Maintaining, Securing, and Developing IT Systems

Jon Conui, Director of Information Technology at SupportNinja

Jon Conui, Director of Information Technology at SupportNinja

Having donned many roles in the past, Jon Conui now thrives as an accomplished Director of IT Infrastructure at SupportNinja. His responsibilities encompass offering strategic guidance for the company's IT infrastructure and security. Jon oversees the meticulous selection, development, deployment, monitoring, and refinement of the technology infrastructure to ensure optimal performance. Leveraging his expertise in data center management, pre-sales, troubleshooting, network, and systems, as well as voice infrastructure in both cloud and on-premise solutions, his profound experience serves as the bedrock for attaining his objectives.

What significant milestones have you encountered throughout your career journey?

I embarked on my career journey in 1999 as a network field engineer, then marked the beginning of my association with Wesolv Open Computing, Inc. A subsidiary of Fujitsu Philippines Inc, one of the leading System Integrators in the Philippines for nearly nine years. During this period, I gained extensive experience in network infrastructure, particularly within the service provider and financing sectors. Meanwhile, I witnessed significant network evolution and technological progress especially the consolidation of voice and the role of data traffic in shaping the industry landscape.

In the early 2000s, as Voice over IP technology emerged, an opportunity arose to incorporate call center operations into the data space. Recognizing this potential, companies started exploring the establishment of call center businesses, with the Philippines emerging as a favorable destination due to its cost-effective labor and evolving technology. This facilitated the remote outsourcing of customer service operations, leveraging emerging voice telephony and data traffic technologies.

Given my exposure to these emerging technologies and expertise in infrastructure establishment for call center operations, I was invited to join one of the pioneering call center industry players in the Philippines. Subsequently, the company was acquired by TELUS International Philippines (formerly Ambergris Solution), and I assumed a leadership role as director for Telus. My prior experience as a vendor to Telus International Philippines served as a competitive advantage, facilitating a smooth transition into my role as a contact center leader. Leveraging my skill set and solution-oriented approach, I comprehended the need for evolving the call center industry, leading to major projects focused on optimizing operating costs through onshore and offshore infrastructure models. These initiatives encompassed reporting capabilities essential for compliance and quality assurance, crucial aspects for performance measurement, and benchmarking against other vendors in the contact center realm.

Having accomplished the consolidation of various elements into a single data center through a six-year tenure at Telus International Philippines, I subsequently returned to the System Integrators domain to stay abreast of emerging technologies. Following this, I joined TaskUs Inc, a Business Process Outsourcing (BPO) startup recognizing its potential to capture a larger market share by offering a distinct approach to assisting startup companies. The rapidly advancing web-based applications and cost-efficient technology facilitated easier client acquisition, as it eliminated the need for extensive staffing and instead adopted an operating expense (OPEX) model through SaaS subscriptions. Consequently, the implementation of SaaS was easier which helped to enhance customer service quality and differentiate our offerings. The company grew significantly, having 9 centers in the Philippines and 6 other centers globally with me playing a vital role in planning, engineering and implementations of IT solutions.

Then I joined SupportNinja in Dec 2019. Joining SupportNinja was driven by my passion for providing value to startup companies by assisting them in establishing efficient processes. Drawing from my experiences at Telus International Philippines and in TaskUs, I aimed to participate in the process of SupportNinja becoming a competitive BPO player by introducing appropriate technological components, building robust infrastructure, and delivering effective solutions. Although this transition was challenging for me as I had to implement a stricter information security process. However, I recognized the opportunity to contribute my expertise and provide the necessary framework to enhance competitiveness.

Assuming responsibility for IT operations, engineering, and information security (InfoSec) at SupportNinja, we have implemented stringent information security processes aligned with ISO standards. My role involved identifying cost-effective technologies, establishing standardization, and implementing appropriate information technology solutions. It also encountered challenges in implementations while restricting the usage of applications, websites, and social media platforms that could compromise data privacy. However, through effective leadership, I garnered support for safeguarding data and reinforcing organizational and customer information security.

