CompTIA Partner Summit Online, held this week, focused on the critical skills and competencies that IT and security professionals need. In a world reshaped by COVID-19, the conference theme –The Next Wave: Reskilling for The Future – is more relevant than ever.

In a session – Preparing for the Next Challenge: Preparedness from Today’s IT Leaders – a panel of three senior IT executives talked about lessons learned from the COVID-19 pandemic. Session moderator James Stanger, CompTIA’s chief technology evangelist, refers to the evolution of IT as pre-COVID, during COVID and post COVID.

The session from the virtual event featured a trio of panelists. They were Michael Geraghty, chief information officer for the state of New Jersey; Clem Craven, senior cybersecurity training lead at BT (British Telecom); and Illysa Ortsmann, senior vice president, global head of technology and infrastructure, at Christie’s Auction House. The three talked about the IT preparedness of their organizations before the pandemic hit, and where they go from here.

The CompTIA Partner Summit panelists quickly revealed that their organizations were in different levels of preparedness for the pandemic. As a result, their road map has changed. The input from these high-level IT professionals is vital for partners when they think about helping their customers.

BT Shines

In a perfect world, many companies would like to be in BT’s shoes.

When Craven joined the company in 2012, he was issued a laptop. In fact, everyone has laptops, he said. Not so with desktops.

BT’s Clem Craven

“We’re agile. We can work from any BT building or work from home. When the pandemic restrictions happened, it was normal for us. We didn’t notice a major issue,” he said.

There was some backend work required; for example, checks on network capacity, but employees routinely work from home or in the various offices. Connections are over a VPN or the internet.

“All of our systems are configured for collaboration,” he said.

Craven’s team is all over the U.K., but chat and collaborate using Microsoft Teams, Skype, WebEx or SharePoint, regardless of where they are in the world.

“You would expect that from us being a network company. It would be embarrassing if that didn’t happen. We were able to pick up and carry on as normal. We have that resilience built in,” he said.

Geraghty talked about what’s it like on the other end of the spectrum. IT was somewhat prepared. He required his employees have a laptop and take it home at night. In the cybersecurity space, no one can predict when bad things will happen.

“So, we’re 24/7 in the event of incident. We have the capability to work from anywhere,” he said.

Others Face Challenges

It was the rest of the state government in New Jersey that struggled. There was a …

… no-work-from-home policy.

“Overnight we had 65,000 employees mandated to socially distance and work from home,” he said.

These employees were office and knowledge workers.

There were many challenges, such as ramping connectivity, access to the VPN, or application virtualization or web services. Then there was an issue of the equipment.

“CIOs like to save money, so they buy desktops instead of laptops. This created a problem when the employees couldn’t be mobile and work from home.

The challenges forced Geraghty and the IT team to come together, adapt and overcome. It’s not the first time the company had to face adversity. There was Hurricane Sandy, what they called the September dorm/internet crash in the early days of the internet, Y2K and 9-11.

Christie’s COVID-19 preparedness fell somewhere between the state of New Jersey and BT.

“We were in between Geraghty and Craven‘s organization in terms of our work-from-home policy. We aren’t fully laptop, as we do have some legacy desktops,” said Ortsman.

Mobility Is Critical

The company was looking at issuing more laptops – not BYOD – but preparing for a work-from-home scenario as a worse-case scenario for IT. Over for the past 12-18 months, Ortsman’s team has been looking at cloud and SaaS — even as basic as Office 365 and implementing multifactor authentication for security.

Illysa Ortsman

“We have a significant number of applications behind the firewall and VPN access,” she said. “We’re looking at what makes sense for the future.”

When COVID hit, it was a struggle to ramp up VPN access for the global company, Ortsmann said at the CompTIA Partner Summit.

Christie’s does a lot of live onsite auctions. COVID forced the company to make all auctions virtual or streaming.

BT didn’t have a crystal ball to know it had to prepare for business operations in the midst of a pandemic.

“We prepare for crisis,” said Craven.

The company’s mantra is, not “if it happens” but “when it happens.” Being a resilient organization is key for continuous operations. Even BT needed to increase its Office 365 capability, especially for Teams as demand for collaboration increases.

There were also some challenges. Windows 10 capability was bespoke, so it was locked down — as were some of the company’s other platforms. You had to get into the building to get the capability. So that presented a logistics issue.

IT can look at iOS and Android devices via a portal. The devices are secured with eight-digit passwords for access. Users can access email, Word and PowerPoint, but not applications behind the firewall.

Next?

Where from here for these panelists? They looked to the future during the CompTIA Partner Summit session.

For Geraghty, remote access is ramping up, as is licensing. The company is addressing how to provide remote support to end users, pushing out security patches when devices are on a home network, and how to deal with expiring passwords when users aren’t connected to the domain controller.

“These are things we didn’t think about because …

… we didn’t have a work from home plan in place,” he said. “These are some of the ‘gotchas’ that came up, and we had to improvise. Lucky for us, we had a multifactor authentication policy for all remote access to Office 365, the VPN, etc.”

Ortsman had problems similar to Geraghty, such as VPN capacity, bandwidth and licensing.

“We’re global, so we were putting in solutions to follow the sun. We had our London, Hong Kong and New York VPN sites fail over to each other. So, if we hit capacity in Hong Kong during Hong Kong work hours, we pushed over to London,” she said. “There weren’t other solutions in place. That’s something we need to happen immediately as we ramped up.”

Initially, IT worked in crisis mode in terms of getting people productive and finding quick easy solutions.

“When we knew the pandemic would last for a longer time, we were looking at more permanent solutions to support a work environment like that,” she said.

New Priorities

Top priorities have changed. Cybersecurity and privacy issues are key concerns.

A defense-in-depth policy provides layers of protection in the office — firewalls, intrusion detection, web filters, etc. Working from home exposes endpoints.

“You need good endpoint detection and response and the ability to receive alerts,” said Geraghty.

In the wild, users aren’t as strict with security as they are in the office. There’s a different mentality.

“There need to be mandatory phishing tests, making sure the devices and applications are locked down. There also needs to be security when you’re not on the network,” said Ortsman.

Everyone has responsibility for the data they have access to.

The General Data Protection Regulation (GDPR) and a host of other privacy laws and statutes keep the panelists’ companies’ data protections and privacy up to snuff. Financial penalties are severe.

“What about the privacy of data that the organization owns? … What about social security numbers?” said Geraghty.

On the flip side, what about the privacy of the data that the organization can access on a personal device used by an employee for work?

“We don’t do geolocation on that; no, we don’t want to know where you are on weekends or after hours, don’t want to see your photos. We do mobile application management,’ he said.

So, there’s the privacy of your employees and privacy of your customers.

Cloud Infrastructure and Apps

Panelists at the CompTIA Partner Summit agreed that moving to the cloud is critical for infrastructure and apps. Most use Office 365. Teams use has increased dramatically at Christie’s. During COVID-19, Teams use shot up to 90% compared to about 20% pre-pandemic.

Panelists also agreed about being multicloud and hybrid cloud — there’s no looking back. And when it comes to critical skill sets, cybersecurity probably tops the list.

More than skills, Craven looks at the integrity of the individual employee. Are they responsible, punctual?

“If they have integrity, we can teach them everything as far as the technical skills are concerned,” he said.