Growing companies often face cyber security challenges as they manage teams that are scattered across the world. On The Cyber Security Matters Podcast we were joined by Ivan Milenkovic to discuss how companies can manage those challenges, even inside the industry. With over 20 years of expertise in information security, Ivan is currently a Group CISO at WebHelp, where he’s managed a large security team that doubled in size to over 140,000 people. He’s a security evangelist and a huge advocate of addressing cultural and leadership factors rather than relying solely on technology to protect your teams.
What were the security challenges involved in scaling so fast at WebHelp, and how did you overcome those?
When I joined three years ago, WebHelp was just shy of 58,000 people. Throughout COVID we started growing to address the way that our clients worked, and what was happening to the sector at the time. We are very aggressive when it comes to acquisitions and expanding into new markets, and that brings some very interesting challenges. We’re a very large global company. That’s how our clients see us, and they expect a certain level of quality across the board, regardless of where their services come from.
We effectively needed to bring everybody up to speed and bought-in to our culture. I’m a big believer that people are a very important part of the picture when it comes to security. That’s why it’s very important to get everybody on board to recognise certain values that must be respected. The challenge is to get people on this journey, and for them to understand that when it comes to security, it’s not just that you’re trying to enforce boundaries, it’s actually about supporting the qualities. You need to be able to lead and take people on that journey, rather than providing rigid boundaries that they don’t understand.
How do you balance managing a large security team with meeting the demands of internal stakeholders?
WebHelp is split into what we refer to as regions. They’re not necessarily geographic regions, but logical parts of the business that operate as semi-dependent companies tied together at a group level. Because of how everything came together, we’re talking about various teams spread around the world. InfoSec is a very large team, so you have all the daily challenges when it comes to the InfoSec itself. Because it is a rather big team, not everybody is my direct report. Whenever you work with people though, you need to respect their different needs and requirements, and understand what’s going on. We’re blessed with the quality and enthusiasm of people that are part of the team, which helps a lot. Most of my time is actually spent dealing with senior stakeholders from the business rather than my team. It’s been important to make sure that my people are bought-in enough to carry on without much management.
You’re a really passionate advocate of the idea that technology alone can’t solve security problems, so the leadership aspects of cybersecurity are key. Why is that?
It boils down to two things. One is that culture we touched on, because when people understand why certain things need to be done in a certain way, that’s half the job done. If you have people that are trying their best, that are not scared to report problems, that are educated well enough to understand, appreciate and communicate when something goes bad, everything is easier to deal with.
If you look at what can be done with technology today, you cannot do without it. We live in a really technological era where there is too much going on, so without technology you wouldn’t have the right level of visibility and you wouldn’t be able to react fast enough. People are very creative, sometimes too creative for their own good. It’s not hard to imagine a multitude of scenarios where a very creative person can easily get around even the best piece of technology. So that’s why you must find the right mix. You cannot rely on just your technology. It’s your processes that glue it all together. So, unless you take people with you on that journey, you don’t stand a chance.
To learn more about managing risks within the industry, tune into the full episode of The Cyber Security Matters Podcast here.
We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.
