Building Security Engagements Into The Cyber Workforce

June 13, 2022 00:33:40
Building Security Engagements Into The Cyber Workforce
Chief of Cybersecurity
Building Security Engagements Into The Cyber Workforce

Jun 13 2022 | 00:33:40

/

Hosted By

Dewayne Hart

Show Notes

Every security steward has been challenged to obtain multiple certifications, gain professional experience, and further their knowledge by attending educational institutions. Each resume includes various titles and certifications that demonstrate the cybersecurity professionals motivation and drive to succeed. Beyond the accolades and achievements, many stewards fail to roadmap and carry out project tasks.This podcast discusses those concerns by demonstrating workforce practices and their overall cybersecurity relationships. The podcast focuses on engaging security from initial employee onboarding to career progression. The outcome will balance learning, education, and career paths as a single contributor to career success.

View Full Transcript

Episode Transcript

WEBVTT 1 00:00:03.080 --> 00:00:08.400 Welcome to the chief of Cyber Security Podcast, where we discuss relevant information concerning 2 00:00:08.400 --> 00:00:13.599 the cyber security workforce, Business Development and best practices, made possible by see 3 00:00:13.640 --> 00:00:18.600 miss who learned more at Semis Donet I. for a list of authorized publications, 4 00:00:18.760 --> 00:00:25.280 visit Dwayne hardcom. And now here's your host, Dwayne heart. Welcome 5 00:00:25.320 --> 00:00:33.600 again, my listeners. We are definitely moving ahead to season with with the 6 00:00:33.719 --> 00:00:39.359 chief of sobergecuty podcast sessions. I always say we, because if it wasn't 7 00:00:39.399 --> 00:00:45.640 for all the great people that have purchased these typergecuity mindset and and listen to 8 00:00:45.840 --> 00:00:53.520 my podcasts, I would not be moving forward as gracefully and fast and able 9 00:00:53.600 --> 00:01:00.399 to deliver much needed information. You know, in the past podcasts, which 10 00:01:00.679 --> 00:01:11.319 was which was episode for developing a successful soybergecuty maturity program I actually ended it 11 00:01:11.359 --> 00:01:15.519 by actually making a great statement, and you know they gave you know that. 12 00:01:15.519 --> 00:01:23.400 That statement was that you are you are only as safecial sobergecuty mindset. 13 00:01:23.640 --> 00:01:30.000 So let's think about that for a second, right. If your cyber security 14 00:01:30.120 --> 00:01:37.040 mindset is working at a high level, so that means that that you're safe 15 00:01:37.040 --> 00:01:42.799 and you are driving protection for an enterprise or if you are a common user, 16 00:01:42.280 --> 00:01:51.040 then you are practicing safety, maybe on facebook. Now, outside of 17 00:01:51.879 --> 00:01:57.120 common users, they are people that work in the cyber security feel and one 18 00:01:57.159 --> 00:02:05.200 of the things that normally happens is that individual go to college and they get 19 00:02:05.319 --> 00:02:10.319 educated, and I get claps off to anybody to have went through school and 20 00:02:10.360 --> 00:02:15.639 got educated and probably worked on their bachelor's, that masters in the doctorate. 21 00:02:16.159 --> 00:02:22.680 It shows great motivation. It shows that you took the time to study on 22 00:02:22.719 --> 00:02:28.319 the weekends, you got up every morning in you wrote papers. That was 23 00:02:28.400 --> 00:02:31.639 sometimes when you probably wanted to go on a vacation, but no, you 24 00:02:31.680 --> 00:02:37.159 had to sit at home and to do homework and maybe you did go on 25 00:02:37.199 --> 00:02:43.479 a vacation, but you took your class work with you even so. At 26 00:02:43.479 --> 00:02:50.759 the time you were out there fishing, right, you actually had your laptop 27 00:02:50.800 --> 00:02:54.159 and you had your book open, right, but you kept your eyes on 28 00:02:54.199 --> 00:03:02.080 that fresh catch because you were committed to the process this. But, like 29 00:03:02.199 --> 00:03:10.039 many people, after leaving school, a lot of cyber security people are scranted, 30 00:03:10.479 --> 00:03:14.520 scranted to one. They're okay, I have a degree and I learn 31 00:03:14.560 --> 00:03:19.080 all this information and I really want to go on a job and I really 32 00:03:19.120 --> 00:03:23.800 want to be effective, I want to make a difference. So why should 33 00:03:23.840 --> 00:03:30.400 I start? And likewise, certain people find the niche and then they move 34 00:03:30.479 --> 00:03:38.080 through the cybergecurity industry and they become well season professionals. Then they are others 35 00:03:38.159 --> 00:03:46.680 that are probably still scruggle for so many years because of the way that certain 36 00:03:46.759 --> 00:03:55.120 labor categories are probably organized, and also to based on the ideals of what 37 00:03:55.319 --> 00:04:00.800 is a security engagements. So for this podcast session building security engagements into the 38 00:04:00.840 --> 00:04:06.719 cyber workforce, we're going to talk about how do you transition from that college 39 00:04:06.800 --> 00:04:15.279 level student, all that person that passed there CISSP and marry that into cyber 40 00:04:15.360 --> 00:04:21.160 security? And to be effective and to go and make that happen, there 41 00:04:21.199 --> 00:04:27.800 are certain things that need to exist. One is we need to talk about 42 00:04:27.920 --> 00:04:31.680 the security label for us. We need to talk about some unridden rules. 