Chris Lugo
Global CISO
Danaher
MODERATOR
Elizabeth Ogunti
Senior Manager IT Security and Compliance
JBT Corporation
PANELIST
Brett Whitaker
Information Security Officer, CRA Officer
State Farm Bank
PANELIST
April 2020
Adjusting to a “new normal” in the wake of COVID-19 has brought to light the paramount importance of true leadership from all parts of the business. Leading, and leading with empathy, requires a personal touch to ensure team members and customers alike have a sense of direction and support.
In the recent Chicago CISO Community Town Hall, security leaders from Chicago discussed the business impacts of COVID-19 and how they’re leading their teams through change. To set the stage, Chicago CISOs responded to a survey prior to the town hall, indicating the following:
17% are continuing standard business operations at a reduced level
64% expect to return to standard business operations in 3-6 months
36% report a high impact on their organization’s revenue
36% predict a high impact on their organization’s budget
This panel was moderated by Chris Lugo, global CISO of Danaher. Lugo was joined by Elizabeth Ogunti, senior manager of IT security and compliance at JBT Corporation and Brett Whitaker, information security officer and CRA officer at State Farm Bank. Industry and level of preparedness will affect the degree of an organization’s response, but security is vital to ensuring business continuity and resiliency.
Immediate Response
Facilitating and securing a newly remote workforce has given security and network teams a time to shine. Demonstrating flexibility and rapidly adapting to a fluid and uncertain environment is helping security leaders show they are trusted advisers and business enablers. Many security leaders were faced with the immediate challenge of getting equipment to and training team members, some of whom may not have been equipped for or familiar with working remotely.
There was an obvious need for expanded VPN licenses and technology procurement. The unprecedented amount of remote work has stressed the bandwidth of ISPs. Security and IT must work together to educate the workforce on how to increase bandwidth and to provide technical support as needed. As the saying goes, “never waste a crisis”; this is an excellent time to evaluate parts of your security program and re-evaluate priorities.
Executive Leadership During Crisis
There are many challenges facing organizations today, many of which are not security-related, but it is imperative to stay involved as a leader within the organization. Ongoing, clear communication from executive leadership has helped to stay the course and ease tension and uncertainty. Never forgetting the human element, it’s important to encourage levity and the power of connection to ensure people don’t feel isolated.
Strategically, there is no correct answer about the best cadence to communicate with your organization. Success has been found in weekly or bi-weekly bulletins, covering a variety of topics and addressing any security issues as they arise. The first couple of weeks stress-tested the system, and now teams are settling into a remote work paradigm that is highly functional.
Security and Future Planning
Future timelines remain nebulous and plans are shifting frequently as new information comes to light. But, now is the time to think about reintegration once working in the office is allowed. How will this be approached, and what changes will need to be made? Exploring options like contactless entry and reviewing cafeteria and common space best practices are a couple examples of policies that will likely need to change and should be planned now.
Will the future of work include a more remote workforce? Unclear, but the transition will likely need to be gradual, and many are not looking to be entirely remote once we are able to return to “normal” work. The fact is, remote work is not conducive to everyone’s lifestyle, and many prefer the office environment. The bottom line: ensuring that security remains a voice of support and business enablement is a necessity, pandemic or not.
This is a strong time for security to be a trusted adviser to the business and have a seat at the table. Now is the time to either reinforce that relationship or to reset with the goal of being seen as a supportive business enabler.
Thoughts from the Community
The immediate challenges of ensuring teams had appropriate equipment, increasing VPN licenses and troubleshooting internet connectivity were addressed quickly. As shelter-in-place orders have continued, the focus needed to shift to the social impact on colleagues. Luckily, the ability to stay virtually connected has allowed leaders to remotely support their teams.
Incident response and business continuity plans provided a framework, but on-the-ground changes and maintaining agility have provided unparalleled value. There were many lessons learned, and going forward, these frameworks will likely be more robust. Seizing on the opportunity to insert security throughout the business and showcase partnership at all levels will ensure that security is incorporated into the company culture and remains a voice amid disruption.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.