The Changing Role of the CISO: A Q&A with Okta CSO, David Bradbury

I had the opportunity to talk with David Bradbury, CSO at Okta, about what it’s been like to manage his team and security for the broader organization during this time.

I learned that, while the initial shift to remote work in early March brought to light many challenges for CISOs across every industry, it’s also opened new opportunities for those in the role. Instead of taking a back seat in leadership compared to C-suite peers, CISOs have stepped into a critical, strategic role during the pandemic — and they’ll continue to remain key decision-makers.

Here’s our full conversation with David:

How did CISOs first react to the shift to fully remote workforces due to COVID-19?

Answer: We let out a small scream and then got on with the job. In all seriousness, we thought even harder about how we could deliver on tools that walk the line between usability and security. I prioritized seamless security experiences on my own team from how we talk to our internal customers to the way we think about the technology and services we provide.

What security threats has the COVID-19 pandemic brought to the forefront?

Answer: Since the beginning of March when the pandemic set in, we’ve seen an increased threat environment. We had to leave behind some of our security back at the office, and we had to totally reconfigure how we think about it with a global remote workforce. I’ve been talking to our customers and one of the biggest threats they’ve seen is from turning on new collaboration tools without thinking through security implications for employees. Everyone is adopting new toolsets quickly to stay efficient from home, and security teams hold the responsibility for educating their people on the right and wrong ways to securely use every new technology.

How have CISOs taken on a more strategic role during this time?

Answer: This time has been a test for many CISOs. Are they deserving of their C-suite titles? Rather than taking a back seat in leadership compared to C-suite peers, CISOs can now act as change agents. While many typically come from technology backgrounds with a lot of technical knowledge and less business knowledge, they’ve found themselves weighing in on key organizational decisions. They’re in the executive ranks and need to collaborate more than ever with C-suite decision-makers.

How has your day-to-day changed, if at all?

Answer: Every CISO’s vision is to create a broader culture of security across the organization. Over the past few months, working with customer-facing and other critical frontline teams on security measures has surfaced as a critical priority. I’m spending less time with my own team and more time with teams outside of security and technology — from customer service to sales and the field — to support the entire Okta team in delivering our services in a remote work environment.

With a fully remote global team, is there anything CISOs should be reconsidering when it comes to hiring practices?

Answer: Yes! At Okta, we’re embracing Dynamic Work, enabling our employees to work where and how is best for them. This is so much more than remote working. Many other companies are doing the same or creating a plan for the future with remote work leading the way. One of the most significant benefits is that CISOs can now look to global, previously untapped talent to both diversify their team and address the cybersecurity talent gap.

Have long-term priorities or projects changed given the events of the past few months?

Answer: Some have accelerated while others have slowed. Projects that accelerate the ability to securely work remotely have risen in importance. Customers have been telling me about their push to look at VPN replacements and the creation of better user experiences by accessing O365 directly from outside the network. The slower projects right now include those focused on improving the security of the network or corporate office (since that isn’t an immediate need anymore). The hardest challenge for many CISOs is balancing an influx of remote work threats with long-term strategic goals. Maintaining a focus on what comes next (which for us, is a lot of prep for Dynamic Work and a plan to secure our dispersed workplace of the future) will make or break organizations’ ability to adapt to a world of constant change.

Okta for Distributed Work

A big thank you to David for allowing me to pick his brain on these topics! For more information on how Okta and other organizations are embracing Distributed and Dynamic Work, check out the resources below:

Solutions Page - Enabling Secure Access for a Remote Workforce

Solutions Page - The Future of Work is Dynamic

Blog Post - How the CEOs of Okta, Zoom, Slack, and Box are Leading Through Crisis and Creating a New Normal

Blog Post - GitLab Goes All In on Zero Trust to Secure a Fully Remote Workforce

Blog Post - How the World’s Largest Organizations Should Respond to the Paradigm Shift of Remote Work

Blog Post - The Future of Work is Dynamic: Going Beyond Distributed and Remote Work