Open in app

Sign in

Write

Sign in

The Cube

My days are all Tuesday

Sol Bermann
CISO Tuesdays

--

Or The New Normal is there is No Normal (and there never was)

My days are all Tuesday, so I am not going to give you a virtual tour of my never-the-same work day, all full of email, Zoom, Slack, Team Dynamix, Google chat, and text messaging, all masquerading as human interaction. Instead of my daily grind, I am going to share how the pandemic has peeled away the facade that life was ever normal to begin with. Rather, the pandemic has less changed things, then simply “made them more.”

I am a science fiction fan, particularly of the dystopian variety. Harlan Ellison, Stanislaw Lem, and Philip K. Dick are particular favorites. A common trope is to take something normal, and over the course of a story or novel, peel the so-called reality away to reveal some more unknown, if not sinister, truth. Welcome to life. It was like much this before the pandemic, its only more so now.

My days are all Tuesday. They all are/have/involve:

busy

lonely

pressure filled

moments of fun

too much sitting

endless meetings

moments of terror

unexpected humor

occasional excitement

unexpected inspiration

inadequate introspection

always always exhausting

What do I mean by “the pandemic has made things more.” That is my poor way of saying that things that were there before have become amplified or magnified. Like someone poured a whole bottle of MSG over an already over flavored dish (kids, don’t try this at home). Let me explain.

Higher Ed’s Mission

I came back to higher ed after multi-year forays in state government and the private sector. I came back because I am a true believer in its mission, the culture, and people it serves. Here are some examples of how the pandemic has magnified the norm.

  • Teaching: serving our students, striving to meet them where they are has always been something we aim for. This is only more so when our students are remote And doubly so when we need to serve our international students. We have always done remote teaching and learning to some extent, but we didn’t do it systematically like this!
  • Research: In addition to teaching, our research mission is paramount. We are dedicated to discovery and striving to solve the world’s problems. During a pandemic, this means creating better testing methods, seeking treatments, and creating vaccines. It also means researching on how the pandemic affects our mental health, deepens racial inequities, damages the economy, and more.
  • Residential Living: even though over 70% of classes are online, we remain a residential university. Student health, safety, and well-being are a must. We have always sought ways to improve the residential experience, and during Covid times these efforts have been legion. Our IT team has developed symptom checkers, health dashboards, study space finders, virtual office hours tools, and continues to work across the university in support of those on the front lines of the pandemic response and student engagement.

Cybersecurity

I am a CISO, and since this is a CISO column, I had better talk about cybersecurity stuff or my peers might pull my CISO card from me. But what I am about to share, some might find heresy. I am here to tell you that the pandemic has not created new cyberthreats…it’s just exacerbated or brought to light threats that CISOs have been dealing with for years.

  • Nation state & cyber criminals: higher ed continues to be a target for well-funded, sophisticated threat actors. These may be seeking theft of IP, to make political statements, etc…not new. Mosey along.
  • Ransomware: ransomware is the threat actors attack of choice of late, a scary word, made scarier by organizations (including universities) paying millions of dollars to get their systems and data back. But ransomware as a “thing” has been in use for well over 10 years. That cyber criminals have turned it into a business is an evolution, not anything to do with the pandemic. Super scary, but not new.
  • Remote security: everyone is remote in one form or another. However will we protect people and systems?! Remote security is just security. There is no magic, just the same layered approach we all should be doing no matter where devices are. And, btw, in higher ed, we have always dealt with remote and decentralized security. Due to the pandemic, there is just even more of it.

Leadership

One of the few silver linings I am finding during the pandemic is how it has both expanded my role and made me even more intentional as a leader (again, these are amplifications, not necessarily something new).

  • Value beyond your domain: we have been all hands on deck since March. This means many of my colleagues have been asked to work outside their domain or area of expertise, including me. For example, I have co-led development of Covid related apps and tools (symptom tracker, Covid case management), and worked on remote access bandwidth issues, among other things.
  • Relationships/Relying on others: a leadership failing many people have is avoiding (or worse yet, not even thinking to) ask for help. CISOs know that security is a shared responsibility, but all too often we don’t reach out to support. The pandemic has helped push me to be better about asking for help and seeking more collaboration, whether from my staff, fellow executive directors, faculty, unit staff, or my fellow BTAA CISOs. That support is a force multiplier, idea generator, and quality of life maker.
  • Connecting with staff: it has been difficult for me to have the type of engagement I want with my staff. The routine things I did just by walking around or having an open door are unavailable. So I have been more intentional about communicating, being transparent, using as many methods and modalities as I can to say hi and just stay in touch.
  • Compassion: CISOs are not always known for being the most touchy-feely types, maybe a by-product of the work we do. But compassion, empathy, and caring for others (especially my staff) has never been more important. Reaching out to check on people, making sure I care about the people that do the work, not just the work, has never been more important.
  • Life balance: not work/life balance…because the pandemic has magnified how much time we spend working (There is no leaving the office now. No decompressing drive home). I have always asked my staff to get the job done, not caring whether they were in the office or at home, because hours in an office do not equate to valuable work. As people adjust hours to accommodate family obligations, living conditions, etc…more than ever its not where or when…its “did the work get done.”

Personal life

I am married to the most wonderful person in the world. She is smart, kind, patient, a true partner and my best friend. I knew and appreciated all these things, but never more as we now get to be around each other almost 24/7 (for the first time ever, we eat breakfast and lunch together during the week!). Many of the things I wrote about above (compassion, empathy, self-care, caring for others, asking for help, working collaboratively, and seeking life balance) are things I am even more intentionally putting into my personal relationships.

Wrap-up

So, some people say the Pandemic has changed everything. I don’t think so. It’s just made higher ed life, or life in general more. Peeling away the present reality is difficult. The daily tragedies and growing death toll of the pandemic (let alone the current socio-political climate) makes it seem like the world is going through a Sci Fi like apocalypse. The “more” of this amplified reality is more challenging, more scary, more tragic…but we can choose how to respond. Ironically, for this cynical CISO, it is making me more thoughtful, loving, caring, compassionate, and, dare I say, even hopeful.

Ps: here is a representative never typical Tuesday/Everyday

  • 7:30am: get up cause no commute!!
  • 8–9am: email, texting, chatting to clear out and organize for the day
  • 9am: discuss data center shifting with my colleague from Infrastructure (see above about value beyond domain
  • 10am: weekly meeting with my lead team
  • 11:30am: discuss DNS security improvements with the network team
  • 12:30pm: participate in Security Reading group (led faculty & grad students from College of Engineering)
  • 1:30pm: endpoint security implementation project check-in (because we made strategic investments during the pandemic)
  • 2pm: review data governance recommendations (my team co-leads these efforts)
  • 3pm: discuss IAM team prioritization (they are part of my portfolio), as they are ever shifting as we continue to adopt and integrate new tools to support remote university business
  • 3:30pm: Covid tools status check-in and updates
  • 4pm: try to squeeze in actual work
  • 5:30–6pm: stop with the zooming and chatting and emailing and texting

Told ya, boring

--

--

Sol Bermann
CISO Tuesdays

Written by Sol Bermann

2 Followers
Writer for