Brad Bits: December 19, 2024 (RTO Mandates and Salt Typhoon)
RTO Mandates with some Salt Typhoon.
Welcome reader! We've made it to Thursday, December 19th, 2024 (or Friday for any APJC readers out there!). Today, I am going to discuss return to office (RTO) mandates and Salt Typhoon. Both headlines have a teleco nexus, so let's dive in...
RTO Mandates
AT&T joins Amazon and a growing list of companies with return to office (RTO) mandates.
This isn't a surprise, but it also requires further analysis and may have an adverse effect. From my perspective, are employees productive? What roles are better suited for in-person? Work isn't where you are, but what you get done to align with organizational goals. Productivity is about an obsession with quality over quantity, with the end work product in mind that meets organizational objectives. My experience spans leadership roles leading global, diverse, connected teams. It's how you communicate and the workplace norms that teams set. Connectedness is so important. As a co-worker, do you turn on your camera when you are meeting with coworkers? Are your communications intentional? Should your message be an email? Phone call? We’ve all been in meetings that should've been an email and exchanged Slack/Teams/WebEx messages that should've been an email. Teams consume, disseminate, and connect in different ways. Communication expectations are mission-critical for high-performing teams. For example, if I am sending an email to a colleague in Europe late afternoon U.S. time, I do not expect that colleague to impulsively respond. It should be on his/her time when they work best and during regular business hours. Email isn't urgent communication. If you are having regular conversations with colleagues and leaders, then this expectation should be set on how you work at your best and how you can work with them at their best. I see so many organizations that get this wrong. Does your team have regular conversations on how each team member works at their best? If not, bring this up in your next team meeting with your peers and one-on-one with your manager.
The office should be a magnet for employees to collaborate to accomplish objectives and meet deadlines, so as different organizations continue to mandate return-to-office, it's important for organizations to measure how work deliverables get completed and the best format for quality regardless of geo-location. Employees must continue to advocate for themselves and let the quality of their knowledge work be how they are measured versus the quantity of hours spent in an office. Dialogue and transparency are key for teams.
Salt Typhoon
Recently, a joint advisory about Salt Typhoon (also known as Earth Estries, Ghost Emperor, Famous Sparrow, or UNC 2286) targeting U.S. telcos. On December 3, the NSA joined the FBI and CISA to issue a joint advisory . On December 4th, the White House announced that Salt Typhoon had compromised at least eight telcos, which included AT&T, Lumen Technologies, and Verizon. CSO Online has a great timeline highlighting Salt Typhoon.
If you are in cybersecurity (especially my fellow DFIR colleagues on the frontlines responding to these intrusions), please have a conversation with your loved ones over the holidays on the significance of this threat and the importance of encrypting communications.
CISA has some good guidance here that you can share and use for talking points over the holidays: https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
For defenders, I would also recommend reading more about Signaling System 7 (SS7) and continue to educate yourself on network protocols and vulnerabilities facing internet-facing devices; such as firewalls and routers. This will help you technically, but also begin to learn adversary tradecraft. Adversaries will continue to target network infrastructure and I could write a blog post or 1/n on this topic in the future based upon my experience. Well, that's all for today...patch your stuff, encrypt your comms, MFA everywhere, and bake your lessons learned back into your incident response plans. If you need an expert, please reach out.
References:
[i] https://www.inc.com/sarahlynch/rto-att-joins-amazon-return-to-office-are-mandates-a-good-idea/91068037[ii] https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications[iii] https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3982793/guidance-urges-visibility-and-device-hardening-against-prc-affiliated-threat-ac/[iv] https://www.csoonline.com/article/3621674/salt-typhoon-poses-a-serious-supply-chain-risk-to-most-organizations.html[v] https://www.404media.co/email/ac709882-1e4b-42fc-bcca-cf7ce4793716A Leadership Journey: Part 1/n
Introduction
The world needs more leaders now more than ever. I serve a diverse, global, high-performing organization at a Fortune 100. Every person in my organization is a leader and I am blessed to serve them each day (team, if you are reading this…thank you! I love serving you and our mission. You inspire and motivate me each day!). Yes, everyone is a leader. YOU are a leader!
I also coach a football team where leadership is a core principle that I am teaching my players….not just Xs & Os of American football. Next, I also mentor the next generation of cybersecurity and Digital Forensic & Incident Response (DFIR) professionals. I love sharing my journey and the knowledge I have learned along the way to my mentees. I could not be more excited about the next generation of DFIR professionals. These are just several ways that I show up and look for ways to lead each day.
What is leadership?
First, let’s define leadership. Simply put, it’s a shared set of responsibilities individuals have to each other with a shared mission. Leadership is about adding value and bringing one’s strength to fill a gap, or need amongst individual(s). Think about it…the best teams in the world are collaborative, maintain high trust, and build each other up. This translates into a contagious, forward-thinking culture. As a leader of leaders, there are opportunities everyday to lean in and lead. I am at my best when I am removing obstacles for my team and allowing them to collaborate, innovate, and solve the most challenging problems. What are you doing each day to grow as a leader? Leadership requires growth, nurturing, and yes it even can be a contact sport. It requires personal humility coupled with strong professional will with the continuous desire to improve and learn from successes and missed opportunities. Spend time looking for opportunities to lean in and serve people where you share a joint mission. The world needs more servant leaders in every, single walk of life.
Focus on Opportunities
There are opportunities for every person with a beating heart to lead each day. The world (remember, we view the world in our own paradigm) needs more leaders who are unafraid to lead without a title.
When I am not leading the best DFIR organization on the planet, I enjoy coaching football, flying, and looking for opportunities to serve. I don’t spend much time on social media; however, I do spend my time reading and taking leadership reps to build this muscle. If you want to grow pick up a book and read. Daily, focused attention executed consistently over time will yield outstanding results (I promise). Get comfortable being uncomfortable if you want to grow!! You have to build your leadership muscle each day. Remember, when you are closest to a fear…you ARE growing. Don’t let your brain tell you otherwise…listen to your heart. I challenge my readers to look for daily opportunities to serve. This world is full of opportunities…now get after it and share your story!!
In the next blog post, I will further define what our responsibilities are to each other and peel back some of the finer details I’ve learned along the way.