1 hour 2 minutes
this course is powered by cyber for teams. Security leaders encounter new workforce challenges daily cyber for teams helps organizations build a cybersecurity enabled work force to tackle new challenges, handle security incidents and prevent data breaches. If you'd like to learn more and see how other security leaders like yourself
are utilizing cyber for teams,
you can schedule a free demo at the link below or search teams in the navigation bar.
All right, everybody. So one welcome. I still see some people popping in so well, I'll just I think we're getting pretty close. There's like that popcorn algorithm, right When you watch the attendees joining them. When you see the numbers starting to slow down in terms of change, then you get started. But so today we're gonna talk about virtual virtual work.
if we were not going through Corona virus, I would still have this section. So we're going to talk a little bit about the pandemic only because it's impossible not to
in the context of virtual work, but recognize that virtual ization and
more modern means for managing day to day work activities.
Um, this was happening independent of the health challenge that we're going through the globe, we will know that. But sort of like an accordion would have taken,
you know, 3456 years Toe happen
happened in about 3456 days. Right? All have been very quickly, certainly in the Northeast,
in the United States. I know a lot of your tuning in from
all around the world, but where I live work in New York City.
We very quickly went from physical to virtual mode, and thank goodness infrastructure was there. There's a number that always sticks in my mind when I hear remote access, virtual work, telework.
It's the number 17 someday. Why so? So when I see said, when I see remote access, my brain does that weird word association. I see 17 because I remember being in a meeting. You know, I come from Telkom, where this was a while ago, where the discussion had been made,
at least a part of my team was running remote access,
that we've been asked to see if we could support 17% of a lot of our company
And I remember
people shifting around 17%. Could someone had done a study and said that you know, there was a big enough snow storm or a big enough of van or something.
The data was pandemic problem, more snow Storm.
Then it's possible that my goodness 17% of the company would have to work from. I remember driving home thinking
it's never gonna be able to do that, you know,
because that meant, you know, 17% of a big number. And you just hadn't hadn't had that problem. Not my kids were telling me recently
that they'd heard me say that I don't remember my dad ever working from home. And he was the research scientist and a professor.
I worked for the U. S Army for 35 years doing computer science.
I never saw more chemo like and he's written books on day were like, what? Because they're so used to me and my wife and our this generation working
from home. But if you go back just a little bit, it was not the norm
to work the way we do now. For those of you who are maybe under
you probably have never seen a world
that, to me,
is somewhat nostalgic. The idea that you didn't have any computing equipment at home. You certainly didn't have a phone.
And when you were home, your home, you know, go home. That was it.
But that's changed. And Anat, advantage of being doing the 17% and now probably doing more like 117%
is that something like Corona Virus happens and we're ready for it. So So that, I guess, in a sense, is good thing now the last
No, maybe the last
five or six months or so since February March,
as I've talked to different enterprise teams and talk to folks students like you,
I've always made it a habit to kind of during the You know, that intro before every meeting where you say, How's everything going? By the way, that's one thing I'm going to miss. If you could miss anything about pandemic,
I missed that. We all wish each other to be safe and well, that's a beautiful thing that I hope we never lose.
Like, why is it that nightly leafs on the phone? He and I are good friends now. When we talk, I'll say leave him. Make sure you stay well, he'll say saying We wouldn't have said that before. I'd be like later. Dude, like I like saying, Stay safe. Better But the right
before meetings, I was asked teams or individuals Hey, how's it going with with the pandemic? And I keep a little crib sheet
of the categorized, the response and just at a very broad sort of categorization to positive and negative responses where
negative responses would be, Oh, missus, Ah, what a mess. So terrible will. Hopefully we'll get through this.
You know, our budget is a mess. And G, I'm not losing people, but you get you know, that narrative and it's not a crazy narrative. I mean, talk to some people who really work in areas that are getting now the show. There's some people on the call right now who are in industries that
are suffering terribly,
and you may have family members suffering. I know Ideo so
So I get the negative thing. It's not that's that's not by in any way reflective of some personality flaws. Pretty rationales of those my kids say, Gee, Dad, I wish I'd stop worrying about this thing and it might be someone you say very, pretty, rational But then the other 50%
is very positive.
And, you know, you don't want to be too Pollyannish about this, but sometimes will say, Oh, you know what
this is? This is OK. Were we're trying new things. We're gonna be stronger as a team. I have more time with my family. I'm being more productive. We're going to get into some of that later.
But I noticed
that it's 50 50.
So that's just my sampling. Maybe people you talk to, it would be 80 20. And I noticed that the commercial folks like the closer you come to being in a sales position.
You work for a vendor, so to speak.
Then you're more likely to be positive if you work for, uh, enterprise. We're at a
the team. You leave your c So our deputy or your direct reporting working the enterprise security field,
you're more likely to be negative. And if you follow me on linked, then you say I wrote a cartoon for today
that has Charlie going to the bookstore.
Um, and he's asking for Ah, a book. You know, he's doing research on his C so position
and the library in system You know what? You know. What can I do? Because he I'm looking for a book and and he s for a book on,
you know, trauma induced hyper nausea or something like that. I made that still joke about the fact that she says her terrible nausea, but I tend to be more on the positive side. Like I was coaching my team and talking to others. I say, Here's how I think you should deal with this
this big event, which for centuries, a virtual event,
you know, you're gonna have extra time because you're not gonna be commuting and
you're gonna be socializing less. I hope you spend the give kids home.
