Okta’s New CSO on Preparing for the Future

We often talk about how the enterprise is changing and evolving—but the transformation we’ve seen in the past two months is unparalleled. In a matter of weeks, hundreds of millions of people around the world have had to make the shift to remote work and companies have had to migrate their business operations and offerings online.

Times like these put security teams to the test. In the face of rapid digital transformation, companies are often so intent on staying relevant that they overlook vulnerabilities—exposing critical gaps in their security, ultimately opening them up to exploitation. For the past two decades, I’ve seen first-hand how security professionals tackle complex issues at large enterprises including ABN AMRO, Barclays, Morgan Stanley, and the Commonwealth Bank of Australia. My passion for cyber security and team challenges eventually led me to a position as Chief Security Officer at Symantec and now, I couldn’t be more excited to join Okta as Chief Security Officer. At this pivotal moment in time, I’m reinforcing our security efforts for our own employees, and also helping to enable security for thousands of Okta customers navigating these high-stakes times.

I think I speak for CSOs and CISOs everywhere when I say that we all try our best to brace our organizations for situations like the COVID-19 pandemic, while hoping that they never come to pass. But this crisis is here, it’s not over, and its continued impact is staggering. Here’s what’s changed, for the worse and for the better, and how the role of security is adapting in response.

Seismic shifts in the security landscape

As we’ve all seen, attempted data breaches are increasing across the board, and as employees depend on email and other digital channels for their daily work, attacks of all kinds are an ever-present threat. Not all security infrastructure is created equal: those organizations that have invested in cyber defenses over the past 10 years are weathering the storm much better than those that couldn’t or wouldn’t.

As a business function, cyber security is not necessarily uniform within an organization, either. Divisions, departments, and external partners that have dropped the ball on their security protocols can undermine efforts elsewhere in the enterprise, which is why COVID-19 is serving as a crucial conversation starter around building what I like to call a culture of security.

I’ve found that Okta is a leader in this respect. For years, this company has been educating its teams and its customers, encouraging others to embrace a Zero Trust framework for security, and cautioning organizations that traditional security approaches will no longer be enough to protect them. It’s people and their devices that represent the new perimeter. While it’s been around for more than a decade, the exponential growth of remote work as a result of COVID-19 has cast a brighter spotlight on Zero Trust, making it no longer a niche concept for security professionals, but common sense for any company looking to secure their remote workforce, protect their partners and customers, and defend their data. There’s much more to be done, but I believe that the willpower is there and the momentum is building.

The changing role of enterprise security

Today’s enterprise security should prioritize both the present and the future. In the short term, it needs to be focused on the immediate challenges caused by sudden and aggressive digital transformation, protecting the workforce from threat actors looking to take advantage of this uncertainty and upheaval.

But in order for businesses to weather an uncertain future, security needs to focus on what comes next. Not only are security leaders in a unique position to guide their teams through today’s uncertainties, but they can set them up to win tomorrow by actively shaping what a secure remote workforce looks like. There has never been a better—or more crucial—time for security leaders to have a seat at the decision-making table.

The rising responsibility of security leaders

CSOs and CISOs have a chance to dramatically, strategically, and permanently redefine how and where our organizations work, ensuring workforces are secure and sustainable for the long haul. I encourage security leaders to continue leaning into the lessons of COVID-19: by investing in security best practices now, you can positively and proactively transform how your entire company operates. I’m looking forward to working closely with Todd McKinnon in setting and driving the security agenda here at Okta.