43 00:04:31.800 --> 00:04:41.079 We need to talk about continuing continual engagements, leadership and development and some of 44 00:04:41.120 --> 00:04:46.120 the risks that are associated with not knowing how to approach security engagement. And 45 00:04:46.160 --> 00:04:51.839 one of my favorites is implement a cultural shift, because these are very important 46 00:04:51.879 --> 00:05:00.199 topics that that will bridge everything together so that individual can understand how to engage 47 00:05:00.240 --> 00:05:08.000 cyber security. So let's talk about the security workforce. Okay. Now there 48 00:05:08.040 --> 00:05:14.120 are so many labor categories out there, from engineers to analysts, to architects 49 00:05:14.639 --> 00:05:23.959 to specialists and somebody. Some of these labor categories can cross over, but 50 00:05:24.079 --> 00:05:30.040 at the end of the day you are cyber security professional and in order to 51 00:05:30.079 --> 00:05:34.600 make it into the cyber security in industry, everyone has to have education, 52 00:05:34.959 --> 00:05:43.519 all right, everyone has to have training, training. Training is about going 53 00:05:43.560 --> 00:05:48.399 through and learning how to do your job. Some of US have learned by 54 00:05:48.439 --> 00:05:53.279 Ogt, which is on the job training, and some have been put in 55 00:05:53.279 --> 00:05:57.759 the formal workshops where you can learn how to do your job, and some 56 00:05:57.800 --> 00:06:03.040 people are lucky enough to have individ eduals that would guide them through their cyberge 57 00:06:04.199 --> 00:06:09.759 security career. And this is what leadership falls in. So so we're going 58 00:06:09.759 --> 00:06:14.040 to talk about that later. Complex job titles. Yes, there's so many 59 00:06:14.040 --> 00:06:17.920 complex job titles out there on the market. You you know, from engineer 60 00:06:18.000 --> 00:06:26.199 to analyst to like operators, and sometimes it can be confusing. There are 61 00:06:26.519 --> 00:06:30.839 pitches about you can get your degree in one year. I am not going 62 00:06:30.920 --> 00:06:34.680 to respond to that. All I have to say is that if you can 63 00:06:34.759 --> 00:06:39.199 get your degree in one year and if you think you can gain the relevant 64 00:06:39.199 --> 00:06:43.480 information to enter, to enter the industry, go for it. They have 65 00:06:43.600 --> 00:06:47.079 some talk about all you need it's a certification. It takes more than a 66 00:06:47.120 --> 00:06:55.600 certification to become a cybersecurity steward because, because that's a three legged process that 67 00:06:55.639 --> 00:07:02.319 goes on. It called education, it's called certification and it's called experience. 68 00:07:02.399 --> 00:07:08.399 Those are your three legs. College students may not like the career feel. 69 00:07:08.560 --> 00:07:14.199 Yes, there are some college students that have been through a complete pipeline of 70 00:07:14.319 --> 00:07:18.879 training and realize that cyber security it's not something that that they wanted to do 71 00:07:19.000 --> 00:07:25.399 for the rest of their life. Because CYBERGE cuity requires people to learn. 72 00:07:25.560 --> 00:07:30.759 CYBERGE curity requires people to be constantly engaged because it's a changing environment. It 73 00:07:30.839 --> 00:07:35.279 my job makes me a secretary. There are times when individuals graduated from college 74 00:07:35.319 --> 00:07:44.079 and and they are position to become secretaries. So when someone becomes a secretary, 75 00:07:45.079 --> 00:07:48.199 you know the only thing that happens is that they are pigeonhole to push 76 00:07:48.240 --> 00:07:56.199 paperwork. This is a career killer. This, this really kills the engagement's 77 00:07:56.279 --> 00:08:01.839 practices. Individuals do not have a chance to engage cyber security now they become 78 00:08:03.040 --> 00:08:09.519 the individual that is just responsible for administrated work, and this is a failure 79 00:08:09.560 --> 00:08:18.160 of leadership. Too many meetings. I realized that we have an environment where 80 00:08:18.160 --> 00:08:22.600 people work remotely and there are some environments that that that I've heard of, 81 00:08:22.839 --> 00:08:28.199 where