Then that's great. You know, maybe you spend a lot of time with the Children, but if you have a little extra time, why don't you take advantage of that? I posted something
called the 100 day plan into social media. I said, I've been 100 different things that are free. So why don't you do one of these a day for 100 days? And that was back in March and said it would take us toe
early July and here we are, So for any of you were doing that with me
reading those papers and watching the videos, I did it. That's pretty good little course in 100 days of cybersecurity, But I have, ah, partner at work, Rich pal, the cartoonist. We do the Charlie see something together.
He's a wonderful guy. The work from Mad magazine has this crazy sense of humor is so funny. And we make a good partnership because I think up the bits and he draws that makes him really funny.
You said, You know what? We're gonna be home.
He's in North Carolina.
Why don't we do a book? And and we hadn't done a book before
and I knew it would be a lot of work, but somehow the book just load out of us. It seemed like we could take the day to day news that we were watching and just translated, and this book popped out, working from Home Guide to navigating the new Normal Leaf. I hope you don't mind. I'm not. I'm sort of shamelessly,
but I don't know that it's a good idea that I'm promoting the starting cartoon book here, but it's relevant because we're talking about working from home.
It would seem weird that I wasn't
referencing it, but this book flowed out of our hands. I'm telling you, there's no way we could have written this book
any other time.
It just it was. It was right for us. We were feeling it. We were living in a port out so quickly. I think it's freaking hilarious now. Maybe you'd read it and think of said Budget dummy stuff, but it's It's been very popular book. You can see the 18 people that I paid to do a rating. All said five stars. Just kidding.
Well, I'll give an example some of the humor that popped out
from just being home and just having the opportunity to make something positive. So here Charlie C. Says our hero, this is his cookie manager. We draw in that way, he says, could really get a lot of work done from home. And then, obviously, he says, the key is to make sure to avoid distractions.
And then we show Charlie with a fake
backdrop, sitting by the pool, you know, holding his thing up without Moultrie and these dog here. So So this is what you see in this wicked and that came from we all noticed how funny it is the backdrops that people pick. And I know Zoom lets you pick up Elektronik backdrop,
but I think it's more fun to pick one in your house somewhere.
And I've been the books that I coach have been saying if you sense that you're about to get fired that make sure you have some little kids run behind you during your zoom session and you probably won't get fired. One. Here's another and this is like the getting back to work. So we have Charlie sitting yearsas air. You sick now? Did you quit now?
Car break now
and then the boss says, Well, why your home and Charlie looks at us and says, Doctor really answers time questioning, feeling a lot of you're gonna like,
you know, this idea of remote virtual work and I have a feeling
that what we've written here for our session today will be very meaning for you, namely, that you should develop a healthy respect for virtual working. What? I write it this way because we all know the manager,
the crotchety old manager who believes that Ria work is done in the office, and these people who work virtual are really just a bunch of freeloaders, probably cutting their grass and not doing real work. And,
you know, they should be butts and shares in the cubicle like real work is done. Capital are not that fake capital F work that they do when they're, you know, off virtual.
that those individuals realize what I've known for a long time, because even in my time back in Telkom, I always worked virtually arguably on nights and weekends. But but I was at a lot of virtual working. I hope they realized the productivity, the amount of work that you do
is much more intense when it's virtual
is you can get yourself run down real fast
if you're working virtual because it's amazingly productive. And so I have to tell you, a funny story is that a, uh, department store chain down in the South
that I remember flying down two to go visit with their their founder because they were building their first security team ever. This was 15 years ago or so
you flew down there
and it was quite exciting who, when I met the founder of this
department store chain that anybody lives south of Virginia would. Now I'm talking about,
so we go in to meet this person. You're a little bit about his wonderful background. I started the company and had some of this team there, and they wanted to talk about cybersecurity. And they said, You know, we're thinking of doing mawr
work from home,
And I remember the founder sort of leaning back,
rubbing his chin a minute and saying, You know,
we'll tell you how I feel about virtual work.
I feel like everyone
should have at least two days per week that they can work virtually.
I remember his team leaning forward like thinking what?
Because it's just didn't match. And then he leans forward. He goes Saturday and Sunday, and then we go well over Yes, sir, Understand. So when I say healthy respect, I mean, not that
let's 60 that working from home is not fake work. It's real work, and arguably, it's harder
being in the office. I mean, take it from me. I've been going in, but I have had a Boston's. I was 15 when I left 18 t
um, the first time, a couple years ago that I hadn't had a direct supervisor. Then what do I do? I join a board, and I have a board secretary and a board president the boss. And now I teach it and why you So I get a department shows, but but it's a little different. But this idea that you're working virtually
you know you can sort of play in your day, you can get really, really, really crazily busy. Now, let's get into some of the content here. I want to do a little SWAT analysis, and I know a couple of you
are probably gonna want the SWAT analysis. I think that you can get these charts and the Sai Buri folks will get this for, because I think a lot of you are going through this kind of discussion now swat on virtual work, meaning When do we come back? Should we come back? Should we be hybrid?
And hopefully this will be useful to you because this is the exactly the kind of thing that I know
that a lot of the larger and mid sized companies are doing. Small companies generally have already adopted virtual work and are comfortable with. But first, just a flat out real estate and facility costs. For some of you, this is tangible.
There is a lot of savings that comes from virtual izing infrastructure. And if you can funnel that, redirect that Op X and cap ex. Usually it's capital expenditure Teoh. Other things than that can be quite a nice dividend.
Um, second, is this this idea that you're distributing the protection of your assets
if you have a big building somewhere and you know some terrible image, but like much terrorists decide, they want to take it out
pretty easy to dio. There it is right in front of you. Good. Take it out.
