Q&A: Cisco CIO Fletcher Previn on the challenges of a hybrid workplace

In April, 2021, Cisco CEO Chuck Robbins announced he would let all 75,000 employees work remotely indefinitely, even after the COVID-19 pandemic ended. The company had seen no drop in productivity by allowing employees to work from home and expected to save money by not fully staffing offices. When and how often employees should come into the office would be up to their managers, who abide by a flexible hybrid policy.

But that shift brought technology challenges most companies are by now familiar with: how do you secure networks when the employee’s home is essentially a branch office? How do you create company culture from afar? And, how do you retain employees at a time when IT talent is in historically high demand.

Cisco

Fletcher Previn took over as Cisco’s CIO in April 2022. Since then, his focus has primarily been on all of thoe issues. Prior to arriving at Cisco, Previn worked at IBM for 15 years, the last four as its CIO. 

Previn wasn’t necessarily fated for work in IT. His parents — composer and conductor André Previn and actress Mia Farrow — initially pulled him toward entertainment. But Previn realized technology was his passion.

He spoke to Computerworld about the challenges he faces and the lessons he’s learned. The following are excerpts from that interview.

What are your main goals for the future of Cisco? “What was exciting about the opportunity at Cisco [were] two things: One, is I believe in the mission. If you were to remove all Cisco technology from the world it would be a very different planet. Cisco basically built the public internet and created the global village we live in — connecting everything and everyone. That’s a mission I feel passionately about, and empowering an equal future for all is part of our mission statement.

“A lot of my focus at IBM had been to to lead with experience and create these highly designed, simplified experiences both for employees and customers – if you want people to build best-in-class experiences, you need to deliver best-in-class experiences because today’s best experience is tomorrow’s minimal expectation.

“I love the focus on that and really getting after the complexity in things and simplifying it…. I’m hoping to enable people to do the best work of their lives.”

What got you into IT? What do you love about it? “I’ve always been interested in technology. I got a Commodore 64 when I was like six, and then I headed down the PC route and built my own x86 clone because the IBM PC was too expensive. In 1984, my parents bought the original Mac — the 128K Mac — for the whole family when it came out. I had a lot of brothers and sisters and there was a sign-up sheet, and I’d get up 4:30 in morning to reserve time on the Mac. It was like the old mainframe days when you had to schedule your time.

“It just always captivated me that to some degree you can do anything you can imagine on this thing. You’re not limited by anything but your own imagination…. And then when you interconnect these things…, you get orders of magnitude more value.

“I remember I got a modem shortly thereafter; it was probably around 1985, and I remember hooking up to CompuServe and later AOL. I found the interconnectedness of things really interesting. There was a while when I thought I’d like to go into entertainment; that was more the family business. My dad was a musician and my mom’s an actress. I spent time on movie sets and I was an intern at the Letterman show and the Conan O’Brien show, but it was telling me something when I was working at Universal Studios on a movie that to some degree I was more interested in exploring the phone system than in the story telling they were doing. When I was in college, I decided I should really stop fighting this. What I’m really drawn to is the technology.

“My parents are baffled by what I do…. They’re very proud of my career, but it’s a little mysterious to them nonetheless.”

How is Cisco approaching the dearth in available IT talent? Are you removing some college degree requirements and focusing more on skills-based hiring? “I can tell you that in my own organization, I’m hiring on experience, but also just curiosity and passion, more than degrees. I’m looking more for people who are kind, passionate about what they do for a living, and believe in our mission. I’ll almost always hire for curiosity and interest over experience and degree any day of the week. If you enjoy what you do and you’re interested in it, you’re going to be successful at it.”

In 2021, Cisco announced it would not require any of its 75,000 employees to return to the office. For IT in particular, that’s a tricky policy — what is your policy regarding hybrid work? “Our policy around hybrid work is that we want the office to be a magnet and not a mandate. In all likelihood, the role of the office is for most people not going to be a place where you go eight hours a day to do work. It’s going to be a place where we occasionally gather for some purpose. And, so as a result, we’re not mandating any particular prescriptive for how many days people should be in the office. It’s totally based on the type of work teams do, how collaborative that works needs to be, does it really benefit from people being together, or is it really individual work. And that’s really best determined at the individual team level than any sort of an arbitrary formula.