people have five, maybe six meetings a day, and you know, 82 00:08:28.399 --> 00:08:33.799 these meetings are anywhere from thirty minutes to an hour. So let's just let's 83 00:08:33.840 --> 00:08:37.120 just some the numbers up here. For minutes, let's just say five. 84 00:08:37.480 --> 00:08:41.720 If if a person is having five meetings to day for an hour, so 85 00:08:41.919 --> 00:08:46.840 that's five hours of meeting. And if they're lucky enough to go to lunch 86 00:08:48.440 --> 00:08:50.759 and come back, you really only have two hours of work to get done, 87 00:08:52.200 --> 00:08:56.799 even if they are in half hour apart from each other. Okay, 88 00:08:58.360 --> 00:09:05.759 and so a person has two point five hours of meetings a day. All 89 00:09:05.840 --> 00:09:09.519 right, then they go take a lunch, so there's three and a half 90 00:09:09.559 --> 00:09:11.919 hours. You only got four hours of work to do, a little bit 91 00:09:11.919 --> 00:09:16.960 of for our supports to do. All right. So you know, the 92 00:09:16.039 --> 00:09:24.240 label force has changed a lot because a high tempo environments, because individuals are 93 00:09:24.279 --> 00:09:31.759 requested to do more in cybersecurity now. But in the middle of that that 94 00:09:31.960 --> 00:09:37.240 has to be a continuous engagement, because if there is not a continuous engagement 95 00:09:37.679 --> 00:09:43.960 and disharms the workforce because individual has to know how to do the job, 96 00:09:43.120 --> 00:09:48.559 because you can get all the training, you can get all the education, 97 00:09:48.799 --> 00:09:54.320 but in order to get the experience and individual has to have hands on practice. 98 00:09:54.480 --> 00:10:01.240 All right, and part of those security engagements goes beyond the technical scope 99 00:10:01.240 --> 00:10:07.919 itself. They can exist into understanding unridden rules. So let's talk about some 100 00:10:07.000 --> 00:10:13.080 on ritten rules of the cyber security industry. Politics place a key roll. 101 00:10:13.639 --> 00:10:18.360 If you're not rubbing shoulders with the right people, sometimes you may not find 102 00:10:18.399 --> 00:10:24.080 yourself on a job very long. That is a true fact. These are 103 00:10:24.200 --> 00:10:30.799 unwritten rules of the IT industry and these are some engagement practice. Is that 104 00:10:30.879 --> 00:10:35.200 normally happens on job. But I can see you have different kind of departments. 105 00:10:35.279 --> 00:10:39.279 You you have people that are on different teams. Maybe you have a 106 00:10:39.320 --> 00:10:43.919 networking team and you have a cloud team, and there's a lot of briarch 107 00:10:43.919 --> 00:10:48.919 cancy that goes on because they are group and you may not be able to 108 00:10:50.120 --> 00:10:54.799 obtain certain things from these certain groups because you're not part of their group. 109 00:10:56.120 --> 00:11:01.559 Some of the other thing is mones, monetary outways, what you were taught. 110 00:11:01.919 --> 00:11:07.639 See in this obersecurity industry it's about saving money. Nobody wants to spend 111 00:11:07.679 --> 00:11:11.559 a lot of money really, but they want cybersecurity operate a lot of organization 112 00:11:11.720 --> 00:11:16.679 has to take take a bonus and look at both and sees with side they 113 00:11:16.720 --> 00:11:22.720 want to sway on. Sometimes Organization will a SEP risk right because of that 114 00:11:22.799 --> 00:11:28.879 monetary budget, especially if the risk does not cause too much harm. And 115 00:11:28.919 --> 00:11:33.759 then there are times when organization have a large budget pool where they can spend 116 00:11:33.799 --> 00:11:39.200 a lot of money on cyber security. So monetary outways what you would taught, 117 00:11:39.240 --> 00:11:43.480 because you were not taught that in school. While you in school, 118 00:11:43.519 --> 00:11:46.559 you were told to be a sober security steward, to walk on a job 119 00:11:46.759 --> 00:11:54.080 and to help reduce risk, but you were not told that be our concy 120 00:11:54.159 --> 00:11:58.600 plays a key role and if organization do not have money, then that kind 121 00:11:58.639 --> 00:12:01.879 of affects the way you approach type of security. And this is your security 122 00:12:01.919 --> 00:12:09.399 engagement shift. Plane Happen when unlikable people are on board? If you are 123 00:12:09.480 --> 00:12:15.879 unlikable person in organization and something goes wrong, you're going to get the strike. 124 00:12:16.559 --> 00:12:20.759 All right, this is part of the unwritten rules. So and an 125 00:12:20.840 --> 00:12:26.720 organization. A lot of times that happen because there's a breakdown in communications. 