Securing against Covid-19 disruption and the importance of D&I in security

Kurt John, Chief Cybersecurity Officer at Siemens USA, discusses how he prepared for the impact of Covid and the importance of D&I.

As businesses have increasingly moved from the physical to the digital, the need for effective cyber security has become paramount.

But, the Covid-19 pandemic and resulting mass move to remote working (and rapid cloud adoption) has created a new set of challenges for security leaders to deal with; ensuring their workforce remains productive, efficient and secure in a remote environment.

Information Age spoke to Kurt John, Chief Cybersecurity Officer at Siemens USA, about how he had already prepared for these challenges, while explaining the importance of improving levels of diversity and inclusion for an effective cyber security strategy.

You will be able to hear Kurt discuss his thoughts around this topic, along with a panel of other experts at the Women in IT Global event.

Cyber security at Siemens USA: an advanced track record

Siemens is a global company involved in practically every part of critical infrastructure, whether that’s the mobility of trains or the development of smart buildings.

As a result, effective cyber security has always been essential. The organisation has been integrating security into its products for sometime and “we now have a robust product security program,” said Mr. John.

Siemens also initiated the Charter of Trust in 2018, which is a collection of companies committed to making the digital future safer for society.

The importance placed on security is a long standing tradition at Siemens, and this served the company well as Covid-19 forced thousands of employees to work from home.

“We’re very fortunate that across the globe we have 1,200 cyber security experts across in our Siemens cyber security ecosystem. We work together to make sure that we address things, such as robust training and regular phishing tests for our employees” — Kurt John

Securely prepared for the impact of Covid-19

Starting from the work from home angle, Mr. John acknowledged that this did create some strain, but “we were well positioned because we’d already implemented some measures to help ensure that such a transition was seamless. There were no security, or at least a minimal impact on security impact.”

For example, Siemens USA had already deployed endpoint detection and response, next generation software that can an organisation identify and mitigate cyber threats.

The organisation had also deployed a robust program, allowing the business, technical and security teams to effectively communicate with employees while working from home.

“This was important as moving from a secure corporate network that’s patched and updated regularly, we needed to explain the do’s and don’t, or the considerations that should be taken, because all our employees were working offsite,” said Mr. John.

While Siemens USA was technically prepared to support a remote workforce, it was critical to ensure employees had the knowledge base and the support they needed to raise the maturity of their cyber security skills.

“The deployment of cost effective technical measures, like anti-virus software and next generation malware protection, as well as a robust training and education program was paramount,” he added.

Kurt John’s cyber security best practice: the do’s and don’ts

1. Do: Collaboration — “One person can make a difference, but we’re not an island. It’s important to listen, collaborate and view your colleagues as single experts in a particular field who can help to solve a complex problem that you otherwise wouldn’t even come close to solving on your own,” Mr. John advised.

2. Do: Remember the business — It’s crucial that everyone in the cyber or technical teams remembers that everything they do is in support of the business being successful, and that includes being aware of the business strategy, the business challenges and the market conditions under which the business is operating

3. Do not: Forget silos– “Don’t operate in a silo. The best way to be effective is to understand the top value chains in the business, why they are successful and how you can contribute to that success,” Mr. John continued.

Diversity, inclusion and improved cyber security

Improving levels of diversity and inclusion isn’t just a nice to have, tick box exercise.

Instead, it should be viewed as a way to improve an organisation’s cyber security strategy.

“A highly diverse team, nine times out of 10 will outperform a less diverse team,” Mr. John added.

He continued: “This is because when people come from similar backgrounds that have similar experiences from similar educations, it is unlikely that there will be any disruptive or different thinking in that team.

“If you can have a workforce that comes from different lived experiences, they’re much more likely to have lively discussions and come up with a more disruptive and innovative solution.”

Outside and including cyber security, if businesses want to outperform their competitors and prepare themselves for the future, improving diversity and inclusion should be a key business goal.

Cyber security: a potential champion for diversity and inclusion

In a closing thought, Mr. John explained that he believes the cyber security industry can champion diversity and inclusion.

“I believe the cyber security industry has a great opportunity to become a mechanism for change in the fight for diversity, equity and inclusion,” he wrote in a recent article in ISACA.

This is because of the significant talent shortfall in the incredibly broad cyber security industry. Currently, there are an estimated 3.5 million cyber security jobs available.

There is an opportunity for people to enter this field from non-technical as well technical backgrounds, and from those in the middle of the career, as well those at the beginning

“There is a real opportunity for cyber security managers, recruiters — those responsible for getting a diverse slate of candidates into the pipeline — and for educators, who are responsible for getting these people trained and ready to enter the workforce, to collaborate to bring new people into the field and expose them to a new opportunity in cyber security,” said Mr. John.

He concluded: “Cyber security can become an industry that’s well respected and well known for having a highly diverse workforce.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...