Joe Voje is an award-winning Chief Information Security Officer. He was recognized as Top Global 100 CISO, and currently leads the security team of Oregon Health & Science University.
Julia Smith: Tell us a little bit about yourself (hobbies, likes, dislikes, hopes, dreams).
Joe Voje: I never had a lot of hobbies. I tend to work on projects of differing genres as they present themselves and hold my interest. I’ve done a lot of home renovations, which I rather enjoy, as I’ve moved around the world. At some point I’d like to go all in and start developing real estate, focusing on projects that provide quality affordable housing to the average wage earner. There is a bit of a crisis going on in the world in that area. I think I’d enjoy being part of the solution to help families find safe, affordable, quality housing – it is a fundamental need and many people are struggling to find it. I think there is a way to build it and still make a decent living.
I enjoy spending time with my new pup and going on walks in the amazing parks in my hometown, Portland, Oregon, and traveling. I’ve lived in many places around the world and have always enjoyed experiencing new cultures and meeting new people. I hope someday to find a career that will let me relocate to Europe. In my early twenties, I lived in Spain and travelled throughout Europe, The Middle East, and Africa for my work. It was an amazing time that helped form my worldview and provided me with an appreciation for the many ways people adapt to their surroundings and how cultures are shaped by their geography. I am always keenly interested when two differing cultures blend at the edge of their respective borders.
JS: As an accomplished CISO, what has the pandemic brought to the fore in regard to security issues?
I think for most organizations it has been the massive shift to remote work. As technologists we always knew a lot of work could be done efficiently from remote locations, but our business leadership never quite felt comfortable with that arrangement. Now that we’ve been forced into that way of doing business due to the pandemic, I believe a lot of businesses will be reevaluating the need for massive office buildings and large corporate headquarters. The promise of the Internet reshaping our cities and how people define themselves may have an opportunity to take hold. In the U.S., perhaps the dependence on automobiles will be reshaped. I think I’ve put on less than a couple hundred miles on my car over the past four months.
So, what does all that rambling lead up to for security as a CISO? We aren’t going to have the luxury of a corporate fortress to defend anymore. We will need to expand our thinking beyond people occasionally working from home – and that is an issue – to people who work from home and that is the issue. In the past we’ve been able to put a majority of effort into defending perimeters and having tools that tell us when someone from the outside got in. Now we will need to defend a highly decentralized architecture. This is different from the move to the cloud which, in many cases, simply shifted our traditional on-prem capital funded data centers with new “cloud based” data centers funded by operational budgets. In that scenario the only thing that really changed was funding lines.
There was still a perimeter to defend – the location of the data center changed, but we still had to defend the corporate network. Now, the corporate network is going to be redefined. Except for functions that still need face to face human presence – we can expect that our needs for the traditional corporate network will diminish. I work at an academic medical center (a University with a hospital – or if you ask the folks at the hospital, a hospital with a university). On the hospital side we are putting a lot of our efforts into being able to diagnose and treat patients remotely. Telemedicine, in many cases, is going to show that we can take functions that were once done face to face and do them in the virtual world. It will be interesting to see the creative ways that people use existing technologies to reshape the post-pandemic world and what new technologies are developed to make it easier to live in. No matter what, there will be people waiting to take advantage of any flaws or missteps in the design of these systems and to prey upon human weaknesses as well.
JS: What are the most exciting new technologies for your sector you look forward to?
It’s not exactly new tech, but it hasn’t reached its full potential either… I think VR is going to be an important technology to explore more heavily and invest in. A few years ago, one of my security engineers approached me and asked to get a VR headset to work on a pet project he was interested in at the time. At first I figured this was just a ploy to get a VR headset for gaming, but he explained the project and I had faith that it would keep him busy and engaged with our team. The project was a virtual security operations center. If you’ve ever taken a stroll through your own SOC you’ll notice that most of your engineers and analysts have multiple monitors to be able to track problems, analyze logs, document findings, chat with peers, conduct open source intelligence searches, and find solutions. That’s a lot of desktop real estate – not something everyone has the space for at home (or even work sometimes).
So this engineer went off with a $1,000 VR headset and disappeared for a couple months. He came back and showed me his set up – he now had the ability to have as many monitors as he needed, all uniquely configured for his desired layout. He also had designed the platform so that others could join him in his office or he could go to theirs (actually they were virtual asteroids in space – but that is another story). My SOC team could now be deployed remotely and have access to all of the data they needed to be effective. They could collaborate in much the same way they did in the office – minus the jet packs to get to the other asteroids. You can see the applications could be used in many more areas of the organization. In the pandemic world and what a new post-pandemic world VR has new applications beyond gaming that I think will become more mainstream.
JS: Moving forward, how would you hope to evolve as a leader.
I’m always interested in new things. I want to learn more and do things I haven’t done in the past or do them in different ways or at a different scale. I worked in Bahrain for a couple of years and enjoyed leading a multicultural team of expats and local nationals. I appreciate how different cultures can find discernibly unique solutions to the same issue. Learning from others on how they approach problems and apply solutions is a huge advantage and opens possibilities that may have not been considered before. To some that up – I never want to think I know it all.
JS: What leadership book do you recommend most to other leaders?
Shackelton’s Way: Leadership Lessons from the Great Antarctic Explorer. An amazing book on building a team and leading it during a crisis. I’ve modified some of my team hiring practices to incorporate Shackelton-esque practices. When I hire I look for intelligence, work-ethic, and an X-factor, in addition to the stated job requirements. The X-factor is something the individual is or has developed in themselves that is outside the what is required for the job, but can enhance something on the team. This helps to provide a dynamic and capability rich work force that helps us solve problems that we have not considered yet and hopefully have some skills on the team to address when the problem arises.