The NIST Cybersecurity Framework

NIST, the US National Institute of Standards and Technology, has released a new draft version of its Cybersecurity Framework (CSF).  This 2.0 version of the voluntary Framework is the first refresh to the current 1.1 version released in 2018. 

NIST, the US National Institute of Standards and Technology, has released a new draft version of its Cybersecurity Framework (CSF).  This 2.0 version of the voluntary Framework is the first refresh to the current 1.1 version released in 2018. 

At a high level, the CSF is a set of guidelines intended to help organizations improve their cybersecurity practices and effectively manage their cybersecurity risks.  By following the Framework, organizations can enhance their overall cybersecurity posture, minimize cybersecurity risks, and safeguard critical assets and data. 

The Framework Core is a set of cybersecurity outcomes which are arranged by function, category, and subcategory.  It also includes examples of how those outcomes might be achieved by providing implementation examples and references to additional guidance.  It’s not a checklist to follow because the actions needed to achieve a cybersecurity outcome will differ by organization and use case.

Changes to the Cybersecurity Framework

Expanded Scope

The scope of the Framework has been expanded.  The CSF was initially developed with the focus of protecting critical infrastructure such as banking and energy industries, but the Framework has been useful in other sectors from small businesses, education, to local governments. 

Expanded Implementation Guidance

The updated version provides improved and expanded guidance on the implementation of the CSF.  The use of Framework Profiles tailors the CSF for specific use case scenarios.  Examples of Profiles include a specific scenario such as “How to Use the Cybersecurity Framework Profile for Connected Vehicle Environments,” or a more general topic of “Ransomware Risk Management.”

The Framework will also now include implementation examples for each of the function’s subcategories to help organizations use the framework more effectively.  These examples are not contained in the main framework document but will be maintained separately in an online format called the NIST Cybersecurity and Privacy Reference Tool (CPRT).  This will allow for more frequent updates to keep information current.  This tool is currently in Phase 1 of its development and will be expanded as it matures.

New Pillar

The CSF has added a new pillar to the previous five main functions of identify, protect, detect, respond, and recover.  The sixth pillar that was added is the Govern function.  The new pillar focuses on the establishment and monitoring of the organization’s cybersecurity risk management strategy, expectations, and policy. 

The Govern function isn’t an entirely new topic in the CSF.  17 of the 31 subcategory items in the Govern function have been moved from one of the other five functions.  In addition to new subcategories being added an entirely new category was added related to Oversight. 

One new focus is the emphasis on organizational leadership bearing responsibility and accountability for cybersecurity risk and an organizational culture that is risk-aware, ethical, and continually improving.  It shows cybersecurity isn’t just a function of IT but rather needs to be a part of the organization’s overall governance and strategic planning.

Conclusion

The changes to the new (draft) version of the NIST CSF bring an expanded scope to include more than just “critical infrastructure” sectors.  Framework Profiles / use cases help to tailor the Framework to organizational and sector goals.  Implementation guidance for each of the Function’s subcategories helps organizations to use the framework more effectively.  Finally, the addition of the sixth pillar of Govern shows the importance of the integration of cybersecurity into overall business strategy and oversight.

Marcus Thompson is the Founder and CEO of Expedient Technology Solutions, LLC, located in Miamisburg, OH.  ETS is a cybersecurity-focused managed services provider bringing technology and cybersecurity solutions to area organizations.  Marcus holds many cybersecurity certifications including the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).

As organizations rapidly deploy generative Artificial Intelligence (AI) tools, many companies expect significant effects on their industries and workforces.

The latest annual McKinsey Global Survey on the current state of AI confirms the explosive growth of generative AI (gen AI) tools. Less than a year after many of these tools debuted, one-third of the McKinsey survey respondents say their organizations are using gen AI regularly in at least one business function. Amid recent advances, AI has risen from a topic relegated to tech employees to a focus of company leaders: nearly one-quarter of surveyed C-suite executives say they are personally using gen AI tools for work, and more than one-quarter of respondents from companies using AI say gen AI is already on their boards’ agendas.

