Episode Transcript
WEBVTT
1
00:00:03.080 --> 00:00:08.400
Welcome to the chief of Cyber Security
Podcast, where we discuss relevant information concerning
2
00:00:08.400 --> 00:00:13.599
the cyber security workforce, Business Development
and best practices, made possible by see
3
00:00:13.640 --> 00:00:18.600
miss who learned more at Semis Donet
I. for a list of authorized publications,
4
00:00:18.760 --> 00:00:25.280
visit Dwayne hardcom. And now here's
your host, Dwayne heart. Welcome
5
00:00:25.320 --> 00:00:33.600
again, my listeners. We are
definitely moving ahead to season with with the
6
00:00:33.719 --> 00:00:39.359
chief of sobergecuty podcast sessions. I
always say we, because if it wasn't
7
00:00:39.399 --> 00:00:45.640
for all the great people that have
purchased these typergecuity mindset and and listen to
8
00:00:45.840 --> 00:00:53.520
my podcasts, I would not be
moving forward as gracefully and fast and able
9
00:00:53.600 --> 00:01:00.399
to deliver much needed information. You
know, in the past podcasts, which
10
00:01:00.679 --> 00:01:11.319
was which was episode for developing a
successful soybergecuty maturity program I actually ended it
11
00:01:11.359 --> 00:01:15.519
by actually making a great statement,
and you know they gave you know that.
12
00:01:15.519 --> 00:01:23.400
That statement was that you are you
are only as safecial sobergecuty mindset.
13
00:01:23.640 --> 00:01:30.000
So let's think about that for a
second, right. If your cyber security
14
00:01:30.120 --> 00:01:37.040
mindset is working at a high level, so that means that that you're safe
15
00:01:37.040 --> 00:01:42.799
and you are driving protection for an
enterprise or if you are a common user,
16
00:01:42.280 --> 00:01:51.040
then you are practicing safety, maybe
on facebook. Now, outside of
17
00:01:51.879 --> 00:01:57.120
common users, they are people that
work in the cyber security feel and one
18
00:01:57.159 --> 00:02:05.200
of the things that normally happens is
that individual go to college and they get
19
00:02:05.319 --> 00:02:10.319
educated, and I get claps off
to anybody to have went through school and
20
00:02:10.360 --> 00:02:15.639
got educated and probably worked on their
bachelor's, that masters in the doctorate.
21
00:02:16.159 --> 00:02:22.680
It shows great motivation. It shows
that you took the time to study on
22
00:02:22.719 --> 00:02:28.319
the weekends, you got up every
morning in you wrote papers. That was
23
00:02:28.400 --> 00:02:31.639
sometimes when you probably wanted to go
on a vacation, but no, you
24
00:02:31.680 --> 00:02:37.159
had to sit at home and to
do homework and maybe you did go on
25
00:02:37.199 --> 00:02:43.479
a vacation, but you took your
class work with you even so. At
26
00:02:43.479 --> 00:02:50.759
the time you were out there fishing, right, you actually had your laptop
27
00:02:50.800 --> 00:02:54.159
and you had your book open,
right, but you kept your eyes on
28
00:02:54.199 --> 00:03:02.080
that fresh catch because you were committed
to the process this. But, like
29
00:03:02.199 --> 00:03:10.039
many people, after leaving school,
a lot of cyber security people are scranted,
30
00:03:10.479 --> 00:03:14.520
scranted to one. They're okay,
I have a degree and I learn
31
00:03:14.560 --> 00:03:19.080
all this information and I really want
to go on a job and I really
32
00:03:19.120 --> 00:03:23.800
want to be effective, I want
to make a difference. So why should
33
00:03:23.840 --> 00:03:30.400
I start? And likewise, certain
people find the niche and then they move
34
00:03:30.479 --> 00:03:38.080
through the cybergecurity industry and they become
well season professionals. Then they are others
35
00:03:38.159 --> 00:03:46.680
that are probably still scruggle for so
many years because of the way that certain
36
00:03:46.759 --> 00:03:55.120
labor categories are probably organized, and
also to based on the ideals of what
37
00:03:55.319 --> 00:04:00.800
is a security engagements. So for
this podcast session building security engagements into the
38
00:04:00.840 --> 00:04:06.719
cyber workforce, we're going to talk
about how do you transition from that college
39
00:04:06.800 --> 00:04:15.279
level student, all that person that
passed there CISSP and marry that into cyber
40
00:04:15.360 --> 00:04:21.160
security? And to be effective and
to go and make that happen, there
41
00:04:21.199 --> 00:04:27.800
are certain things that need to exist. One is we need to talk about
42
00:04:27.920 --> 00:04:31.680
the security label for us. We
need to talk about some unridden rules.
