• Garrett O'Hara

    Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.


    Add comment
Garrett O'Hara

Gar is joined this week by Safi Obeidullah who has a passion for enhancing employee experience and exploring the future of work. Gar and Safi talk through Zero Trust and contextual security controls, the impact transparency has on productivity, what the evolution of working models means at a macro level, and discuss what ‘digital wellness' actually means.

IT professionals, the unsung heroes during COVID - https://bit.ly/3cdhQuH

Citrix research on the future of work ‘Work 2035’  - https://bit.ly/3btyLtL



The Get Cyber Resilient Show Episode #44 Transcript

Garrett O'Hara: Welcome to the Get Cyber Resilient Podcast. I'm Gar O'Hara, and today I'm joined by Safi Obeidullah, the field CTO over at Citrix. Safi's our first repeat guest and a total pleasure to speak with. He's got a clear interest and passion for what he does. And last time Safi was on the pod, he walked us through the world of digital twins. This time around, we get into some meaty topics, including broadly the future of work. Everyone is well aware of how different the last 12 months have been, but what next? We talk through zero trust and contextual security controls, the importance of transparency to the end user and how that impacts productivity, what the evolution of working models means at a macro level, for example, a population shift of knowledge workers to regional towns and rural areas. What about commercial real estate? We round up the conversation with the digital wellness and what that means. We link to two things from Safi, firstly, the article that he mentions calling it, IT Professionals as the Unsung Heroes During COVID and secondly, a research report from Citrix on the future of working called, Work 2035. Over to the interview, please enjoy.

Welcome to the Get Cyber Resilient Podcast. Today I am lucky to be joined by our first-time returning guest, Safi Obeidullah. How are you going, Safi?

Safi Obeidullah: Good. Thanks Garrett. Pleased to be on again.

Garrett O'Hara: Yeah. It's actually, uh, it's so nice to see you again. And we were just talking before we started about how it's, it feels like such a long time ago, but in a way, it was just before COVID started, weirdly, um, that we met over in, at North Sydney. So great to, to see you again. How's your year been during this, uh, just crazy, crazy time?

Safi Obeidullah: Yeah. Well, I think for everyone it's, it's been, it's been crazy. I mean, I think it's, it's all a blur. It's hard to understand where the year went and e- even this year, like it's hard to believe that it's March a- already. So, I think all of us have been through quite a trying time, both from a work and a family perspective, trying to balance things, trying to work out when this whole madness is gonna end. But I think we're definitely very fortunate here in Australia when you look at, y- you know, the situation in countries overseas as well. So definitely lucky to be here.

Garrett O'Hara: Yup. And we're lucky to have you today. So, you're, you're the field CTO, um, at Citrix and future of work evangelist, uh, employee experience advocate and, and a general industry speaker. So genuinely not loss on us that you're taking time out to have the conversation. Um, we had you on before, but it would be lovely for folks who, uh, maybe haven't heard that episode, if you'd wouldn't mind, just kind of giving us a bit of an intro, a bit of a bio. How did you get to where you are today? And then we'll go from there.

Safi Obeidullah: I mean, I started my journey, uh, probably about 25 years ago. And i- it's funny, I actually started doing a degree in accounting and I absolutely hated it.

Garrett O'Hara: [laughs].

Safi Obeidullah: Uh, I was cutting mass, didn't know what to do, so I figured, all right, I'll do that. And uh, I didn't realize there was a lot of theory in accounting, towards law of contracts, law of all this, and that just did my head in. And, and that's when I started to ... I'd always been interested in IT, started to work, and in my first job, I fell into this technology called Citrix. And, and I think what really attracted me to the technology was more that it was focused on the end-user. It was focused on people and how they work. And, you know, Citrix has always had the vision of enabling people to work from anywhere, and that was something that really appealed to me.

So pretty much every job I've had since I started was something to do with the end-user computing space, be it Citrix or Microsoft and things like that. And then ultimately, I started at Citrix, uh, about 11 years ago, uh, initially lo- looking after the pre-sales team and then a few years back moving into the role of, uh, a field CTO. So certainly, a journey, I think back on how much technology has changed in that time, it's incredible, but even just how fast it's changing right now. Uh, I think we're in an amazing industry and interesting to see how things play out over the next few years.

