Below the Surface – S1E9
[00:02:49] An afternoon, good evening to everyone, welcome to Below the Surface. I’m your host, Stephanie Corigliano, and here’s my partner in crime to come up.
[00:03:00] Hey, Stephanie, how are you today? And hello to everyone listening in today.
[00:03:05] Welcome all. Hi there. This thing that I missed last last session.
[00:03:09] So we missed you, too. And it was a great conversation. Is now have before we get started, it’s Thanksgiving next week. What’s the plans?
[00:03:19] You know, I have plans. So big food plans. As always, Thanksgiving is actually my favourite holiday. So we’re having a very small holiday here. It’ll just be me, my mom, my brother and my grandma, which I feel still very fortunate to have. And I will be baking a pecan pie, which is not something I’ve tackled before, but it’s delicious. I don’t know if you’ve ever had it, but it’s very sweet. And it’s one of my new favourite Thanksgiving treats.
[00:03:49] I haven’t tried it, but you’re more than welcome to send some over across the pond, more than happy to give it a good deal.
[00:03:56] And you just celebrated Diwali, is that correct?
[00:03:59] That is correct. Yes, sir, I am. Oh, sweet tooth out, that’s what. But I’m trying to get rid of the chocolates and the cakes and the Indian sweets at my house. I think I have done for a while, at least until Christmas anyway.
[00:04:14] That’s right. You get a little bit of a break.
[00:04:16] Yeah. Detox and then go back to it. That’s what we do because the season is indeed well before we get carried away, because as you all know, we can talk about sweets all day.
[00:04:28] Let’s get back to the show. And we’re really excited today to welcome our guests. So before we start, just a quick reminder that you can ask questions in the comments section below or feel free to just say hello and let us know where you’re watching from and what you are eating.
[00:04:46] I like that what you’re eating would be really interesting to know. So in previous shows, we have covered a variety of topics so far, ranging from spearfishing to SD-Wan to MySpace and more recently around Cybersecurity Awareness Month, if you missed any of them. Be sure to go to the Barracuda LinkedIn page and they are all there. Make sure you take a look. So on today’s show, we will be covering a few more topics from compliance to women in leadership. And something that is so relevant for today is a focus on looking after employees while being through a pandemic. With that in mind, it gives me great pleasure to welcome our guest for today. Chief administrative officer and general counsel of Barracuda, Diane Honda. Welcome to the show, Diane.
[00:05:31] Thank you, Doctor. And it’s a pleasure to be here.
[00:05:34] Welcome, Diane. Welcome to Below the Surface. We do have you on now. For those who don’t know you, can you please give us a little bit of background on your role at Barracuda?
[00:05:44] Sure. I lead barracudas, compliance, legal human resources and facilities organisations worldwide.
[00:05:52] So that’s the interesting role in this time. So how is the pandemic changed your role both from a legal perspective as well as a perspective?
[00:06:01] Yeah, the pandemic has created a challenge and it’s it’s really hit both the legal side as well as the human resources side and the facility side. So it’s been quite busy. And like many companies, we had to move our employees to a remote work, including our inside sales and technical support centres, which had traditionally been in office roles. And unlike many tech companies, Barracuda manufacturers are products in the Silicon Valley for our hardware appliances. And so we’ve had to have a team working, you know, through this entire time on AB shifts to keep our employees safe and to ensure that we could continue to support our customers with the hardware appliances that they need. So, you know, to the credit of our manufacturing team and all those who supported him, we’ve been able to do that without disruption. And we’ve had our employees throughout this working. And it’s it’s been a challenge. But we’re very happy to say that it’s gone well throughout. And, you know, we had to do this in what seems like then and now is just an ever changing set of rules and requirements and guidelines that keep coming out. Right. California just changed colours for those in California. We live in a colour system now. We just changed colours again. And nobody really knows what that means. And, you know, we still have to make product and we still have to keep our people safe. So we’re trying to be flexible and nimble. And I have to say just incredibly grateful for the level of resilience that our employees have shown through this time. You know, I think the other challenge that we face is that a large part of barracudas culture is just being together and having fun with each other. And we always knew that was really a special part of Barracuda. But now it’s been so amplified the longer this has gone on that we haven’t seen each other. And so we feel like, you know, the one thing that we have to keep doing is really try to keep connected. And we’ve spent a lot of time trying to do that during this period. And so, you know, the only other thing that I think is really impacted us is really related to our customers and partners. Their needs have changed as well during this time. The products that we make, you know, an email network, application, security, data protection, the need for them have really increased when you quickly go remote. And so we had to be there to keep our customers protected at a time when, unfortunately, there are just people out there, cyber criminals and others that try to take advantage of things. So it’s been a real strain. It’s been an exciting and challenging time, I would say, both to try to keep our employees focussed, keep our Cuccia barracudas culture the way it is, and then just always be there for our partners and customers.
