CIO interview: Gary Steen, chief technology officer, TalkTalk

TalkTalk has overhauled security since its controversial data breach in 2015, according to CTO Gary Steen, and is investing in technology to beat its rivals on customer service

This article can also be found in the Premium Editorial Download: Computer Weekly: Get protected: The importance of security

Telecoms company TalkTalk is undergoing a major technology transformation to enhance the experience offered to its customers. 

Leading the change initiative is chief technology officer Gary Steen, who joined the company in 2012. He was appointed CTO in 2014, with responsibility for all aspects of technology strategy, delivery and operations across the group.

“From a technical standpoint, the biggest surprise to me since taking the role has been the sheer rate of change both internally and within the telecoms market in general,” Steen tells Computer Weekly.

“You would think that at some point it would slow down, but the rate of change has actually increased and the complexity is increasing as well.”

Even though TalkTalk has grown through several acquisitions over the years, it is a lot smaller than its competitors. Clearly, it wants to be the first choice for consumers, so it needs to be “smarter, more innovative and creative” in its technology.

The company has accordingly created an IT strategic plan dubbed #bettertech. This has four core pillars: getting the right skills to deliver projects, ensuring operational efficiency, managing the outgoing legacy, and investing in innovative technology.

Bringing skills back in-house

The first pillar of Steen’s plan is about ensuring the company has sufficient IT skills in some specific functions within its team of 600 internal people and 900 outsourced staff.

A big user of outsourcing, TalkTalk’s main suppliers are Tech Mahindra, TCS, Capgemini and Infosys, but the idea is to boost internal capability, especially in areas such as data, security, architecture and design.

“Insourcing is about looking at our skills and those at our technology outsourcing partners, and also looking at how we avoid duplication. We are talking about optimisation of what we’ve got and how we can deliver more for the same,” Steen says.

“Our outsourcing partners are intrinsically linked to the success of our technology delivery and this will continue. However, we need to ensure that we build up our own intellectual property.”

Gary Steen, CTO, TalkTalk

“Getting the right people takes a lot of time. But we obsess over making sure we bring the right talent in, not just from a technical perspective, but from a cultural perspective”

Gary Steen, TalkTalk

According to Steen, the company is working with its suppliers to create a new operating model aimed at improving internal capability while continuing to take advantage of the scale and expertise they offer.

Talent draw

Meanwhile, the recruitment efforts have already started. TalkTalk wants to be “on the list of companies that smart talent wants to work for”.

Steen explains: “We want people – especially around the north-west and in the Manchester area – to consider us as one of the key places that they want to work and get on their resumé.”

In terms of skills development, TalkTalk wants to widen its talent pool for the long term. Steen points out this will entail balancing the recruitment of experts with talent at a “grassroots level”.

He says: “For me, the big leadership callout has been about the fact you can’t put too much effort into developing the capabilities for the future.

“It would be very easy if we were a big company to focus on lots of expensive talent and pass that cost off onto our customers. But we’re trying to keep the technology budget broadly flat and deliver more for the same, so we need to do that by being smart about how we deliver it.

“It’s not the easy option, though. Getting the right people takes a lot of time. But we definitely obsess over making sure that we bring the right talent in, not just from a technical perspective, but from a cultural perspective.”

Rationalising IT infrastructure

The second cornerstone of operational efficiency improvment includes monitoring, asset management and service management capabilities, and embedding security in every part of the lifecycle.

To do that, TalkTalk is adopting ITIL as a best practice framework, and processes have been benchmarked from end to end, in areas ranging from architecture and design through to operations. 

Other developments include a move from manual to automated asset management over the past nine months. This is to ensure the company knows the interdependencies between its systems from a software and network perspective.

The third and fourth pillars of the #bettertech strategy are about managing technology legacy while introducing innovation. This is all linked to a major exercise to rationalise TalkTalk’s physical hardware infrastructure and build a hybrid cloud.

Hybrid cloud

To consolidate the physical servers across TalkTalk’s datacentres, the hybrid cloud deployment will have to be completed in the next 12 months. According to Steen, the goal is reduce the current footprint of 4,500 physical servers to about 250 virtualised servers.

The hybrid arrangement is based on a mix of on-premise and traditional cloud, and includes an extension of the company’s use of Microsoft Azure. Steen says TalkTalk is the UK’s largest user of Azure to date, mainly in its TV content distribution business, and the plan is to further exploit that in the coming year.

Another element of the infrastructure refresh is storage. TalkTalk has signed a deal with IBM to consolidate 12 different storage platforms on one, taking the setup from over 120 racks of storage to 12.

“A lot of the work on datacentre consolidation is actually in the planning. The execution is a lot easier,” Steen says.

Rethinking security

It’s hard to talk about TalkTalk’s technology strategy without mentioning the cyber attack on the company’s website that exposed details of hundreds of thousands of customers last October.

At the time, while the company claimed to “constantly review and update” systems to ensure information was safe, it also admitted that not all of the data was encrypted.

Fast forward 10 months and TalkTalk has fundamentally changed its approach to security and risk, according to Steen. The biggest shift has come in the company board’s attitude.

“Don’t get me wrong – security was a very high priority before the attack. We’d increased our spending year-on-year, it was discussed at every board meeting, and we are a part of the critical national infrastructure, so playing our part in keeping that secure was incredibly important to us,” Steen says.