Garrett O'Hara: I- it definitely will be. And, you know, we've talked about COVID and a little bit, like I said, before we even hit record. And one of the things that I think everyone has observed is how much that's changed things and how it's probably catalyzed changes that were probably, let's be honest, gonna happen anyway, but just on a longer, longer timeframe. But everything's been compressed, and decisions have been made pretty quickly. Like from your perspective, when you think about a long-term kind of remote working model, which many organizations are gonna move towards, I think that's, let's be honest, it's probably gonna be the new normal, um, how do IT teams like go about sort of doing that? Like maintaining it and constantly improving kind of business, but also the business security side of things, which I think is another huge lesson this year, is that like securing people in a remote working environment is, has its own challenges.

Safi Obeidullah: Yeah. I think ... I mean, talk about the security thing first. I think, you know, it's gonna be very interesting 'cause it's, it's gonna mean that organizations need to really rethink their security models. I mean, historically security teams have been focused on the traditional command and control model of, I'm gonna ... thou shall not have access, or thou shall have access, and, and you know, they've been able to protect their corporate networks, their data centers and devices. Whereas if you think about what remote working has done and working from home, I'm now working from an untrusted network with an untrusted internet connection that I'm sharing with my family, my roommates, who knows who else is on, on that network as well. So, it's certainly vastly increased the attack surface for organizations. I mean, you, you hear a lot of organizations in the early days of the pandemic did whatever they needed to do. And by that, I mean take shortcuts to get people working.

Garrett O'Hara: Hmm.

Safi Obeidullah: And there's a lot of people where security wasn't always front of mind, they just needed to get the business continuing to operate. You go and work h- however possible, and you're hear-, you, you know, scary stories of people just saying, "Just take our VPN client, deploy it on your home device and off you go." Now, tha- that's all well and good if it's for a short period of time, but to your point Garrett, now that we know that remote working is here to stay, you know, be it a full-time remote working model or a hybrid with, and I think most organizations will be hybrid, where there'll be some time in the office in some time working from home, we're starting to see a lot of organizations circle, background, and shore up their remote, working security postures. Really looking at what they've done, how users are gonna work and, and how they go about it, ensuring that they're protecting their organization, protecting their applications and importantly protecting their people as well.

Garrett O'Hara: Yeah.

Safi Obeidullah: Um, and I think that's the shift that we're starting to see as remote working becomes more permanent.

Garrett O'Hara: It feels like we've, we've been forced to get over a bunch of psychological barriers. Right? It's um, when I kind of reflect back on the last 10, maybe 15 years, you know, we've, we've gotten better tools and better ways to do remote working and they weren't per- perfect. I mean, I used to do some of that like 15 years ago, but it was pretty clunky, you know, a little bit of a, uh, some sort of a VPN, RDP into a machine, security was very much a secondary consideration. But it feels like we've, we've gotten over that hump or that barrier of psychology that felt like it was probably the biggest thing. Um-

Safi Obeidullah: Absolutely. And, and I think that's a good point. You're right. The technology for the most part, yeah, it wasn't perfect, but it was there.

Garrett O'Hara: Yeah.

Safi Obeidullah: I mean, you could work remotely, but i- it was a trust issue. Right?

Garrett O'Hara: Yup.

Safi Obeidullah: Um, you know, if you, if you look at this whole notion of, of presenteeism, where people are expected to be in the office, as a manager, you want to see your people, to know that they're actually being productive and working. Um, you don't trust that the people are gonna work from home, that they're just going to watch TV or, or whatnot. And I think that whole notion of presenteeism really drove this fear of remote working, right? The only way you let someone work remotely was if it was an emergency, or maybe a small subset of executives were privileged enough to have that capability.

But but you're spot on, I mean, I think this lockdown forced everyone's hand and they discovered that, you know, I can trust my employees and they can be productive. It's not perfect. And, you know, I definitely think remote working during a pandemic is like an extreme version of working from home-

Garrett O'Hara: Yeah. [laughs].

Safi Obeidullah: ... because you've got all these other pressures and things going on around vaccines and scho- and kids stu- uh, studying from home and all these other things, other pressures as well. But definitely I think the cat's out of the bag, you know, I think they've realized that people can work and, and now both employees want it to continue. And I think organizations are finding there's a lot of value and benefit for continuing this, this whole, uh, remote working approach.