What’s more, 40% of respondents say their organizations will increase their investment in AI overall because of advances in gen AI. The findings show that these are still early days for managing gen AI–related risks, with less than half of respondents reporting that their organizations are mitigating even the risk they consider most relevant: inaccuracy.

Darrell West, Senior Fellow, Governance Studies at the Brookings Institution, states that AI is likely to flatten many organizations due to its ability to automate work activities. Right now, most organizations have entry-level people who perform routine tasks, midlevel individuals who supervise them, and high-level employees who set the direction of the organization.  That organizational structure will no longer be necessary. AI can automate many of the tasks performed by entry-level workers. Accounting features, purchase orders, and job requisitions are already being automated. Workplaces no longer need people who manually compile or analyze information.

As generative AI becomes more widely deployed, even more tasks will be automated. In addition, job supervision and assessment won’t need as much human oversight. Customers can rate employees on how well they perform basic tasks and allow people to get the services they want. Using data analytics and AI, companies can use the responses to weed out low-performing workers and reward their top individuals. The end result will be fewer layers of management and a smaller number of employees overall in the organization.

Image Source: McKinsey Global Survey on the current state of AI

Michael Chui, Partner, McKinsey Global Institute, states that there are some gen AI applications where the potential to have transformative impact really comes to the fore. For example, in research and development, some experiments using generative AI to support writing software code have shown very high levels of increasing productivity. But that doesn’t mean we’ll need a lot fewer software engineers, because the world needs more software. Generative AI also has the potential for improving the productivity of contact centers. Technologies that automate interactions with customers already exist. Generative AI has the potential for making these interactions feel much more natural.

Alexandra Samuel, digital-workplace speaker and co-author of “Remote, Inc.” states that as AI takes over routine tasks, there will be a temptation to cut the whole tier of entry-level employees. Summarizing documents, answering routine emails, writing basic computer code, and solving simple logistical challenges are all tasks that AIs can do about as well as an inexperienced human, and at much lower cost. But employers still need an on ramp for new hires. If you stop hiring entry-level employees, you’ll have to do all your midlevel hiring from outside the organization. And if every organization pares back on entry-level hires; it will get harder and harder to find experienced mid career talent anywhere.

That’s why it pays to cultivate your own long-term talent pool by hiring green employees, but rethinking how they are tasked and trained. Instead of piling your juniors with grunt work and trusting that they’ll learn through observation, assign them more challenging tasks, like drafting reports instead of just summarizing them. The explosion in AI research and writing tools means that kind of work is now well within the grasp of inexperienced hires. With more active coaching and mentoring, these green employees can grow into valuable colleagues, much more quickly.

###

Trevor Cobain is the Senior Business Development Manager for Alta IT Services. He has over 20 years experience providing niche talent ​opportunities to his clients.

For the first time in Technology First history, we are hosting a women’s conference. We are thrilled to bring this half day event to the Women 4 Technology community! The theme for this year’s conference is Own IT! As you can imagine, we’ve had several conversations over what Own IT means, and I was surprised by the variety of viewpoints.

For me, Own IT means:

Owning who I am, knowing my values, understanding my strengths, owning my personality type, and setting, and sticking to, my boundaries. It’s so important to be both confident in who we are and really owning who we are. I remember a time when I wished that I was five feet tall and weighed 100 pounds. It simply isn’t the way I’m built and today I’m okay with that.

Over the years I’ve taken a plethora of values tests and they pretty much stay the same: collaboration, honesty, trust, contribution, and participation to name a few. Knowing my values helps me stay aligned with what really matters, how I decide to spend my time and with who. If you haven’t taken a values test here is a pdf to get you started.

Several years ago, I read Strength Finders 2.0 by Tom Rath. It’s a quick read and then a quick online test. The feedback I received was invaluable! I learned my top strengths are achiever, learner, responsibility, deliberative and relator. Knowing this has helped me know where and how to best spend my time. I surround myself with people that have different strengths because together we make a great team!