Leading the Core IT and Information Security at SupportNinja with limited resources, we successfully achieved PCI DSS and SOC2 Type 2 certifications, becoming the first organization to conduct simultaneous audits and obtain two certifications within a single audit cycle. This accomplishment was recognized by receiving the Control Case award in December 2022 for achieving the One Audit certifications in 2021 with a relatively small headcount. Maintaining PCI and SOC2 certifications for two consecutive years, along with achieving ISO 9001 and HIPAA certifications, exemplifies the organization's commitment to the security, integrity, availability, , confidentiality and privacy of data, perseverance, optimal tool selection, efficient processes, and cost-effective solutions. These milestones have established SupportNinja as an industry-standard provider in the market, offering customers a reliable and secure service organization.

What specific strategies did you implement to ensure the security and integrity of your company's IT infrastructure?

First and foremost, it was essential for me to comprehend the current challenges faced by the organization before devising any strategies for implementing resolutions or improvements that align with the organization's vision and operational framework. I tried to adapt to adversity by considering the organization's capabilities, and developed a phased roadmap, when necessary, ensuring transparency regarding the associated costs of implementing the right solutions. Because providing security and integrity comes at a cost; there are no inexpensive shortcuts when it comes to information security.

While some organizations may overlook information security, it is imperative to raise awareness about the potential risks. A single incident compromising information security can easily erode credibility and tarnish a brand's reputation. Consequently, I effectively conveyed this message to leadership, emphasizing that as technology evolves, cybersecurity, analytics, and automation will emerge as the key focus areas for IT and information security in the next five to ten years. To accelerate progress, it is essential to prioritize automation and analytics, as these tools provide invaluable insights into performance, enabling comparative analysis with other industry players. Moreover, ensuring robust security measures is of paramount importance.

By embracing change and fostering a culture of continuous learning, organizations can effectively navigate the evolving landscape and capitalize on emerging opportunities.

Addressing the specific query regarding adversity and challenges, securing buy-in from leadership is crucial. By providing roadmaps aligned with the organization's vision and operating expenses, one can facilitate a phased approach to tackling challenges. It is imperative to recognize that in the context of (SOC2) certification, showcasing an organization's controls, processes, and future roadmaps establishes a competitive advantage over other business process outsourcing (BPO) players or service providers. This demonstrates a firm commitment to safeguarding information security and ensuring the confidentiality and privacy of sensitive data.

Is there any project initiative that you have worked on lately? Can you talk about the project elements and technology you leveraged in that?

Everything starts from a framework. Especially in the technology space, having a well-defined framework allows for structured work and facilitates the conduct of annual audits. Now, risk management plays a pivotal role in ensuring effective governance, compliance, and ultimately, the success of an organization. By proactively identifying and addressing current and potential risks, organizations can navigate the ever-evolving landscape of emerging technology markets.

In this dynamic environment, where new technologies and vulnerabilities emerge regularly, conducting an annual risk assessment becomes imperative. This assessment provides valuable insights into the risks associated with running a business, enabling proactive decision-making. Adhering to a year-by-year approach allows for adjustments in strategy and tactics, aligning them with long-term goals. It is essential to recognize that strategies must be adapted annually to keep pace with changing markets and increasing competition. Stagnation is not an option, especially in the fast-paced technology industry.

Processes, although essential, can sometimes impede progress by introducing delays. Therefore, it is crucial to review and refine processes on an annual basis, ensuring they remain agile and efficient without hindering business operations. This consideration encompasses the responsibility of risk managers, who play a vital role in driving continuous improvement while mitigating potential risks. By striking a balance between process optimization and risk management, organizations can maintain a competitive edge while minimizing vulnerabilities.

What is your piece of advice to your peers?

Continuous learning is crucial with the ever-evolving technology. I believe every organization must prioritize ongoing education to effectively adapt and leverage these advancements. It is also vital to conduct periodic assessments that align the current state of the organization with its future goals. The process typically involves identifying and evaluating potential risks that may impede progress toward the three to five-year vision and work plan.

We will continuously encounter challenges throughout the journey, but maintaining a laser-like focus on achieving long-term plans is paramount. The culture established within an organization and its various departments holds great significance, as people gravitate towards an organization that embodies values aligned with their own. Hence, organizations must uphold their defined values and cultivate a strong organizational culture.

In this way, continuous learning serves as a key driver for success within my department. I have implemented a personal development plan for each team member, recognizing that growth cannot stagnate. It is imperative to stay abreast of the learning curve and adapt to emerging technologies and certifications. By embracing change and fostering a culture of continuous learning, organizations can effectively navigate the evolving landscape and capitalize on emerging opportunities.