126 00:12:28.759 --> 00:12:33.639 You know, it can be from other reasons that that that certain people want 127 00:12:33.679 --> 00:12:37.639 to make sure that the light always shines on them, especially if they they've 128 00:12:37.679 --> 00:12:43.360 been working on the organization platform for a bit and you know, they're the 129 00:12:43.799 --> 00:12:48.559 golden child. Nobody wants. Nobody wants to like to be taken away. 130 00:12:50.039 --> 00:12:52.720 So a lot of times you come on to a job, these are unwritten 131 00:12:52.799 --> 00:12:58.279 rules that are not told to you. Okay, one of the things I 132 00:12:58.320 --> 00:13:05.799 always like to think say is that be quiet, observe everything. Okay, 133 00:13:05.120 --> 00:13:09.960 this is one of the unwritten rules as well. To look and see who 134 00:13:09.000 --> 00:13:15.600 talks at meetings, who gets the special projects, who gets promoted, who 135 00:13:15.600 --> 00:13:20.240 gets demoted, and how does the boss imply? And for expectations? All 136 00:13:20.320 --> 00:13:26.679 right, because that's the part of your security engagements. And, as before, 137 00:13:26.879 --> 00:13:30.519 this is an unridden rule. This is not anything that's written down on 138 00:13:30.559 --> 00:13:33.320 a sheet of paper. You're not going to find this in an s hop, 139 00:13:35.399 --> 00:13:39.200 you're not going to find this through email. This is a learned experience 140 00:13:39.279 --> 00:13:48.840 on a job. But in order to become a very smart individual and to 141 00:13:48.039 --> 00:13:54.080 understand how these unwritten rules operate. You, you as the person, needs 142 00:13:54.120 --> 00:13:58.679 to have a continual engagement and when you have that continual engagement, you always 143 00:13:58.679 --> 00:14:03.720 focus. You are focus on the job and making sure things are getting done. 144 00:14:03.840 --> 00:14:11.039 You are a problem solver when it's when it comes to project task. 145 00:14:11.480 --> 00:14:16.799 You asked the person know what's supposed to happen, you can go execute though 146 00:14:16.879 --> 00:14:22.759 project task, because if you're not part of these project tasks and pretty much 147 00:14:22.759 --> 00:14:26.080 you're given project tax on a freaking basis, then you may not perform well, 148 00:14:26.120 --> 00:14:30.519 and if you don't perform well, you may become the unlikable person. 149 00:14:31.240 --> 00:14:37.240 Communication is very important. I've always liked to state that you communicate early and 150 00:14:37.279 --> 00:14:43.440 you communicate often, because when that happens, you will always have that continuous 151 00:14:43.480 --> 00:14:50.279 engagement into cybersecurity, because the way you engage soybersecurity, and I would say 152 00:14:50.320 --> 00:14:56.000 just again, makes a difference on how well you can be successful with your 153 00:14:56.039 --> 00:15:05.320 career and also to carry out certain project, you also has to be thinking 154 00:15:05.399 --> 00:15:11.519 cyber security, so your speech and your language has to be on a cyber 155 00:15:11.559 --> 00:15:18.200 security level. Some of the other errors that actually needs to be addressed is 156 00:15:18.240 --> 00:15:22.919 that you have to have a defensive mindset. Okay, no, one can 157 00:15:22.960 --> 00:15:28.639 really teach individuals how to have a defensive mindset. This is just something like 158 00:15:28.679 --> 00:15:33.360 a little bug that has grabs you as you work in this IT industry. 159 00:15:33.480 --> 00:15:39.240 It is certain things that just grab you because if you think about a about 160 00:15:39.320 --> 00:15:46.519 the defensive mindset, is stating that you see something wrong and you take action. 161 00:15:46.279 --> 00:15:50.919 You don't wait until someone tells you to go take action. These are 162 00:15:50.960 --> 00:15:56.320 part of these soft skill sets and a couple things that should exist when you 163 00:15:58.480 --> 00:16:03.000 when you work in the IT industry or like the cyber security industry as well. 164 00:16:03.039 --> 00:16:07.679 Ownership is another key term that that it rarely spoken about, because someone 165 00:16:07.759 --> 00:16:14.919 has to take ownership for cyber security and if no one takes ownership, then 166 00:16:15.600 --> 00:16:22.440 you just satisfied the hackers appetite, because that's the hackers appetite there. If 167 00:16:22.480 --> 00:16:25.919 no one has ownership, then I guess the hackers have to take over. 168 00:16:26.480 --> 00:16:33.879 Negative thinking is one of the areas that someone should probably try to remove away 169 00:16:33.919 --> 00:16:41.120 from because if you have negative thinking, your overall engagement means that you don't 170 00:16:41.159 --> 00:16:44.879 approach your job with a positive attitude. If you don't have a positive attitude, 171 00:16:44.919 --> 00:16:47.840 then expect, like cancer, to all your groups and all your different 172 00:16:47.840 --> 00:16:51.720 teams and you will find out that people don't want to work along with you, 173 00:16:52.200 --> 00:17:00.080 and now you become