The recent WIT Summit Canada virtual event, delivered in partnership with sponsors Avison Young, Red Hat, HSBC, Splunk and Pythian, brought tech, business and diversity leaders together to discuss how to overcome the biggest challenges, and get the best out of the top post-pandemic trends in IT today.
While the first two panel discussions covered the subjects of leadership and driving customer-centric agendas post-pandemic, the last two explored how to future-proof cyber security measures to keep the organisation protected, and hiring talent for the future, today.
With cyber attacks becoming more common and sophisticated, cyber security teams need to ensure that their strategies for mitigating threat actors stay relevant in the future.
The third panel discussion of WIT Summit Canada featured ideas on how this could best be achieved, and addressing the lack of diverse talent in the cyber security space. Moderated by Anuja Sharma, regional head of solution engineering at Splunk, the following experts shared their insights:
- Amar Narain, CIO of Pizza Pizza
- Helen Polatajko, independent board director
- Melissa Carvalho, global cyber security vice-president at RBC
Coming in from an e-commerce perspective, Narain described how the security team at Pizza Pizza has gone about managing both a cloud platform and on-prem platform: “We have to make sure that the API is secure, and this isn’t done with a magic solution.
“We’ve strategically looked at security that works for us, as a small team in a medium-sized company, and found that we need tech that lets us know what’s happening.
“Our AI has to understand the data, so we partnered with a company from a security standpoint. This partnership serves as an extension of the team, with engineers meeting frequently to understand what’s happening.”
As a board member with over 35 years of executive experience, Polatajko has overseen an array of security strategies, and believes that boards often ask questions about oversight and addressing risk: “These questions cover third party risks, with third parties increasing during the pandemic due to the need to accelerate; due diligence in line with security standards; how to protect customer and financial data; and crisis playbooks. Security needs to be front and centre.”
When it comes to the financial services space, it’s considered a matter of when, not if, banks will be attacked by threat actors, and for Carvalho, the possibility of being breached needs to be accepted by security staff. She explained: “There was a 50% increase in breaches during the pandemic, and IBM has found that breaches are contained for an average of 80 days. This is a differentiator in the marketplace now.
When it comes to motivating staff to realise security risks, RBC’s global cyber security VP revealed: “We look to simulate breaches, without telling our staff or board, and sometimes middle of the night. This focuses on muscle instincts.”
Addressing the talent gap, with diversity in mind
One of the biggest challenges facing cyber security teams is the presence of a talent gap, which has given recruiters a mountain to climb. With security being “a people problem, as well as a data problem”, as stated by Sharma, the discussion shifted towards how to manage this issue.
Carvalho believes that teams need to be bold in tackling the talent gap in cyber security: “We have a large cyber practice, with over 600 people, and we want to leverage diversity.
“I, for example, have a math degree, and run a cyber practice, and we have someone in broadcasting that has built a framework. We’ve also hired psychologists, as well as military for incident response.
“We need to think of all employees throughout the organsation as cyber staff.”
From Polatajko’s perspective, boards need to be differently creative with lower numbers of staff, and a high turnover in cyber: “We’re often looking to non-security staff, such as finance employees who know financial transaction details that security staff don’t.
“Business areas have been enhancing security expertise through cross-pollination, and while we need to be careful about them, we should use third parties judiciously and strategically, making them a part of the team.”
For Narain, training staff from scratch to handle cyber security measures is difficult, meaning that his company needs to hire candidates with a security background. He added: “We look at how they work with the business, and discuss anomalies.
In addition, due to the work Pizza Pizza has been doing with third parties, meeting with them once a week and taking an augmentation approach, Narain has found that “we don’t wait 80 days to see whether we have a breach”.
In summary, getting the whole workforce involved in cyber security efforts, and working regularly but carefully with third parties, while communicating clearly and often with the board, will go a long way in future-proofing security and mitigating the talent gap.
Nominations are now open for the 2022 Women in IT Awards – one of the largest technology diversity awards programme in the world
Over the last 18 months, we’ve seen some incredible dedication, transformations, and innovation from professionals and organisations alike – especially in the tech sector. And our 2022 Awards, now in its eighth year, aims to highlight the growth, continuity and results of these incredible women, allies, and organisations.
Hiring talent for the future
The final panel discussion of the morning for WIT Summit Canada looked at how organisations can hire talent for the future, today, to prepare for skills shortages.
- Ainsley D’Mello, vice-president, enterprise infrastructure and operations at CI Investments
- Carole Chan, chief commercial and people officer at Vivo Cannabis
- Paul Pinkney, general manager – Canada sales at Red Hat
When discussing why it’s a good idea to hire talent now to avoid skill shortages down the line, Pinkney believes that this mindset comes down with the need to constantly evolve: “To me it’s all about building a talent pipeline, and using it right away. Avoiding shortages is about being proactive, getting ready to bring in people from different backgrounds, recognising individuality, and getting people excited.”
Pinkney went on to cite the need for organisations to make their values as clear as possible to candidates from the off, allowing talent that are looking to apply for vacancies to see if they fit with the culture. He added: “At Red Hat, we try to be transparent and community-focused, employing people who are agile and engaged.”
For Chan, a particularly helpful way of attracting talent has been through employee discounts for products, as well as carrying out surveys, a recent one revealing that learning and development is vital for current employees.
“From here, we rolled out a calendar of learning and development sessions, and tracked feedback,” she said. “This covered areas such as team training, cyber security and focusing on managing mental health.
“We also have a registered mental health worker who delivers webinars about managing stress and resiliency.”
For D’Mello, talent need to be aware of the constant changes that are happening in tech, while companies need a tech strategy in place to understand long-term goals.
“We’re always searching out talent with a willingness to learn technical skills, and that have basic skills that we can build upon.
“Retaining talent requires a high level of engagement. When the company’s overall purpose is being practiced, people are more likely to stay.
“There’s also a need for high levels of communication, which has been an IT problem for a long time.”
Creating more opportunities
When it comes to creating new opportunities for talent, Pinkney believes that “frequent connections, made inside and outside the company, are critical”.
At Vivo Cannabis, the leadership team has looked to be more flexible about where staff can work post-pandemic, according to Chan: “Much of the team have left Toronto, and we’ve downsized our office, but day-to-day operations remain the same.
“As a start-up, staff need to wear multiple hats, which allows for additional responsibilities and agility. This helps with understanding skill sets and future responsibilities that could be in place.”
From an investment sector perspective, D’Mello commented: “Bringing in the right resources and training for the future helps to meet outcomes in a shorter space of time.
“From the employee side, the top response to our surveys asking about experiences is a lack of development and communication, which has always been a challenge, but engagement is increasing.”