“The value of being in the office is proportionate to the number of other people who are also in the office at the same time you’re there. So, these things tend to be more about gathering for a team meeting, a client briefing, a white boarding session and the like.

“When everybody was remote, it was a great equalizer because everyone was on a similar footing. Hybrid is a somewhat more complicated thing to solve in that you’ve got this total employee wellbeing to consider, including physical wellbeing, mental wellbeing, financial health, and being able to productive in your job. I mostly live and operate in the productivity quadrant of that formula. But as soon as you’re in a hybrid world, you’re bringing in the complexity of bringing some into the office and some not. So, how do you create an environment where people are not disadvantaged by that — that you don’t have a system of haves and have-nots where there’s a group of people in a conference room together speaking softly and laughing at inside jokes and people who are remote struggling to see or hear what’s going on in the office.

“Working remotely removed a certain number of stressors, but it introduced other ones. So, you don’t have a long commute and perhaps you can get away with wearing sweatpants for work, and that’s all good. But is your internet reliable? Do you have a quiet place to work? Do you have a remote work setup that is high quality enough that you can read body language, detect non-verbal cues, understand when you’re losing the attention of the person you’re speaking with, and all those things you’d benefit from if you were in a conference room together. So, I’ve experienced the hybrid work journey, which I guess we’ll eventually just call work because all work will eventually become hybrid, in these three phases of technology, security, and culture.”

What about technological issues? How did the pandemic affect that? “I had to ask what does it mean from a security perspective if I have people doing remote school, and playing video games, and smart thermostats potentially on the same networks as people doing critical work? What do we need to do from a security perspective to shore up our boundaries where we feel we have the right level of visibility, observability, and manageability that we can manage the environment? You’re never really done with that, but at some point you feel you’re on top of that.

“Then you enter the… phase, which we’re in now; the much more complex, nuanced, cultural aspects of work. This is not a temporary arrangement. What are the long-term consequences of working this way?

“We’ve had a lot of experience as to what it’s like to be in an office, but it’s a big reset and everybody gets a do-over for doing hybrid work. That’s the exciting part. The organizations that figure this out will win. If you’re in IT, we get to be the designers for what the future of work feels like.

“Your culture is the only unique thing you have and your culture is the result of how work gets done. So, in the moment it may feel like you’re making tactical decisions about your network, or VPN, or zero trust or collaboration, but in totality IT is a very prominent participant in designing the future of work. Collectively, these decisions add up to what it feels like to work somewhere.

“So, we spend a lot of time thinking about…IT as a driver of culture change, how we fulfill our calling of creating an equal future for all and an equitable remote hybrid work experience. Some of that is technical. There are things in our products that can take a conference room and chop it up [virtually], and make it so each person gets their own ‘Brady Bunch’ square, so you’re on an equal footing with those who are working remotely. [There are] things like noise cancellation and virtual backgrounds. But there’s also a lot of exciting innovation around the collaboration space to address that problem.

“As an IT department, you have to solve remote access, network connectivity, software-defined WAN, how you’re doing private peering and zero trust so you don’t have to back-haul all that traffic over the VPN to be able to inspect all that traffic and know what’s going on. How do you secure endpoints and how do you really know what the experience your employees are having in a hybrid world across networks you don’t own or manage?

“That requires an understanding of the global internet backbone, the SaaS providers you’re using. In my case, ThousandEyes is a great tool that helps me with that. But you can see the set of things you need to solve for as an IT department is much more complicated and broader than just what tool you have to be using for a meeting.”

How do you create or sustain company culture in this environment? “I do think it is a more challenging problem to solve in terms of how to create a sense of togetherness, purpose,[and]  mission alignment when everyone is not together, [without] the same serendipitous interactions with each other that they’d have if they were in person.

“Sometimes I talk about this in terms of a ‘relationship bank.’ If you and I see each other in the office and I ask, ‘How are your children doing? Do you want to grab a bite in the cafeteria?’ Those are deposits into our relationship bank. And then when we’re asking things of each other in a work setting, we’re making withdrawals.