But if I break the building into a bunch of little bricks that are scattered all over the place,
it's a lot more difficult to take that thing out so that the resilience that comes from a distributed workforce can't be underestimated and also allows you to
who normally wouldn't be able to come to work for you
flexible work situations for employees. That's a benefit that ought not to cost you anything right. You can offer that flextime flex situation and similar reduce travel time. Um,
pretty significant I happened. Teoh is big. Debate us about environment. I don't side. I'm on. I think it's credibly awesome that we've reduced emissions. And it's much more gentle
for people to not be, you know, hopping into a car and sitting in a traffic jam for two hours.
You know, burning fossil fuels. That's not not my favorite things. I love the fact that that works, and also it frees up the traffic for those who do need to go in.
I have made some trips from my home into New York City a couple of times during the pandemic and incredible experience in through the Lincoln Funnels back is really great, and then increased productivity is we talked about earlier. So as you discuss with your team
the strengths of the situation we're in right now and what to do and, you know, moving forward, these air some strength. Let's talk about a few weaknesses because there are some that face to face interaction that you lose is significant.
This is a big one. Time management's completely blur.
the people are. I think some people are overdosing on productivity, especially sales people.
You know, if you're if you're in sales or if you're in business development.
So you live in Seattle and you fly to New York City because you want to visit some banks and you're gonna fly in them Tuesday morning. Fly home on Thursday evening.
So you fly in. You have Tuesday afternoon and evening of all day Wednesday. And then, let's say Thursday morning file,
you'd be lucky
if you get a meeting on
the afternoon, maybe meet someone for dinner that evening. That's to customers. Then the next day it's an amazing day. If you can have a meeting in the morning, get on the subway, scurry up to Midtown, having afternoon meeting, maybe make a couple of phone calls, dinner with your team's gonna meet and then you five.
She had met with 45 customers.
I think you know that if you're working virtually and noticed some listing, this is a weakness.
You could be with 45 customers the first morning of the week, right? There's just the time is theirs. What? What does that mean?
And it could be crazy hours, like if you've got clients on the other side of the world as Ideo. Then you're setting the alarm for two in the morning and you're doing a virtual discussion. You might have been doing that before, but it was a little different when I was in the office. You did. Time management was more founded, so it's a weakness.
There's no question that you can feel disconnect.
Did I think that that's something that
is underestimated? Very rarely is there good counseling for people in a company that's viewed is a
a sign of weakness in American culture. Like if somebody is calling for help saying they're feeling disconnected.
We don't have much patience for that. Try that with your boss sometime. If you work in an American bank.
I asked for some time sit down, heave a sigh and say, You know your boss, I'm feeling disconnected. I'd like to discuss my feelings with you. Um,
how's that going to go over? Not well and and And as we enhance those feelings of disconnected ity,
there's really not a lot of options for talking to people. Maybe this course is something where you could feel little cathartic. I'm It's very tough to keep the team together and you really are pretty reliant on tech. If there's ah,
problem with your tech, you got a big problem with your business. Now, where some opportunities, problem solving like creativity, rich and myself doing a book. We would not have done the book under other circumstances. And you may have projects at work that you just wouldn't dio you that
the creativity that comes from these kinds of things sometimes can't be
underestimated. They could be significant that tech advances. Definitely. We've all come up with new ideas for how to enhance the
the work from home experience and in cyber security. We all know that almost every vendor presentation starts now with how they support work from home and how you know their their solution is such an important one for the the current times, Bob a lot,
uh, new types of interactions. Kind of cool, right? You Kenbrell ring a disparity group together and also like that
in a video conference.
Nobody is the boss, at least in terms of the geography of the screen. You know what I mean?
Like everybody sort of even like the Brady Bunch, right? The picture of the boom everybody sort of on the same level,
kind of like that. I think that's Ah, that's an opportunity for people to feel more empowered to,
to speak, cross function or to speak skipped level so on. I think there's some employees definitely thrive. And I think, Do you think the politics goes down a little bit? Right? We all have something to commiserated about. Instead of complaining about Bert from accounting,
we're all complaining about the Corona virus, so it's Ah,
so I think they're definitely smart genes. But there's there some threats and look what it were cybersecurity, folks, so dot
we're going to start with, you know, video bombing and
eavesdropping and other types of issues. If, for example,
Zoom tomorrow was experiencing a pretty significant need accident
that really has a much bigger impact or consequence than it would have a year ago.
In fact, you could argue that it might have a spectacular consequence. Luckily, there's a lot of different platforms that people can and are using, so
you have to take them all out of their threats. That work life balance is a threat. No question about it. People can o d on all this productivity
so you do have to make sure you take some time away from the computer. The one bad thing is that we watch so much. We just so much entertainment from our computers that if you're working on the computer and you're getting your enjoyment from the computer, you're feeding that dopamine habit
of, you know, staring into a screen, having something come back that is entertaining you.
So I do worry about that particular young people. I'm not a huge fan, frankly,
of Children being a little too focused on the virtual learning.
I think that the right balance if your mom or dad, I think it's important. And I know you've got work life issues already.
But if your mom and dad of anybody say under 18
um, you should assume some of the
home learning responsibility. I don't mean
home schooling, necessarily. I mean home learning. So So read a book together with your 12 year old, not online, but get border a couple of physical books, do something different
or, you know, if my daughter and I go over and hit tennis balls is a couple of courts not too far from here
that where there's usually not some people there. We can go out on the bump and other people we can go out. And we could have a very nice times. Nothing to do with technology. So that balance is important, especially for cybersecurity. Folks like us
because we live such precarious lives. And then the generational challenge. Let's face it,
if you're if you grew up attack, this is easy. If you're a little guy like me,
um, you're still adjust. I've learned to adjust to this kind of teaching, but I'm
is not the way I thought God intended it. I think this should be in a classroom, But I'm learning. And the Sai Buri folks have been a really good partner from May
because they've helped me see how nice this can be. But the generational issues, let's face it, and then the home situations are different. So unfair.