Knowing my personality type has also clarified how I communicate and how I process. If you are familiar with Myers-Briggs, or MBTI, I’m INTJ: introvert, intuitive, thinking, judging. I know, introvert, me?! This one really helped me understand the reason I’m exhausted after a day of meetings and networking.

Boundaries! Man, these are tough! As I get older, I’m better at them but then there are times I think I can conquer everything, volunteer for everything, and do everything. Setting boundaries has become both necessary and a way to ensure I work on some sort of work/life harmony.

Owning IT also means, to me, taking responsibility for my actions and my team. Ensuring that my expectations are clearly communicated, and that we are all on the same page. If something fails, it’s my fault and my job to find out what I need to do to fix it. What processes and/or procedures need to be reviewed, reevaluated, and/or created to ensure it doesn’t fail again? It’s when I mess up and take responsibility, owning my actions, or lack of action.

So, I ask you, what does Own IT mean to you? Join us on Wednesday, September 27^th and share your point of view!

*********

Melissa Cutcher is Executive Director of Technology First. 

It is one thing to grow a business through organically increasing market share through advertising and selling.  It is another thing to grow by gobbling up (or being gobbled up by) your competition.  The level of unmitigated chaos created by welding two different companies, with separate cultures, practices, and methodologies cannot be underestimated. 

Unfortunately, some of this pain and suffering is self-inflicted, especially within the Information Technology (IT) department.  Their job is to provide the electronic tools and talents necessary for modern businesses to do their business.  That is why IT takes up such a large chunk of the overall budget.  That is also why IT is a prime target for redundancy elimination when the two companies finally become one.

Why is it, then, that IT Asset Management (ITAM) is rarely ever mentioned, if at all, as part of the merger and acquisition (M&A) process?  ITAM’s purpose is to achieve cost optimization of the hardware and software spend across the entirety of those assets’ useful life.  Maybe it is because ITAM works behind the scenes and their impact is overlooked.  Maybe your own ITAM program’s reporting accuracy has a poor reputation.  Maybe the organization hasn’t prioritized ITAM tooling and training to ensure they are ready for the extra workload an M&A will bring.

Regardless of the reasons for past mistakes, let’s examine some ways you can avoid ITAM issues in future M&As:

1.     Get Your ITAM Team Involved Right Away - The sooner your team knows about the company ’s plans and understands they will be front and center, the better. Don ’t wait for them to hear about it somewhere else. The last thing you want is for them to panic.  Give them time to find and review their own tooling and knowledge gaps. This increases their chance for a successful outcome.

2.     Help IT Security, IT Service Management, and ITAM Work Together - Cybersecurity and Service Management are usually top of mind. They are your go-to teams for surveying the acquired company’s technology stack.  Adding ITAM provides a third, complimentary vision into the workings of the acquisitions IT operations. This can ensure all three teams have accurate and trustworthy reporting on any expensive services, vulnerabilities, or license audit risks.

3.     Understand You ’ll Run Two ITAM Teams For A While - Each company ’s asset records and configuration items must be kept separate from each other until the combined group ’s service and license agreements are renegotiated.  That means two configuration management databases (CMDBs) or managed data repositories (MDRs).  Resist the urge to just smash the two systems together and hope for the best.  Allow ITAM the chance to dig through old records, determine their validity, and ingest only the valid ones.

4.     Control How Much Software Publishers & Service Providers Know About The M&A - Software auditors examine trade publications and press releases every day and delight in scheduling license audits at the most inopportune times for you. You and your ITAM team need to be ready for an audit notification the second your M&A plans go public. Have your audit defense playbook ready!  And if you don’t have one?  Well…

5.     Don ’t Hesitate To Bring In Outside Help - Software publishers routinely bring in third-party software auditors to help them conduct their investigations.  Third-party cybersecurity firms can provide experience and talent for the short-term needs the merging companies might lack.  And some managed service providers specialize in providing temporary contractors to cover spiking IT support demands.  I can assure you, there are specialized ITAM firms that can provide cost-effective and customized hardware and software licensing support until the merger completes.

