In security, you always need to be thinking ahead about what might come down the pipeline. As we wrapped up the year 2021, I saw several areas across security where CISOs and other security leaders will likely concentrate their efforts and focus. One of those is the need to protect supply chains and the hybrid workforce.
By Jason Lee, Chief Information Security Officer at Zoom
First, more companies will adopt the Zero-Trust security model to adapt to hybrid working environments. Conversations around protecting the hybrid workforce from risk will lead security professionals to adopt modern tools and technologies, like multi-factor authentication and the Zero-Trust approach. Companies need these tools to ensure their employees can get work done as safely as possible from wherever they are—commuting, traveling, or working from home—and that all of their endpoints are secured with continual checks.
Second, security leaders will step up their protections against third-party risks. From SolarWinds in December 2020 to Colonial Pipeline and Kaseya in 2021, our industry saw a distinct increase in supply chain attacks. CISOs and CSOs will need to confirm their vendors are also secure, look at third parties related to the business and assess how to manage risks best.
Third, more public technology companies will create dedicated cybersecurity committees on their boards of directors. One of the most impactful things we did at Zoom this past year was to institute a three-person committee on our board dedicated to cybersecurity matters. Having security industry experience at this level is incredibly valuable, allowing us to address concerns and issues in industry shorthand readily. And I’ve heard peers express strong interest in recreating this approach at their own companies, which leads me to expect this will be a priority for organizations in the new year.
Lastly, the security hiring boom will continue. Cybersecurity professionals are a hot commodity across industries, due to more available jobs than trained applicants. The U.S. Bureau of Labor Statistics reported that employment for information security analysts is projected to grow 33% from 2020-2030. We’ll see the cybersecurity talent pool grow as more professionals choose to enter the field due to increased demand and, in many cases, the ability to work from anywhere.
About the Author
Jason Lee has 20 years of experience in technology, with a specialization in information security and operating mission-critical services. He was recently the Senior Vice President of Security Operations at Salesforce, where he was accountable for the global organization delivering critical end-to-end security operations to customers and employees including company-wide network and system security, incident response, threat intel, data protection, vulnerability management, intrusion detection, identity and access management, and the offensive security team.
Prior to Salesforce, he held the position of Principal Director of Security Engineering for the Windows and Devices division at Microsoft with the charter of protecting the online services of Windows Update, XBOX Live, and the Microsoft online store. He was also the Senior Director of Developer Services, where he was responsible for the design and management of the mission critical PKI for all products across Microsoft. This included cryptographic services in products such as Windows and SQL Server and cloud services such as Azure and Office 365. Additionally, Lee was responsible for the co-designing and anti-malware services supporting Microsoft in that role.