43
00:04:31.800 --> 00:04:41.079
We need to talk about continuing continual
engagements, leadership and development and some of
44
00:04:41.120 --> 00:04:46.120
the risks that are associated with not
knowing how to approach security engagement. And
45
00:04:46.160 --> 00:04:51.839
one of my favorites is implement a
cultural shift, because these are very important
46
00:04:51.879 --> 00:05:00.199
topics that that will bridge everything together
so that individual can understand how to engage
47
00:05:00.240 --> 00:05:08.000
cyber security. So let's talk about
the security workforce. Okay. Now there
48
00:05:08.040 --> 00:05:14.120
are so many labor categories out there, from engineers to analysts, to architects
49
00:05:14.639 --> 00:05:23.959
to specialists and somebody. Some of
these labor categories can cross over, but
50
00:05:24.079 --> 00:05:30.040
at the end of the day you
are cyber security professional and in order to
51
00:05:30.079 --> 00:05:34.600
make it into the cyber security in
industry, everyone has to have education,
52
00:05:34.959 --> 00:05:43.519
all right, everyone has to have
training, training. Training is about going
53
00:05:43.560 --> 00:05:48.399
through and learning how to do your
job. Some of US have learned by
54
00:05:48.439 --> 00:05:53.279
Ogt, which is on the job
training, and some have been put in
55
00:05:53.279 --> 00:05:57.759
the formal workshops where you can learn
how to do your job, and some
56
00:05:57.800 --> 00:06:03.040
people are lucky enough to have individ
eduals that would guide them through their cyberge
57
00:06:04.199 --> 00:06:09.759
security career. And this is what
leadership falls in. So so we're going
58
00:06:09.759 --> 00:06:14.040
to talk about that later. Complex
job titles. Yes, there's so many
59
00:06:14.040 --> 00:06:17.920
complex job titles out there on the
market. You you know, from engineer
60
00:06:18.000 --> 00:06:26.199
to analyst to like operators, and
sometimes it can be confusing. There are
61
00:06:26.519 --> 00:06:30.839
pitches about you can get your degree
in one year. I am not going
62
00:06:30.920 --> 00:06:34.680
to respond to that. All I
have to say is that if you can
63
00:06:34.759 --> 00:06:39.199
get your degree in one year and
if you think you can gain the relevant
64
00:06:39.199 --> 00:06:43.480
information to enter, to enter the
industry, go for it. They have
65
00:06:43.600 --> 00:06:47.079
some talk about all you need it's
a certification. It takes more than a
66
00:06:47.120 --> 00:06:55.600
certification to become a cybersecurity steward because, because that's a three legged process that
67
00:06:55.639 --> 00:07:02.319
goes on. It called education,
it's called certification and it's called experience.
68
00:07:02.399 --> 00:07:08.399
Those are your three legs. College
students may not like the career feel.
69
00:07:08.560 --> 00:07:14.199
Yes, there are some college students
that have been through a complete pipeline of
70
00:07:14.319 --> 00:07:18.879
training and realize that cyber security it's
not something that that they wanted to do
71
00:07:19.000 --> 00:07:25.399
for the rest of their life.
Because CYBERGE cuity requires people to learn.
72
00:07:25.560 --> 00:07:30.759
CYBERGE curity requires people to be constantly
engaged because it's a changing environment. It
73
00:07:30.839 --> 00:07:35.279
my job makes me a secretary.
There are times when individuals graduated from college
74
00:07:35.319 --> 00:07:44.079
and and they are position to become
secretaries. So when someone becomes a secretary,
75
00:07:45.079 --> 00:07:48.199
you know the only thing that happens
is that they are pigeonhole to push
76
00:07:48.240 --> 00:07:56.199
paperwork. This is a career killer. This, this really kills the engagement's
77
00:07:56.279 --> 00:08:01.839
practices. Individuals do not have a
chance to engage cyber security now they become
78
00:08:03.040 --> 00:08:09.519
the individual that is just responsible for
administrated work, and this is a failure
79
00:08:09.560 --> 00:08:18.160
of leadership. Too many meetings.