the unlikable person. So in order to ensure that 174 00:17:00.480 --> 00:17:08.720 cybersecurity guru aid that has just graduated out of college become successful, there needs 175 00:17:08.759 --> 00:17:15.039 to be a certain practice in place, and one of these practices is called 176 00:17:15.160 --> 00:17:22.119 leadership and development. I myself spent my last three years in the military designing 177 00:17:22.400 --> 00:17:27.119 and teaching leadership and development, and one of the things that I learned about 178 00:17:27.240 --> 00:17:37.680 leadership and development is that it's a tool and when the subordinates fail is it 179 00:17:37.759 --> 00:17:41.559 is not disabordinate's fault, it is the leaders fault, because leaders are supposed 180 00:17:41.599 --> 00:17:48.000 to God and develop, and that can be a challenge in this it industry 181 00:17:48.119 --> 00:17:55.680 and also cybersecurity, because a lot of leaders are tax with working in high 182 00:17:55.720 --> 00:18:00.920 tempo environments. So to sit down and to have that I minute talk with 183 00:18:00.039 --> 00:18:03.559 it's a born it once a week on a daily basis may not happen, 184 00:18:04.039 --> 00:18:11.279 but but what a little work it can be done. Here goes, here 185 00:18:11.319 --> 00:18:18.119 goes some of the areas of leadership in development. Here that that I want 186 00:18:18.160 --> 00:18:23.759 to talk about. Favoritism, favoriteism exist in the industry. Okay, people 187 00:18:23.839 --> 00:18:29.039 show favoritism because they're comfortable dealing with certain people and then there are certain people 188 00:18:29.160 --> 00:18:33.920 that that they just don't like. Okay, if someone has been working on 189 00:18:33.039 --> 00:18:44.799 the under the leader for five years and someone else come on board, well, 190 00:18:44.880 --> 00:18:49.279 if that leader is close to that person and that's been their right hand 191 00:18:49.319 --> 00:18:55.000 man, for our like female for like to past five year, maybe that's 192 00:18:55.000 --> 00:18:59.319 some favoritism that is going to come on board. Maybe those two people graduated 193 00:18:59.359 --> 00:19:04.640 from the same college. Maybe those two people a family members. I don't 194 00:19:04.680 --> 00:19:11.880 know, but favoriteism do exist. If you in leadership, I say that 195 00:19:11.000 --> 00:19:17.200 you do not use favoritism because you have a staff for many people that had 196 00:19:17.240 --> 00:19:23.000 to engage soyber security. If you engage sober security with favoritism, that means 197 00:19:23.039 --> 00:19:26.880 you're entire staff may not want to work for you and and you may not 198 00:19:26.920 --> 00:19:32.680 get that motivation that you need on your staff. Learned the environment. See 199 00:19:32.720 --> 00:19:36.920 that's very important when it's when it comes to leadership, because if you don't 200 00:19:37.000 --> 00:19:40.359 know the environment, then you setting yourself up a failure. When you know 201 00:19:40.400 --> 00:19:45.759 the environment, see that consists of the technologies, see that consists of the 202 00:19:47.319 --> 00:19:52.680 team players that you have. What's the overall function in the organization itself, 203 00:19:53.680 --> 00:19:57.400 some of the management practice is that has to be in place, some of 204 00:19:57.440 --> 00:20:03.359 the unwritten rules that are in place, some of the barcacies that are in 205 00:20:03.440 --> 00:20:07.680 place, those are things that that leaders need to know and those are not 206 00:20:07.799 --> 00:20:11.400 things that are written down on the set of paper. Those are part of 207 00:20:11.440 --> 00:20:19.279 a continue engagement when you engage the workforce and if you engage cyber security constantly 208 00:20:19.359 --> 00:20:25.720 on the databasis, then then you would learn the environment. One of the 209 00:20:25.720 --> 00:20:30.440 other errors to is that you need to remove traditional thinking because your last company 210 00:20:30.480 --> 00:20:37.799 operated a certain standard towards cybersecurity. That may not work in this current environment 211 00:20:37.839 --> 00:20:42.400 that you d I have seen many and many of great leaders that are do 212 00:20:42.480 --> 00:20:48.559 great jobs, but for some reason they have to get d program because to 213 00:20:48.599 --> 00:20:53.279 the so used to working and operating cyberseecurity at a certain level based on the 214 00:20:53.359 --> 00:21:00.000 experience, because they don't want to change. I I would say for sure 215 00:21:00.799 --> 00:21:07.759 is that that happens because people are comfortable, because people do not like change. 