July 8, 2020 • The Recorded Future Team
Cybersecurity leader and CEO of Acronis SCS, John Zanni, believes real leaders are forged during times of crisis. With 40 plus years of leadership experience through dramatic market shifts and times of economic hardship, he’s gained valuable perspectives for tackling today’s pressing challenges.
In the second installment of our executive dialogue series, “Clarity During Crisis,” Zanni sat down with Stu Solomon, Recorded Future’s chief operating officer, to discuss the approach to managing fast-evolving situations that he has put to the test throughout this career in both the private and public sectors.
From exploring effective crisis communication, to digital resilience planning, to ensuring a smooth transition back to work, this conversation offers actionable guidance for cybersecurity leaders across all industries.
Here are some of our favorite sound bits, but the full discussion is available to watch on-demand now.
What French Cooking Can Teach Security Leaders
Zanni comes from a family of restaurateurs who taught him the art of French cooking — as well as lifelong lessons in adaptability and resilience. In the 1980s, he was operating a French restaurant when the recession hit. “Our business was running really well and was quite busy, then all of a sudden, people stopped going out for lunch and dinner,” he recalls. “We had to learn how to navigate these slowdowns.”
This experience served him well when he embarked on a new career at Microsoft — and the dot com bubble burst. Difficult decisions followed, but Zanni never wavered from his top priority. “My focus was on the health and safety of my employees.” And in tech, as with restaurants, “Without people, you really have nothing.”
A Cloud-First Mentality Pays Off
Zanni’s people-centric approach informed his architectural decisions at Acronis SCS, an American cyber protection and edge data security company exclusively dedicated to meeting the unique requirements of the United States’ public sector.
“All of our infrastructure is cloud-based, so we can support people no matter where they are,” Zanni explains. “I couldn’t have predicted a pandemic topped with social unrest. However, I wanted the ability to hire the best talent — wherever they were — and take advantage of cloud technology benefits.” This decision paid off in March 2020 — when Zanni’s entire workforce moved to remote work, “The transition was quite seamless.”
Remote Work Is Here to Stay
“I’m a big believer in remote work and the technology that enables it,” Zanni says. When asked what “business as usual” looks like in this new reality, he’s quick to declare, “Remote work is here to stay.”
Unfortunately, threat actors have realized that enterprise IT networks have expanded into the consumer world. This creates two big challenges, he explains. First, this increases vulnerabilities in the form of BYOD devices, insecure home WIFI networks, and people working in less controlled environments. Second, organizations’ threat intelligence gathering capabilities now need to expand into remote workers’ homes.
“People will react negatively to a complete lockdown of home devices.” Instead, he says, the key is striking the right balance between security and productivity. This also requires robust employee education about cyber threats and security best practices.
Building Resiliency Across Infrastructure and People
During the conversation, Zanni describes the proactive steps his organization is taking to prepare for this new work reality — and for future challenges. When it comes to resiliency planning, however, you can’t just think about infrastructure (availability, network integrity, etc.), he warns. Just as important are the “soft components.”
“Zoom fatigue” is a very real thing, and now is the time for leaders to be “planful about personal resiliency.” For example, at Acronis SCS, Zanni has a dedicated team member focused on employee morale to support his team both professionally and personally.
The Power of Communication During Crisis
“When you watch an Alfred Hitchcock movie, most of the scary stuff happens off-screen — but humans are really imaginative,” says Zanni. “Similarly, if you don’t communicate effectively, people will think the worst.”
“In our case, when COVID started, we had town hall calls three times a week to share data, describe what we knew and were learning, and also address what wasn’t happening,” said Zanni. While they’ve reduced the cadence of these meetings, they continue to hold bi-weekly company updates to inform employees and boost morale. And it’s not just about work — employees are encouraged to share stories and hobbies, participate in virtual events, and have fun together. In fact, Zanni has become the go-to for interesting recipes, and his two dogs make regular appearances during virtual meetings. This proactive, transparent approach has enabled the organization to “keep calm and carry on” during this challenging time.
Combatting Dynamic Adversaries
“One of the core traits of an Acronis SCS employee is being alert,” says Zanni. “This means really understanding your environment in context, and requires strong sources of security intelligence — because the bad guys use the exact same technology we do. They have access to machine learning. They have access to artificial intelligence. They have access to very high-powered computers. They’re very well funded. In most cases, they are either organized crime or nation states.”
He continues by saying, “You need to be able to access that intelligence to know what’s going on — or what these threat actors are thinking — and share it with others. This gives you the ability to make quick decisions, and react fast to protect yourself.”
Zanni warns of the increasingly low barrier to entry to some of the most impactful threats today — from ransomware, to DDoS, to phishing scenarios. But, he says, it still boils down to time to detect and respond. Now more than ever, it’s critical to reduce these times by having a galvanized and available workforce, and by tapping into actionable intelligence that empowers you to recognize the attack for what it is.
Watch this executive dialogue now to delve further into these topics. Also, don’t miss the third installment of the “Clarity During Crisis” executive dialogue series on Wednesday, July 22 at 11:00 AM ET. Sign up now to hear Satish Gannu, former CISO at a multinational automation and robotics company, explore the new era of remote work and the evolving role of the CISO, as IT and OT become increasingly intertwined.