[00:08:44] Now, with nearly everyone in the company moving to remote work, how has that impacted Barracuda specifically from a compliance perspective?
[00:08:52] So Parkwood has always had a really strong information and security compliance programme. And in that programme we have an internal team that conducts internal reviews. We have third party external assessments and we do vendor audits as well. And so we’ve had these controls in place both for our internal employee and Barracuda data as well as for our customers information. And, you know, the remote environment immediately put these controls to the test and they identified a couple of areas that really needed to be focussed on. One was just the whole situation of end point devices and really realising that we wanted to make sure that anyone that was coming into our network from a remote environment had a device that the company provided and it was company controlled. And then the other area that really became important is just an increased awareness for our employees and others around fishing and phishing attacks, because with everybody working from home, we’re expecting emails. We’re expecting Slack’s we’re expecting communication to come at us that way. And I think everybody’s been trained not to click information from a third party that you don’t know. But, you know, cyber criminals are getting much more sophisticated and they’re able to really spoof and make it look like it’s coming from within the company. So just really making sure that people understand that before you proceed forward with an email, you really need to check it. So part of it is just reminding employees of that, increasing our training and just taking a proactive approach in that area as well.
[00:10:25] It’s a lot to take on a lot of learnings from your learnings. What should organisations start thinking about to ensure they stay compliant in this new way of working?
[00:10:35] Yeah, it’s a great question. And, you know, as I mentioned, cyber attacks are on the rise. And, you know, a catastrophic event like a pandemic, unfortunately, really does give people an opportunity to exploit this change because you didn’t have all the time in the world to prepare every bit of control you wanted. So it’s just going to be you kind of have to make the leap and then have the rest of your compliance programme catch up. So, you know, you have to really be mindful of any way you can to secure your environment, you know, from a hackers perspective, you know, stealing company data and, you know, confidential information as well as personal information, personal identifiable information can be lucrative. And so some things that we recommend and we try to implement a barracuda is first and foremost employee training. Employees need to understand the processes. They need to understand how they play a critical role in protecting PII. And so we try to train them on cybersecurity best practises. We do provide third party security reviews and I think that everyone should be very mindful of that. Service providers can be an extension of your own programme. They bring knowledge. They bring expertise in. What they can do is they can try to attack you in a in sort of a white hat way such that you can find things before a criminal would find it. The other thing that I think is really important is really inventorying your sensitive data. You can’t protect what you don’t know. So you need to know where all of your key information is, whether it’s information from your customers or partners, whether it’s your own employee data. And, you know, over time, people put, you know, put data and systems and they’re just doing what they need to do to run the business. But it’s really important that you if you want to really protect it from a compliance perspective, understand where all of your data lives so that you can secure it. And then the other thing that’s really important is just enabling multifactor authentication. You know, passwords can be cracked no matter how many times you train. People tend not to make the strongest passwords. They put passwords they can remember. So MFA is just a critical layer of security that you should definitely put in place.
[00:12:46] So some folks have said that security really sometimes feels like a little bit of a blocker, especially when people are working remote and we have to take all of these additional security measures and we’re trying to be productive at the same time. So how can organisations ensure that these additional security measures are seen more as an enabler instead of employees trying to find loopholes around these security processes?