216 00:21:07.720 --> 00:21:12.279 Some of the other errors to hear well, you have to be a 217 00:21:12.279 --> 00:21:18.160 listener and listen to what people have to say, because when people make statements 218 00:21:18.200 --> 00:21:22.119 in these meetings, it carries a lot of weight. So you have to 219 00:21:22.160 --> 00:21:26.880 have an environment open, where everyone is freely and open. Opening can ash 220 00:21:26.920 --> 00:21:32.640 she talk and as she can discuss, because the purposes of having a team 221 00:21:32.759 --> 00:21:40.400 is to have everybody to collaborately use their knowledge and pool and pull all of 222 00:21:40.440 --> 00:21:45.640 that to getherther so that everyone can learn. But if you only have one 223 00:21:45.680 --> 00:21:49.920 person in the room talking all the time, nobody else really wants to talk. 224 00:21:51.240 --> 00:21:53.160 So if a lead allows that to happen, then he mom was to 225 00:21:53.240 --> 00:21:59.079 just have a meeting with that one person only. Some of the other errors 226 00:21:59.119 --> 00:22:06.720 here. No leader started as a Cias, so pulling cables. Okay, 227 00:22:06.799 --> 00:22:10.960 when I first got out to navy, my fresh job was pulling cables. 228 00:22:11.039 --> 00:22:15.720 I was working in it, but I was pulling cables and still today I 229 00:22:15.759 --> 00:22:21.920 remember that job and there are certain people now that are trying to transition into 230 00:22:22.000 --> 00:22:26.680 it that are doing the same job. There are some people that have came 231 00:22:26.720 --> 00:22:30.599 out of college and they have so much education, but they get on a 232 00:22:30.720 --> 00:22:33.240 job they stay. Okay, you're going to work with the networking team, 233 00:22:33.279 --> 00:22:37.880 but you know they's the networking team and as the people that pull cables. 234 00:22:38.400 --> 00:22:44.920 So you get stashed with the individual that poor cables. Now that short term 235 00:22:45.079 --> 00:22:49.519 work. Even a CIS Sol that is working at the top of the chain 236 00:22:49.920 --> 00:22:56.480 of cybersecurity started off somewhere and I guarantee you if most people would have a 237 00:22:56.480 --> 00:23:00.079 conversation with a SEI is so, a cis so would tell you what they 238 00:23:00.119 --> 00:23:04.240 started from. Some of them started from Jazz PC repair. Some of them 239 00:23:04.279 --> 00:23:11.039 came from the S, in the s when when there was mainframe computers, 240 00:23:11.160 --> 00:23:15.960 large, very, very large my frame computers. So what you have to 241 00:23:15.960 --> 00:23:21.279 remember is that leadership and development is very, very important because as part of 242 00:23:21.319 --> 00:23:29.200 the security engagement you can make a break somebody's career and if you not practicing 243 00:23:29.839 --> 00:23:34.599 great leadership then you know you can create some risks. So let's talk about 244 00:23:34.680 --> 00:23:41.079 risk for a second here. What are somebody risks that involved with a workforce? 245 00:23:41.200 --> 00:23:48.559 Where where those where those security engagement fail? Late the work assignments? 246 00:23:48.200 --> 00:23:52.640 I'm going to bring this up because there's a communication link on every job. 247 00:23:53.480 --> 00:24:00.160 If you don't have a continues engagement into cybersecurity yourself, we're going to see 248 00:24:00.279 --> 00:24:04.160 late and bravery, late working assignments. Skill set never grows and all you 249 00:24:04.240 --> 00:24:14.480 are it's a secretary increased labor because one of the things I've always seen is 250 00:24:14.519 --> 00:24:18.160 that if a person do not know how to do a job, they would 251 00:24:18.200 --> 00:24:22.799 spend more time trying to do it. Okay, and that's where that increased 252 00:24:22.920 --> 00:24:30.480 labor comes to surface. Described careers, because I remember when I was in 253 00:24:30.519 --> 00:24:34.319 the navy, we used to state that the first two weeks was the most 254 00:24:34.319 --> 00:24:41.680 critical perit of a new person that came on boardership. If you did not 255 00:24:41.759 --> 00:24:45.519 provide leadership in the first two weeks and show them the right way, they 256 00:24:45.559 --> 00:24:55.200 would probably fail the entire career. So the same goes here. The most 257 00:24:55.319 --> 00:24:59.079 the most important period is when someone is fresh out of college and you bring 258 00:24:59.119 --> 00:25:03.400 them on the job within like ninety days, really really have to shape and 259 00:25:03.440 --> 00:25:07.839 show them the way through the ropes. Project Delays Happen. You do not 260 00:25:07.960 --> 00:25:12.039 want to delay in the projects because if you don't have it, continues engagement 261 00:25:12.279 --> 00:25:18.359 into the cyber security and if you're giving a task well, projects can be 262 00:25:18.400 --> 00:25:26.480 delayed. Vulnerabilities, when we look at vulnerabilities, they can exist in the 263 00:25:26.559 --> 00:25:33.799 workforce because people not doing a job. So when I look at a vulnerability, 264 00:25:33.880 --> 00:25:37.880 it is a weaknesses. Okay, let's say, for instance, if 265 00:25:37.920 --> 00:25:45.759 if someone, let's say if someone was not engaged into a vulnerability management program 266 00:25:45.839 --> 00:25:51.119 right, and they was given a task to kind of go and to remediate 267 00:25:51.119 --> 00:25:56.400 a vulnerability. Well, they will cause more vulnerabilities to occur. Okay, 268 00:25:56.599 --> 00:26:00.799 and see that vulnerability is that they'll passions are supposed to be deployed on the 269 00:26:00.839 --> 00:26:04.319 fifteen of the month, but you can't make the fifteenth of the month. 