Garrett O'Hara: Yeah, totally agree. I, I, you know, I wouldn't like to be in commercial real estate at the moment. So that, I think, I don't know, you might've actually just said that be- before we started recording, but it is true. You know, I think we're, we're in a new normal. Here, here's a question for you, when I think about that presenteeism ... I love that phrase by the way, I wrote it down and I will be stealing it ... Um, but when you think about the availability of mobile devices and how distracting they are, I think you're spot on. Like being in a physical location these days when you've access to Facebook and YouTube and all those things on your personal device, non trackable, probably sitting on a 4G connection that you've no control over, you know, that, that any, any notion of being physically in a place these days has sort of gone out the window. I mean, yes, if you've got KPIs around number of phone calls you're making per day or output, cool, but those things would apply in a home environment anyway.

Safi Obeidullah: No, that's right. And, and I think that's fundamentally, the way to sum that up would be, is that we finally realize that work is not a place.

Garrett O'Hara: Yeah.

Safi Obeidullah: I- it's a thing that we do, and we should be able to do that thing from anywhere.

Garrett O'Hara: Yup. Yeah. And the generation that's coming up and, our digital natives, or, you know, people that are happy to work from coffee shops, home and office and, you know, value kind of, I suppose, relationships, but relationships that develop in a, in a different way. O- one of the things I would very much like to talk about is with the transition with COVID, we've moved away from perimeter, you know, you've moved away from, you go to a physical place and there's some stuff sitting on a network layer, um, you know, there's obviously physical security and all of that good stuff, that has gone. You know, we're into perimeterless, you know, environments and, and the kind of ... we've been, again, we've been talking about this stuff for years, but it's been catalyzed by COVID. When I think of that, I think zero trust, which, you know, lots of organizations are talking about and moving towards. I'd very much like to kind of dig into that with you, given, given your role. How do you see that kind of influencing the way we work? And then also, when you think about business leaders making decisions about security, what's the influence of like zero trust as a thinking, as an approach?

Safi Obeidullah: Yeah. I think zero trust, I mean, it's one of those buzz words at the moment, right?

Garrett O'Hara: It is.

Safi Obeidullah: And, and I think like with all buzzword, it, it means different things to different people. Um, you know, some people actually still think it's a product. I mean, it's, it's, it's a, it's a methodology or a way of thinking. And, and the way I think about it, is it's effectively a, a position that the organization is taking that all trust is earned.

Garrett O'Hara: Hmm.

Safi Obeidullah: It's, and it's very much in contrast with the traditional notion from organizations where they, they trusted a user or they trusted a computer or a network and a data center. And once they trusted that, that person or device, then anything that person did was fine. Whereas with ze- with the zero trust model, it's really, you know, as I mentioned, taking that approach, that trust is earned and, and, and we need to determine how do we trust a situation, not a person or a device, but a situation is risk appropriate? And, and what do we need to do to verify that? How do we attest it? How do we audit it? And these are the types of, of questions we're seeing organizations really starting to think about when they start thinking about embracing zero trust as an approach for their organization.

Garrett O'Hara: I love that thinking, that idea of context security controls versus content security controls, and it feels like that's a shift that's happening as well. And I'd love for your comments on how we're seeing utility there, because I think that's starting to become much more doable because of technology. And I hate to say machine learning, 'cause I know everybody is triggered by that as a phrase, but it's, it's important, right? But are you seeing that or those out, you know, the development of solid algorithms and more accuracy around what's good context for applying security controls? Like, how has that evolved?

Safi Obeidullah: Yeah. Look, I mean, I think just the evolution of how data can be analyzed is, is the key breakthrough. I mean, we've, we've always gathered logs and data around, you know, from firewalls and VPNs and authentication attempts, all those, all that data has always existed, but we just haven't had the power or the algorithms to effectively analyze that in a way that we can gain these insights to, um, to react to it. A- and I think that's the real shift that's happened where, you know, things like, um, machine learning platforms like, uh, public clouds have now put that power in the hands of everyone to say, well, I can use the, the capabilities, the capacity, the scale that's on these clouds and cert- and, and third party providers that provide those services to now truly understand what's going on in- inside my environment. Give them the visibility that they need, because I think the reality is no one is, um, no one's ever gonna escape having either an attack or a breach, it's gonna happen to everyone. The important thing is how you respond, how quickly you're aware something is happening and you can respond. And data and having those insights is key to that.

