Securing against Covid-19, disruption and the importance of D&I in security

Kurt John shares' Siemens USA' swift response to the pandemic and the importance of diversity and inclusion in an effective cybersecurity strategy

As businesses have increasingly moved from the physical to the digital, the need for effective cybersecurity has become paramount.

But, the COVID-19 pandemic and resulting mass move to remote working (and rapid cloud adoption) has created a new set of challenges for security leaders to deal with; ensuring their workforce remains productive, efficient and secure in a remote environment.

DiversityQ’s sister publication, Information Age, spoke to Kurt John, Chief Cybersecurity Officer at Siemens USA, about how he had already prepared for these challenges while explaining the importance of improving diversity and inclusion for an effective cybersecurity strategy.

Cybersecurity at Siemens USA: an advanced track record

Siemens is a global company involved in practically every part of critical infrastructure, whether that’s the mobility of trains or the development of smart buildings.

As a result, effective cybersecurity has always been essential. The organisation has been integrating security into its products for some time, and “we now have a robust product security program,” said John.

Siemens also initiated the Charter of Trust in 2018, a collection of companies committed to making the digital future safer for society.

The importance placed on security is a long-standing tradition at Siemens, and this served the company well as COVID-19 forced thousands of employees to work from home.

Says John: “We’re very fortunate that across the globe we have 1,200 cybersecurity experts across in our Siemens cybersecurity ecosystem. We work together to make sure that we address things, such as robust training and regular phishing tests for our employees.”

https://diversityq.com/how-to-lead-teams-from-home-during-the-coronavirus-pandemic-1509213/

Securely prepared for the impact of COVID-19

Starting from the work from home angle, John acknowledged that this did create some strain, but “we were well-positioned because we’d already implemented some measures to help ensure that such a transition was seamless. There were no security issues or at least a minimal impact on security.”

For example, Siemens USA had already deployed endpoint detection and response, next-generation software that can an organisation identify and mitigate cyber threats.

The organisation had also deployed a robust programme, allowing the business, technical and security teams to effectively communicate with employees while working from home.

“This was important as moving from a secure corporate network that’s patched and updated regularly, we needed to explain the do’s and don’t, or the considerations that should be taken, because all our employees were working offsite,” said John.

While Siemens USA was technically prepared to support a remote workforce, it was critical to ensure employees had the knowledge base and the support they needed to raise the maturity of their cyber security skills.

“The deployment of cost-effective technical measures, like anti-virus software and next-generation malware protection, as well as a robust training and education program was paramount,” he added.

Kurt John’s cyber security best practice: the do’s and don’ts

1. Do: Collaboration — “One person can make a difference, but we’re not an island. It’s important to listen, collaborate and view your colleagues as single experts in a particular field who can help to solve a complex problem that you otherwise wouldn’t even come close to solving on your own,” John advised.

2. Do: Remember the business — It’s crucial that everyone in the cyber or technical teams remembers that everything they do is in support of the business being successful, and that includes being aware of the business strategy, the business challenges and the market conditions under which the business is operating

3. Do not: Forget silos– “Don’t operate in a silo. The best way to be effective is to understand the top value chains in the business, why they are successful and how you can contribute to that success,” John continued.

Diversity, inclusion and improved cyber security

Improving levels of diversity and inclusion isn’t just a nice to have, tick box exercise.

Instead, it should be viewed as a way to improve an organisation’s cyber security strategy.

“A highly diverse team, nine times out of 10 will outperform a less diverse team,” Mr. John added.

He continued: “This is because when people come from similar backgrounds that have similar experiences from similar educations, it is unlikely that there will be any disruptive or different thinking in that team.

“If you can have a workforce that comes from different lived experiences, they’re much more likely to have lively discussions and come up with a more disruptive and innovative solution.”

Outside and including cybersecurity, if businesses want to outperform their competitors and prepare themselves for the future, improving diversity and inclusion should be a key business goal.

https://diversityq.com/why-improving-diversity-in-the-cybersecurity-industry-can-help-solve-its-growing-skills-shortage-1510123/

Cyber security: a potential champion for diversity and inclusion

In a closing thought, John explained that he believes the cybersecurity industry can champion diversity and inclusion.

“I believe the cybersecurity industry has a great opportunity to become a mechanism for change in the fight for diversity, equity and inclusion,” he wrote in a recent article in ISACA.

This is because of the significant talent shortfall in the vast cybersecurity industry. Currently, there are an estimated 3.5 million cybersecurity jobs available.

There is an opportunity for people to enter this field from non-technical as well as technical backgrounds, and those in the middle of the career, as well those at the beginning

“There is a real opportunity for cybersecurity managers, recruiters — those responsible for getting a diverse slate of candidates into the pipeline — and for educators, who are responsible for getting these people trained and ready to enter the workforce, to collaborate to bring new people into the field and expose them to a new opportunity in cybersecurity,” said John.

He concluded: “Cybersecurity can become an industry that’s well respected and well known for having a highly diverse workforce.”

To hear more from Kurt and a panel of experts on the tech hurdles of 2021, join Women in IT Global, on February 10th. Register for your free ticket here: https://bit.ly/3bZSim6

https://diversityq.com/the-women-in-it-2021-series-is-around-the-corner-1511331/

Nick Ismail

Nick Ismail is the content editor for Information Age

Rate This: