In today’s business landscape, navigating the complex intersection of technology and enterprise-level risks is a formidable challenge. As organizations strive to adapt and thrive in this ever-shifting terrain, they rely on individuals who bring a unique blend of expertise and innovation to the table.
Consider a scenario where a company is grappling with a transformational endeavor, facing hurdles that threaten to impede progress. This is where Al, a seasoned professional with a wealth of experience, steps into the picture. Al has honed his skills in tackling complex challenges in the technological landscape.
Following a successful 22-year career at Plains, Al Lindseth embarked on a new journey by establishing CI5O Advisory Services LLC. This endeavor emerged from his desire to enhance and leverage value within the dynamic business environment, he identified the imperative to facilitate transformation and navigate the unique disruptions and risks that shape today’s corporate landscape.
Al’s multifaceted career, highlights his approaches to problem-solving, his dedication to strengthening digital strategies, and his commitment to elevating the role of Chief Information Security Officers (CISOs) within various organizations.
Let’s delve into Al’s approach!
Starting Out
Al’s friends and family never believed he’d settle for a corporate office job. With a background in adventurous Alaska salmon fishing, he craved excitement. Then, a family friend in Atlanta offered him a role in an energy hedging and derivatives consultancy.
However, this was in the pre-electronic market era when the NYMEX futures pits echoed with open outcry. The presumption in the trading arena is a towering presence, or one could get tossed off during a particularly rough market-on-close period.
Shedding light on this scenario, Al shares, “I used to contact and direct the traders over at NYMEX to get the deals done for me; however, back in that era, the last two minutes of each day’s trading was a flurry of bids and offers, people yelling into a phone and pit traders and their staff on the other end yelling back and sending runners into the crude, natural gas and refined products pits.” He further expresses, “It was exhilarating.”
When he reminisces about the first time he visited, a trader remarked, “Lindseth, I thought you’d be bigger.”
Working in the energy sector from Atlanta felt like being on the periphery, observing from afar. Soon, the pull of the industry led Al to Houston, its epicenter, where he joined PwC’s energy risk management group.
At PwC, they delved deep into the intricacies, juggling diverse clients and numerous engagements, dissecting contracts, performance, risk, profitability, and effectiveness. It provided invaluable exposure to large and intriguing companies, offering a glimpse into the industry’s inner workings.
Over the years, a troubling trend became evident—an energy trading bubble was inflating. When utility companies approached their team to assess acquiring trading firms, they uncovered discrepancies. What appeared as massive mark-to-market gains could easily transform into losses by tweaking a few assumptions in long-term structured deals. This realization spurred Al to seek a career with a focus on asset optimization and enterprise-level risk management rather than speculative trading, eventually leading him to Plains All American.
Stepping Outside One Operator
Having spent 22 years at Plains, wearing various hats and gaining invaluable experience, it was time for a change. Opportunities beckoned in the roles he had held – CIO, CISO, CRO – at some prestigious establishments, but he couldn’t choose just one—he liked them all. Despite advice to specialize, he opted to chart his own course, becoming his own boss and continuing to juggle it all. Establishing CI5O Advisory Services LLC. wasn’t about growing a large company or assembling a team—it was about making a larger difference.
The horizon held no visions of managing hundreds of staff—he had been down that road. Most of his clients required smaller engagements, maxing out at 5-20 hours per month. His goal was to maximize value in minimal time, empowering management teams with his part-time expert guidance and advisory.
Now well over a year into this venture, he is advising a diverse clientele—from executives like CIOs, CISOs, CROs, and Innovation Officers to service firms and tech companies, including both giants and startups. His primary focus lay in the transformational impact of emerging technologies, a journey that gained momentum around 2020. He had always been an active tech investor and now, as a tech advisor, he played an instrumental role in his clients’ success. It was akin to an extension of his past investment activities but with a more hands-on approach.
However, adopting these innovative solutions often require significant organizational adaptation, given their disruptive nature to existing business models. Guiding companies through this transformation is one of his strengths, ensuring they harness the full potential of these game-changing technologies.
An Integrated Risk-Based Approach
Throughout his career, Al has been honing his skills in addressing top issues and challenges in various sectors. His tenure at PwC saw him adopting a McKinsey-like approach to tackle intricate problems. Joining PAA presented a significant turnaround challenge, demanding crisis-driven leadership. In his current role, his focus has shifted more towards proactive risk management for companies.
Drawing from his diverse experiences as CIO, CISO and CRO, he offers unique insights and a modern, innovative approach to enterprise-level risk management. Al entered the tech field over two decades ago with a business risk perspective, a model now recognized as integrated risk management.