M&As (and Divestitures, for that matter) can be exciting events.  They don’t happen that often, like field trips and pizza parties when you were a kid.  And that means your IT department could lack the experience necessary to ensure the smooth creation of the new organization.  Just remember: your IT Asset Management team can help mitigate these issues, but only if they are brought in early enough to successfully apply their best business practices.

**********

Jeremy L. Boerger, the ITAM Coach, founded BOERGER CONSULTING with the idea of helping organizations “cut their software budget without buying less software”.  He also speaks around the country to pass along his 20+ years ’ experience to the next generation of ITAM and SAM professionals.  His book, “Rethinking Information Technology Asset Management,” is available at Amazon, Barnes & Nobel, and most other bookstores.

• Every business is unique, so the specific blueprint to successful digital transformation varies. You will achieve your desired results if you tailor your approach to your organization's needs, industry, and market conditions. Here are some factors to consider.

  Evaluate Current Strategy

• • Target your investments: Companies spend big on digital transformation. Spend wisely. Prioritize security and privacy throughout your digital transformation efforts. Implement robust cybersecurity measures to protect your data, systems, and customer information. Ensure compliance with relevant regulations and standards. Technology is a key component, but you must invest in your people, processes, and customers.

• • Engage your workforce: Foster an agile and adaptive culture within your organization. Encourage innovation, experimentation, and a willingness to take calculated risks. Embrace new technologies, encourage collaboration, and empower employees to contribute ideas and drive change. Get input from your employees and seek out their perspective. They are performing current processes daily and can speak about them from firsthand experience.

• Put People First

• • Focus on the customer: Ultimately, digital transformation is about exceptional user experiences. Prioritize your customers throughout the transformation process. Gain a deep understanding of their needs, preferences, and pain points. Use this knowledge to design digital solutions that enhance their experience and deliver value. Map out your entire customer journey. It will provide a clear roadmap to help you build engaging customer experiences for your target audience.

• Set Clear Expectations

• • Start with the end in mind: Define a clear vision for your digital transformation and establish a strategy that aligns with your business goals. Determine what you want to achieve, whether it's improving operational efficiency, enhancing customer experience, or exploring new business models. Starting with a plan and building a roadmap will help you construct operational value streams and enablement runways. They will serve as the foundation for achieving true business and delivery agility.

Digital transformation is an ongoing process. Continuously monitor and evaluate the effectiveness of your initiatives. If you embrace a culture of continuous improvement, iterate on your digital solutions, and adapt to changing market conditions and customer needs, then your business’s digital transformation will be successful.

TekSystems brings real-world expertise to solve your complex technology, business and talent challenges on a global scale.

Read The Full Article Here 

“Without data, you’re just another person with an opinion,” business management expert W. Edwards Deming once said.

Well, how can you get “data” to go from an “opinion” to an insight and build a strong business entity that can sustain fierce competition and an unpredictable future? The answer is simple “IF” it is done right:

Invest in Business Intelligence (BI) solutions that are scalable and have an enterprise mindset.  

One of the most common approaches to selecting and implementing a BI solution is when a CIO or top-level IT leader sees a demo of (fill in the blank BI tool…). They love it so much, they think ‘we just need to get it done!’ But wait, what about the backend part of this tool? Did the demo show how the data is curated? Did they show how scalable the data models are? The answer is:

‘We just need to figure out how to make it work!’

That is where BI engineers and consultants come in. Thinking only about the dashboard and not the backend at the beginning is an expensive approach and leads to frustrating implementation. Sometimes, you end up with both the new BI tool and the one you are trying to replace because the shiny new one is not working as well as hoped.

Having a user-friendly BI dashboarding tool is an important part of data analytics. However, more important than the dashboard is the data model and how scalable it is, so an organization can build it once and EVERYONE can use it in any dashboard they build.

A scalable enterprise semantic layer makes BI developers’ and analysts’ jobs a lot easier, and it is one of the factors of achieving BI implementation with “one source of the truth.” A smart business analyst that knows how to build a top-class dashboard does not necessarily know how create a data model, but having the enterprise semantic layer will eliminate that gap. Hence, data modelers are expensive for a reason, but that can be overcome with a build-it-once approach that does not require data analysts to also be data modeling experts.