Garrett O'Hara: Yeah. There are some, I think really exciting developments that hopefully will reduce all of our stress levels, um, as you say, kinda using, you know, context dependent security controls, things like Siemens Store type applications, where you can start to automate some of this stuff through, so less work to do hopefully, and, you know, lower meantime to detect and response.

Safi Obeidullah: Well, yeah. And I think the other element of zero trust, you know, aside from the contextual nature is that it's also continuous.

Garrett O'Hara: Yup.

Safi Obeidullah: You know, historically we've trusted someone at point of login or authentication, and once they've done that, it's, it's a free for all roamers. Whereas zero trust is about, you know what, that's not enough, it's gonna be an ongoing assessment that is continuously situationally aware, and as you said, contextually aware as well.

Garrett O'Hara: Are you able to give us an example on ... 'cause all of this stuff is spot on. Um, definitely, definitely get it sort of aca- at an academic level. How does that play out? So, you know, I'm Bob and I am doing some stuff, like what, how does that work in my kind of day to day as I kinda go about trying to be productive at home or even in an office environment?

Safi Obeidullah: Yeah. I mean, e- even if you think about some of the common things you may be doing on your device, right? A lot of people have their work, uh, utilities and tools, be it a digital workspace, be it VPN, be, be it access to applications on their laptop. Now from a personal perspective, something that we've seen come up in many cases is that on the personal side of things, they wanna use, um, something like Nord VPN to access Netflix in a different region.

Garrett O'Hara: Hmm.

Safi Obeidullah: I don't know. That that comes up. So now I'm working and now I've stopped working and I, I wanna watch something, so I start the Nord VPN. And so now immediately, my, the context of that device has changed. I'm no longer connected to my personal connection, I'm connected to another VPN connection. And so that changing context I feel is really what's, what zero trust can be ma- uh, can help with. Because i- i- if you've got the right tools in place, it will detect that the context of your, of your device, be it the type of network connection that it has, has changed and then will automatically adapt the security posture of the resources that, that, that you may be trying to access from a corporate perspective. So I think those are the types of scenarios that it can help with. I think the key thing is to make it easier from an employee perspective that it's dynamic. It needs to happen in the background, it can't be something that interrupts the work that people are doing or is, or is disruptive. It has to be dynamic for it to be effective.

Garrett O'Hara: Yeah. No, definitely get that. And the, the value of a transparent security controls. Like I s- as a kinda think about that, we've been doing this kind of work from home stuff for what? 12 months. And I think there's been lots of lessons learned by so many organizations, you know, that many of these conversations, and I know you've already hea- heard more of them, about, you know, what it looks like to empower employees when they are kind of working from anywhere? Could be cafes, could be at home, could be in a shared house, could be in an office, really, you know, device independent working. What's the next evolution? Like what does an employee experience look like as somebody who shows up to do a job wherever, like what's the evolution we're gonna see?

Safi Obeidullah: Yeah. Um, I think it's going to be huge, to be honest with you, Garrett. I think we're gonna see a lot of change in terms of the, the tools that employees have at their hand. I mean, for the last sort of five, 10 years, we've seen a big push for organizations to invest in customer experience, so their customers. And I think what they realize is all that investment's been great, but where they've been falling behind is the employee experience, the tools and applications and experience that my employees face, which ultimately does impact the end customer's experience as well. So we're seeing a much bigger focus on, on really understanding, well, how do I set my employees up for success? How do I set them up to do their best work?

And it's a combination of a whole range of different things. Obviously, technology is, is one, you know, making sure they've got the, the right tools, but also the right tools to succeed in a distributed work environment. And that, And that I make as a distinction because when everyone's in the office, you have a different experience, when, when people are distributed, some working from the office, some working from their own homes, it's very different and you have to try and find ways to make sure people can still easily interact and, and collaborate, people don't feel isolated. So there's a whole bunch of different el-, different elements there.