Al’s collaborative and curious nature led him to analyze why other risk and change-related efforts often failed or progressed too slowly. He now has the freedom to address these issues diplomatically in his small-engagement model, ensuring no client is too integral to risk constructive criticism. Al’s determination to be a true change agent sets him apart from traditional consulting firms.
He uses a consistent process to address various enterprise-level risks, emphasizing his passion for cybersecurity. Recognizing the different trajectories of cyber risks, he stresses the importance of distinguishing them. His extensive experience allows him to navigate the complex landscape of modern cyber threats, including the convergence of IT and OT cybersecurity.
He highlights the need for companies to adapt to the changing landscape of cloud cybersecurity risk as an example, encouraging them to adopt newer models. His expertise extends beyond cybersecurity to tackle supply chain risk, guiding companies from traditional cost-focused approaches to modern risk and resiliency strategies. In the energy sector, most companies are hesitant to change, but the mitigation of this risk needs a newer approach and models.
Artificial Intelligence is another area where he has recently applied his risk-focused approach, delving into clients’ specific goals and relevant trajectories. He excels in developing and working on financial risk management programs, always considering non-technology factors such as culture and behavior.
His involvement with tech advisory clients allows him to showcase innovative solutions for disruptive problems with this approach. He partners with companies offering alternative solutions and helps operators envision a modern approach to their challenges.
One of his tech firm clients addresses hardware supply chain cyber vulnerabilities, a critical but often overlooked aspect. Another client focuses on cloud-based attacks, leading the way in the SASE model. Working with modern business supply chain platforms that leverages improved data for risk monitoring is one of his challenging tasks.
In addition, he has been assisting a new marketing affiliate in establishing a financial risk management program, starting with policies and procedures. He is engaging with companies that are poised to transform pipeline control center management and logistics in refined products.
Turnaround Agent
He believes Plains was one of the most remarkable turnaround stories in energy midstream history. He was right in the middle of it. Al’s journey with Plains began in late 1999 when the company faced a crippling rogue trading loss, equivalent to nearly its annual earnings at the time, garnering national headlines.
Initially, he joined as a consultant from PwC to address this crisis. However, the challenges extended beyond trading—Plains grappled with significant issues in accounting and technology due to its rapid growth and legacy company problems. These issues posed serious threats to any further growth.
Given the gravity of the situation, he was entrusted with addressing all three challenges simultaneously. Through relentless effort and countless late nights, Al transformed these weaknesses into substantial competitive advantages.
By the end of 2001, the company had stabilized and he was soon promoted to Senior Vice President at the age of 33. This marked the beginning of an 11-year period during which Plains consistently met or exceeded earnings guidance, embarked on acquisitions and achieved annual double-digit growth, eventually attaining Fortune 100 status.
However, his contributions extended beyond the turnaround. He identified a hidden opportunity within Plains, a skill he had honed both in investing and in his career. While working with PwC clients, he recognized that asset optimization strategies for natural gas storage and pipeline assets were challenging to execute profitably in the natural gas market.
Yet, they could potentially excel in the crude market. Despite the difficulty of persuading Plains’ board, banks and auditors to embrace the required derivative and physical commodity strategies after the trading loss, he played a pivotal role in winning their trust. These strategies played a significant role in Plains’ early growth and success.
As Plains prospered and his career advanced, the energy trading bubble eventually burst. Throughout his tenure, he oversaw business risk and technology, including cybersecurity and innovation/transformation. Remarkably, Plains never experienced any major cybersecurity, risk management, or technology incidents during his leadership, leaving no turnaround story to recount in this regard.
Balancing Top-Down Risk with Bottom-Up Compliance
He has a compelling ability to articulate the complex issues plaguing the energy industry, particularly amidst the interplay of ESG concerns, SEC regulations and the ever-looming threat of cybersecurity. Over the years, he has witnessed the industry’s landscape shift dramatically, driven by a relentless influx of federal regulations—more than 88,000 between 1995 and 2016 alone.
His overarching goal has always been to establish continuous and sustainable programs that strike a delicate balance between business growth and protection. He staunchly advocates that the effective management of risks should not equate to avoiding risks altogether, as doing so can stifle growth and hinder cash flow, increasing the chance of not meeting targets such as earnings guidance.
