Training, Security Staff Acquisition & Development, Leadership

TikTok CISO: Engage employees how they communicate, not how you communicate

Share
The TikTok logo is displayed outside a TikTok office on August 27, 2020 in Culver City, California. The Chinese-owned company is reportedly set to announce the sale of U.S. operations of its popular social media app in the coming weeks following threats of a shutdown by the Trump administration. (Photo by Mario Tama/Getty Images)

At Tuesday's morning keynote of the InfoSec World Conference, TikTok Chief Information Security Officer Roland Cloutier said a key factor in managing TikTok's internal security was his ability to communicate with employees on their own level.

For Cloutier, who only entered the industry after a decade in law enforcement in the 1980s and '90s, that means gearing activities for a workforce that often mirrors TikTok's own product users, rather than expecting employees to engage with him using his native communication style.

Roland Cloutier, TikTok

"I think any organization should do that. They should look at their demographics in general, and make those changes," he said. Sharing an antiphishing TikTok he filmed, Cloutier added: "I'm a big proponent of TikToks obviously, but whatever works for your organizations in their demographics."

The internal TikTok Cloutier shared while speaking to Cybersecurity Collaborative Executive Director Parham Eftekhari showed him on a boat, fishing, making phishing puns while offering advice about reporting dangerous content. Cloutier said it was a celebration of how his staff sees him - an older figure making "dad jokes."

Click here to register for InfoSec World to watch the full keynote fireside discussion, and access the rest of the Nov. 9-10 conference agenda.

TikToks are not the only way Cloutier said he conveys messages on the level of a much younger employee base and security staff. He said he has gamified security training with video games and challenges employees with quiz show-styled trainings. All of that, he said, helps rapidly prepare a workforce for increasingly sophisticated adversaries that inevitably target a product experiencing exponential growth (and with it, an exponentially growing threat surface).

Cloutier joined TikTok, the world’s most popular app with some 1 billion downloads annually, at a challenging time. While the app has only existed for a few years, the company came under scrutiny early on in the United States over security and data privacy issues that emerged with the discovery of vulnerabilities within the app, as well as concerns about ties between Chinese parent ByteDance and the Chinese government. In the words of leadership at the time, the addition of Cloutier contributed to the company's "ability to earn the trust of the broader community by delivering world-class security systems, processes and policies.”

While Cloutier did not address the earlier challenges faced by TikTok during his keynote, he did emphasize transparency as a key component of any security program during the keynote.

"We have to deliver trust. We have to ensure that part of our roadmap is showing the world how we're changing; how we're expanding; how we're improving; how we're addressing that new concern," Cloutier said. And as laws or threat evolve, companies need to change their control environments, he added, and communicate those changes to stakeholders. "We want people to understand that we know what we're doing."

"This stuff's coming at speed," Cloutier continued. "You just can't send someone back for their post-grad degree for six months, have them come back and hopefully they're smarter. You have to engage with them, you have to do it in a way that's practical, that gives them the information, but also gives them the skill set."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.