Remap the Future

When John Graham joined Jabil Inc. as CISO, he saw a patchwork of network protections being used to varying levels of efficacy. Now he’s put a security blanket around the whole company—and helped the entire business drive ahead.

Some companies might sweat over their cybersecurity measures being transitioned from in-house firewalls to cloud services. But according to John Graham, the move wasn’t so much a radical change for Florida-based manufacturing solutions provider Jabil Inc. as it was an effort to optimize and bring its security measures into focus. That didn’t mean the transition would always be easy, but Graham ensured the organization found solutions that brought everyone together.

When Graham joined Jabil four years ago, he led implementation of the Zscaler cloud service to more than one hundred Jabil facilities throughout twenty-nine different countries. The move put a blanket around the entire company brought consistency throughout—an important addition for a global company that stores project schematics for the biggest and best-known brands in the world.

Immediately, both Graham and his colleagues noted interesting effects. Business and management teams were using various controls that were there to manage people instead of managing the network. But the scenario quickly changed. “We basically built four policy sets for the entire company,” Graham says. “We’d get complaints from business management that their people were not using the IT systems properly. But, our position was, ‘You need to manage the people. We’re going to focus on the malware.’”

The advantages are plain to see. The company no longer has to worry about having a particular department or team to upgrade the hardware or operating system. It also provides the organization with flexibility not only in terms of engaging with cloud-service providers, but also in protecting against cyberattacks that might affect the companies with which Jabil works.

The transition process was smooth and the cloud service was implemented with speed; the system was functional very soon after. However, Graham notes, the process didn’t account for the organizational change management required in the IT organization.

“We did it without having to involve the internal IT team. It was seamless,” Graham says. “Yet, often when there was a performance issue, the team implicated the security solution as the culprit.”

As such, time was put into training and showing the company’s various teams how the new system works. In doing so, those issues were also quickly put to rest. It also enabled Graham to change some employees’ tasks, enabling team members to focus more of their time on proactively seeking out potential cyberthreats and strengthening Jabil’s IT protection processes.

As Graham has settled into his role in the growing company, navigating the different mind-sets within the business and IT sectors of Jabil has been a constant. That’s particularly true when it comes to issues of exposed risk and getting agreement from all areas on how to address and or fix it.

“It gets really challenging when you don’t have the acknowledgment and visibility on the business side and the commitment on the IT side to make a change
occur,” Graham says. “Bringing both business and IT groups together becomes an imperative in managing risks and improving internal communications.”

Graham has learned to have a playbook in place for when issues do occur. “It’s important to maintain several levels of interaction with the business,” he explains. “Everything from board presentations to paperwork relating to risk acceptance and acknowledgment are critical. The playbook doesn’t have to be used very often, but when it does, it comes in very handy.”

The payoff is that Graham’s team is now being called on to engage with the business in both customer and staff meetings. Because the IT Security department is only four years old, Graham says the significance of rising to that level of importance in the company isn’t lost on him. Both technology and Jabil are evolving rapidly, which presents new challenges on a daily basis.

But, that’s not necessarily a bad thing. “There’s something different to deal with almost every single day,” Graham says. “But I enjoy strategy and problem solving. When you have something changing every day, you’re constantly on the chess board trying to figure things out.”