Preparing mission-critical workflows for 2025 & beyond

January 23, 2025

Collaboration

Mission-centric IT organizations face complex challenges including siloed communications, the need to balance innovation with regulatory compliance, and a lack of formal governance around IT and cybersecurity.

To help critical infrastructure organizations learn how to collaborate more effectively and increase cyber resilience, Mattermost recently hosted a webinar with The National CIO Review called Building a Mission-Centric IT Organization For 2025 And Beyond that featured: 

  • Corey Hulen, Mattermost CTO and co-founder, and 
  • Lonnie Garris, director of information security at the Riomar Group.

Keep reading for some high-level takeaways from the webinar, followed by a link to watch the conversation in full.

Why do critical infrastructure organizations need cyber resilience?

According to the Cybersecurity and Infrastructure Security Agency (CISA), there are 16 different critical infrastructure sectors today, including communications, critical manufacturing, chemicals, defense industrial base, energy, financial services, agriculture, and healthcare. 

If these sectors were incapacitated or damaged due to cyberattacks, it would have a devastating impact on our daily lives.

When most people think of critical infrastructure, they might assume that the federal government manages it due to the high stakes. But for the most part, that’s not the case.

“Eighty percent of critical infrastructure rests in the hands of the private sector,” Garris says. “I think a lot of people don’t understand that.”

Though private companies control much critical infrastructure, mishaps can have drastic consequences. Just look at the Colonial Pipeline cyberattack, which slowed the flow of aviation fuel on the East Coast.

“Just imagine if we were in a shooting war — the government would have given them 24 hours to act or they would’ve taken it over,” Garris says. “Companies that have critical infrastructure — it’s in their best interest to become resilient.” 

How can you get started with cyber resilience?

For Garris, it starts with understanding that you’re a mission-centric organization — “one in which all strategies, operations, and resources are aligned with a clearly defined mission.” 

Once you’re guided by a mission, you need to figure out how to shatter those dreaded communication silos and get started with transparent, cross-functional collaboration. 

To do that, you need to have a culture that’s committed to the cause. But you also need to have the right tools in place.

The way Hulen sees it, those tools should include a communication platform (e.g., Mattermost), a project management tool (e.g., Asana or Jira), and a knowledge-sharing tool (e.g., Confluence or Notion).

“These are the triad of things that are important to collaboration,” Hulen says.

Cyber resilience also requires buy-in from the top of the organization. Too often, cybersecurity is treated as something other than the core part of the business. But due to the significant impacts successful cyberattacks can have on the bottom line, that needs to change; Garris encourages leadership to talk about the importance of cybersecurity often and ask team members to think about it and come up with potential solutions to security gaps.

“It’s important for the C-suite to say it,” Garris says. “Then it becomes collaborative.”

He also recommends embedding IT and security teams into the core business to build in cyber hygiene from the outset instead of treating security like an afterthought.

“It’s not to interfere but to be complementary,” he explains. “You don’t want to have a cybersecurity team go to a development team and constantly nitpick. You want the innovation to be there. You have to pick the right people who are going to be able to mesh with that team.” 

How can CISOs with limited budgets safeguard against risks?

In today’s tricky economic climate, many CISOs have limited budgets but still need to secure their systems and protect against bad actors. While there’s no shortage of cybersecurity solutions on the market today, many small- and medium-sized businesses are priced out of them, especially tools that issue per-user licenses.

“It’s a constant challenge we’re facing,” Garris continues. To overcome this challenge, Garris recommends visiting CISA’s repository of free cybersecurity services and tools and checking out the agency’s incident response plan template. “Those are tools that I have leveraged for our clients.” 

Hulen recommends looking into open source solutions.

“Focusing on automation can help; emphasizing security without overhead,” Hulen says. “When you’re small, everyone needs to be a security researcher. That’s the mindset of a company when you’re small.” 

At the same time, CISOs should nurture a culture that encourages open communication and collaboration.

“The more you can get out in front of things, the more you can openly communicate, the more you can help your mission-centric IT org succeed,” Hulen says.

Watch the webinar for more expert insights

In addition to the insights outlined in this article, the two experts covered a lot more ground during the webinar, including:

  • How to assess alignment as a mission-centric IT organization
  • How CEOs and CIOs can work together to align IT capabilities and drive organizational success 
  • When an organization should hire a CISO
  • How to ensure IT agility
  • Best practices for making IT more transparent
  • The skills CIOs and CISOs should prioritize for 2025
  • And more!

Ready to learn more about how to build a mission-centric IT organization that supports mission success, rapid decision-making, and organizational agility? Watch the full webinar.

mm

Justin Reynolds is a Technology Community Specialist based in Connecticut who joined Mattermost in June 2017.

Read More Collaboration Articles