I realized that we have an environment where
80
00:08:18.160 --> 00:08:22.600
people work remotely and there are some
environments that that that I've heard of,
81
00:08:22.839 --> 00:08:28.199
where people have five, maybe six
meetings a day, and you know,
82
00:08:28.399 --> 00:08:33.799
these meetings are anywhere from thirty minutes
to an hour. So let's just let's
83
00:08:33.840 --> 00:08:37.120
just some the numbers up here.
For minutes, let's just say five.
84
00:08:37.480 --> 00:08:41.720
If if a person is having five
meetings to day for an hour, so
85
00:08:41.919 --> 00:08:46.840
that's five hours of meeting. And
if they're lucky enough to go to lunch
86
00:08:48.440 --> 00:08:50.759
and come back, you really only
have two hours of work to get done,
87
00:08:52.200 --> 00:08:56.799
even if they are in half hour
apart from each other. Okay,
88
00:08:58.360 --> 00:09:05.759
and so a person has two point
five hours of meetings a day. All
89
00:09:05.840 --> 00:09:09.519
right, then they go take a
lunch, so there's three and a half
90
00:09:09.559 --> 00:09:11.919
hours. You only got four hours
of work to do, a little bit
91
00:09:11.919 --> 00:09:16.960
of for our supports to do.
All right. So you know, the
92
00:09:16.039 --> 00:09:24.240
label force has changed a lot because
a high tempo environments, because individuals are
93
00:09:24.279 --> 00:09:31.759
requested to do more in cybersecurity now. But in the middle of that that
94
00:09:31.960 --> 00:09:37.240
has to be a continuous engagement,
because if there is not a continuous engagement
95
00:09:37.679 --> 00:09:43.960
and disharms the workforce because individual has
to know how to do the job,
96
00:09:43.120 --> 00:09:48.559
because you can get all the training, you can get all the education,
97
00:09:48.799 --> 00:09:54.320
but in order to get the experience
and individual has to have hands on practice.
98
00:09:54.480 --> 00:10:01.240
All right, and part of those
security engagements goes beyond the technical scope
99
00:10:01.240 --> 00:10:07.919
itself. They can exist into understanding
unridden rules. So let's talk about some
100
00:10:07.000 --> 00:10:13.080
on ritten rules of the cyber security
industry. Politics place a key roll.
101
00:10:13.639 --> 00:10:18.360
If you're not rubbing shoulders with the
right people, sometimes you may not find
102
00:10:18.399 --> 00:10:24.080
yourself on a job very long.
That is a true fact. These are
103
00:10:24.200 --> 00:10:30.799
unwritten rules of the IT industry and
these are some engagement practice. Is that
104
00:10:30.879 --> 00:10:35.200
normally happens on job. But I
can see you have different kind of departments.
105
00:10:35.279 --> 00:10:39.279
You you have people that are on
different teams. Maybe you have a
106
00:10:39.320 --> 00:10:43.919
networking team and you have a cloud
team, and there's a lot of briarch
107
00:10:43.919 --> 00:10:48.919
cancy that goes on because they are
group and you may not be able to
108
00:10:50.120 --> 00:10:54.799
obtain certain things from these certain groups
because you're not part of their group.
109
00:10:56.120 --> 00:11:01.559
Some of the other thing is mones, monetary outways, what you were taught.
110
00:11:01.919 --> 00:11:07.639
See in this obersecurity industry it's about
saving money. Nobody wants to spend
111
00:11:07.679 --> 00:11:11.559
a lot of money really, but
they want cybersecurity operate a lot of organization
112
00:11:11.720 --> 00:11:16.679
has to take take a bonus and
look at both and sees with side they
113
00:11:16.720 --> 00:11:22.720
want to sway on. Sometimes Organization
will a SEP risk right because of that
114
00:11:22.799 --> 00:11:28.879
monetary budget, especially if the risk
does not cause too much harm. And
115
00:11:28.919 --> 00:11:33.759
then there are times when organization have
a large budget pool where they can spend
116
00:11:33.799 --> 00:11:39.200
a lot of money on cyber security. So monetary outways what you would taught,
117
00:11:39.240 --> 00:11:43.480
because you were not taught that in
school. While you in school,
118
00:11:43.519 --> 00:11:46.559
you were told to be a sober
security steward, to walk on a job
119
00:11:46.759 --> 00:11:54.080
and to help reduce risk, but
you were not told that be our concy
120
00:11:54.159 --> 00:11:58.600
plays a key role and if organization
do not have money, then that kind
121
00:11:58.639 --> 00:12:01.879
of affects the way you approach type
of security. And this is your security
122
00:12:01.919 --> 00:12:09.399
engagement shift. Plane Happen when unlikable
people are on board? If you are
123
00:12:09.480 --> 00:12:15.879
unlikable person in organization and something goes
wrong, you're going to get the strike.