Here is a common example: There are two dashboards representing an amount figure, (ex. last quarter’s sales) but they show two different values. After a long investigation, you end up with a third different value so the insights become three different “opinions.” The hardest part of this example is trying to explain to the leaders why enterprise data models are important so the analysts do not make the wrong tables join and show incorrect data that might have a consequential outcome.

In conclusion, most people can build a dashboard with little to no training if the data is coming from one table or an Excel file. However, to be an analytical savvy business, it is critical to invest in BI solutions that have built-in scalable enterprise semantic layers so there is “one source of the truth.”

*****

Salem Alsulaiman is a Business Intelligence Engineer and Technology First’s Data Analytics Peer Group Chair. He has more than 10 years’ experience in the Business Intelligence (BI) and data analytics space, implementing end-to-end BI solutions.

People pleaser… Perfectionist… Being modest about your achievements… Failing to enlist others or finding your promotor… Does this sound familiar to you? Then you are in good company. We often see what we need to change but may not know how to make a change or just feel stuck.

I recently read How Women Rise by Sally Helgesen and Marshall Goldsmith in our book club at Sinclair Workforce Solutions with ten of my female-empowered professional coworkers. If you are a male reader and have made it this far, thank you for reading. Although this book was written for women, men can benefit from learning about these habits so they can help, coach, mentor, and advise their female team members, sisters, wives, or daughters.

When I first heard about the book, I was excited about the topic and the discussion that would follow. I was already familiar with Marshall Goldsmith’s book: What Got You Here Won’t Get You There. These books are similar in that they both have habits and steps for improvements to overcome these behaviors. They are both written based on what worked when you were new in your role or new in leadership is no longer working for you and identify what might be keeping you from your next promotion. The difference is that How Women Rise is written FOR WOMEN, and they use their stories and examples to explain each of these habits.

Women tend to see success in a different light than men. They also have different experiences at work that cause them to develop different habits and responses. If we understand what is getting in our way, then we can make a few simple behavioral tweaks, and we will be on our way to our next promotion. In general, we are far more open to change because we are more willing to consider how we may have contributed to the situation in which we find ourselves. It is important to understand your counterparts, especially if you are their leader, to help identify where they are stuck and become a mentor or promoter of their career paths.

What are the 12 Habits that Keep Women Stuck?

1.     Reluctance to claim your achievements 

2.     Expecting others to spontaneously notice and reward your contributions 

3.     Overvaluing expertise 

4.     Just building rather than building and leveraging relationships 

5.     Failing to enlist allies from Day One 

6.     Putting your job before your career 

7.     The Perfection Trap 

8.     The disease to please 

9.     Minimizing 

10.  Too emotional

11.  Ruminating 

12.  Letting your radar distract you 

If you would like to read a little more about each habit, check out these summaries: Thrive  Happier at Work.

It is a conscious self-awareness that is the first step to effective behavioral change. I have recently started a new position at a new company and feel I am in the next chapter in my life. When I looked at this list, I looked at it from this new position in life as well as where I came from. I identified several habits of which I was routinely guilty from time to time. Like my obsessive need to please people. Being a chronic pleaser is wanting to be liked by all; usually to the detriment of yourself. Rather, it is about finding your primary purpose in life. Then finding the balance between work-life integration to make time for what is truly important to you and your family.

Perhaps you, like me, are guilty of committing these habits over your careers or with certain work groups. For instance, how many times have you caught yourself saying: “little, tiny, or quick”? These are examples of minimizing yourself and your contributions. Have you ever fallen into the Perfectionist Trap? Are you stewing over your mistakes or so focused on details that you fail to see the big picture? Ruminating is when we over-critique ourselves and we spend the rest of the day thinking about how an interaction or presentation could have gone better. Then when we seek the feedback of our colleagues, we realize we were being much too hard on ourselves.

What’s Next? How to Break the Habit.