He often emphasizes the inseparable link between risk and opportunity, stressing that firms cannot manage risk by merely limiting their exposure—such a strategy would squander potential opportunities. He also explained this many times over the years. The impetus to just do what the regulators, auditors, management, or investors require, whoever is applying pressure to comply is impossible for many to resist. However, it can interfere with your plan to address high-priority risks and achieve performance targets, which itself increases risk.
His experience has ingrained in him the notion that a risk manager’s role is akin to monitoring a turbulent bar chart where risks, threats and issues are in perpetual flux. Balancing various perspectives on risk tolerance is a formidable challenge, particularly when outside entities prioritize certain risks over others. Al understands the imperative of allocating resources judiciously, focusing on protecting the broader exposure and accepting that risk is an intrinsic aspect of effective risk management.
The Art of Doing More with LessTop of Form
Al’s role at Plains involved simultaneously managing responsibilities typically handled by multiple executives. Today, he advises clients on these diverse roles, offering part-time expertise to streamline their management teams without resorting to large consultancy teams. His success is rooted in several key approaches.
Firstly, Al adopts a results-oriented perspective, prioritizing outcomes and quickly identifying root issues, akin to quality assurance in manufacturing. His ability to bridge overlapping areas of responsibility facilitates integrated and efficient advisory, enhancing effectiveness.
Al stands out as a CISO due to his risk background, building cyber programs aligned with the language of risk programs, fostering top-down decision-making, support, and clearer goals. His adaptability is a notable asset, shifting his approach based on the job requirements, whether as a problem solver or a facilitator of change.
Succession planning and leadership development have enabled Al to oversee multiple functions. His continuous improvement mindset, coupled with problem-solving skills, ensures he can dive deep when obstacles arise, making him an effective agent of change. He operates as an architect, delving into process and system understanding and redesign, which facilitates senior-level influence.
His vast experience allows him to seamlessly navigate clients’ efforts, leveraging existing management and staff while providing value and direction without monopolizing their time. In larger consulting projects, he may constitute a small percentage (5-10%) of the team, advising effectively at the leadership level.
Beyond the Boardroom
Al’s approach to problem-solving and decision-making has evolved over time. Initially, as a consultant and during his early years at Plains, he experimented with various problem-solving methods. He found McKinsey’s MECE (Mutually Exclusive, Collectively Exhaustive) technique effective in swiftly identifying alternative solutions and honing in on the best one. He would quickly form a hypothesis up front and move faster and more effectively by focusing efforts on proving or disproving it, pivoting as needed. Visualization, creating tangible representations of ideas, was another powerful tool he employed to extract the best ideas from his team and organize them into action plans.
For complex problems, Al adopted strategies akin to those used by litigators. He structured arguments (litigator methods) by establishing key positions and supporting evidence, enabling him to validate his approach and persuade others effectively. He continually expanded his problem-solving toolbox, sharing these methods with his team.
As he developed a robust team and transitioned into a more proactive role, Al’s focus shifted towards leading change and proactively addressing risks in a complex and volatile environment. Beyond technical expertise, he emphasized the importance of skills related to process standardization, optimization and fostering high-performance teams among cross-functional groups and individuals.
Staying Illuminated in the Energy Sector
Al frequently participates as a speaker at conferences, addressing various enterprise-level risk and innovative topics. He values the platform these events provide, allowing him to convey his message comprehensively, gather feedback and refine his ideas. His expertise spans cybersecurity (IT, OT, cloud, privacy), IoT, AI, business supply chain risk, and financial risk management.
During conferences, Al diligently visits sponsor booths in search of groundbreaking technology that offers novel and more efficient solutions to operator challenges. Among the numerous sponsors, only a small fraction aligns with his criteria. Some of these eventually become his advisory clients, while others contribute to his understanding of the latest industry developments.
His active investments, primarily in technology, over the years played a pivotal role in his decision to leave his role at Plains. Trading and market insights gained from these investments have not only influenced his financial decisions but also deepened his understanding of industry trends. His advisory work, particularly with technology clients, extends his former investing activity, particularly in identifying and selecting promising partners to work with.
Start with a Risk Planning Perspective
Al excels at coaching CISOs, CIOs and management teams in enhancing risk management skills, a critical need in today’s dynamic landscape. He emphasizes the importance of getting ahead of challenges and threats while adapting or transforming business models, especially in the context of technological disruptions.
Broadly defined, risk encompasses anything that could hinder an organization from achieving its objectives. Al acknowledges that defining risk too broadly can lead to chaos and he highlights the necessity of establishing a common understanding and balanced perspectives among different roles.