270 00:26:04.559 --> 00:26:11.519 Now you just created a program vulnerability. So we can reduce that by being 271 00:26:11.559 --> 00:26:17.160 proactive and and also making sure that there's a continues engagement into cyber security. 272 00:26:17.720 --> 00:26:22.640 I was not told there are some people that operate under that strategy. If 273 00:26:22.680 --> 00:26:26.559 you don't tell them what to do, they're not going to do it all 274 00:26:26.680 --> 00:26:33.279 right, and those people usually become the unlikable person. So in a continues 275 00:26:33.319 --> 00:26:41.160 engagement mote, a person has to stay motivated. Now there are some jobs 276 00:26:41.200 --> 00:26:49.920 that have a small window to ensure that people stay motivated and then there are 277 00:26:49.920 --> 00:26:55.200 some jobs that will work along with people. But if you involved with cyber 278 00:26:55.279 --> 00:26:59.559 security itself and if you came out of college and if you trying to maneuver 279 00:26:59.680 --> 00:27:04.200 at the workforce and trying to be that great Soberg Security Stewart, you have 280 00:27:04.359 --> 00:27:08.400 to be motivated because you don't have to wait until somebody to tell you what 281 00:27:08.440 --> 00:27:11.119 to do, because if you know it has to get done, you go 282 00:27:11.240 --> 00:27:17.880 do it. And that's what that continuous engagement happens, because as you engage 283 00:27:17.880 --> 00:27:22.039 Cyberg security and more and more and more, that's when you become wise and 284 00:27:22.200 --> 00:27:30.039 understand how the architect operates. Laura, but Laura protect and increase risk. 285 00:27:30.680 --> 00:27:40.119 HMM, okay, now that's the opposite of increased protection. Okay, and 286 00:27:40.240 --> 00:27:45.559 Laura risk. Now here's what happens under this Laura protect and increase risk. 287 00:27:48.160 --> 00:27:56.319 When, when there is no continue engagement, no active engagement, and individuals 288 00:27:56.359 --> 00:28:02.079 are not engaging soveragecurity appropriately, you're going to create more risk. You create 289 00:28:02.200 --> 00:28:06.839 much work. You will find teams working harder and harder every day, but 290 00:28:06.920 --> 00:28:11.480 it's not all a job to to work harder, but to work smarter. 291 00:28:12.079 --> 00:28:17.240 All of this can be cleared and it can be cleansed up, and that's 292 00:28:17.279 --> 00:28:22.839 why implement a culture shift is the most important strategy and and chapter one of 293 00:28:22.880 --> 00:28:27.880 the soverage. Kidding Mindset, I talk about some key topics that can help 294 00:28:29.000 --> 00:28:34.319 organization have a stronger cyber security engagement. Off The top, you're going to 295 00:28:34.319 --> 00:28:38.559 have to have a buying structure which, which means you need to get everybody 296 00:28:38.599 --> 00:28:45.400 on board to buy into cyber security. Some of the other things that work 297 00:28:45.480 --> 00:28:48.359 is you got a brand the organization? Will you build images for the organization? 298 00:28:48.440 --> 00:28:52.880 This is the way we want to operate and you have your team to 299 00:28:52.960 --> 00:29:00.400 engage into that on a continual basis. Establish a win win relationship. If 300 00:29:00.480 --> 00:29:04.720 you can engage soybergecurity appropriately, then we can reduce risks, we can give 301 00:29:04.799 --> 00:29:11.000 you a raise, you can get out the training you want and then maybe 302 00:29:11.039 --> 00:29:15.880 the executive management they can stand the board room all day. Proactive security is 303 00:29:17.000 --> 00:29:22.880 very important to teach people to be proactive versus reactive. Now I realized at 304 00:29:22.880 --> 00:29:26.720 Certain Times Organization may just have to be reactive, but you want to be 305 00:29:26.799 --> 00:29:33.200 operating more so in the proactive stage versus the reacted stage. Everyone contributes. 