G100 CIO Recap – #ILTACON #ILTA061

ILTACON 2015 LogoSession Summary: Members of ILTA’s G100 CIO Advisory Board provide a recap of the G100 CIO event held on Monday, August 31st.

Speakers:

  • Don Jaycox, CIO for the Americas, DLA Piper
  • Andy Jurczyk, CIO of Seyfarth Shaw
  • Robert Marburger, CIO of Alston & Bird
  • Dean Leung, CIO of Holland & Knight

[These are my notes from the International Legal Technology Association’s 2015 Conference. Since I’m publishing them as soon as possible after the end of a session, they may contain the occasional typographical or grammatical error. Please excuse those. To the extent I’ve made any editorial comments, I’ve shown those in brackets.]

NOTES:

  • Most of the attendees in the room are the senior leader for IT within their firms.
  • Challenges of working with a multi-generational workforce. Chris deSantis was the speaker at the G100 session.
    • There are 3 generations at work now: Boomers, Gen X and Millenials
    • We have to think about them, not only as employees in the IT team, but also as internal clients (both as lawyers and in other administrative departments.)
    • Why should we care about this? We are responsible for ensuring continuity and developing the leaders of tomorrow. This is more challenging when each generation has a different point of reference and different values.
    • Different aspirations:
      • In 1960, adulthood (the age of 30) meant completing school, leaving home, becoming financially independent, marrying and having a child. (This was true of 77% of women and 65% of men.)
      • In 2010, only 13% of women and 10% of men have achieved these “indicia of adulthood.”
    • Generational Split: about 2/3 of the G100 CIOs are boomers. Their senior staff also tend to be boomers as well.
      • Some of this is location-specific. There seemed to be more Gen Xers in senior roles in law firms outside the northeast.
      • See the Tattoo Index. For traditionalists and boomers, tattoos are a sign of rebelliousness. However, now tattoos are more about conformity than rebellion. (Millennials get at least six tattoos. For them, it is a matter of personal expression.)
      • See the Cellphone Index:  How many people sleep with their cellphones? Millennials and Gen X are much more likely to do so because it keeps them connected to their community.
    • Each generational group shares a common lens.  It has to do with the context when they were children, plus what their families talked about and were concerned about.  Gen Xers grew up with the oil crisis and war, so they tended to be more insecure and secretive. By comparison, Millenials grew up during one of the longest stretches of prosperity, so they tend more to optimism.
    • Each generation values different things:
      • Boomers: value training, picking a side or team (often led by a boomer), optimism, competition, conspicuous display, working, work ethic, upward mobility, the covenant of lifetime employment, permissive parenting, etc.
      • Gen X: self-reliant and independent, skeptical, informal, tech-savvy, etc. They seek work/life accommodation.
      • Millenials: digital natives and optimistic people who value diversity, social responsibility, collaboration and cohesion, constant contact (they look for praise frequently), transparency, the environment, being scheduled, being discerning consumers, etc.
        • They are the products of Gen X parents. Yet their Gen X don’t provide the same support that their Gen X parents do.  As Leung noted, “We inspire our kids, yet we admonish other people’s kids.”
    • Each generation needs different things from their managers.
    • A key difference among generations is how they handle telecommuting
      • Boomers grew up with face-to-face classrooms and socializing, so they assume that a work team needs to operate face-to-face as well.
      • Millennials much prefer to telecommute.
      • Seyfarth’s experience with telecommuting:
        • The Seyfarth Shaw team works remotely four days each week, but they do have one day when they gather to reinforce their sense of team and community. In addition, they have social events periodically to strengthen their ties.
        • Seyfarth will extend this model to other groups (including other departments and lawyers) in order to improve quality of life and reduce costs.
        • In Seyfarth’s experience, it has not been a technology challenge.  It requires leadership to do this successfully.
      • In most firms, the issue of telecommuting depends on the personality and experience of the head of a particular department.
    • There are two typical reactions to the generational differences:
      • Quit your whining and get back to work!
      • It is the obligation of the leader to help each person deliver their best work.
    • The generations tend to pivot. The Boomers were very rebellious (in the 1960s) and then pivoted to be incredibly hardworking. The same may happen to the Millenials.
  • Cybersecurity. Speakers were from the Department of Homeland Security (DHS) — Dr. Andy Ozment, Assistant Secretary, Office of Cybersecurity & Communications, and Daniel Sutherland, Associate General Counsel. Their presentation was What the DHS Can Do For You.
    • Cyber Risk Management:
      • 80% of time on best practices
      • 15% of time on sharing information
      • 5% of time on incident response
    • Most of the firms attending the G100 Summit were very focused on cybersecurity and implementing best practices.
    • Because of the frequent client-initiated security audits, the legal industry is no longer the “soft underbelly” and may in fact be ahead of most other industries in terms of cybersecurity.
    • The more we share information on security best practices (and events), the stronger the entire industry becomes.
    • The financial services industry struggled with the tension between data privacy and security. They were able to reach industry-wide guidelines on sharing security information within the industry to alert firms to security threats and enable all to achieve greater security. Ozment encouraged the legal industry to adopt guidelines that achieve a similar goal.
      • Once an industry knows more about security threats than the people doing the incursions, then the industry has the upper hand.
      • DHS is working to gather data regarding cybersecurity threats and incidents, and then distribute anonymized information to firms.
    • There are three types of security threats (vandals, spies and muggers). Each require a different response.
    • The DHS offer the legal industry 3 services (each service has its own website):
      • cybersecurity framework
      • critical infrastructure cyber community (C3) voluntary program
      • risk assessments
    • Take key (standard) measures and then do the risk assessment.  E.g., two-factor authentication, updated security patches, etc.
    • Jaycox: “We all had full-time jobs before cybersecurity became a major challenge.”
    • How to avoid incursions:
      • Implement all the recommended technical controls such as two-factor authentication, up-to-date security patches, upgrade your log aggregation services/methods so that you can understand what is happening on your network.
      • Understand that the vast majority of incursions (60-70%) occur via phishing.
      • Also be aware of DNS-related attacks. (This can be addressed by two-factor authentication.)
      • Make it a priority to educate users so they understand the risks of phishing.
    • Once there has been an incursion:
      • your first instinct is to shut them down and get them out as far as you can (unless they are in a super-critical area).
      • Instead, watch them for a short period of time to understand their pattern of operation so you can prevent the next incursion.
    • Lessons Learned for best security:
      • Two-factor authentication.
      • Least privilege.
      • Application whitelisting
      • Network segmentation.
      • Education.
  • Four Asks from the Department of Homeland Security. Each law firm should do the following:
Share