During our book club discussion, we referred to the guide, by the authors. We talked about each of the twelve habits and went around the room to share if this was a habit we identified with now or in the past. We also shared if this was a habit we wanted to stop or make a behavioral change. So, you may be asking where do I even start? The author gave three straightforward steps to break the habit.

Deep down we want to believe if more women like us become more influential, the world will be a better place. When we work in a mostly male-dominated industry it is tough to break these barriers and build a culture of supporting one another to get to the next level. It is important for women to celebrate the talents, attitudes, and behaviors that have helped them get where they are today. Even as we work to change those habits that are no longer serving us.

******

Nancy Percy is a Business Development Manager at Sinclair College in Workforce Development. She develops training programs to give organizations the upskilling they need to excel in their fields.

Technology First sat down with Greg Muir, Director, Technology Operations Management at Premier Health, to talk about the risks and rewards of remote and hybrid workplaces. Here is our conversation.

Technology First (TF): Why are employers considering adopting a new remote work philosophy? Or, for employers who currently have one, expanding their remote work philosophy?

Greg Muir (Greg): Remote work has been around for years and in my opinion, the benefits are undeniable. When COVID forced the issue for many people, it escalated implementation and forced all employers to look at not only their short-term remote work philosophy to deal with COVID, but also to consider their long term plans post-COVID.

TF: Why is remote work top-of-mind for employers today? Why would they want to implement it?

Greg: First, to enhance employee satisfaction and engagement. Employees who have participated in successful remote work experiences would view stopping it as taking a valuable benefit away from them. People have seen that it can be effective, and they enjoy the benefits associated with working remotely. For example, the reduction of travel time alone allows for more work time for the employer and more personal time for the employee. A remote work option can be a difference maker when an in-office employee weighs staying in their current position against moving to a new employer who offers a remote work option.

Second, remote work can attract talent. Rather than recruiting workers from Dayton, Ohio areas that are within driving distance, we can consider employees in other regions, states, and possibly other countries, without the need for a move. This greatly increases our potential labor pool.

Also, employers can reduce their real-estate and office costs for their workforce that works remotely. Costs such as building acquisitions, space rental, and even utilities like electricity, heating, and air conditioning can create savings. So, in summary, there are benefits both to the employee and the employer.

TF: How do you effectively communicate with a hybrid or fully remote staff? For example, how do you ensure everyone is clear on strategies and goals?

Greg: That is something that requires a very deliberate effort. There is a strong need for tools like Microsoft Teams or Zoom. We need to have interactive discussions around how our work impacts the organization’s strategies and goals; it can be more difficult to recognize that impact working remotely. So, you need to constantly talk about that and keep it front of mind when you’re having team meetings and talking with employees. We need to use the 7x7 concept of communicating: 7 ways at least 7 different times. This can be calls, Zoom meetings, written communications, videos, webinars, even kudos for projects well done and how they supported our strategies and goals. When possible, there is value to in-person gatherings as well. Many times, we will have an in-person gathering with a remote option for people that can’t attend. For example, if they live across the country, we’ll conference them in, but I still believe that there is a lot of value in getting together and having that personal touch with employees.

TF: What are the risks of having remote employees? How are you mitigating them?

Greg: There are risks, but there are things that you can do to address those risks. Like always, we need to keep data security in mind. When you’re working from alternate workspaces, you have the potential for people to use insecure or public Wi-Fi, or someone may use an unauthorized device. To mitigate some of these things, you must have good policies and procedures in place. You also must implement security tools like private networks, time outs, and secure network connections.

You also must keep productivity in mind. One of the fears employers of remote workers have is losing productivity. You must make sure you have both clear goals and measurable outcomes documented. Standards for acceptable response times can help with this. For example, if someone emails or communicates via voicemail, then you must have standards in place for when you expect return communication.