[00:13:11] Yeah, you know, it’s a very good point, right? If technology doesn’t work and it’s not efficient to use, then people are going to find workarounds around it. And so they’re not going to they’re not going to benefit from what you’re trying to put in place. And so you always have to balance security and productivity. And, you know, I think the other thing that I’ve learnt as we’ve spent more time, especially now dealing with this, is that people and our employees are really, really patient with the security controls that we’re trying to put in place, the more they understand about the risks and benefits. So if they understand the impact an attack can have on the company and what that would do, then they are much more willing to, you know, take that extra step and do that MFA’s so that they can help protect it. So I think employees always want the company to succeed. And so if we educate them on the risk and what the consequence could be, they get a little bit more patient and flexible with us. But in the end, it does have to be a balance. You really have to make it so that it’s not so onerous to use or they just won’t they won’t play.
[00:14:16] I mean, that is really good advice for the long standing. Employees have focussed on more than likely to kind of put those practises in place. The other thing that’s happened over this remote working change and I’ve read in recent studies, is that a lot of organisations are moving to public Cloud. So how does that impact organisations from a compliance perspective? What advice would you give organisations considering doing this?
[00:14:42] Yeah, you know, the public Cloud has many benefits, you know, but within the public Cloud, it’s really important to understand that there’s a shared security model. So while the public Cloud may provide an infrastructure level security, there still needs to be Web application and and human layer security on top of what you can just get base level in the public Cloud. So it’s important to understand that just because you’ve gone to the public Cloud that doesn’t mean that you don’t have to have a robust and complete security programme. And the other thing I would just mention is that public cloud providers have that same human risk element and potential as anyone else. So, so many of the attacks can come through because something wasn’t fully patched or something was left inadvertently configured incorrectly. You know, the public cloud providers have that same risk. And so we need to make sure we put additional layers within all of our companies to to benefit on top of what we can get from the public cloud.
[00:15:41] So staying on the topic of remote working and security, we often hear that humans or employees or users are always the weakest link in the security chain. You agree with that statement?
[00:15:54] I do. You know, employees are really the greatest asset and at the same time can create the greatest risk, you know, and it can be you know, sadly, in some cases it can be malicious, but in many cases it can just be inadvertent. But when there is, you know, a disgruntled employee who’s unhappy with the company, there is a unique risk that, you know, is out there. And it’s something that I would say keeps most people who sit in the general council chair nervous at night. Right. And so, you know, we rely on our employees to stay vigilant for social engineering attacks, for phishing attacks. And we want them to understand that they are the last line of defence from what could potentially be a really catastrophic attack on our company or any company, for that matter. And so, you know, we can put all the security and privacy policies in place, but if the employees don’t understand them and follow them, then they really have no valuable, no value. They’re not valuable. So, you know, the other thing I would say is that you have to have a culture where employees are comfortable reporting potential issues. And, you know, if employee is satisfied, then are and they want the company to succeed, then they’re more likely to speak up if they see something that’s not right. So if you don’t have a culture where people feel, you know, committed to the company’s mission and values and that they feel safe in speaking up, especially to their legal compliance team, who’s really trying to help the company succeed as well and not be that blocker you talked about before. But I think we all share the mission of helping the company succeed. Then you’re not going to get that information that you need before something happens. And, you know, several recent incidents have highlighted that. And, you know, people may be familiar with what happened with Tesla, but disgruntled employees do create a unique risk to the organisation. And so it’s important to make sure that all our employees understand how they contribute to this, but also to make sure that if there is something that, you know, could go wrong, that people feel comfortable telling you about it before it happens.
[00:17:56] I mean, as you say, it’s something that that worries you being general counsel and something that does happen with the example you just said. So how can organisations ensure this doesn’t happen? But what are some of the steps they should be considering?
[00:18:10] You know, I think you really need to just make sure that you focus on your company’s culture around sort of ethics and integrity and just remind employees of the fact that they have a critical role to play and they’re part of the system of checks and balances. And, you know, we also always try to look for that single point of failure and we do cross training to reduce the risk, because if you have only one person who knows something, who access to something, who has access to something that creates a huge risk, especially, you know, either, again, just simple, you know, mistake because no one else is able to look and double check it or because that employee ultimately becomes unhappy with the company. And then, you know, I think it’s important and we try to do this at Barracuda is just make sure that employees understand that they are a key stakeholder in our social responsibility and our culture. And, you know, we and all companies really need to demonstrate a commitment to caring about employees and providing them positive experiences so that they that they’re always, you know, wanting the company to succeed. You know, a great business is not going to be successful without great people behind it. So it’s really important, you know, just not from a compliance perspective, but also just from where you want to work and creating that right environment that, you know, employees feel comfortable and feel like, you know, the company wants them to succeed and cares about them.