And on top of that, from a technology perspective, you, you were sort of touching on it before, when you talked about all the different, um, platforms that people use, be it Teams or WhatsApp or Slack, and that there is a lot of noise in the workplace as well. Like when you're trying to get your work done, you know, you're constantly being interrupted by an email or a Teams message or WhatsApp or this or that. There's just so many points of notifications that are distracting you from your work. So I think this is another area that organizations to start to look at is, how do we reduce the noise that employees have to deal with? H- how do we reduce the amount of interruptions and distractions they get that aren't important, but are taking them away from the focus work that they're trying to do. So I think that's a big part of it.

Um, I think other elements that we're seeing is that people are rethinking how they, uh, l- look for talent. I mean, hi- historically we've, we- we've always hired people with the expectation of presenteeism, that they are people that can come to an office, and we've, that means we've always hired people that typically live within about an hour's commute from the office. Whereas now, if remote working is okay, well, you don't need to be limited by that. You can hire someone who lives anywhere, you know, and that will, uh, open up that talent pool. You can bring back people that perhaps have had to stop working or take a, a career break due to being new parents or taking care of elderly parents or, or family and things like that. So there's a big, um, uh, talent element to it as well that people are looking at.

And then finally, what you talked about was just from an organizational benefit pers- perspective around re- around real estate and offices. Well, what happens with an office? You know, I think we both spoke about before, that both of our offices are pretty much empty at the moment. Well, what happens with that? You know, how do I need to reconfigure the office? Do I need to reduce office space? And we're seeing a lot of companies already start to do that. I think HSBC announced this week that they're looking to reduce their real estate by 40%, uh, because of, of flexible working. Um, and also questioning, well, why should people come to the office? If I can do my work from home, well, what's the reason I need to come to the office? And if that's more to collaborate and work with people, well then my office do- doesn't need to be an endless sea of, of desks. I need to create more, uh, collaborative working spaces and things like that. So, I mean, I could go on about this because there's just so many different elements of, of changes that are going on right now.


No, that's right. A- a- and it'll be ongoing for a while. I mean, we did a housing survey, um, uh, late last year and, and if you're asking why Citrix is doing a housing survey, and it was more around looking at the impact of remote working on housing. And what we found was that one of the interesting things was 35% of Australian workers, so this was an Australian survey, had already relocated from the city, or plan to relocate from the city be- because of permanent remote working. I mean, we were talking about commercial real, commercial real estate, but you think about all the other periphery businesses impacted as, you know, cafes, restaurants, uh, coffee shops, all impacted by people not being there in the city. All those apartments that were there because people wanted close proximity to the office, I mean, a bu- a big, a big, a bunch of them are now leaving that in favor of sort of moving out towards, uh, more regional or even ru- rural locations because they can work from anywhere and they want more space.

Garrett O'Hara: Yeah. And look, I'll be honest with you, I'm one of those. You know, I'm getting to an age where, you know, my, my dream with my wife is that we live in a tiny house with some land, but an amazing internet connection where-

Safi Obeidullah: Yeah.

Garrett O'Hara: ... you know, I can, I can sit looking out over some goats and, uh, the ocean maybe, but actually I'm doing some, you know, solid work during the workday because, you know, we've got, we've got that ability to, uh, to do it. Here, here's a question for you that's, you know, comes up consistently. And it's the, you know, as you've talked through the kind of working environments getting out of the way of employees, making it so that you've got transparent security controls, you know, i- it feels sometimes like that's aspirational and I'd love to get your thoughts on the, I suppose, the, the productivity versus efficiency versus security, you know, conversation that is as old as IT and security itself. Um, has that changed in your opinion? Like, is it, is it different now?

Safi Obeidullah: I think it's changing. I, I think, you know, historically, as you said, I mean, there's always been that, the, the fight between, you know, uh, security and what security wants people to do and employees in terms of how they wanna work. I think there's a couple of things that's changing. One, I think the mindsets are changing where IT alone isn't dictating the tools and services employees use. And, and, you know, with, with an increased focus on employee experience, you know, organizations embracing things like design thinking, they're putting the employees needs first. So it's not IT deciding what the right tool or solution or, or, or outcome is, it's the employees helping define the requirements, helping, uh, educate people on how they need to work, what their challenges are, so we build solutions that are a lot more aligned to the needs of employees. And so that is trying, is trying to shift that.