You know when uh,
Mary over here, you know, is single
work from home, starts it for in the morning, work still to in the morning and just works like crazy,
you know, can have all her things around her. It goes one meeting to the next.
But Fred over here has twins who were aged three and used to get help from Mom. But Mom can't because she's old and custom stay away. So now Fred has to watch the twins
and hold a job down.
And it just kind of unfair, in a sense, right? So we got thes deferring situations at home Best you can do is an executive
is to show empathy. This is the time
for people to show empathy, and in particular remember, I forget the name is Mary the first person. What a great time for Mary to help Fred. You know, that would be you really want to do something nice and you really want to send something forward in your Mary?
I'm call Fred up and say, Hey, I see you guts a couple of young kids. Let's much do me favor.
Put him on the screen for an hour. I'd like to read to them, you and your and your rest, your family or whatever. You guys go do something else and I'll try and keep the Twins busy for like think about that. Think about how that builds team, but people don't do that like we live in an era where
that's probably the last thing you expected me to say about Mary and Fred.
You'd say what Mary is going to get ahead promotion
because that's sort of the behavior that we see from a lot of leadership in the world right now. So do the opposite. Reach out, do something nice and then tough to establish. Trusts the same thing. So let's look at some examples or some good ones. This is my favorite dude of all time, right? Gene Krantz.
Um, he works from NASA, worked at NASA from 1960 to 1994
flight director for a number of different things. There's some interesting things. One is this Failure is not an option.
And, you know, it's a virtual situation. I'll get to that in a minute.
But Gene Krantz had the learn as anybody in and around
flight Control learns is that you're working remotely. You're on earth, but you're talking Teoh. You know, astronauts that air someplace else
and and you learn certain ways to communicate. To do things, Teoh solve problems and to
in developed norms like that. Then there are fellows like see, Fair is not an option while on Apollo one, when they were working in pure oxygen environments.
We lost three astronauts, and Gene Krantz was in the middle of that. And and it was a terrible situation.
You read 33 people who died and over the years after that, this phrase
is really indicative of the of the environment and notice failure, not an option, was written by Hollywood screenwriters. That's not something that I know that Gene Krantz ever even said it,
but it's kind of cool like that. The termination, that picture of him there And I guess Ed Harris or something played him in the movie happened when the Apollo 13 there were there was too much carbon dioxide in the air and they had to figure out how to build a filter.
So they built one down on the ground. They knew what piece parts were there, and they snapped it all together and they relayed the instructions up. They had them ripping pages out of a manual on taking a box and using some tape, and they built a beautiful filter that worked great and saved three lives
and has done remotely. You know, there's no face to face. There was done. Oh, and But then how many years ago? Right? This was, uh,
50 years ago.
But what a beautiful metaphor, right? Like if these guys conducive that
and they were, say, guys and then generic sense because it meant men and women.
Then come on, man, you can you can be productive. Virtually. This is not Some didn't have to be a crutch. This could be some something that we take advantage of. Fact Hewson An example of that back. And I think 85 was the first time
you saw robot assistance. And then in 2000 you had robots doing mostly laproscopic
The reason this is so interesting is because the virtual is there
a great surgeon toe assist on something cause most robotic surgery
still depends on the human right. There's robotic, but it's a human there. And I love that as kind of a metaphor. How virtual really,
um, hits on all cylinders when it's the humans and it's the technology and the distances is irrelevant. Remember Bill Gates making the joke? He said there's probably somebody in Ohio somewhere teaching calculus, who's really amazing. And instead of
a lot of crappy calculus teachers, all over the place.
There should just be that one. And I think I mentioned that to you before because I was joked that that's probably the commercial for Sai Buri.
incense? That's kind of the advantage here. Also a virtual. You know, the fact that you can
work together virtual allows you to get the best. E. There's a gentleman I hired a number of years ago poached him from a tech company,
and people were asking me how to do that. Said that basically built him a lab in his basement. Could work or he wants. I don't care where you could live on the moon as far as I'm concerned, And if you come to work on my team,
we'll give you whatever you want. And we could do that because this was somebody wanted the state where he waas So virtual is powerful.
It really enables a lot of things that you can't possibly do if you were very married to the, uh, Teoh physical and adjacency. Now he's a pioneering virtual worker, but I hope you've read a history of time in such a beautiful book.
I'm Stephen Hawking and you see the intro there by Carl Sagan. Also one of my favorite people ever, ever, ever.
You hear his voice, those cool videos he would make in seventies and eighties.
But Hawking helped kind of designers create means for
books to be written papers to be written research to be done, all kinds of incredible product, productive things
by an individual who has this terrible handicap.
but he's been able to make it. This book is written by this guy with this technology on, do you think? My goodness,
here, I'm complaining about, you know, Zoom, maybe not having the right fidelity.
You're somebody figured out how to use technology and and you know, this idea of being, like, taking advantage of something that's been a challenge. Maybe God has decided that you're gonna be dyslexic.
Well, I read somewhere that a disproportionate number of successful entrepreneurs have dyslexia. And why is that?
Maybe because the handicapped causes you to focus a little more.
