Let’s get physical
Symantec has turned facilities managers, security guards and receptionists into bona fide members of its security team. Their physical presence means cyber security messages can be better communicated.
“I have physical security people all over the world in every facility that we do business and they have the opportunity to have this real personal relationship with people that my cyber team, often centrally located, cannot do,” says Fitzgerald.
“We’re asking a set of people who have historically been kind of door-minders – it’s facilities and badges and guards – to play a different role. We’ve asked them to significantly up-level their skills set and knowledge around core fundamentals of cyber security so that they can be on the floor ambassadors for us that walk around on site.”
The result has been a win for Fitzgerald, the workforce and the company at large.
“[We’re] taking folks who are making typically minimum wage, and in a relatively uninteresting job, and giving them opportunity and access to training in ways that we’re now starting to see some of these individuals put their hand up for larger cyber security jobs,” Fitzgerald says. “They’re starting to help us fill the junior pipeline where we currently have pretty significant challenges in hiring the appropriate skillset.”
Champions in the field
Bringing cyber, employee and physical security together is a growing trend in Silicon Valley, Fitzgerald says.
That trend is taking hold in Australia too. Darren Kane, CSO of NBN Co is responsible for the security of facilities and personnel as well as information systems. Vodafone Australia's recently appoint CSO, Peter Tari, has a remit to secure not just the company’s data but its assets and personnel as well.
Being there to assist employees in need, like in the wake of the Paris attacks, means those employees are more than willing to return the favour when it comes to cyber security matters, says Fitzgerald.
“Better believe that if my teams were to call those individuals [in Paris] again in relation to anything to do with our security programme, or pretty much anything else for that matter, we’ve got real champions now, in the field.
“It’s sort of capitalising perhaps on unfortunate scenarios, but we are providing a real service and benefit to these employees. It allows us to form a personal relationship which also engenders trust and ultimately means that we have advocates for our security.”
Sign up for CIO Asia eNewsletters.