[00:19:38] So let’s stick on the topic of people, if we shift more over to the human resources side of things, how has remote work impacted employees in remote work has been a challenge for employees.
[00:19:50] Right. And I said before, a lot of America’s culture is based around how much we care about each other and how much we help each other. In fact, you know, you ask people to describe Barracuda. Many of them will say it feels like a family. You know, it’s much harder to create that environment when you’re all remote. And at the beginning, I think it was a little bit easier, but I think it’s dragged on longer and I think it’s longer than anybody had expected. So there are a couple of things that we’ve done. Just right before we went remote, we had implemented and to peer-to-peer employee recognition system using a tool called Kaizo, and it allows employees to show appreciation for each other. And I will say people have really embraced that during this time. And if you go and you look at it for birthdays and worki, anniversaries were just extraordinary efforts on projects or just someone who helped them, it’s a way to say thank you. And it’s just been really nice to read those comments. And I think it’s it’s helped keep people feeling together. You know, we also spent some time focussing on just the mental health of our workers. We’ve asked our managers and our H.R. team to really step up and engage with people. And if people are missing meetings or we haven’t heard from them, they haven’t checked in to really reach out to make sure that we didn’t have anybody who’s struggling with the separation, especially people that, you know, when we were in those lockdowns that some countries are going back to now, they’re single. They have no one else. So it’s just really important to do that. And then we’ve also provided some tools and some resources to support employees, especially now with the work life balance being all in your home. Many of us have children that are doing some school and other rooms and just trying to help find them, find the ability for them to take a breather through, you know, online, you know, fitness classes or, you know, meditation or just whatever tool we can provide them to be helpful. And then, you know, one of the things that we’ve tried to do, and I think many companies have done this as well, is just do fun activities, happy hours, talent competitions, best home office set up, which clearly I did not win where I am. But, you know, anything we can do to get people to engage, to feel like they belong to something bigger, that’s really important to us.
[00:22:00] I mean, it really is a challenge and I guess a bit of a mindshift of going from what you could do in the physical world and trying to replicate that virtually and still get that same feeling. So we talked about culture and keeping that alive and we’ve talked about keeping employees safe. Is there a way of finding a balance between the two of them?
[00:22:19] Yeah, you know, one thing that we have tried to do as well, what we’ve seen as we’ve done this is so you really have to focus on the people and we’ve really put a great effort on that. But it’s also just helping people feel part of something bigger. And what we have seen is that if we had a really clear and efficient process beforehand when we were all together in the office, then moving that remote was not all that difficult, but where our processes were very human intensive or had a lot of handoffs, that has been a struggle. Right. So we’ve we’ve realised that and we really taken to how do we make a lot of these processes more efficient? And I think that will be one of the benefits that we get out of this is just really how do we start realising, how do we streamline and automate? You know, one of our core values is succeed together. And that has really helped us as we’ve gone through this because we’ve looked at the impact of what we’re doing and how we can make it easier for the person downstream or upstream from us and try to really make things very, very efficient. The other thing that we did, which is timing, again, maybe just worked out some water in Plantation of Kaizo. We were starting to refresh all of our company goals and kind of what we were trying to achieve at the higher level. And we rolled them out as part of an employee development programme. And with everybody so tactically and day to day focussed and almost like hour to hour, because some, you know, some of our parents will say, I have 30 minutes before I got to get my kid on their next Zoome class. Right. So everybody’s so very focussed. It was kind of you were sort of losing sight of the bigger picture. So these goals and the process that we’ve gone through has really helped to remind everyone on the team, you know, of our overall mission and purpose and how the difference that they make every day contributes more broadly to the company and our customer success.
[00:24:09] Oh, we.
