Over the past 14 months, organizations have had to navigate the abrupt discontinuity caused by COVID-19 and the ensuing regulations. Today, sports fans are returning to arenas and students are back in schools, but most office workers are still on work-from-home orders. Returning to the workplace will constitute a new normal, but what will that look like in an unknown post-COVID world?\nI spoke to several CEOs, CIOs, and CISOs (all in the US) to understand how they fared over the past year \u2013 what went right, what didn\u2019t go so well \u2013 and to learn their plans for reopening their offices for the majority of their employee base. The executives represent a cross-section of some of the most forward-thinkers in financial services, insurance, media, and technology. The comments I heard demonstrate the resilience and adaptability of corporate America. \nPositive takeaways from the past year of work-from-home\nWhile the pandemic affected everyone, it didn\u2019t impact every company or industry the same way. Across the board, however, business leaders said that despite the tragedy of the situation, there were several positive outcomes. In particular, the forced remote work environment accelerated their corporate digital transformation, making them more competitive and putting them in a dynamic position sooner than planned.\nIn addition, businesses quickly learned that WFH did not reduce productivity or quality. As one executive stated, \u201cWe were back to nearly 100% productivity \u2013 in some cases even more \u2013 in just a few days, with the exception of the call center. And we got them back to 100% in less than two weeks.\u201d \nGiven this sustained level of productivity with decentralized employees, another executive stated, \u201cMy company now knows that we can hire the best people anywhere, not just those that are within driving distance to our offices. This is a big shift in thinking for us.\u201d Finally, a few conversations pointed to the fact that security architectures were improved and evolved faster than originally planned to accommodate WFH behaviors, ultimately enhancing the organization\u2019s security posture greatly.\nSecurity challenges\nOn the other side of the coin, the past year brought many security challenges that needed to be addressed quickly, with social engineering around coronavirus as a top concern. According to one CISO, \u201cWork from home increased the need for access analytics and social engineering training to combat the 7X increase in COVID-related social engineering scams targeting workers.\u201d\nInsiders also created problems for security teams. As one executive stated, \u201cMany of our employees would forget to log off of the corporate network before browsing the web on their personal time. We had to address the spike in inappropriate URLs and content being requested on our networks.\u201d\nBoth the high volume of attempted attacks and the shift in behaviors and threat tactics caused security teams to quickly shift projects and budgets unexpectedly. This resulted in burnout for security team members \u2013 not only were they sprinting to address cybersecurity concerns but they, too, were working remotely with the same WFH burdens all employees were juggling.\nBeyond the obvious security issues, executives mentioned that WFH more clearly demonstrated the inequity across the employee base, with certain employees struggling with limited technology and network access at home, which required a rethinking of employee-focused budgets and asset allocation. \nOverall, however, all of the executives I spoke with believe that they are now in a much better position than they ever were from a technology, management, and process perspective. \nMoving to the new normal\nAs COVID-19 numbers decrease and vaccinations increase, many companies are now ready to welcome back employees to the workplace. But the issue is how to do so safely \u2013 or if they even need to bring the entire workforce back. The executives that I spoke with mentioned that their leadership and boards have determined that there should be no rush to bring employees back into the office. With WFH productivity levels high, there isn\u2019t an urgent need to bring them back and create a health risk.\nHowever, these decisions vary from region to region, given the COVID-19 numbers and local regulations. As one executive put it, \u201cWhat we do in Sydney or Austin is very different than the choices we\u2019ll make in Boston or New York.\u201d\nAt the same time, providing as much flexibility and employee happiness as possible is a top priority. \u201cWe need to hire and retain the best people possible,\u201d one of the executives said. \u201cForcing people to come to the office, or the opposite of forced WFH, runs contrary to that goal, so long as we maintain the quality of work.\u201d \nMany companies \u2013 and this is also my experience from the start-ups I invest in \u2013 believe younger employees are the most eager to return to the office. They see the office environment as important to their social life. It is this group of employees who found working at home most challenging for a variety of reasons \u2013 living with roommates in differing work situations, feeling isolated living alone in a small apartment, or the loss of working together as part of a team.\nNew challenges ahead\nGiven that the new normal baseline will see dramatically different physical and cyber behaviors, new challenges lie ahead. As some employees return to the workplace full-time while others remain in a hybrid mode or full WFH, both physical access control and network behaviors will vary greatly from day to day. Whereas a year ago, security teams had to quickly adapt to WFH behaviors, the focus going forward will be on oscillating profiles of both physical and network access.\nThe theoretical return date for most of the executives I spoke with is September. (Only one said they\u2019d be back in June.) Regardless of the timeframe, the primary challenge they are all facing is deploying scheduling software to ensure that only the right employees can be in the building during a certain set of hours in order to manage capacity levels and monitor visitors. The second priority is outfitting meeting rooms to make it easy to collaborate with WFH employees. \u201cWe weren\u2019t using Teams or Zoom much in our conference rooms previously,\u201d one exec stated.\nWhile COVID-19 status is not something that any of these leaders wanted to maintain data on \u2013 \u201cWho wants to have HIPAA regulations slapped on them by storing vaccine or testing status inside the organization?\u201d \u2013 there was some interest expressed by some in the group for third-party data services that could provide a red light or green light for both employees and visitors entering the building. This could create security risks by having to ensure third parties are following data privacy and cybersecurity models that fit organizational standards.\nDiscussing a return to the workplace is a good sign that some type of normal lies ahead of us, but we really won\u2019t know the full implications of how that transition will work. For these executives who worked tirelessly over these past months to enable WFH, the work to set the ground rules for RFWFH (Return from WFH) is just beginning.