“If all you have is withdrawals and no deposits, you end up in a relationship deficit and work becomes transactional, which is not good. All of us are going to spend more time working than doing anything else, and so this has to have some deeper meaning; it can’t just be a transactional relationship.

“We’ve been experimenting with things to address this. As a company, I think there’s a level of informativity that came with hybrid work that’s going to remain, which I think is a good thing. …In times past, you may not have asked somebody about their stress levels or their fatigue levels or how their personal life is going. And now I think that is a part of a wholesome, totally employee view of their wellbeing. 

“Transparency has increased, and I think it’s something Cisco works very hard at. All of the senior leadership team, including the CEO, have these quarterly townhall meetings where the whole company is invited to participate and the leadership team shares what’s going on, what’s top of mind, what questions they’re hearing from the workforce. The workforce is encouraged to engage in a dialogue, and they do. Those questions are answered very candidly.

“My own management system for my team is trying to do some deliberate things to re-create some of what would happen in the office if we were all together. So, for example, every morning I have a check-in with my team for 30 minutes, and that’s just 30 minutes top of mind. It’s not a meeting for my benefit to ask status of projects. It’s for my team to be able to say here’s what’s top of mind for them and these are the things other people should be aware of, here are blockers I need help with. Then I have a weekly staff meeting. Then we have a monthly operating review with each of my directs, which is a one-hour, one-on-one going through their OKRs [objectives and key results].

“Then, once a month we come together in person as a team and once a quarter we spend two days together doing calibration of our OKRs and any adjustment we think is necessary, either for our OKRs or our strategy. That at least gets a cadence of talking to each other every day, and we’re coming together in person at least once a month.

“…I think there is a lot of interesting analysis being done on what does a productive hybrid workday look like? Being busy is not the same thing as being productive. If I’m not actively managing this, it’s not uncommon for days where I don’t have time to go to the bathroom, and I’m at home. That would be very odd in the office — to have 16, 30-minute meetings back-to-back with no break. Your calendar doesn’t lie. Your calendar is a reflection of your priorities.

“So, it’s a useful and important part of hybrid work to audit your calendar and make sure it’s an accurate reflection of your priorities, but also that you’re protecting a portion of your unscheduled time for individual work, deep thought and ad hoc conversations that need to happen outside of scheduled meetings.”

What are the biggest tech challenges related to hybrid and remote work? “Cybersecurity is always a concern. People are now mostly accessing work resources across networks that are not part of our corporate network…. One of the things we’ve done is created a Cisco worker bundle kit, which is essentially a branch office in a box. It comes with some Cisco hardware, security software, and some services that allow the employees to benefit from the same tools that large corporations and governments use to protect their assets. It creates a sort of umbrella shield around their entire home and everything in it.

“I think it is a complex security problem to solve, and it requires some different approaches to being thoughtful about what are the things that we really have to protect and how do we shore up those trust boundaries in a much more highly distributed environment?

“I’d also say the network needs to be able to support people working in a different way. For years, we were focused on a hub-and-spoke environment…where the expectation was that all or most people would be in the office. Now, that’s inverted and most people aren’t in the office on any given day. And so that requires a different approach to your network backbone, the way you handle traffic, your peering strategy, your SD-WAN strategy, your SaaS strategy.

“We read about in the beginning of the pandemic, some places sent people home and then their [corporate] network was overwhelmed with people watching video games and doing other things. That’s a byproduct of a network that’s not designed for that kind of traffic flow. So having things like split VPN and zero trust, a private peering strategy — those things were always important, but they became existential requirements and immediate imperatives during hybrid work.

“I do think collaboration is an important part of hybrid work, and having a high-quality remote work experience is really important to get right. And being able to understand there will be people working in shared spaces where maybe they don’t have a dedicated room they can set aside as a home office — they’re in a kitchen, maybe there’s a child in the background. You have to be thoughtful about these issues and equip people the right way so that it doesn’t become stressful for people or that they don’t have the same career opportunities as a result….”

What do organizations need to do differently now in light of video games or smart home devices using the same networks as the business? “From a security perspective, I think you need to understand what your adversary landscape looks like. Are you getting internet drive-by shootings, or do you have apex predator, advanced persistent-threat, nation-state type threats going on all the time, and those things require different responses. All that comes down to an exercise in understanding your network and the underlying systems better than your adversary who is trying to break in. Make sure logging is turned on. Make sure you have an accurate inventory of what is in your network. When a new exploit is discovered, how quickly can you close the gap between when a known vulnerability is discovered and patching and resolving it.