Maybe just having a little speed bump causes you to be that much more.
effective in the way you do things. I don't know, but But I will say that I've been involved in a bunch of these types of things like, Here's a bunch of people blindfolded
who are asked to play that rope game if there's anybody here from 18 t listening, I think we have a few students from there, they might remember
if you're part of my team back in the old Florin Park days, we would do this every year where we go out on the lawn, blindfold everybody. And you'd ask them to put
a rope, which is abundantly and jumbled together
into a bunch of different geometric patterns. And they couldn't talk. They could. Only you couldn't do this during Corona Virus. You can see the two people there touching. That's not that that wouldn't be allowed. Now you do it by talking. But isn't that in the sense? What a conference bridges? Aren't we just really blind?
And I mean, I know Zoom makes it easier to see each other, but a conference bridge where you're just talking
and there's four or five people on the line. It's like being blindfolded, isn't it? And it could be that the skills that come from that kind of handicap not seeing people,
I'll make you better at meetings off so for example, you do tend to go on you
and someone's talking. And you know you can't interrupt
because the technology usually won't let you interrupt. Try to interrupt, then they don't hear you. You know that minute where you're talking and they're still talking and you realize,
Oh my gosh, I'm still a mute or the tech just won't leave. They just don't hear you. For some reason,
that's a good lesson for you, because I can tell you many times the mute button, Save me from something stupid. And when I'm in physical meetings now,
unless inclined Teoh jump in its by the way, it's my one
for me, my one biggest weakness
as I talked too much and don't listen enough.
That's it. I'm every year I write down What a my bad at think I just yakked too much to go on and on and on and on, and I don't listen. And this kind of an exercise is a useful one and virtual ization and certainly conference calls cause you to be more thoughtful in the way that
you would go about, you know, managing your own behavior during the call.
Now, let's say I go through our rules were 1/4 off. We're gonna have Michelle Gupta from Unisys jump on. Really, really wonderful technologists. Great executive will ask his experiences,
kind of with some of the work from home a little bit about some of the tech that
that he guides along at the Unisys. But let's go through our usual rules here on day.
1st 1 is that when you're building and managing and running a security team
that is now working virtually for the most part,
you really shouldn't just assume uniform technical competency. I don't mean technical work related.
I mean, VPN getting your yourself set up. I know
that we're all supposed to just know how to do this, but some people don't
and it's not meaningful. It's not reasonable to just assume that everybody knows exactly how to do this. And here's an example.
you're all in a meeting
it's Bill and Joe and Mary And let's say Joe
has been with the company a good, long time and is a wonderful person,
maybe just not as tax
it comes time you say, Hey, Joe, you've got that thing right.
The document I do Hey, here. Why don't you share your screen?
And then we'll look at it.
And then Joe fumbles around
and doesn't know how to share a screen.
And then everybody's talking to Joe like he's a one year old
Joe. Okay, listen, here's the button it. So you'll see it. Right? You see, Egypt, can you ask for more humiliating moment for Joe,
that is a Don't do that, please.
And a lot of times, you probably know Joe is not going to know how to share the screen. So don't be a jerk and assume it.
You know, just find some. Like if you're gonna do that, then make sure Joe knows how to doing in advance. You. You all know what I'm talking about.
But this is a case where the first rule is. Just don't assume everybody's,
you know, spends their summers working at an Apple store. Knows how to make everything. Work is especially important for those of you who grew up with this technology can tell you many times my my three millennial kids
will he the sigh
and look at their computer science dad me and say, How can you possibly be a computer scientist, and you don't know how toe sink your iTunes password with net Netflix. Like the moment when Netflix or something says, Oh,
you want to buy this movie? You know you put in your this or that. I don't know what it iss
my kids look up you like I'm a dummy. Don't you do that? That's not a good habits. That's our first rule.
And related tutorial guides still matter. It's not reasonable to just assume that everybody knows how to do everything
I read. Tutorial guides are listened to him on YouTube all the time. Somebody asked me to do something, and I go and I watched a video on it.
Maybe you don't do that, but I dio.
And if it's a work related thing, like if somebody says, Hey, do me a favor
and go, uh, register this new contact in our CRM
and you're a new part of the marketing team and you don't know how to do that.
You've never used Salesforce before.
Well, then you're gonna need a tutorial. And if sides you can make sure people have the ability to get to turkey is where virtual Now I can't walk over and ask for some help.
There's no place toe walk is. You can't casually get some assistance. You're kind of on your own. So as you build out for your security team, some sort of a virtual arrangement, this is important
now guidelines. This is an easy one for security people because we all know
that ultimate liberty
work from home requirements and standards or things that come from experience. And the way that experiences develop is by starting with guidelines. So right now you're on an enterprise security team and you have not already
developed guidelines for what people should or should not be doing from home. Then you really ought to take the time to do that.
Um, is it okay
to jump onto a zoom session from your
daughters? Mac book air?
Is that okay? Well, why don't you tell me if you got a company issued PC, would rather they do that on the company issued PC? Or should it be on the Mac, which is do you care
if you ask people the hairpin
VPN to the enterprise and then push out to zoom from the enterprise through the gateways? We have a log and so on other things.
Well, great. But how do you stop them from just pointing it? Zoom natively from home?
Is it a guidelines of requirement? Is their architectural control? Are they just promising to do it that way?
You get the point. Think these things through and make sure you're developing guidelines. This is an important one for security teams. This is not a should do. This is an absolutely must do. In my mind,
I'm face to face is still really important.
you're just not going to get around this. You have to find a way.
It's not easy, right? I don't You know. Everybody's got so much virtual conference time
now that the last thing you really want is more meetings,
and you know those virtual cocktail parties that you go to. I do them with my friends from college,
but it's different cause I don't see those people during the day.