124
00:12:16.559 --> 00:12:20.759
All right, this is part of
the unwritten rules. So and an
125
00:12:20.840 --> 00:12:26.720
organization. A lot of times that
happen because there's a breakdown in communications.
126
00:12:28.759 --> 00:12:33.639
You know, it can be from
other reasons that that that certain people want
127
00:12:33.679 --> 00:12:37.639
to make sure that the light always
shines on them, especially if they they've
128
00:12:37.679 --> 00:12:43.360
been working on the organization platform for
a bit and you know, they're the
129
00:12:43.799 --> 00:12:48.559
golden child. Nobody wants. Nobody
wants to like to be taken away.
130
00:12:50.039 --> 00:12:52.720
So a lot of times you come
on to a job, these are unwritten
131
00:12:52.799 --> 00:12:58.279
rules that are not told to you. Okay, one of the things I
132
00:12:58.320 --> 00:13:05.799
always like to think say is that
be quiet, observe everything. Okay,
133
00:13:05.120 --> 00:13:09.960
this is one of the unwritten rules
as well. To look and see who
134
00:13:09.000 --> 00:13:15.600
talks at meetings, who gets the
special projects, who gets promoted, who
135
00:13:15.600 --> 00:13:20.240
gets demoted, and how does the
boss imply? And for expectations? All
136
00:13:20.320 --> 00:13:26.679
right, because that's the part of
your security engagements. And, as before,
137
00:13:26.879 --> 00:13:30.519
this is an unridden rule. This
is not anything that's written down on
138
00:13:30.559 --> 00:13:33.320
a sheet of paper. You're not
going to find this in an s hop,
139
00:13:35.399 --> 00:13:39.200
you're not going to find this through
email. This is a learned experience
140
00:13:39.279 --> 00:13:48.840
on a job. But in order
to become a very smart individual and to
141
00:13:48.039 --> 00:13:54.080
understand how these unwritten rules operate.
You, you as the person, needs
142
00:13:54.120 --> 00:13:58.679
to have a continual engagement and when
you have that continual engagement, you always
143
00:13:58.679 --> 00:14:03.720
focus. You are focus on the
job and making sure things are getting done.
144
00:14:03.840 --> 00:14:11.039
You are a problem solver when it's
when it comes to project task.
145
00:14:11.480 --> 00:14:16.799
You asked the person know what's supposed
to happen, you can go execute though
146
00:14:16.879 --> 00:14:22.759
project task, because if you're not
part of these project tasks and pretty much
147
00:14:22.759 --> 00:14:26.080
you're given project tax on a freaking
basis, then you may not perform well,
148
00:14:26.120 --> 00:14:30.519
and if you don't perform well,
you may become the unlikable person.
149
00:14:31.240 --> 00:14:37.240
Communication is very important. I've always
liked to state that you communicate early and
150
00:14:37.279 --> 00:14:43.440
you communicate often, because when that
happens, you will always have that continuous
151
00:14:43.480 --> 00:14:50.279
engagement into cybersecurity, because the way
you engage soybersecurity, and I would say
152
00:14:50.320 --> 00:14:56.000
just again, makes a difference on
how well you can be successful with your
153
00:14:56.039 --> 00:15:05.320
career and also to carry out certain
project, you also has to be thinking
154
00:15:05.399 --> 00:15:11.519
cyber security, so your speech and
your language has to be on a cyber
155
00:15:11.559 --> 00:15:18.200
security level. Some of the other
errors that actually needs to be addressed is
156
00:15:18.240 --> 00:15:22.919
that you have to have a defensive
mindset. Okay, no, one can
157
00:15:22.960 --> 00:15:28.639
really teach individuals how to have a
defensive mindset. This is just something like
158
00:15:28.679 --> 00:15:33.360
a little bug that has grabs you
as you work in this IT industry.