Al says, “Being a better risk manager starts with risk planning so you can focus your efforts in effective ways.” Al’s approach begins with risk planning, involving a series of key questions:
- What are the trends/directions and how do they relate to your company? Identifying trends and their relevance to the company to establish the imperative for change.
- What are we trying to accomplish? By setting clear goals to ensure everyone comprehends the program’s objectives.
- What could keep us from achieving those goals? By identifying risks, conveying a high-level model to simplify complexity and quantifying and illustrating them.
- What are the largest risks? By prioritizing risks, recognizing that these priorities evolve over time.
- How do you manage them? By determining alternative risk management strategies and leveraging modern innovations.
- How do you make those decisions?
- Once you do make them, how effective are those measures?
- How do you communicate all this? That’s the reporting along with other communications.
He emphasizes the importance of proactive efforts in OT cybersecurity, notably before the Colonial incident. Al used a Defense in Depth schematic to underscore the differences in IT and OT cybersecurity readiness. He stressed that the potential impact of a successful OT attack could be substantial, encompassing economic, operational, and safety consequences. Al also highlighted the industry’s evolving recognition of the need to move beyond perimeter controls and improve visibility into OT systems, especially as technology convergence and threats increase.
Al encourages companies to prioritize the capability to detect and respond to successful attacks in their future designs, particularly in the OT environment. While challenges persist, modern tools and approaches have made significant progress in this regard. It’s crucial for boards and management to grasp the specific challenges and changes in the OT realm, given its widespread presence in critical infrastructure sectors.
Beyond Handshakes
Al strives to provide valuable insights and collaboration to his peers, often addressing critical issues with a unique perspective. He believes that the role of the Chief Information Security Officer (CISO) is not given the recognition it deserves in many organizations, potentially leading to significant consequences related to critical infrastructure, national security and data protection. Al is actively working to raise awareness of the importance of the CISO role by advocating for CISO recognition and collaboration through initiatives like the Orbie CIO awards, both in Houston and other cities.
He maintains his involvement in various peer groups and networks to stay connected, recognizing the high turnover rate in these roles. Al offers his expertise through speaking engagements at conferences and even creates short LinkedIn videos on various topics. While he’s transitioning away from providing free advice which comes at the expense of paying clients, Al finds it challenging to decline requests from friends seeking his assistance when they encounter problems.
Fueling the Future
The rapid technological advancement in recent years is increasing disruption and failure rates for companies not strengthening their digital strategies. Up to 80% of incumbent firms can fail when industry-transforming shifts occur. Al’s focus on innovation and technology, which began around 2020, prompted him to explore strategies for more effective change management in an industry where large transformation efforts often fail. He regularly presents on the topic of ‘5 Reasons Transformations Fail’ at conferences.
He shares, “It was bothersome that this much waste and ineffectiveness was taking place, particularly in areas like critical infrastructure or cybersecurity where a lack of progress could have massive consequences, not only to our businesses and economy but also to our national security.”
Recognizing the need for impactful change, Al transitioned from working for a single operator to advising various firms on transformational and innovative efforts. He typically enhances struggling projects by addressing both non-technology aspects, such as management support and cultural clashes along with innovation aspects. Al’s approach includes modernizing techniques for cybersecurity assessments in critical infrastructure and recognizing the importance of transforming Operations in implementing OT cybersecurity programs.
In many companies, OT programs are closely tied to Operations and their goals of integrity, safety and OMS. However, integrating cybersecurity into these frameworks can be challenging. Often, Operations teams prioritize cybersecurity only when external pressures like IT, auditors, or regulators demand it. In the interim, they focus on remote asset management, data acquisition and network upgrades, often neglecting cybersecurity. This fundamental makes implementing an OT cyber program far more transformative than its IT counterpart.
Accomplishments
Al has spent a great deal of time collaborating with public and private entities to improve our collective cyber defenses. This included leading the cyber team of a National Petroleum Council Study for the Department of Energy in 2019 and serving on the Board of the Oil and Gas ISAC. After leaving Plains, he worked to bring the Orbie Awards to CISOs in Houston and other cities to escalate that role and promote collaboration between it and the different companies.
Al has devoted himself to the community in Houston, receiving many professional awards and recognition for his contributions, including:
- 2009: Evanta CIO Summit Five Year MVP Award which is only awarded to one CIO nationally every year, ‘the leader that has had the most significant impact on the CIO Executive Summit Community.’
- 2019: Houston CIO of the Year ‘Orbie’ in the SuperGlobal category, the largest company category
- 2022: Houston Annual CIO Leadership Award.