Adjustments and outcomes: Experiences from security leaders
Our organisation has had the technical ability to work remotely in place for a while, but since we are a smaller, single state entity, the culture was accustomed to having meetings and serious discussions in person. To remediate being unable to observe people in person, the team is making an extra effort to do mental health check- ins with each other, watching each other for symptoms of burnout or high stress and adding video to our online meetings.
@subzer0girl | LinkedIn
The CISO is much more than the security expert. Today’s CISO is a strategist, master influencer and arbitrator, and they are skilled with budgets, business processes and HR issues.
This crisis adds an even bigger dimension for the CISO. I am certain we will see regulatory requirements for a pandemic preparedness response forthcoming. The regulatory approach will lag; we need to be more proactive and plan now, but the analysis should not come in the form of specific incidents (e.g. pandemic; earthquake and other natural disasters; denial of service attack; ransomware). We need to plan on resilience based on business needs.
@cjleach56 | LinkedIn
Figuring out what kinds of attacks we will see in the 2020s that will challenge our ability to RECOVER, and have the potential to cause IRREVERSIBLE harm is, in my opinion, our top challenge. There are three main areas that we need to focus on, in order to reduce the risk: policy considerations, security awareness training and risk evaluation. For example, the threat landscape must now include home workers and the controls (or lack of security controls).
As we restart our digital transformation journey; leadership, preparedness and vision will be more important than ever before.
The recent events that pushed us all to remote working have rapidly accelerated the possible future many companies and information workers have been nudging towards for some time. But whereas some had simply been dipping a few toes in the water, now everyone is splashing about in the deep end.
For those that can work well in this way, they’ve dispensed with the 20th-century hangover myth of the ‘workplace’ as somewhere you can go. This shift opens up all sorts of possibilities for future business opportunities free of geographic constraint. It’s also accelerated the reliance upon and trust in cloud technologies for many organisations.
@AMACSIA | LinkedIn
We decided early on that having a well-defined collaboration and communication strategy was key for the transition to remote work. That also meant ensuring we had a process for communicating early and often with our people.
Allowing employees to use equipment that they had access to in the office allowed for a smoother transition. Efforts to centralise all pertinent company knowledge in one accessible library is also a key to work from home success.
@GabrielGumbs | LinkedIn
Try to be at peace with yourself and balance realism, optimism and the achievable in your thinking. Above all, be patient with yourself and others. Take some time... a break in the middle of the day to distract from the chaos that is permeating nearly every aspect of our days and nights.
Ultimately, treat these extraordinary times as an opportunity to reflect on your life choices and career.
@phat_hobbit | LinkedIn
After COVID-19 hit, it took us a little bit of time to adjust to having our workforce not in the office and being able to work from home. This abrupt change in work policy meant configuring our VPN and adding licensing for a significant portion of our workforce that had never required VPN access in the past.
There were issues immediately in training end users to use the VPN client from home as well as an issue with excessive permissions allowed on the VPN groups from the beginning. (Convenience and speed trumps security yet again!)
@Unix_Guru | LinkedIn
Another issue that we found and hadn't anticipated was that many of the employees were able to conduct their daily work without ever connecting their VPN back to the company. Things like Office 365, Salesforce and other SaaS applications allowed them to conduct their daily business (email and etc) without connectivity to our office. That unfortunately put us in a position where we lost visibility to those devices. We had not considered forcing the VPN connectivity so that we could ensure that updates and endpoint protection were updated and appropriate and that device monitoring wasn't completely missing.
We had to send out an email and request that each individual send their device back into the office. We then scrambled to develop a procedure by which to accept the devices, refresh them and send them back safely to allow us to reconfigure and force VPN connectivity at least periodically.
Next came the security awareness training around ‘Home Office Cyber Hygiene’. We had already developed this training and had delivered it to the executive team previously, but we had not yet delivered it to support staff. Delivering and following up on this remotely was an interesting challenge that we successfully met. The biggest issues were the diversity of ISP and Wi-Fi routers on which we had to walk users through updating default passwords and security control. I think that *we* got as much of an education/ experience out of this practice as our home bound end-users did.
Three months in, we have close to 90% visibility of our distributed endpoints, and all of our new images have these security controls set up by default.
Cisco is a bit unique. Due to years of driving remote work internally, Cisco strategy is not solely driven from a small, homogeneous, geographically centralised team. We have a truly global team and hire from a diverse candidate pool.
Strategic Take-Away #1: Get your leadership excited about the value to your organisation. Remote work environments enable innovation, opportunity and drive growth.
In response to the pandemic, we moved customers from 100% face-to-face work to remote work very quickly. Some moves were done in a matter of days, and this worked surprisingly well. Due to the shift to social online tools in our personal lives, universities, government entities and businesses adjusted to video calls and collaborative online tools fairly seamlessly.
Strategic Take-Away #2: Don’t be afraid to make the move to remote work quickly. With the right tools and a secure remote environment, the company and worker satisfaction with remote work can be extremely high.
@shellyblackburn | LinkedIn
It doesn’t matter where I am, although right now it’s obviously one single place. I can use whatever I need wherever I need it. Everything is managed through the cloud.
The one thing I wish I had done better actually was to prepare more for videoconferencing when it comes to face-to-face meetings. I’m someone who likes to travel to meet people, to have business lunches and, even better, business dinners with somebody, because that’s how I like to connect with somebody.
For me, the biggest challenge was the appreciation that shifting to videoconferencing as the ONLY method of social interaction was as much a cultural shift in my approach as it was a technical shift.
@ThomLangford | LinkedIn
Business has transformed virtually overnight to a greater emphasis on working remotely and collaborating virtually. We at Cisco are in a fortunate position to work effectively and securely in a remote environment, and have seamlessly transitioned 95% of our global workforce to work from home. Additionally, as the largest security company in the world, Cisco has protected millions of users since the roll-out of our free security offerings to support customers as they transitioned workforces to remote work.
This situation is a reminder that we need to be planful, agile and constantly reinvent ourselves to keep pace with the needs of today and the future, as well as to anticipate the unexpected and unknown. The speed by which this situation arose and altered our approach to work, most likely forever, shows how important it is to be able to see around corners, to plan, prepare and adjust for whatever may come.
@BradArkin | LinkedIn