Linh Lam, CIO at Jamf, discusses her role, the main security challenges facing her industry and the importance of collaboration between IT and security teams.
Linh Lam is the chief information officer (CIO) at software company Jamf, which helps secure Apple technology for use in the workplace.
In her role as CIO, Lam is responsible for leading Jamf’s enterprise technology and operations team to drive automation, efficiency and scalability for the company. Her team includes departments such as IT, enterprise applications, information security and global real estate.
Prior to joining Jamf, Lam held the position of senior vice-president and CIO at ICE Mortgage Technology. As well as her industry experience, she has a bachelor of arts degree from Stanford University.
“At Jamf, some of the most exciting projects we are currently working on are automation in enterprise operations from sales to services and fully leveraging the cloud and AI ops.
“By utilising this technology, we can transform our customers’ and partners’ experiences when doing business with Jamf.”
‘Security is a team game’
What are some of the biggest challenges you’re facing in the current IT landscape and how are you addressing them?
One of the biggest challenges in the current IT landscape is the relationship between IT and security teams. For far too long, IT and security teams have viewed themselves as two different disciplines with fundamentally different missions that have been forced to work together.
The IT pros tend to think of the security team as the ‘Department of No’. Security pros view the IT team as always putting speed ahead of safety. However, as digital business continues to rapidly accelerate, it has never been more important for the CIO, CISO and other digital technology leaders to work in lockstep as they shape their organisation’s future.
Even I have had to reflect on my relationships and how I interact with the CISO and the security team. For me, there are a few ways to improve the relationship between the two teams that I have found to be effective.
Get IT and security teams on the same page. IT teams must understand the value of security and recognise that rapidly developing and deploying applications should not compromise the organisation’s cyber defences. On the other hand, security teams should consider their IT counterparts a telemetry system for cyber risk.
Develop a strong relationship at the top of the business. It’s not just about IT and security teams getting along together, but also the CIO and the CISO. CISOs need to be treated as central leaders in combating risk across the business. They should have a seat at the table and work with their CIO counterpart, instead of against them.
Make sure there’s collaboration from the start. Now that the teams have an understanding of each other, IT and security need to work closely together from the beginning. Rather than coming together near the end of development and both teams feeling wronged, collaboration should start from application ideation and exist all the way to the final review stages.
What are your thoughts on digital transformation in a broad sense within your industry?
The rapid rise of digital transformation has brought about the rise of transformative flexibility in the workplace. As a result, companies are far more likely to offer flexible hours and remote or hybrid working, but more importantly, offer employee choice on work devices.
Whilst the concept of employee choice is very appealing, the implementation of it has proved challenging. Many organisations still use legacy, or even homegrown, applications. This can hinder the use of non-Windows operating systems and also represent a security threat. Furthermore, Windows-centric IT and security teams can be unfamiliar with Apple devices and what is needed to meet the same corporate policies as Windows devices.
At Jamf, we are helping organisations to address the challenges when it comes to employee choice. Ultimately, one of the most important things is asking the right questions and taking a strategic view. What does the company want to achieve with employee choice? What involvement is required from other departments such as HR? And how do we ensure the safety and security of our data and assets for our employees, customers and partners?
To successfully implement employee choice, it’s about having the right products and solutions. Organisations need to bring in technology that operates similar to tools like 365 which perform identity, management and security in their Windows stack.
‘A more dangerous cyberthreat landscape means a greater demand for highly skilled professionals
Sustainability has become a key objective for businesses in recent years. What are your thoughts on how this can be addressed from an IT perspective?
Sustainability has become a key objective for Jamf, and it has become incredibly important to our stakeholders.
All organisations should be on the path to carbon neutrality – at Jamf, we have been on this path since 2021. Measuring emissions accurately and thoroughly is essential to establishing environmental policies and setting goals that drive a reduction strategy.
For example, we donate to Carbonfund.org to offset our emissions. This donation helps fight global warming by supporting third-party verified, renewable energy projects that mitigate greenhouse gas emissions, capture methane and generate clean electricity for local communities.
As well as offsetting emissions, businesses should be educating and engaging their employees about environmental sustainability. Encourage and give employees the opportunity to volunteer and support environmental projects – this allows employees to engage more deeply with environmental issues and causes. Additionally, create workshops that help people understand the issues around sustainability, or webinars that share tips, tricks and resources for transitioning your home to a zero-waste environment.
What are your thoughts on how we can address the security challenges currently facing your industry?
The main three security challenges are the sophistication of cyberthreats, shortage of skilled professionals and the retention of security experts.
Cyberthreats are becoming increasingly advanced. Cybercriminals are deploying more sophisticated techniques such as social engineering, ransomware and exploiting zero-day vulnerabilities. Even our Jamf Threat Labs team has seen new attack techniques emerge over the past 12 months and they are increasingly targeting the Apple ecosystem. The rapid development of technology and malware means that it is a real challenge for the cybersecurity industry to stay ahead of cyberthreats.
A more dangerous cyberthreat landscape means a greater demand for highly skilled professionals. However, currently the demand vastly outweighs the supply of qualified individuals. Bridging the gap requires the cybersecurity industry to think how it can bring in more individuals from underrepresented communities.
In order to do this, companies need to be flexible in what they offer. The standard nine-to-five in the office doesn’t work for everybody, so offer flexible hours as well as hybrid and remote working. Furthermore, expand employee benefits – for example, offer competitive parental leave policies and childcare support.
It’s not just about bringing people in but retaining the staff already in the industry. Security is a high-demand, high-pressure field which requires long hours and where the stakes are extremely high. It’s no wonder security staff experience stress and burnout. Therefore, recognition, training and on-the-job support are essential.
Recognising and rewarding staff for their efforts and achievements can boost morale and motivate staff. In a field where usually only the bad things are noticed, recognising staff will help them feel valued and appreciated. Additionally, provide regular training opportunities for employees – this will help them feel more confident in their roles, which can in turn reduce stress and burnout. Training will also show employees where they are going wrong, and more importantly, what they can do to improve.
Ultimately, the most important thing to remember is security is a team game and as security professionals, it’s even more vital that we bear this in mind.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.