, and for more junior roles we have internal tests designed to test competencies in some of the core methodologies.
How did this team interact with the broader SC tech org
Standard Chartered is such a global organization: I’ve been with the bank for over 12 years and been based in 3 different countries but I’ve spent substantial time in many more. One factor that makes the bank unique is that everyone spends a portion of each day interacting with people from a different cultural background and this is something that I tell people during interview and induction. People who join the bank, tend to want to work in that sort of a culture. In a profession like Cyber Security where your interactions can be more digital than face to face, but where behaviour or good and bad actors is very much the driving force behind the sector, having an ability to work across cultural boundaries is very important. The Cyber Security team in Poland has become so well embedded into the bank’s broader structure that several global teams now run from Poland to include teams elsewhere such as Singapore and India.
What were the pros/cons of building this team in Poland versus London or another financial hub.
Warsaw has a breadth of industries represented in the business community, which is important when you are looking for rare skills. And Poland had a very high standard of education, so finding bright, educated people with good language skills is easier than some locations. Logistically, Warsaw is well set up as a hub location with an airport close to the city, a compact CBD, good public transport and road infrastructure, and high standards of personal security. When you combine all of these features together, you develop a powerful draw for international businesses.
You’re now back in London, how big was the team when you left and what are you up to now?
One of the last teams I brought in before handing over to my successor, was the Data Analytics team: a team of quants and data scientists that forms part of the global DCDA (Digital Channels and Data Analytics) division which I now head for Europe and Americas. At that time we were around 750 people, including 200 Cyber Security professionals.
My current role is still within the Digital Banking arena; I head up a transformational change program for the region which is changing the way we do business with our clients and how we interact with the broader financial community including fintechs and other platform based service providers. Much of my focus is on working directly with clients on how the bank can partner with them as they seek to digitise their businesses and working with fintech providers to offer more ways of delivering innovative and core products and services to our clients.
I’m still Chair of the Board of the Poland subsidiary, which now has over 1000 highly skilled individuals spanning a number of Centres of Excellence including Cyber and Quants.
Founding the Poland Entity for SCB was a unique experience that I continue to cherish and am very proud to continue to be involved.
Rowena Everson is a Business Leader and Transformational Change Specialist, with more than twenty-five years’ expertise gained in international financial markets across a broad range of experience that includes founding start-ups and restructuring failing business units. You can find Rowena on LinkedIn