“However, the board now asks my team a very different set of questions. Instead of wanting the reassurance that we’re safe, they now challenge us to explain the risks we face with every major decision we take.”

We still remain a high-profile target, and as our CEO puts it, the last thing we want to release is a manual for the hackers
Gary Steen, TalkTalk

Before the incident in October 2015, Steen says cyber security at TalkTalk was siloed, and not really thought about within the wider business.

“In the months that have followed, we’ve made a conscious effort to break down those silos, and make sure everyone in the business understands the challenges and risks out there.

“We run exercises and have regular communications from the security team so that we can really embed security in everything we do.”

TalkTalk’s security approach has undergone a complete facelift, along with the recruitment of former Electronic Arts chief information security officer Derek Cheng earlier this month. The company will not comment on other specific measures it has put in place.

“We remain a high-profile target, and, as our CEO puts it, the last thing we want to release is a manual for the hackers,” Steen says.

Customer focus

Transforming the customer experience is another priority for the technology strategy at TalkTalk and is another example of innovation to support business demands. That includes a move to omni-channel and improvements in customer relationship management (CRM) capabilities, a programme now into its second year.

“We will build the CRM technology once and we will expose it to our customers through all points of contact and devices, whether they’re using a smartphone or a mobile or whether they’ve contacted us through the contact centres,” Steen says.

“So the idea is we build it once, we reuse it many times, giving a consistent service. From a technology perspective, we’re transforming our online platforms to create a much improved experience.”

The CRM project uses technologies such as Angular and Pega, and the company is redeveloping and redesigning its front-end systems to reflect that change.

Read more about the TalkTalk data breach

TalkTalk has also done lots of monitoring across its IT estate, including applications and physical datacentres, but found this didn’t inform the business about the end-customer experience.

“If you’re going to a website and trying to process a request and the performance is slow, it’s difficult to diagnose if this is an application, services, network or server issue,” Steen says.

“Our customers don’t care which part of the technology stack is at fault – they just want a great service – so the big push we’re doing is more around end-to-end customer monitoring.

“We’re monitoring the customer journey across all touch points and that enables us to highlight and resolve any weak links quickly and effectively.”

The underlying technologies TalkTalk will continue to use in that area include IBM’s Netcool for network management and  tools such as AppDynamics for application management and monitoring.

TalkTalk is just starting the selection process for a strategic configuration management database, which will tie together network assets across the UK with customers. That enables the company to inform clients proactively when there are outages or changes to the network.

Dealing with data deluge

TalkTalk will consolidate its analytical platforms and focus on a small number of key systems, such as Hadoop and an IBM Netezza data warehouse, which is undergoing a major upgrade to increase capability and resilience.

TalkTalk has seen a dramatic increase in the number of devices that people connect in their homes – and the amount of data going through its network as a result.

“In terms of monthly usage, customers are consuming up to 150GB per month. That gives us increasing amounts of data to process and move through the network.

“Making sure that we have a network that scales for both those services today and for the future is one of the key challenges and focus areas for my technology group.”

According to the CTO, a lot of time is spent planning the network and ensuring it has the capacity, caching and bandwidth to cope with demand.

The company is rolling out next-generation capabilities to its Juniper-supplied network to support that growth as part of a four-year programme that will complete in the next 12 months.

The project will see the migration of TalkTalk’s four million customers and all of its services. This will be implemented at all of the company's 3,038 points of presence across the UK and will provide further technical improvements in terms of fixed and mobile traffic convergence across the network.

“That supports not only the services we offer today, but also provides a springboard into future emerging capabilities such as softwared-defined networks and network function virtualisation,” Steen says.  

Staff-facing tech

TalkTalk will be soon consolidating its two sites in north-west England into a single new campus, the Soapworks, located near BBC’s Media City in Manchester. To support the move and the associated new working style, a range of technologies and capabilities will be introduced.

The new environment will see the end of traditional offices and the start of a “Wi-Fi first” era to support a mobile workforce using next-generation devices.

A recent shift away from Blackberry to smartphones is preceding the move to the new base, and Office 365 will be rolled out as the primary collaboration system. The idea is to move from the traditional style of laptops and desktops to more modern equipment, which is yet to be procured.

Looking ahead

Within a year, Steen hopes to have achieved the “right shape and working model” for TalkTalk’s outsourcing arrangements. From a delivery perspective, the company expects to continue making progress with its build-out of hybrid cloud.

“That gives us cost savings and also improves our agility to the business, so it’s a bit of a win-win,” he says.

He also expects to be well under way with the next-generation access rollout for the company’s customer base.

“That supports next-generation networks, so that’s fixed and mobile convergence. And it also supports the growing appetite for bandwidth from our consumers.

“As they put more and more requirements down the internet, our next-generation access network supports that growth in bandwidth.”

The right stuff

In addition, Steen hopes his department will be boosted with new talent that can support the aim of balancing the need to keep the lights on with the relentless demands for innovation.

“We’re not the same as some of our competitors such as Sky or BT. We have to be nimbler and agile, and to do that, you’ve got to have a certain type of person who thrives in that environment,” Steen says.

“I would describe us still as a mature startup – we think in a very entrepreneurial way because we want to ensure that we keep ahead of our competitors, while balancing with the need for structure to deliver our strategy. It’s a hugely exciting, challenging and fun place to be.”

Read more on IT for telecoms and internet organisations