159
00:15:33.480 --> 00:15:39.240
It is certain things that just grab
you because if you think about a about
160
00:15:39.320 --> 00:15:46.519
the defensive mindset, is stating that
you see something wrong and you take action.
161
00:15:46.279 --> 00:15:50.919
You don't wait until someone tells you
to go take action. These are
162
00:15:50.960 --> 00:15:56.320
part of these soft skill sets and
a couple things that should exist when you
163
00:15:58.480 --> 00:16:03.000
when you work in the IT industry
or like the cyber security industry as well.
164
00:16:03.039 --> 00:16:07.679
Ownership is another key term that that
it rarely spoken about, because someone
165
00:16:07.759 --> 00:16:14.919
has to take ownership for cyber security
and if no one takes ownership, then
166
00:16:15.600 --> 00:16:22.440
you just satisfied the hackers appetite,
because that's the hackers appetite there. If
167
00:16:22.480 --> 00:16:25.919
no one has ownership, then I
guess the hackers have to take over.
168
00:16:26.480 --> 00:16:33.879
Negative thinking is one of the areas
that someone should probably try to remove away
169
00:16:33.919 --> 00:16:41.120
from because if you have negative thinking, your overall engagement means that you don't
170
00:16:41.159 --> 00:16:44.879
approach your job with a positive attitude. If you don't have a positive attitude,
171
00:16:44.919 --> 00:16:47.840
then expect, like cancer, to
all your groups and all your different
172
00:16:47.840 --> 00:16:51.720
teams and you will find out that
people don't want to work along with you,
173
00:16:52.200 --> 00:17:00.080
and now you become the unlikable person. So in order to ensure that
174
00:17:00.480 --> 00:17:08.720
cybersecurity guru aid that has just graduated
out of college become successful, there needs
175
00:17:08.759 --> 00:17:15.039
to be a certain practice in place, and one of these practices is called
176
00:17:15.160 --> 00:17:22.119
leadership and development. I myself spent
my last three years in the military designing
177
00:17:22.400 --> 00:17:27.119
and teaching leadership and development, and
one of the things that I learned about
178
00:17:27.240 --> 00:17:37.680
leadership and development is that it's a
tool and when the subordinates fail is it
179
00:17:37.759 --> 00:17:41.559
is not disabordinate's fault, it is
the leaders fault, because leaders are supposed
180
00:17:41.599 --> 00:17:48.000
to God and develop, and that
can be a challenge in this it industry
181
00:17:48.119 --> 00:17:55.680
and also cybersecurity, because a lot
of leaders are tax with working in high
182
00:17:55.720 --> 00:18:00.920
tempo environments. So to sit down
and to have that I minute talk with
183
00:18:00.039 --> 00:18:03.559
it's a born it once a week
on a daily basis may not happen,
184
00:18:04.039 --> 00:18:11.279
but but what a little work it
can be done. Here goes, here
185
00:18:11.319 --> 00:18:18.119
goes some of the areas of leadership
in development. Here that that I want
186
00:18:18.160 --> 00:18:23.759
to talk about. Favoritism, favoriteism
exist in the industry. Okay, people
187
00:18:23.839 --> 00:18:29.039
show favoritism because they're comfortable dealing with
certain people and then there are certain people
188
00:18:29.160 --> 00:18:33.920
that that they just don't like.
Okay, if someone has been working on
189
00:18:33.039 --> 00:18:44.799
the under the leader for five years
and someone else come on board, well,
190
00:18:44.880 --> 00:18:49.279
if that leader is close to that
person and that's been their right hand
191
00:18:49.319 --> 00:18:55.000
man, for our like female for
like to past five year, maybe that's
192
00:18:55.000 --> 00:18:59.319
some favoritism that is going to come
on board. Maybe those two people graduated
193
00:18:59.359 --> 00:19:04.640
from the same college. Maybe those
two people a family members. I don't
194
00:19:04.680 --> 00:19:11.880
know, but favoriteism do exist.
