Gary Sorrentino
Global Deputy CIO
Zoom Video Communications
MODERATOR
Ryan Boulais
CISO
AES Corporation
PANELIST
Massimo Favro
CISO
NVR
PANELIST
Vikas Mahajan
VP & CISO
American Red Cross
PANELIST
OCTOBER 2021
With a hybrid work model in which some employees are in the office and some are remote, CIOs and CISOs have a bigger challenge than ever: managing what the business needs, pushing digital transformation forward, satisfying employee technology needs, and keeping the organization secure. In a recent town hall discussion, IT and security leaders in the Washington, DC community shared how they are managing the transition to hybrid work while optimizing operational efficiencies.
Moderator Gary Sorrentino, global deputy CIO of Zoom Video Communications, kicked off the discussion noting that after nearly two years of remote work, employees are in a different place than at the beginning of the pandemic – more empowered and accustomed to digital tools that enable them to work anywhere. With some employees already back in the office, how can CIOs and CISOs create a similar user experience in a hybrid environment and keep the organization productive and secure?
Security and Employee Experience
With the rapid move to enable the remote workforce in 2020, CIOs and CISOs acted with speed, agility and flexibility. Employees received digital tools to support working from anywhere – or rapidly adopted tools that they already had access to, such as video conferencing. This huge cultural shift in the way people work is now leading IT and security leaders to wonder how they can make the shift part way back into the office “seamless” for employees.
One noted that employees might not have access to every tool they want in the office. Another CIO whose team is already supporting a hybrid model said that having half of the employees around a table for a meeting and the other half on video conferencing is already posing a big challenge for his team to support.
One CISO remarked that when it comes to security, “It’s not about ‘no,’ it’s about ‘how?’” Another added that his team is trying to “position security as enabling, not prohibitive.” Just like enabling the remote workforce, security leaders see a need to keep pivoting quickly to meet the changing needs of employees in a secure manner.
The Impact of Culture
Several leaders in the discussion agreed that culture is going to have a big impact on the success of the hybrid work model. One IT leader noted that he has to find a balance between the company needs, staff needs and regulatory requirements around security. Another executive agreed that it’s about balancing individual interests and the community interests and nurturing cohesion and belonging.
One suggestion to make hybrid meetings feel more inclusive was to offer pre- and post-work, especially for those who don’t generate their best ideas on the spot. Another leader suggested that there are different target audiences – older and younger – who might think differently about the importance of in-office culture and meetings and to consider both constituencies.
The value of physical office space was also debated as one CIO pointed out that their different buildings actually might be creating silos that disappeared when everyone was virtual, and another noted that they were securing meeting spaces for collaboration, rather than traditional office work.
Making Employees “The CISO of Their Workspace”
The CIOs and CISOs agreed that with everything becoming digital, security was more difficult. One said that providing transparency, such as the results of phishing tests and how people did, was creating more interest among their employees. Competitions with incentives and leaderboards were also showing results for security training. Other executives agreed that standard training in which employees take an online course and a quiz is no longer sufficient.
One executive suggested that now that personal and professional lives are inextricably linked, security leaders can offer training on protecting your personal life online – with benefits for the organization, as well. Several security leaders are providing training on best security practices at home and noted that employees then apply those same principles at work.
Key Takeaways
- Employees developed high expectations around technology, tools, and flexibility while remote – how can IT and security help meet these expectations in the office?
- Remote work illustrated the blurred line between personal and work lives – including in security. Many CIOs and CISOs are using “home security checkups” to train employees on cybersecurity best practices.
- CIOs and CISOs agreed that culture is a huge component of the hybrid model, from trying to make meetings seamless to eliminating silos and creating a sense of belonging and mutual responsibility.
by C-Level, for C-Level
Join the conversation with peers in your local community.