It's hard when you've been at work with somebody all day to say, Let's do a virtual sit down,
so I don't think that's the answer. But I do think managers still need to find personal time.
And if you can't do face the face than you do it on the phone. Whatever you need to do. Like my little tag side word. Small groups. We all talk to each other 80 times a day,
so it may be that we have the advantage of such intimate day to day contact. That is important. But if you haven't seen your boss in a month,
um, that doesn't feel good, right? And if your home virtual you feel like at a state out of mine, that creates an obligation for you and your boss to make sure that there's some cadence and to be best if it's face to face, I think you would agree with that. So take the time. Security. We don't
We don't often think of these things these air soft, cushy things as opposed to
sort of the hard cybersecurity issues that we deal with.
Rule five this week. We know that mentioned this several times where remote work could be more productive, period and
and as a manager like, let's say you're managing a sock team and you feel like, well, you know, what's the difference? You know, my sock team used to work shifts, and now they're all home
you can get pretty crazy here once you start seeing that people are appearing to work 24 7
So instead of three shifts 38 hour shifts, now it's 3 24 hour ships.
It's up to you, the manager, to throttle this. You can get drunk. I reminds me of like when people go to the northern part of Earths and they experience the unusual thing you get sometimes, like in Alaska, in the places where it's daytime all day long,
never get star.
That can be tough, because people start feeling like they're Superman or super World, and they never have to rest. And they could work like crazy. And after a while, you you just dropped down, exhausted. If you try something like that,
talk to anybody who has ever tried that. They'll tell you that situation. If it I'm on, I feel like this remote work is similar,
So you, as the supervisor used the executive, need to be very willing to acknowledge that at risk.
There are a lot of experience remote workers, and I'd recommend at work if you don't have an advisory board or an advisory group of experience, remote workers that being mistake,
you talk to your doctor, teen
talk to your manager and suggests that if there's I don't know, let's seen in your ecosystem. There's 100 people. Let's say 20 of them have been,
for the most part, working remote the other 80 year, figuring it out out of that 20 pick 45
you know, have them put together.
You know, different types of learning sessions. They should be the advisory council on remote work. They should have, ah, person that you can always call if you have a question about something. If there's something that you really don't know the answer to like, is it OK to leave company materials out on the desk?
If it's your home desk in your home in your home, or should be in the
in a drawer somewhere and doesn't need to be locked,
you go. Gosh, I don't know if there's no guidelines. He called somebody who's been doing it for the last 10 years. Hey, Mary, I What's up? Ohio And what? Some people people working from home for a while. Yeah, sure have you get this question and Mary will tell you.
She'll say, Oh, this came up a couple years ago. Here's what we decided, and Booth did not become the guideline and then eventually becomes a requirement. It's really, really quite simple.
And then finally, our last rule before we get to uh shall in a minute here is
you should only resume normal when people are ready.
I I'm not a big fan of
the company deciding All right, everybody back to work is everyone is different situation, different health risks, different situations at home.
All the things we've talked about, so show some empathy. You may be one of the people making that decision,
and I do hope that these ones size fits all type things. I hope you try to stay away from that to the degree possible,
because what you really like to do is have the opportunity to give everyone a chance toe
to come back to work when they're feeling comfortable. So so that's our last rule. I'm gonna I'll leave the chart. I'm on this and we'll
we'll just use This is our jumping point. Let's go invite the shell on Michelle, Can you hear me? OK,
I can hear you. Fine. It is very nice to speak with you. I hope everything's going well for you.
Thanks so much for your good wishes. That and
I really enjoyed the, you know, the discussion I was hearing about the talus balls. You were playing with your daughter. I actually has been doing that too. So that certainly something resonated
I enjoyed in your book.
Yeah. Have you seen this is a positive thing for your team. Like I'm not. Not that there's ever anything positive about people getting sick. That's horrifying. But in terms of the work thing of you had some positive things come out of this
out of the pandemic kind of work from home.
Yeah. No, it's a great question.
So I think
I'll probably talk about a couple of things, their head from a positive perspective. I think one thing
you know, my team just from the context of other folks right on the PTO at Unisys
and I would team off a couple of 1000 technologists all over the world,
including in the fourth centers in the U. S. And,
you know, one of the challenges that the team and I had was that we were just in so many different centres right that
you were never in one place to begin with.
And so we used to do away with all hands and travel and from that right and some way that's actually become easier because nobody actually can go anywhere, right? That level playing field that we were talking about, right? Double it was granted
whether they are in blue by the headquarter center or in a remote location that all information actors with the same.
In some ways, you know, is there tonight a dual hand where you bring together people in the, you know, in the two time zones, if you may
work for so many physical Holland So I think that's what bit better.
You know, we we work in about 14 different products
and so far be having Mr Really Right now, the team has actually because they're safe time commuting.
So that is another positivity river. People would spend all the time commuting some of them you in an hour or even more. And now you're not finding the time
until from people who have to create the technology
are productive, It he's actually gone higher.
Ah, and we have not missed any release date.
Um, so I think those are probably the positive. There's a lot of challenges as well.
Uh, the only other thing that I would say as well as that,
you know, um,
because I think people,
you know, everybody have a circle of friends of people. They knew
now that when you get a broader set of people on the call and we get to know the people better,
I think it's given an opportunity
for people to essentially replace the water cooler conversation with, You know, we're sort of putting together these
thanks. Like these works will get together, try like a virtual happy RV. We try to do every couple weeks
a what you lunch we do with no agenda where people can just common talk and possible
either good paying the challenges that having I think, the relationship
between the people because we used them extensively. And we say, you know, let's turn on video.