“Well-run networks really do make the life of an adversary much more difficult. Observe the principles of least privilege. The smallest number of people possible should have the keys to the castle. Segment off sensitive portions of the network…. Do red teaming and penetration testing. Red is easier than blue. Generally, those exercises will yield good insights into the blast radius of a potential threat.

“Deploy multi-factor authentication. Obviously, at Cisco we use duo, but those things really are an easy way to improve security that doesn’t impact the employee experience negatively. Invest in network automation. Generally speaking most intrusions today come down to an email through which someone clicks on a something they shouldn’t have, visiting a site that executes something that shouldn’t be running on your device, or inserting removable media that’s contaminated with something. 

“I’d also say deploy endpoint protection and response solutions — EDR software. Antivirus is no longer sufficient. We obviously use Cisco’s own solutio,n but some kind of EDR software is really important, especially in hybrid work environments….

“There’s a certain amount of training for employees on cyber security. That’s something we do on an annual basis — trying to do the best as possible to try to detect phishing, spear phishing, and email attacks….

“And you’d think in 2023 we wouldn’t still be talking about patching, but the simplest thing I can do to secure the overall security posture of Cisco is take advantage of software updates as quickly as possible. Keeping software up to date is still an important part of the job….

“Application-level scanning when we write software — looking for secrets in code, looking for memory leaks, looking for known exploits — that’s important for any custom software we build. And…upleveling the overall security posture of the entire household benefits everyone in the household. That’s part of the benefit of our hybrid-worker bundle: the water level rises for all devices in the home if it’s protected by our Cisco equipment and security software.”

What are other ways to solve hybrid tech problems, both for IT and end-users? “I think really leading with the experience is important. There was a time when people had an expectation when they went to work in a large corporation; things were complicated and the experience just wasn’t going to be great, but that’s the nature of the beast in a big enterprise.

“People now coming to work have a very different set of expectations. You know who I am. You know what my job is. And you have billions of dollars to solve this problem. My experience at work should be better than my personal consumer experience. And so, I think we have to take seriously our obligation to prioritize the user experience, lead with design and user experience, and engineer from the experience in instead of the IT department out. We need to understand that IT is a servant role.

“We’re in the business of meeting unmet demands, or unmet needs. To do that you have to have the mechanisms in place to collect feedback, understand where friction points are, what is the overall friction index of your employee trying to complete tasks everyone needs to complete… and how do we get after improving those things and prioritizing that – whether it’s an expense report or looking up another employee or sales and marketing activities. To really understand what the experience is for those employees and how can we make it better — that’s a big focus for me. It’s one of the first changes I made when I became CIO — creating a design and experience function that reports directly to me. I act as the product owner against that team’s backlog and prioritize what projects they should spend their time on. It’s the only function I hold centrally….

“The design and research and experience team is separate because it’s a scarce resource and I have to make decisions around how that team’s time is most effectively spent.”

How has your physical office space changed?  “The Cisco offices are being transformed to be more flexible, collaborative spaces. There is still space for individual work, because you’re still going to need that, but much more of the office is dedicated to open environments and collaborative spaces. And then we have a whole smart building initiative that leverages a lot of Cisco technology to get telemetry from the collaboration devices, the wireless access points, the power-over-ethernet in the building, and HVAC systems. We bring all that together to have an intelligent, real-time view of air quality, occupancy, where is a particular conference room, and being able to see all that in real time and visualized in front of you.

“That helps ensure office is more energy efficient, but also more people efficient in terms of where they may need to go and…when I’m exceeding the recommended capacity of this room. All this information you can get from the telemetry of devices we have in our offices.”

What benefits have you seen from power over Ethernet? “The power efficiency of power over Ethernet is really interesting. We can power much more than just network devices. And you can do interesting things like send a certain amount of power to certain ports and turn others off based on the occupancy of the building and do a lot of really interesting things for power efficiency.

“When you can have per device, per port control over how much power and when, you can save a lot of energy versus all the power either being on or not.”