[00:24:12] Oh, sorry. And you know, the other thing I was going to say is that, you know, ultimately the other thing that I think it’s taught us and I think every company is going through this, you know, learning journey and coming out a little bit differently, but it’s really taught us that, you know, we want to go back to the offices. We don’t see ourselves. Long term is just a permanent remote organisation. I think we’ve learnt a lot of things and we will have remote work more than we did in the past. But overall, just in order to really maintain that connectivity and culture, you know, we want to be flexible. But ultimately, I think we will go back to the office and let people, you know, get that family feeling again that we think makes, you know, Barracuda unique and special.
[00:25:01] Executive position and with a background as an engineer, what advice would you give other women were thinking about making a move to the technology industry?
[00:25:11] Yes, it’s true. I don’t talk too much about my background because I have you know, I’ve taken on so many different roles in my career, but I started as a computer science major from Carnegie Mellon. And my first job was is suffering junior at Hewlett-Packard. And, you know, when I started and even when I was in college and then when I started in my job, there were not a lot of women in that in that field. And, you know, I think now the great news is that there has been so much more advancement of women in engineering and technical positions as well as in, you know, in our colleges and universities. And I think that’s really a tremendous step forward. And, you know, I tell my daughters and I tell others who will listen, you know, that the technology field is really a tremendous place for a woman, you know, for everybody, but especially for a woman. Women, you know, are collaborative and they are creative and they’re very focussed on results and they multitask. And, you know, all of this fits incredibly well in a technology company, especially when you’re trying to bring a complex solution to market, you know, and add value for customers. So I think women should always continue to push for a technology career. And I also think it’s important to understand that if you start with a technology career, you start as an engineer, you start in AKUA function, whatever that is. You know, you can use that technology background and migrate to different roles over time. I’ve held business roles. I’ve held the general counsel. You have human resources. And and each way, each step of the way, I would say that technology background and just those skills I learnt in that engineering discipline has helped me and, you know, made me more effective in each role that I’ve moved forward to.
[00:26:58] I can I can definitely relate to that, and I agree with you 100 percent. I also have a technology background as a programmer and like you said, there isn’t that many women. Well, there wasn’t that many women in the field to kind of look up to and to mentor others. So from your perspective as a woman in technology, as a woman of leadership, how can women support other women or may not just be just women? How come and support women? Well, the three top tips that really helped you that you would pass on to others.
[00:27:31] You know, I think it’s super important that women help and support each other, especially in these challenging times. I have been really fortunate to have mentors and sponsors and my career that have had faith and confidence in me. And, you know, I think about those people who have helped me when I think about sort of how I try to lead and what’s personally important for me. So the first one for me is really just to be grateful for those who have taught and pushed you to do more than you thought you could. You know, sometimes we let our own, especially women, we let our own self-doubt and lack of confidence hold us back. So if you allow someone else to push you and tell you that they that you can do it, I think that’s just really important. And you should always let people help you with that and just be grateful that they have done that for you. I think the other thing, you know, along with what you said, Darshana, is just need to be really generous with your time and talents. I try to mentor forward to people to pay it forward. And, you know, I have found sometimes that really small act that I might do for someone, just a quick connexion or whatever it is, makes a really big difference to them. And it didn’t seem that much to me. So I just think it’s important to always just be generous with others. And then I think, you know, the last thing that I can I think it’s really important just to focus on is just to be determined and strong. You know, I work hard for what matters to me, and I will always stand up for what I believe is right. And, you know, sometimes that can be hard and sometimes you have to really learn how to communicate a different perspective in a way that other people will hear it. And it’s taken me a while and it’s still a still an ongoing journey to really get to the point where I can do that. Well, but I do think that if you believe in something and you and you feel like it’s right, then it’s worth taking the time to communicate it and learn to do it in a way that others will welcome it and understand and be able to accept whatever feedback you have.
[00:29:30] I think that’s a great note to end on today. I really enjoyed this conversation and learnt so much. It was great advice, Diane. Thank you so much for joining us. It’s been an absolute pleasure.
[00:29:41] Thank you both for having me. And I hope everyone has a nice day and stays well.
[00:29:48] Thank you so much, Diane. It’s been an absolute pleasure. Also, don’t forget to follow BrewDog LinkedIn to see our previous shows, as well as to find out what’s coming next on below the surface. I guess that just leaves us to say until next time. Have a safe journey.