So I think the relationship, uh
uh have become a bit better because there is that shared challenge that everybody has had. And you know the thing that during third after the challenge,
had your team been doing a great deal of virtual prior to this to this event.
Yeah, I think the question so
why? We were using virtual tools. We've started using doom about six months back before the sky, which is not a great,
uh, but we still had more, like 80 20 right? 20% people working from home in 80% really working from the office.
And so, um, we would typically have people not being able to work from home one day a week.
Now, clearly, that has changed your 95% people working from home.
Interestingly, other than Shanghai, everybody stays home. Russian guys. The only place where people say that's totally fine Coming to the office.
Uh, that's kind of an interesting thing, though.
We didn't have virtual before, but not circulated Any order of magnitude like we have now.
That's so interesting. So hey, you know, tell us a little bit about them. The work activity and the You got some wonderful products there. It will help us of contextually for people to know the kind of work that you guys do it. Unisys made a little bit about staffing some of the other things you're doing. I think that will be helpful for our
Yeah. Happy to talk about that. It's great to see. You know, you've got a great attendance on the, um, you know,
140 plus people interested in cyber security, which is awesome,
uh, wear the They're all pain participants. So we just pay them to drive the way endedly finds. Well, all right. Yeah, wonderful. So, you know,
if you're one of the interesting things that is, if you think about from a cyber perspective, what is the
more attack asset right now?
It has got to be the VPN concentrator, right? Because the cybercriminals all now understand
And so they know that if you are able to get into the European concentrator, you can go anywhere the enterprise, get to any date or do anything,
right? The bean
sort of interesting, because now they don't have to go in and do a lot of other things. They know exactly where to go. And as you were mentioning earlier, you know, everybody loves of you can sort of guys that think sarcastically, right? So one of the products we came out early on,
especially in this category that we call it, felt always on,
Which is how do you enable this need of trust? Network access Iraq.
We wanted to make it very easy because we peons are good if you need access to the environment. But mostly people leave after two applications.
Right? If I needed acting politic machine, I can do we PN. But if I needed access to certain applications for my work,
then we pan is both complex, expensive, hard to set up, hard to scale. But then,
from a security perspective, once you get in the VPN that concentrated, you going to do anything
worse is if I build, you know, if I use the technology that sort of built the thing of industria called trust method axes the T and A,
then I can just give you
access to the application port.
And so even if you were somehow able to breach it, there's really no home.
Um And so I think that's one of the,
um, extensions in the stealth. Often that we have done, which has the
been received very well, given the challenges from both operational security perspective European,
I think the other bit in cyber as we know most of the reaches a cost from credential harvesting people fish,
they do social engineering. You know they'll get the our credentials from Yahoo, our starboard or wherever the breaches occurred.
And typically you will be using similar potential for your work. And that's how they kind of come through. And so we've been thinking a lot around
the most. You know, in identity you think about you know what you know, which is typically the password, who you are and what you have. And so far, the industrial done much more about what you know, which is the password and what you have, which is the OTP called you get on the phone
and we caught, you know, doing much more with biometrics
that can decide who you are right to do. 10. Ticket that
I would be very useful. So we have actually not
very trusting, capable vehicle stilt identity, which can feel,
you know, whether you want to use facial or you want to use boy or you want to you the you know your your your fingerprint, any of them or a combination of them
to attend a gate you, especially when you are doing anything sensitive. For example, one of her customers using it for 30,000 contractors because they're concerned that you know that security hygiene may be a challenge and they would like to validate, especially when people are trying to get access to anything important that they are indeed true. That the failure
so interesting. It's almost a Ziff. These capabilities were pre programmed for the situation. VPN and bio two of the most important controls that we deal with so way. Pretty busy. Yeah, we got lucky. You know, the team. Um, you know, definitely. Also, uh,
you know, the thing is very happy with R and D productivity, but keep definitely
in a weighted as well.
And then he next with some luck as well, right? We were sort of the right place.
uh, obviously mean that none of us knew coming into 2020 this little. Otherwise it would look like
Now you may have been listening. Think you were when we were doing our SWAT analysis And one of the things that I don't think that is that there are threats right there. And you mentioned earlier with VPN concentrator.
What would you be willing to go a little deeper with that. You
Do you think that there are adversaries?
Um, and you alluded to this, but I'm a cure, so just pick your brain a little further on this are really adversaries out there that are
perhaps taking advantage of this situation to either drop malware that will be used later
or to establish, um,
appropriate set of credentials and be used later, or maybe even causing something Now what? It sorts of things. Is this? Yeah. What do you worried about? What do you think it is happening, right?
Yeah, I think the great question. And, you know, without trying to get political. What I would say is that there are adverts for you,
you know, malware as we know that all time high, right? There's a lot of that happens through emails. True length.
Um, what's interesting and difficult is if you ever did a fishing town,
and we do it all the time. Even among the internal employees,
Um, we're still finding even among the technology company, like
there's about 40% chance that people will quit the link.
Think like it's coming from the cost from seeing you. You know,
people just don't see where the email is coming from right, So there is
so e you've got tracks that were always there like this, you know, fishing kind of attacks coming in
B, You've got a lot of social enduring going on,
like we discussed were credential stealing and, you know, the breaches that are happening from back,
I think, See, you know, should think about people sitting at home. And sometimes you are often the question here using your daughters,
machine for getting on the phone call. You know, you don't know the post your security for sure. The machines that are used to access,
you know, all your application.
