It’s easy to say ‘we follow the Sun’ or ‘we deliver that 24/7/365 service’. The story doesn’t end there though – the delivery part of this promise has a different story to tell. The one that is rarely talked about, and that’s because it’s rarely even acknowledged…
We all know that many of us who work in cybersecurity work long hours. it is a norm, it probably won’t change much anytime soon, and we simply take it for granted that this is a part of our job to be always online… to be always checking emails, messages, news on social media, and our whole life is structured around ‘being in the know’, and ideally, ‘being the first to know’.
But there is more depth to this promise, because people who deliver the 24/7/365 service from APAC region have it often far worse…
The moment someone starts to work in San Francisco, someone in London stops working (give or take one/two hours). What about people in New Delhi, Manila, Singapore, Sydney?
When you work from APAC region your work day is a mess. You start with your regular 9 to 5/6, but then comes the ‘night shift’. You never signed up for it, but this ‘night shift’ is enforced on you, because this is the one where you talk to your peers in EMEA and NA, attend calls, and respond to urgent queries.
How many people working from NA, EMEA regions take into account that these cross-regional calls, queries often happen during that ‘night shift’ in APAC?
In fairness, some do. I know people in NA that make sacrifices the other way around and get up as early as they can f.ex. 5-6am to make these cross-regional calls as early as possible for the people in APAC, but even that feels like a wrong approach.
How can we change it?
Having a proper, mature handover process is probably the best answer. If the process is well defined, it doesn’t matter who handles what. And if there is a need for 1:1s, or skip ones, that can be a monthly or quarterly sacrifice, not a daily occurrence. And let’s agree that the worst is to maintain the existing status quo where APAC teams work from their early mornings on Monday till their very late evenings on Friday. This is simply not fair and as such, not acceptable.
Again, how can we change it?
Empower your employees in APAC to disable their notifications when they finish their day work, make them comfortable to be assertive and say ‘I will follow-up on this tomorrow’. Schedule less cross-regional calls. Schedule more 2-region calls instead of 3-region calls. Work with the empathy, wear APAC employees’ shoes more often. Visit the region and see how people work there. Shadow them, talk to them, see their struggles. And again, define better handover processes that include at least one SME in each region that can take over. The mature process is the key to smooth transition between regions. And don’t book any calls on Friday. And last, but not least – respect that APAC team. They are often the most hardworking part of your global team…
If you think this is biased, let me say that I worked from APAC region for 5 years. I fought as much as I could to reduce all these night calls, but in the end they were an integral part of my role… It really sucks to hop on calls at 10 or 11pm. Trust me. Think of it for a moment, how often do you take calls at 10pm in NA, EMEA. And in APAC it is very often a daily norm…
So that you know… that ‘norm’ is your security program doing it wrong.
Let’s fix it.