If you in leadership, I say that
195
00:19:11.000 --> 00:19:17.200
you do not use favoritism because you
have a staff for many people that had
196
00:19:17.240 --> 00:19:23.000
to engage soyber security. If you
engage sober security with favoritism, that means
197
00:19:23.039 --> 00:19:26.880
you're entire staff may not want to
work for you and and you may not
198
00:19:26.920 --> 00:19:32.680
get that motivation that you need on
your staff. Learned the environment. See
199
00:19:32.720 --> 00:19:36.920
that's very important when it's when it
comes to leadership, because if you don't
200
00:19:37.000 --> 00:19:40.359
know the environment, then you setting
yourself up a failure. When you know
201
00:19:40.400 --> 00:19:45.759
the environment, see that consists of
the technologies, see that consists of the
202
00:19:47.319 --> 00:19:52.680
team players that you have. What's
the overall function in the organization itself,
203
00:19:53.680 --> 00:19:57.400
some of the management practice is that
has to be in place, some of
204
00:19:57.440 --> 00:20:03.359
the unwritten rules that are in place, some of the barcacies that are in
205
00:20:03.440 --> 00:20:07.680
place, those are things that that
leaders need to know and those are not
206
00:20:07.799 --> 00:20:11.400
things that are written down on the
set of paper. Those are part of
207
00:20:11.440 --> 00:20:19.279
a continue engagement when you engage the
workforce and if you engage cyber security constantly
208
00:20:19.359 --> 00:20:25.720
on the databasis, then then you
would learn the environment. One of the
209
00:20:25.720 --> 00:20:30.440
other errors to is that you need
to remove traditional thinking because your last company
210
00:20:30.480 --> 00:20:37.799
operated a certain standard towards cybersecurity.
That may not work in this current environment
211
00:20:37.839 --> 00:20:42.400
that you d I have seen many
and many of great leaders that are do
212
00:20:42.480 --> 00:20:48.559
great jobs, but for some reason
they have to get d program because to
213
00:20:48.599 --> 00:20:53.279
the so used to working and operating
cyberseecurity at a certain level based on the
214
00:20:53.359 --> 00:21:00.000
experience, because they don't want to
change. I I would say for sure
215
00:21:00.799 --> 00:21:07.759
is that that happens because people are
comfortable, because people do not like change.
216
00:21:07.720 --> 00:21:12.279
Some of the other errors to hear
well, you have to be a
217
00:21:12.279 --> 00:21:18.160
listener and listen to what people have
to say, because when people make statements
218
00:21:18.200 --> 00:21:22.119
in these meetings, it carries a
lot of weight. So you have to
219
00:21:22.160 --> 00:21:26.880
have an environment open, where everyone
is freely and open. Opening can ash
220
00:21:26.920 --> 00:21:32.640
she talk and as she can discuss, because the purposes of having a team
221
00:21:32.759 --> 00:21:40.400
is to have everybody to collaborately use
their knowledge and pool and pull all of
222
00:21:40.440 --> 00:21:45.640
that to getherther so that everyone can
learn. But if you only have one
223
00:21:45.680 --> 00:21:49.920
person in the room talking all the
time, nobody else really wants to talk.
224
00:21:51.240 --> 00:21:53.160
So if a lead allows that to
happen, then he mom was to
225
00:21:53.240 --> 00:21:59.079
just have a meeting with that one
person only. Some of the other errors
226
00:21:59.119 --> 00:22:06.720
here. No leader started as a
Cias, so pulling cables. Okay,
227
00:22:06.799 --> 00:22:10.960
when I first got out to navy, my fresh job was pulling cables.
228
00:22:11.039 --> 00:22:15.720
I was working in it, but
I was pulling cables and still today I
229
00:22:15.759 --> 00:22:21.920
remember that job and there are certain
people now that are trying to transition into
230
00:22:22.000 --> 00:22:26.680
it that are doing the same job. There are some people that have came
231
00:22:26.720 --> 00:22:30.599
out of college and they have so
much education, but they get on a
232
00:22:30.720 --> 00:22:33.240
job they stay. Okay, you're
going to work with the networking team,
233
00:22:33.279 --> 00:22:37.880
but you know they's the networking team
and as the people that pull cables.
