07.10.2024 NewsCorporate

Driving IT and Compliance Excellence – David Gillet, CIO of VBS

 

This interview of David Gillet, CIO of Victor Buck Services, is published in Paperjam in French and English.

David Gillet joined VBS in 2022 as the Head of IT and was later appointed as the CIO within the newly established executive committee, back in 2023. In this interview, he shares the key projects initiated upon his arrival, focusing on improving cost control, enhancing software architecture, and embracing cloud service adoption. Additionally, he explains the pivotal role of cybersecurity in safeguarding VBS’ operations and ensuring regulatory compliance.

Two years ago, you decided to join VBS after 21 years in the aviation sector. What were your initial impressions upon arriving at the company?

I discovered a highly collaborative and healthy organization. And highly skilled and dedicated teams – essential factors for doing a good job. My first challenge was quickly integrating into the company’s culture, understanding internal processes and dynamics, and grasping the complexities associated with VBS’s regulatory obligations as a Support PSF provider. I found myself in a learning situation within a completely new environment. It has been an exciting period that is still ongoing today.

What were your first actions following your appointment?

I decided not to spend a period of observation and instead immediately kickstarted several projects as soon as I arrived. For example, reinternalizing key competencies and resources, introducing tools for enhanced cost control, renegotiating ongoing contracts, bringing change to certain HR practices, regaining control over existing applications and infrastructure, initiating transformation projects for our software architecture, and launching the first initiatives for cloud service adoption. My goal was to quickly cultivate a culture of change and leadership within the organization.

David Gillet, vertical portrait

What are your responsibilities as CIO?

I see myself as wearing two hats that I juggle daily. In my role as the Head of IT, I’m responsible, along with my teams, for ensuring the excellence of our IT operations by implementing initiatives that address our clients’ needs, meet their expectations, and contribute to our company’s future.

Since our CEO established our executive team in 2023, I’ve also been part of the executive committee as the CIO, focusing on broader strategic initiatives that may not be directly related to IT but benefit the company as a whole. I recall an anecdote that illustrates this dual role: during a budgeting session, my colleague asked if I had effectively advocated for the IT department’s interests. I replied that yes, as the Head of IT, I had done so. However, as a member of the executive committee, I also had to arbitrate certain decisions.

Given the evolving landscape of strategic initiatives and the importance of safeguarding operations, could you provide insights into the key cybersecurity considerations at VBS?

At VBS, cybersecurity is fundamental to our operations, especially given the sensitive nature of the data entrusted to us by our clients. We manage the printing, distribution, and digitalization of confidential documents —including financial information and patient records —in sectors such as banking, investment funds, and healthcare. Cybersecurity, and more broadly Information Security, is at the heart of all the decisions and actions we take. Our Information Security Officers are key resources in our company, regularly consulted and working closely with all colleagues to ensure the security of our data and that of our clients. We continuously invest in solutions to further improve our cybersecurity. For instance, we’ve recently adopted a « security by design » approach and integrated automated secure coding into our development cycles using a new Dynamic Application Security Testing (DAST) tool. This

allows us to continuously assess vulnerabilities from an external perspective. Moreover, the deployment of a new Endpoint Detection and Response (EDR) solution and a cutting-edge Key Management System (KMS) for encryption key rotation highlights our commitment to robust security measures. Additionally, we’ve successfully reduced our attack surface through a Privileged Access Management tool and a CIS Configuration Assessment Tool.

All these examples underscore the importance of our security strategy and investments. And it pays off! We were one of the first companies in Luxembourg to obtain the new ISO 27001:2022 certification in 2023.

You mentioned the challenges associated with the regulations that VBS must adhere to. Could you elaborate on how this impacts your daily work?

At VBS, we often describe our operations as being in a “perpetual audit mode”. With CSSF, OSPAR, ISO 27001, ISO 22301, due diligence requirements, client audits, and internal audits, VBS operates within a highly regulated environment. Beyond the strict measures and high level of governance we’re committed to, the management of these audit phases is a massive effort for a company of our size, with significant costs that continue to grow.

Despite the efforts they require, these regulations and certifications are essential for our clients and are a key strength for VBS. They not only underscore our dedication to strict security and confidentiality standards but also reinforce our reputation as a trustworthy and reliable partner.

In our day-to-day operations, I’d love to have an AI that could streamline our responses to auditors and regulators by learning from our existing processes!

Are there other challenges that you deal with regularly?

One notable challenge we face is attracting and retaining talent. But that’s not a bad thing in my opinion – it means the job market is healthy.

David Gillet, vertical portrait 2

What about AI at VBS?

AI is already integrated into the daily lives of many of our employees, but for personal use. Personally, I rely on AI as a daily assistant, even to prepare for this interview! Now we need to integrate it into our corporate environment before progressing towards full-scale industrialization. We’re in an exploratory phase and have an open approach in terms of use cases. To give examples, we’re exploring how AI could elevate our developers’ work, in terms of coding or creating unit tests. Additionally, we will also examine ways to improve our employee onboarding process, and to prevent and better anticipate incidents through AI.

As we’re heading towards the peak of Gartner’s well-known ‘Hype Cycle’, the reliability of investments becomes increasingly uncertain due to the multitude of existing Foundation Models and the proliferation of new players entering the market. Addressing the crucial question of data quality that will fuel the training process is also imperative. On the other hand, ethical considerations are a source of concern for me. What will happen when people entrust their lives’ control to their AI agent, or consider it as a friend, despite knowing all the inherent biases in this technology? Ultimately, AI is just a technology tool! But here, it’s more the father of four children who’s worried, not the CIO!

To wrap up our interview, I have one last question for you. Two years ago, you made the decision to join VBS. Would you make the same decision today?

Absolutely yes, without hesitation, but I’d make it even faster!