306 00:29:33.960 --> 00:29:37.759 This is part of a culture ship. You want everyone to contribute because everyone 307 00:29:37.839 --> 00:29:45.920 has something to say, everyone has a part of knowledge for cybersecurity. Everyone 308 00:29:45.000 --> 00:29:51.400 can contribute to the team to have a win win type of relationship. Value 309 00:29:51.480 --> 00:29:56.920 Proposition mentality and chapter sixteen, or the Cyber Secuity Mindset, is very important 310 00:29:56.920 --> 00:30:02.240 because the value proposition mentality is saying, okay, if you gain these great 311 00:30:02.319 --> 00:30:07.599 skill sets, you can help this cooperation become a high value asset. And 312 00:30:07.640 --> 00:30:11.799 when the end, when the organization becomes a high value assets that customers and 313 00:30:11.839 --> 00:30:18.599 clients want them to be around, everyone benefits. Offer the value proposition, 314 00:30:19.319 --> 00:30:26.400 mentality and it will move multiple communication lanes and also to its support clients. 315 00:30:26.440 --> 00:30:34.480 Gamment and and you hear a great turn by the team. We can reduce 316 00:30:34.599 --> 00:30:40.119 risks. And last will not least, as I stated before, when you 317 00:30:40.200 --> 00:30:47.720 have a cultural shift, that's when the organization become a high value asset. 318 00:30:47.759 --> 00:30:53.160 If you work in government, government contracting here is something that's very important because 319 00:30:53.519 --> 00:30:59.559 if you can install yourself as a high a asset, you always get contracts. 320 00:30:59.680 --> 00:31:04.759 But to make that happen, you have to be of your capabilities. 321 00:31:04.799 --> 00:31:08.200 In order to be your capability, you need to have a winning team, 322 00:31:08.319 --> 00:31:15.279 certification, train people that are constantly engaged into cyber security. See that balance 323 00:31:15.359 --> 00:31:22.519 cyber security from the front line. Now Workforce Development is a very critical issue 324 00:31:22.559 --> 00:31:29.240 now, if we think about the way the workforce is shaped and moving. 325 00:31:30.359 --> 00:31:37.759 You know, the workforce has to perform outside of the certifications and grow outside 326 00:31:37.799 --> 00:31:44.079 of certification, because that's one of the main problems with cyber is that team 327 00:31:44.200 --> 00:31:49.720 spend a lot of time working on certification and working on education, but then 328 00:31:49.759 --> 00:31:56.480 when it becomes an engagement for during the job, that's when the challenge is 329 00:31:56.519 --> 00:32:00.200 happened, okay, and there's no set stone or something written down that teaches 330 00:32:00.279 --> 00:32:06.559 people how to do their job. Individual has to stay engage, leadership has 331 00:32:06.680 --> 00:32:15.119 to be in place and biocracy and unwritten rules have to be known. Now, 332 00:32:15.160 --> 00:32:22.799 the workforce for cybersecurity works across many lines, looking at the financial industry, 333 00:32:22.920 --> 00:32:27.359 looking at the government industry and also to just looking at the healthcare sector. 334 00:32:27.480 --> 00:32:32.720 You know, the healthcare sector has many challenges, from like robotics software 335 00:32:32.880 --> 00:32:39.960 to medical devices, to data privacies, hipper and Pi, because the medical 336 00:32:40.000 --> 00:32:45.799 industry is strong at trying to protect data, and this is where cyber security 337 00:32:45.920 --> 00:32:51.880 operates as well too. But there are a lot of challenges for the help 338 00:32:51.920 --> 00:32:55.559 scare sector and if you are someone that works in the healthcare sector, I'm 339 00:32:55.559 --> 00:33:02.119 pretty sure you have seen many issues as relates to cyber security. But stay 340 00:33:02.200 --> 00:33:07.200 with me because an episode six we're going to talk about security challenges for the 341 00:33:07.279 --> 00:33:14.599 health care sector. And keep in mind you are only a safeacial mindset you've 342 00:33:14.599 --> 00:33:17.799 been listening to the chief of Cyber Security Podcast, where you have gained relevant 343 00:33:17.839 --> 00:33:23.119 knowledge to enhance your cyber security mindset. Be Sure to visit dwayne heartcom to 344 00:33:23.200 --> 00:33:30.160 learn more about authored publications, show notes and discover more information concerning cyber security.
Previous Episode
Next Episode

Other Episodes

Episode

October 18, 2021 00:28:24
Episode Cover

Security Compliance and Risk Management – Why Are They Failing?

The technology industry engages challenges and concerns when compliance and risk management initiatives are developed. This podcast session brings into attention and outlines why...

Listen

Episode 9

September 11, 2023 00:25:03
Episode Cover

Secrets to Mastering Effective Cybersecurity Skills

With all the changes and technologies surfacing, cybersecurity teams must become the best and gather valuable skill sets. The time had changed when we...

Listen

Episode

October 10, 2022 00:25:07
Episode Cover

Improving Businesses Cybersecurity Engagements

Business engagements for cybersecurity have focused on being the medium between suppliers, customers, and hackers. Many organizations suffer significant security risks due to changing...

Listen