234
00:22:38.400 --> 00:22:44.920
So you get stashed with the individual
that poor cables. Now that short term
235
00:22:45.079 --> 00:22:49.519
work. Even a CIS Sol that
is working at the top of the chain
236
00:22:49.920 --> 00:22:56.480
of cybersecurity started off somewhere and I
guarantee you if most people would have a
237
00:22:56.480 --> 00:23:00.079
conversation with a SEI is so,
a cis so would tell you what they
238
00:23:00.119 --> 00:23:04.240
started from. Some of them started
from Jazz PC repair. Some of them
239
00:23:04.279 --> 00:23:11.039
came from the S, in the
s when when there was mainframe computers,
240
00:23:11.160 --> 00:23:15.960
large, very, very large my
frame computers. So what you have to
241
00:23:15.960 --> 00:23:21.279
remember is that leadership and development is
very, very important because as part of
242
00:23:21.319 --> 00:23:29.200
the security engagement you can make a
break somebody's career and if you not practicing
243
00:23:29.839 --> 00:23:34.599
great leadership then you know you can
create some risks. So let's talk about
244
00:23:34.680 --> 00:23:41.079
risk for a second here. What
are somebody risks that involved with a workforce?
245
00:23:41.200 --> 00:23:48.559
Where where those where those security engagement
fail? Late the work assignments?
246
00:23:48.200 --> 00:23:52.640
I'm going to bring this up because
there's a communication link on every job.
247
00:23:53.480 --> 00:24:00.160
If you don't have a continues engagement
into cybersecurity yourself, we're going to see
248
00:24:00.279 --> 00:24:04.160
late and bravery, late working assignments. Skill set never grows and all you
249
00:24:04.240 --> 00:24:14.480
are it's a secretary increased labor because
one of the things I've always seen is
250
00:24:14.519 --> 00:24:18.160
that if a person do not know
how to do a job, they would
251
00:24:18.200 --> 00:24:22.799
spend more time trying to do it. Okay, and that's where that increased
252
00:24:22.920 --> 00:24:30.480
labor comes to surface. Described careers, because I remember when I was in
253
00:24:30.519 --> 00:24:34.319
the navy, we used to state
that the first two weeks was the most
254
00:24:34.319 --> 00:24:41.680
critical perit of a new person that
came on boardership. If you did not
255
00:24:41.759 --> 00:24:45.519
provide leadership in the first two weeks
and show them the right way, they
256
00:24:45.559 --> 00:24:55.200
would probably fail the entire career.
So the same goes here. The most
257
00:24:55.319 --> 00:24:59.079
the most important period is when someone
is fresh out of college and you bring
258
00:24:59.119 --> 00:25:03.400
them on the job within like ninety
days, really really have to shape and
259
00:25:03.440 --> 00:25:07.839
show them the way through the ropes. Project Delays Happen. You do not
260
00:25:07.960 --> 00:25:12.039
want to delay in the projects because
if you don't have it, continues engagement
261
00:25:12.279 --> 00:25:18.359
into the cyber security and if you're
giving a task well, projects can be
262
00:25:18.400 --> 00:25:26.480
delayed. Vulnerabilities, when we look
at vulnerabilities, they can exist in the
263
00:25:26.559 --> 00:25:33.799
workforce because people not doing a job. So when I look at a vulnerability,
264
00:25:33.880 --> 00:25:37.880
it is a weaknesses. Okay,
let's say, for instance, if
265
00:25:37.920 --> 00:25:45.759
if someone, let's say if someone
was not engaged into a vulnerability management program
266
00:25:45.839 --> 00:25:51.119
right, and they was given a
task to kind of go and to remediate
267
00:25:51.119 --> 00:25:56.400
a vulnerability. Well, they will
cause more vulnerabilities to occur. Okay,
268
00:25:56.599 --> 00:26:00.799
and see that vulnerability is that they'll
passions are supposed to be deployed on the
269
00:26:00.839 --> 00:26:04.319
fifteen of the month, but you
can't make the fifteenth of the month.
270
00:26:04.559 --> 00:26:11.519
Now you just created a program vulnerability. So we can reduce that by being
271
00:26:11.559 --> 00:26:17.160
proactive and and also making sure that
there's a continues engagement into cyber security.
