More Articles
Information Technology

A Collaborative Approach Accelerates Adoption of Cybersecurity Changes

Russ Felker

Russ Felker

Chief Technology Officer at Trinity Logistics

Russ Felker Trinity Logistics

When introducing new cybersecurity initiatives in any organization, taking a collaborative approach and providing reasoning behind the changes allows for more widespread adoption across departments.

Quartz Network Executive Correspondent Britt Erler sat down with Russ Felker during his tenure as Chief Technology Officer at GlobalTranz, to learn more about taking a collaborative approach to cybersecurity change management.

With over 25 years of industry experience, Russ shares:

  • Key areas to focus on with cybersecurity
  • How to take a collaborative approach
  • What processes you should put into place

Quartz Network: Can you share a bit about your background and your current role with GlobalTranz?

Russ Felker: Absolutely. As Chief Technology Officer I am actually in charge of all things technology. That includes all IT product development. GlobalTranz is a top 10 3PL. We’re in the transportation and logistics industries across less than truckload, truckload, and managed transportation.

But we’ve always been very technology driven. So a lot of the services that we provide and the offerings we have are driven by technology that often falls under my department. I’ve been doing the technology thing for over 25 years.

Quartz Network: What do you believe are some key areas to focus on with cybersecurity and where do companies start?

Russ Felker: There’s a few different things that you really want to focus on. When it comes to security, it’s about the basics. In many ways it’s having that basic hygiene and the basic processes. And that takes people to ensure that you have people focusing on those things and people executing on the actions that are needed to keep systems up to date. To keep patches in place to do all those different things.

The big thing people miss in many ways is that it’s not just technology people. It’s the entire company that needs to be involved. And you must have that focus on basic hygiene, the focus on basic practices, and the dissemination of those out to your staff. But then you must include them from that execution standpoint. I think that’s a critical point that a lot of companies don’t necessarily execute down.

Quartz Network: What collaborative approach does GlobalTranz take to implement cybersecurity?

Russ Felker: In a general sense, we felt like we were talking at employees a lot when it came to security. You get the email that talks about the different attacks that have happened, or the ones saying don’t click on things. Those are emails everybody gets. And you go through your yearly training, where you’re told all the same things. Don’t click on this. Don’t click on that.

But what gets missed a lot is when you implement policies and you put practices into place involving the departments and not just executing those things but having a voice in helping to create them. And understanding the business impacts, because each department has a slump. You’re going to have different impacts.

One group might be like, “Yeah, I don’t care about If you rotate my password every 30 days.” And the other group is like, “Wait, what? You’re going to rotate my password? I need to remember that. My Post-it on the bottom of my keyboard is only so big. I can’t write all those down.”

 So you’ve got to involve them and get them involved. And that’s what we’ve done over the last year is really bringing them into the process. As opposed to just making them the recipients of things coming out of IT. Saying this is the new rule for passwords and this is the new rule for VPN, and all these other acronyms that we’re just going to throw at you.

It’s more like, let’s get them involved. Let’s understand their perspective and align that with everybody else. So everybody else can also hear the different groups perspective, and make sure that we’re being collaborative in our approach for the corporate security.

Quartz Network: What are the processes you and your company have put in place to make sure that there is this visibility and there is this involvement from all of your teams?

Russ Felker: We actually formed our own security council, and policies were coming out of it for the most part. But we weren’t really involving our operations teams and our sales teams and our finance teams. So what we did is we said, “Okay, let’s get representation from all the different teams. Let’s put them together and execute this in a collaborative way where we can get their input and we can help them to understand the reasoning behind a particular policy or a particular need for something.”

Quartz Network: What is the first step in that change management process for you?

Russ Felker: The first step is really about making it visible to the company and that level of collaboration. First you’re going to establish that collaborative group. You reach out to the business units. You pull in the resources. You give them an understanding, “Hey, here’s what we’re going to need from you.”

 We meet on a quarterly basis to review any new policies and any changes to policies. Sometimes the meeting is 15 minutes if there aren’t that many changes. But when you have new policies coming into place, and you have new pieces being put in, that is critical for understanding exactly what is going to be the impact to those groups.

As you go through this and you pull in team members, they can then communicate back out to their groups. You want to communicate out as a company to say, “Here’s everybody we got involved. Here’s the people that are in this council. Here’s the people that are helping to shape policies and how we roll that out to you, the company.”

And that’s a really critical component and one of the first steps to put this in place, that effective collaboration.

For more industry best practices and insights from leading IT executives like Russ, join Quartz Network.