I also think the evolution of technology has meant th- there's more opportunity for security to be integrated and invisible rather than front and center. I mean, historically, I mean, we had very cumbersome security tools, right? Like, it was in your face. Whereas now technology, as I said, has, has moved, there's more options, there's more flexibility, and I think that is gonna help improve and really strike that balance between experience and protection. And, and I think we are on a positive, uh, journey there.

Garrett O'Hara: Do you think the effect of consumer technology, so here I'm thinking like as people go about their day, they're embedded in technology in a way they weren't before. If you roll back the clock, you know, the reality was you, you might had a phone, maybe a basic computer, maybe did some stuff, but really you went to your workplace and that's where technology lit up and you had this cool security and all these applications and, you know, enterprise software was seen as the, the gold standard or the things aimed for, that's shifted. Right? You know, you see the, the quality of, uh, personal applications, things like social media applications, fitness, all of the different areas of people's personal lives that have been affected by technology and how well they execute in terms of user experience, transparent security with, you know, decent OAuth, and, you know, do you want to log in here with, you know, pick your provider, you don't have to go do, you know, do the whole credentials thing every time, like they're designed to work together.

Do you feel like at some level that's become an expectation from employees as they go into a work environment? If they, they notice a tension or a friction where their personal life, they can do things so easily and, you know, air code securely, if they're, if they're doing the right things and then they go maybe to work environments where they've got, you know, clunky 2FA or MFA approaches and, you know, applications that are integrated, no single sign on, what's your thoughts on that?

Safi Obeidullah: Absolutely. I mean, I definitely think the consumer experience is gonna set the expectation. I mean, and, and as more and more millennials come in to the workplace, I mean, they're I think last th- they were already 40% of the workforce, they're probably going to be 60, 80% soon. You know, the expectation is, is gonna be there. Right? And I think if you, exactly to your point, it is so simple from a consumer experience perspective, right? You know, I've got an Apple phone, so face ID Apple Pay is just so simple. And ultimately, if you look at why it's different is that when those consumer services are designing their experience, they're leading with the person who's gonna use it.

And this sort of goes back to this notion of employee experience where historically it's been IT that's defined the technology that organizations have implemented, and they haven't really engaged the employees as part of that process. So I think as organizations mature and they embrace things like design thinking, as I mentioned, and start leading with the needs of employees, we're gonna see a lot more in- uh, intuitive and seamless experiences in the workplace. It will take some time though, because you know, most organizations, um, you know, consumer apps don't have to worry about legacy applications and-

Garrett O'Hara: Yeah.

Safi Obeidullah: ... and legacy data and things like that, whereas organizations do. And so how do you find the balance with making sure your old clunky legacy apps are available in a seamless way? And can you do that or not? And then how do I sort of build out these new, uh, really intuitive applications, uh, particularly that are mobile-led, uh, to make the employee experience much better? So I think it's improving, but I think it's still a way to go.

Garrett O'Hara: Yeah. A long, probably a long way to go in some cases, but we'll, we'll get there, you know, let's, let's stay hopeful. Um, I- I'd be keen to, to kind of, you know, when I think of, uh, work and future work models, you know, maybe I'm short term-ish, but like, I think a year or two years, what, or like, how do you see are kind of, I suppose our interpretations of what work is, and like, that's obviously changed since 2020 because of the very obvious, uh, pandemic that has happened. Um, but I'd, yeah, I'd love to hear your thoughts on, okay, the technology might be there as an enabler, but how do you see business leaders engage with the, the opportunity for maybe re-imagining, not to steal from Apple, but you know, that, that sort of idea of re-imagining what work is, how it would operate. What's the model look like as you kinda go forward?


I, like, I totally, totally agree with you. I think you're, you're spot on. We're seeing the emergence of, um, I would say technology, but also cybersecurity as a competitive advantage. You know, it's not, uh, oh, here's the thing we have to do because we have to do it, but actually this is the thing that lets us pull away from the competition 'cause we can operate faster because we know we've built secure processes, secure systems, we know our employees are pretty savvy when it comes to the, to the world of server security. Seeing that more and more, and being talked about more and more is that idea that we need to stop thinking about cybersecurity as this we must do this and it costs a lot of money and it's annoying and it gets in the way and flip that around and say, well, if we do this really well, we can just, we can, you know, we can operate at a, a faster cadence and ultimately, you know, kind of add pace and then, and maneuver competition.

