Preparing for the Future, Today—DSS Fireside Chat with Wells Fargo

October 25, 2022

At the recent Distributed SQL Summit, Saul Van Beurden, Head of Technology at Wells Fargo, sat down with Yugabyte CEO Bill Cook to discuss the bank’s modernization, innovation, and digital transformation initiatives.

Saul shared his experience, insights, and advice on how any IT leader can drive change—from the technology stack to security, from the importance of building skills to making elephants run, and even a conversation around blueberry muffins!

Curious to discover more? Below is an excerpt of the key points covered during the chat, or if you like you can also watch the full session!

Fireside Chat Highlights

If I look at the role of a CIO today, I feel that there are two roles that need to be filled—that of a trusted operator and that of a business driver. Looking at my first two and a half years, we focused on being that trusted operator.

To do so, we built skills not just for current technologies but also for future technologies. We are ensuring that we have secure and stable plans—as much as we possibly can. I feel we have made significant progress in that area. The journey is never linear, as you know, but we are definitely trending upward.

At the same time, we have also put down the foundation to drive more business, meaning acting and operating with more speed. For example, when we started three and a half years ago, it took us 65 weeks to accomplish any type of meaningful project scope. Nowadays, we do that, on average, in 24 weeks.

But that’s not good enough. It should be eight to 10 weeks. So speed matters, and that will continue to be our priority for the future.

Scalability is another focal point and priority. You cannot organize yourself only around your peak levels (in terms of infrastructure and pace). Demand is as elastic as you can expect in this industry. So we have invested quite a bit in full cloud migration—to both public and private clouds.

Q: What is the biggest thing you implemented to drive some of these things?

A technology college. If you look at the career paths, frameworks, and development paths for our 42,000 technologists worldwide, that was necessary. We have over 300,000 self-assigned courses completed by over 36,000 unique learners last year. We represent the second largest adoption of an online technology college—all built on the back of our people’s career paths and development paths.

We now have distinguished engineers who we didn’t have before. If you look at security, we have rolled out everything around EDR (endpoint detection and response), which is what you need to have, given everything that’s going on with ransomware. I can talk about stability and what we have done there, especially in a world of resilience and resiliency testing.

Regarding speed, I think the most important and remarkable point is that we now have 5,000 Scrum teams, and we have merged all the different IT functions into multifunctional, cross-discipline teams. This year we pushed out more scope in terms of story points, which has helped us deliver everything much faster.

Q: What do you think are the most important lessons learned as you drive these initiatives around transformation, innovation, and change in a company the size of Wells Fargo?

There were many lessons learned, and I would sum them up in several ways.

To start, you need to know your point of departure well. Many people try to begin transforming without knowing where they came from or where they want to go. When you know your point of departure, you have your benchmark, and you can start to define that area between where you are and where you want to go.

Then you can start articulating an ambition and vision that people can rally around. I’ll give you an example—we used the phrase “make the elephant run.” A large bank is sometimes viewed as being very slow. In some cases, that perception is reality. Like an elephant, we have a lot of mass, and we need to put it into motion. So the phrase, “make the elephant run,” really resonates with people. They can get behind that. That’s great, but that is not enough.

You need to break everything down into strategic pillars or initiatives and get the resources—the means, the money, and the investments. You also need to get the priorities from your board and colleagues, usually delivered as a set of pretty articulated plans. In reality, they are more like guidelines than anything carved in stone with a fixed due date.

Talent is also critical. You need to promote or hire talent onto the team who can execute. Also, once you have your mission and vision, you need to break everything down into metrics. If you cannot measure it, it’s not meaningful, in my opinion. When you know the metrics, you can bake them into the performance cycle. You can do reviews around that. You can go in deep to better understand setbacks.

Everything comes down to communication and values. Communication means being open and transparent about the wins and setbacks. Transparency builds trust. I truly believe that.

Finally, be modest when things are going well and strong when things are going bad. It’s during the bad times when you are supposed to be a leader. I can say many more things about these subjects, but these points are based on what I’ve seen and been part of, my mistakes, and what I have learned from it all.

Q: From a technology perspective, security, compliance, and regulations are integral to what you’re doing to drive innovation in the financial industry. So how do we make environments more secure while still accessible? What do you think about security as it relates to the database?

I will give you a very simple answer. It’s like making a blueberry muffin, no matter if you buy or build your solution. You need to look at it as if it was a blueberry muffin.

So let’s dig into that bit.

The blueberries are your compliance and security requirements. If you bake (or buy) a plain muffin and then, afterwards, try to push your blueberries into it, you really don’t have a blueberry muffin. You have a mess. Your blueberries need to be baked into your muffins, just like how your compliance and security requirements need to be embedded into the solution before you start building or buying.

When you deal with innovative solutions such as Yugabyte provides, you cannot expect that every blueberry is already part of the blueberry muffin from day one. That is where collaboration comes in. At Wells Fargo, we have to be completely clear on what is absolutely needed and what is not needed. We have to take an active role in helping our database partners get there.

But that is still not enough. Security and compliance are essential, but the muffin itself must adhere to a couple of other things.

It needs to be agile. Anything that comes with handoffs or difficult manual provisioning is not the world we at Wells Fargo want to be in.
It must combine resiliency with high performance, which is not always easy for some solutions.
It has to be cloud native and cloud agnostic; there needs to be value for money in the end as well.

The blueberry muffin represents the whole package. The blueberries are compliance and security, but we cannot forget the other things.

Q: So there are many things on your plate, a lot of priorities. When we look at data at its core—database and data architecture—where do you see it fitting into this agile, scalable, high-performance, cloud native world?

Devsecops is one way to look at it, but you also have to take a full “stacked” approach. Look at the entire stack—the codes, the UI, the logic, the database, and the data. You cannot just look at each layer; you need to look at the entire stack. In addition, you cannot just focus on new technologies.

You must distinguish what are (or should be) new applications or workloads and what are (or should remain) existing workloads. Therefore, we need help from our partners, such as you [Yugabyte], to assess what is already there, what can be easily migrated, and what has to be a more long-term project. That way, you can prioritize.

Finally, I have to go back to the people, because technology is still built and executed by people.

As I mentioned when we chatted about the technology college, upskilling is important. To ensure that our innovations are adopted at scale, we need more than a team of five who think that what has been rolled out is great. This feeling needs to permeate through 500 people. To scale, you need to bring everything together, including a “stacked” approach, the process view of devsecops, and the people and their skills.

Want to hear more? Check out the full session here!