And so now you have to think about from a security perspective.
How do I validate you are who you are, right and back. First thing trust where you place your trust
doing his doom. You know, you know, you're sort of doomed. The person is not necessarily who they say they are. So I think there is that bread, which is very difficult
not to validate because, you know, you're distributed in on that
and imagine the same thing is true for a D. O. D. Right. A duty is never work in that context. Right? So
So And these are highly classified, highly sensitive data,
the other. But it is that, you know, a lot of the U. S. Economy is based on I p
and there are countries trying to steal that. I t They're trying to do it every day.
And so how do you make sure that you can validate the person you've been violated? The machine? You can actually think about how insecure the WiFi router might be. Right? Doesn't even have the vet key.
What if somebody gets into one of the UK devices and then tries to come and jack into your information?
in some ways, you know, this industry has been talking about this concept of digital trust,
and in some ways, I think this pandemic has made
that even more important because trying to validate the machine, the user, the identity, trying to limit the attack surface with things like micro segmentation, trying to think about fast detection so that even the fact thing will happen. People will always clicking,
he knew immediately isolate that machine. He did give people least access, like example we were talking about earlier where they just get access to the application poured in short of everything.
So I do think that why this is a complex fight. While there's a lot of track both in terms of people
from economic perspective, crime take my always or from a nation state perspective, I think there are a lot of interesting technologies to
to stitch together to address both track.
So I see the glass is half full, but yet the attack surface has certainly got up. Now people could be getting on a number of machines on a
uh on a router. That is not the cure on a machine does not secure a person. That may be the person you're dealing with and potentially getting access to your entire enterprise, and you have to be very careful
as a security professional could think how to protect them. But here in that era,
interesting never shall. In the chat here, there's a lot of back and forth about some work from home and predictions and so on. But maybe it's a closing questioning. I'd like to ask you a little bit about the future. Now that this course is about leadership, we've spent a lot of time
meeting with and listening to leaders like yourself who have big teams and what we've come to. The conclusion is that Met leaders air are often
really relied upon to show people the future like where we have Ah, ghost. I'm gonna ask you. Yeah, I got your crystal ball here.
What do you think? You think like this rubber band stretches back to its previous thing? Or do you think
in a couple of years, Well, I bread? What do you think?
It's a great question and try and there's a little bit of a crystal ball here. And I think,
you know, a lot of people are calling the future of the new normal
right. And the idea is that the new normal
is not exactly now. It's not exactly what it was before,
and it is sort of like, you know, not work from home, but really kind of like work from anywhere
right where this company and the institution that able to top
a much larger talent base
and also people are able to quote in court, you know, have the life back a little bit in terms of being able to work from where they want. Worse is
they're being forced to come to the office of forced to work from home, or or one of them, right? So that flexibility is there.
And if you think about you know, the future is going to belong to digital right to talk about how offer it's the world and how
it's the genesis for creating, although different experiences,
that will be there and it should stay.
If that's the case,
then one of the three or four things that will really help us write clearly Cyber one B one of them, because our future is going judicial than protecting your digital assets will be key.
And so I think there's going to be a lot of innovation and opportunity and diaper.
I think there's a lot of innovation opportunity in a I
because in that future,
uh, we want to make complex things simple
and to make complex thing simple. That's exactly what it does. It looked at all the data. I looked at the parking with suggesting that does
classifications. You know, it does things like we like with a Google photos, which automatically slots five and helps us find cartons in things and pictures and everything and voice and everything, right? So I think it's around. Uh, cyber is the rough day. I think that there's gonna be more and more connected with the We're talking about particular challenges with five Gina de,
you know, you've got this world of connected everything and how these things are secure, how they create their own experiences for you.
Ultimately, I also wanted
say a little bit about
people enablement Just try, breathe about.
I think in this world you will need continous Lord,
right? Because no matter what degree you've got,
the world will constantly changed, right? And so instead of thinking about a degree,
I think we need to think about nuggets off knowledge nuggets of a fast mint
that we can affect an area, know what we know and then be able to sort of, you know, create. It's almost like the Star Wars, Scott. That's gotta create that negative knowledge plug that in
the weekly, the fly, the helicopter, or create the best experience for a health care provider or whatever the world brings to us.
So I am very excited about the future. And in fact, a wily has approached me to write a book.
Maybe I should write together with you.
Well, I'll certainly be. Certainly buy a copy, that's for sure. That sounds like something that will be were the use of some time. We'll wish I wanna thank you very much on behalf of the whole group. You're listening
wonderful that you can take some time away from your job and your very busy, busy guy. We're gonna let you get back to your team. But thank you so much for sharing. I was like listening to you when we're together at meetings in Maryland. It's nice to Ah, nice to hear from me. And I hope you stay safe. Very safe and healthy.
Well, thanks so much Ed as well. Leave. Uh, You know, I think it's, uh you guys are doing great for care. I'm a big fun
Onda. Uh, you know, I have a bias to a cyber, right? I think things. This is one of the hardest industri one of the most exciting you have to be. So, uh, thanks for having me. Well, I have a mutual admiration. I enjoyed listening to you.
Flattery will get you everywhere, so thank you very much for the nice coming and on behalf of the cyber very team on my tech cyber team. Thanks, everybody. We'll see you all. Next week is the last of our six sessions. So hope to see you again next week of one o'clock Eastern. Everybody have a nice safe week and we'll see you next.
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered
Enterprise Security Leadership: Protection By Design
In this session, Ed Amoroso dives into the 8 rules that leaders need to understand ...
1 CEU/CPE Hours Available
Certificate of Completion Offered