Safi Obeidullah: No, that's right. And I think particularly when it comes to security, it needs to be something that's integrated into the design process and not an after thought.

Garrett O'Hara: Yeah.

Safi Obeidullah: I mean, I think, I think too often with IT projects we'll identify a solution or a piece of software, do all the testing, pretty much deploy it and then ask the security guys to validate it at the end. And I think we almost need to bring that to the forefront. And by doing that, we can, I guess we have a greater opportunity to create a more invisible and more seamless approach to security because it's being built in from the outset, not an afterthought that we, we just need to, to go through this hurdle at the end. So yeah, I definitely think attitudes are changing and there's a lot more collaboration happening between the different IT silos that have historically existed.

Garrett O'Hara: Yeah, definitely agree with that. It's funny, you talk about the sort of developments. I used to be a developer years ago and never thought about security. You know, and I, I kind of joke about it now, 'cause it's, it's long enough ago that nobody thought about security. It wasn't that I was a bad developer, I was just, I was a normal developer and just, we weren't thinking about it. Interestingly, some of the smartest people I know are also developers and it's amazing to me how often they're unbelievably good at writing code, smart in a way that I just probably will never be, but security is still not really the core or a core consideration as they're developing our code. And I know this, you know, dynamic and static analysis tools for code, but it's not quite the same as to your points. It's a principle of development and it's a psychology of development that you bring forward as you're kind of tapping add lines of code. It's, um, yeah, interesting times that we're, uh, we're living in.

And speaking of interesting times, you guys are in a pretty unique position, given your role in Citrix and what Citrix does, what's, um, like any war stories or any kind of maybe unique stuff that you've seen over 2020, um, you know, in, in the last year of COVID and just the craziness that's been going on?

Safi Obeidullah: Oh, look, I mean, I think there's been lots of war stories. I mean, I think there's, you know, there's more examples than I can count where, you know, we've had to help organizations overnight, you know, shift thousands of workers working from home. I think one of the earliest examples was in China when things hadn't really expanded outside, um, of China at that point in time in January, but they were being hit, they were moving into lockdown and lots of stories of us, um, o- our staff, our partners, customers who, you know, th- th- there was one example where they had to build out a virtual environment for 5,000 contact center agents in, in literally a week. Like, it's just-

Garrett O'Hara: Wow.

Safi Obeidullah: ... incredible feats of, of, of effort by IT workers around the world. And, and I, I did do a LinkedIn article about this, where I think there's a lot of, you know, obviously acknowledgement and kudos gi- given to frontline workers, you know, healthcare and all that, which absolutely is there and, and needs to be said, but you know, IT guys are sort of almost the unsung he- heroes. Because the amount of effort the IT industry had to put in, in those first three, four months of the pandemic to deploy new solutions and, and expand their environments and keep environments running, it's, it's just enormous. So there's a lot of stories and I think everyone ha- has those war stories out there, um, around that.

But for me, one of the biggest things though, I think that's come out of all of this, you know, out of the conversations we have with customers that it's actually reminded all of us that behind all the technology is actually people, like the human factor. And people have realized that not only from a work perspective, but because they're working from home, they're sort of reconnecting with their families and, and really re- reassessing what their priorities of, of life are. If you think about the, the way society has worked, particularly in a Western context, it's largely being, we've built our whole lives around the routine of work.

Garrett O'Hara: Yeah.

Safi Obeidullah: You know, everything's focused on work. I live near my work, I'll shop after work, uh, if there's things that need to happen, I have to do it after work. You know, I get up in the morning, I commute, come home, rinse and repeat, it's the same thing over and again. Whereas I think now, and, and because we've passed that notion of presenteeism and we trust people can work from home. And I think when we're sort of in an environment where we can actually have a much more flexible work-life balance. And I think that's, that's gonna go a long way towards just again, reminding us of, of what's important, reminding us that there's more than just work, that we do have stuff outside of work and, and looking after ourselves as, as people as well.