It also helps to have consistency of remote work across the organization. What I mean by that is, you need to have Human Resources involved to help create policies and to provide transparency and clarity across the entire workforce. That way policies are consistent for everyone across the company and not under control of each department. For example, you can have single or multiple computing devices. If I work hybrid, then I could have a computer at home and a computer at work and you must have a policy for that. Also, if the employee has a problem, how are they going to get device support to help them through that problem? There are pieces that are the employee’s responsibility and parts that are the employer’s responsibility. It must be documented so that both parties understand what the employer provides as well as what the employee needs to provide.

TF: How has going hybrid added to your infrastructure costs? For example, are you paying for employees’ high-speed internet?

TF: How has the new arrangement affected Premier’s culture?

Greg: It has been affected. We constantly work to build an environment of trust and to stay connected to all our employees. To do that, we organize regular formal and informal team meetings with time for Q&A and feedback. We also use things like virtual kudos so we can do shout outs and we try to personalize those because there are many times in the office when you would see people in person and thank them for their help on a particular project or task, but, when you’re not seeing people every day, it makes it a little more challenging to do that. So, we’ve implemented some tools to do it electronically so that it notifies both the employee and their supervisor. That way they can get positive feedback from them as well as their supervisor. We also have Town Halls and forums with options for in person or virtual. Those are important for making sure that everyone understands the mission, strategy, goals, our progress, and emphasizing corporate values. With us, employee engagement is constantly a top priority. We work very hard to make sure our employees are satisfied. If there is an issue, we stay on top of it because it can snowball quickly when people are working remotely.

TF: How have you marketed a hybrid option to attract talent?

Greg: We have some, but there is always room for improvement. Some of our postings specify that remote work is an option, but I feel that we could do a better job on the front end to both market to and attract future employees looking to work remotely. So, rather than waiting for people to come to our website and apply for positions, we need to advertise to people that may not be in our area or may not know a remote option is available. For most employees, the ability to work remote some or all the time is very important when you’re choosing a job. And, like we talked about earlier, it gives us a much larger labor pool to pull from.

TF: How is the hybrid model accelerating your digital transformation? In other words, are the existing business processes, culture, and/or customer experiences better or worse with hybrid?

Greg: The hybrid model isn’t something that only our work force desires. What we’re seeing is that our customers have also shifted and many of them demand hybrid systems of care. So, we have a very active and growing telehealth program, and we are constantly implementing new programs that can improve both patient care and the customer experience. We need to be open both to patients that would rather be seen in person and offer remote solutions for our patients who prefer to be seen remotely. Today, many people want to get things taken care of from their telephone or from their iPad, so we need to be able to handle that as well from our end. Telehealth is a very important strategy for us as we move forward.

TF: Do you think a hybrid workplace is here to stay?

Greg: There is not a one size fits all answer to this question. I see some very large companies such as Tesla and Apple that are bringing employees back to the office while others are expanding their remote work options. So, I don’t think it’s the same answer for everyone. I believe that a hybrid workplace is here to stay because if you implement correctly, both the business and the employees can benefit.

From an employee perspective, remote work avoids commute time, it can be better for wellbeing, and it provides flexibility for family needs and other obligations. If used appropriately, it can help people feel more productive and connected to the organization because we’re considerate of their time. So, that 30-40 minutes to work and 30-40 minutes home can be used for either more personal time or to get more work done.

From the employer perspective, remote work can be a great recruiting tool, reduce expenses for office space, and, if used right, it can really create a more engaged workforce that’s closely tied to your organization. Employers must constantly work to build employee trust, encourage communication, and set clear expectations. You must make sure you have remote working strategies along with good tools, policies, and procedures to help team members stay productive, efficient, and connected while working from home.

For all these reasons combined, I believe that remote work, if you implement it properly, and you have the appropriate tools and controls in place, can be a win/win for both the employees and employers. So, while there are advantages and disadvantages, I believe that the pros outweigh the cons for a hybrid workplace. I think it’s here to stay.

Will cybersecurity-related enforcement efforts by the U.S. Department of Justice increase in the coming years?  The answer is yes.  How do we know?  Two reasons.  First, DOJ has been telling us to expect increased efforts, both generally and specifically as to cybersecurity.  Second, they have backed up their words with action.

As a general matter, U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco, have been explicit that they are prioritizing the investigation and prosecution of financial and corporate malfeasance.  Early last year, for example, AG Garland told the American Bar Association that he “had seen the Justice Department’s interest in prosecuting corporate crime wax and wane over time.  Today, it is waxing again.” His remarks reinforced those of DAG Monaco in the fall of 2021, when she announced the Biden administration’s intention “to better combat corporate crime.”

In addition to remarks like these, in October 2021 the DAG issued one memorandum and, in September 2022, a second memorandum, announcing revisions to corporate criminal enforcement policies, which apply very nearly across the entire Department and, as explained in further detail, include significant policy changes that favor stronger corporate enforcement.

More specific to cybersecurity, DOJ late last year entered uncharted waters when it tried, and the jury convicted, Uber’s former Chief Security Officer, on charges of obstruction of proceedings of the Federal Trade Commission and misprision of felony, in connection with his attempted cover-up of a 2016 hack of Uber.  The case represents what is believed to be the first federal prosecution of a corporate executive for the handling of a data breach.

It is not just criminal cases; it is civil case as well.  In a noteworthy development, DOJ announced in late 2021 its “Civil Cyber-Fraud Initiative,” seeking to hold accountable individuals or entities that put U.S. information or systems at risk.  Though the initiative, DOJ made clear its intention to utilize the False Claims Act (FCA) to pursue cybersecurity-related cases against government contractors, subcontractors, and grant recipients.  The FCA is the U.S. federal government’s primary civil tool to combat fraud against the government, as it imposes financial liability on persons and companies (typically federal contractors and subcontractors, to include Medicare, TRICARE, and Medicaid health care providers) who defraud governmental programs.  In essence, DOJ is sending a message that it will not be afraid in certain circumstances to pursue even victims of cybercrime.  As part of this initiative, DOJ last year announced significant settlements in two False Claims Act cases (Aerojet Rocketdyne and Comprehensive Health Services) related to cybersecurity deficiencies or misrepresentations, and more are expected.

This year continues to challenge most businesses. As we enter Q2, lingering issues of recession, inflation, supply chain problems, and talent shortages highlight how digital modernization remains critical to the success of our member organizations. Here are five technology trends to not only help you combat these issues but also propel your company forward on your digital modernization journey.

Full-stack Development

One of the most important trends I am monitoring is the increasing emphasis on full-stack development. With the rapid pace of technological change, it is increasingly important for companies to maintain a team of developers proficient in a wide range of technologies. This includes both front-end and back-end development.

Cybersecurity

As organizations continue to digitize their operations and rely more heavily on technology, the risk of cyber-attacks increases. Businesses need to invest in advanced cybersecurity measures to keep their systems and data safe.

DevOps

DevOps is proving to be another significant trend this year. It will be essential for companies to have a strong DevOps culture in place to ensure that new features and updates are delivered quickly and with high quality.

AI

From chatbots and virtual assistants to autonomous vehicles and drones, Artificial Intelligence and robotics are already having a massive impact on industries like manufacturing, transportation, and healthcare. As these technologies continue to evolve, businesses will need to invest in hiring AI and robotics experts to stay competitive.

Snowflake

Snowflake is a data warehousing platform that allows businesses to store, process, and analyze substantial amounts of data in the cloud. As organizations persist in generating massive quantities of data, Snowflake, or similar platforms, is a technology that is essential in order for companies to grow.

If you are a technologist looking to stay ahead of the curve in 2023 and beyond, then look no further than Technology First. Here you will gain perspective on the latest trends through conferences, newsletters, special interest forums, and Peer Groups. We gather to share thoughts, ideas, opinions, plans, and solutions in a collaborative environment. The IT community is better when we work together. Connecting, strengthening, and championing members are the reasons Technology First exists. Please join me and get more involved in the organization this year. There are numerous ways to make a difference: volunteer for a committee, speak at one of our Peer Groups, and/or bring your team to events. Together, we can ensure our businesses are prepared for the challenges ahead for the rest of 2023.