Garrett O'Hara: I, I feel like we're, it's sort of an interesting time where it could be, we're spending more time at home, and I've had many conversations as I'm guessing you have, um, with people who are getting to spend time with their kids that they never would have. Do the drop off, you know, be, be present in a way that they never could for their families. They've ... commutes have gone away. Um, that the same time I'm hearing the stories of, I started at eight and I get on the Zoom and then I get off Zoom at about 6:00 PM and I'm burned. Like by the end of the day, I'm burned plus I'm now in my workplace essentially, so there's no, there's no transition, there's no bit where, you know, put on the headphones and you know, you're getting in the car, it's, it's sort of it's, it's different. Yeah.

Safi Obeidullah: Yeah. And well, and that's what I was saying before the, you know, this version of remote work is an extreme version, right?

Garrett O'Hara: Yup.

Safi Obeidullah: It's not normal. And, and I always get annoyed when people rave on it and are happy about how productivity has increased, then it's all the same. And I always ask, well, at what cost? Because the way we work in the, the effort that we're going in is not sustainable for the long-term.

Garrett O'Hara: Yeah.

Safi Obeidullah: I- it's just not gonna work. You know, being, that whole notion of Zoom fatigue back to back, we don't have those natural breaks that we had between, between meetings, right? Even just walking from one side of the office, to the other, that's a break in itself. You get to meet someone along the way, grab a drink, get some exercise. Or if you're going to see a customer or a client, you jump in a cab. And so all those natural breaks are gone. The transitions, as you said, um, sort of getting prepared mentally for work on your commute there and winding down on the way back, that's all gone. And so it's very much a blur. And I definitely think, you know, organizations, and, and they already are starting to do it is really focusing on the whole notion of digital wellness, you know.

Garrett O'Hara: Yeah.

Safi Obeidullah: Really looking at how do I make sure that yes, they have the right tools and they're set up for success, but setting people up for success is not just about technology. It's about making sure their wellbeing is taken care of as well. Um, and it's been interesting 'cause we've seen organizations really take i- initiatives to try and help people get those breaks. You know, there's, there's one customer who instituted a policy of having no email being sent after 7:00 PM.

Garrett O'Hara: Yup.

Safi Obeidullah: Just lay there, you know. 'Cause the thing is, if a manager or a leader emails you at eight and you see it, you- you're going to respond. And then you get into work mode and you, and you're not relaxed, and you keep on going. 'Cause the reality is if it was truly urgent, urgent, urgent, then you give someone a call. So I think that makes sense.

Another company introduced a, a digital wellness Bingo. So every week they had a series of activities that people had to complete, which had nothing to do with work. Like taking a walk or, or, or going to the gym or doing so many steps. And just, just to, other things like that, just to sort of break up the day. And so it's good to see that, and I think there needs to be more and more focus on it. Uh, remote working, if it's here to stay, which it is, if we don't look after the people, it's just, everyone's gonna suffer from burnout. It's, it's not gonna work.

Garrett O'Hara: Yeah, I totally agree with you. I think the key theme I've taken from what you've said is balance. You know, it's the, i- it's great to work from home, and, and I think you made the point earlier on, it's hybrid is probably where we'll land. You know, it's not gonna be fully work from home for everybody, maybe for some people that is what, you know, keeps him well digitally and otherwise, and then for other people, it's probably gonna be some combination of, um, of all of those things.

Um, Safi, we're running over time. I have really enjoyed this conversation as I did last time when we, we spoke about digital twins, highly recommend that episode. It was something that was pretty new, uh, for me. And so, and to be honest with you, when I was prepping for that last interview, I had to go and ask a bunch of people, what is this digital twin thing? And so I learned a lot from that one and I've learned a lot today. So again, I really do appreciate you taking the, the time out to, to speak to us. And if it's okay, I'm gonna include your LinkedIn article that you just mentioned there, and I'd like to include that, include that in, um, in our show notes, um, for this episode. But thank you.

Safi Obeidullah: Thanks for the opportunity. And I've really enjoyed the, the discussion as well. So thanks Garrett.

Garrett O'Hara: Big thanks to Safi for that conversation, so, so enjoyable, As always, thank you for listening to the Get Cyber Resilient Podcast. We do have a back catalog of episodes. So please have listen to those and let us know what you think. Please comments, review subscribe. For now, I look forward to catching you on the next episode.


Principal Technical Consultant

Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

User Name
Garrett O'Hara