272
00:26:17.720 --> 00:26:22.640
I was not told there are some
people that operate under that strategy. If
273
00:26:22.680 --> 00:26:26.559
you don't tell them what to do, they're not going to do it all
274
00:26:26.680 --> 00:26:33.279
right, and those people usually become
the unlikable person. So in a continues
275
00:26:33.319 --> 00:26:41.160
engagement mote, a person has to
stay motivated. Now there are some jobs
276
00:26:41.200 --> 00:26:49.920
that have a small window to ensure
that people stay motivated and then there are
277
00:26:49.920 --> 00:26:55.200
some jobs that will work along with
people. But if you involved with cyber
278
00:26:55.279 --> 00:26:59.559
security itself and if you came out
of college and if you trying to maneuver
279
00:26:59.680 --> 00:27:04.200
at the workforce and trying to be
that great Soberg Security Stewart, you have
280
00:27:04.359 --> 00:27:08.400
to be motivated because you don't have
to wait until somebody to tell you what
281
00:27:08.440 --> 00:27:11.119
to do, because if you know
it has to get done, you go
282
00:27:11.240 --> 00:27:17.880
do it. And that's what that
continuous engagement happens, because as you engage
283
00:27:17.880 --> 00:27:22.039
Cyberg security and more and more and
more, that's when you become wise and
284
00:27:22.200 --> 00:27:30.039
understand how the architect operates. Laura, but Laura protect and increase risk.
285
00:27:30.680 --> 00:27:40.119
HMM, okay, now that's the
opposite of increased protection. Okay, and
286
00:27:40.240 --> 00:27:45.559
Laura risk. Now here's what happens
under this Laura protect and increase risk.
287
00:27:48.160 --> 00:27:56.319
When, when there is no continue
engagement, no active engagement, and individuals
288
00:27:56.359 --> 00:28:02.079
are not engaging soveragecurity appropriately, you're
going to create more risk. You create
289
00:28:02.200 --> 00:28:06.839
much work. You will find teams
working harder and harder every day, but
290
00:28:06.920 --> 00:28:11.480
it's not all a job to to
work harder, but to work smarter.
291
00:28:12.079 --> 00:28:17.240
All of this can be cleared and
it can be cleansed up, and that's
292
00:28:17.279 --> 00:28:22.839
why implement a culture shift is the
most important strategy and and chapter one of
293
00:28:22.880 --> 00:28:27.880
the soverage. Kidding Mindset, I
talk about some key topics that can help
294
00:28:29.000 --> 00:28:34.319
organization have a stronger cyber security engagement. Off The top, you're going to
295
00:28:34.319 --> 00:28:38.559
have to have a buying structure which, which means you need to get everybody
296
00:28:38.599 --> 00:28:45.400
on board to buy into cyber security. Some of the other things that work
297
00:28:45.480 --> 00:28:48.359
is you got a brand the organization? Will you build images for the organization?
298
00:28:48.440 --> 00:28:52.880
This is the way we want to
operate and you have your team to
299
00:28:52.960 --> 00:29:00.400
engage into that on a continual basis. Establish a win win relationship. If
300
00:29:00.480 --> 00:29:04.720
you can engage soybergecurity appropriately, then
we can reduce risks, we can give
301
00:29:04.799 --> 00:29:11.000
you a raise, you can get
out the training you want and then maybe
302
00:29:11.039 --> 00:29:15.880
the executive management they can stand the
board room all day. Proactive security is
303
00:29:17.000 --> 00:29:22.880
very important to teach people to be
proactive versus reactive. Now I realized at
304
00:29:22.880 --> 00:29:26.720
Certain Times Organization may just have to
be reactive, but you want to be
305
00:29:26.799 --> 00:29:33.200
operating more so in the proactive stage
versus the reacted stage. Everyone contributes.
306
00:29:33.960 --> 00:29:37.759
This is part of a culture ship. You want everyone to contribute because everyone
307
00:29:37.839 --> 00:29:45.920
has something to say, everyone has
a part of knowledge for cybersecurity. Everyone
308
00:29:45.000 --> 00:29:51.400
can contribute to the team to have
a win win type of relationship. Value
309
00:29:51.480 --> 00:29:56.920
Proposition mentality and chapter sixteen, or
the Cyber Secuity Mindset, is very important
310
00:29:56.920 --> 00:30:02.240
because the value proposition mentality is saying, okay, if you gain these great
311
00:30:02.319 --> 00:30:07.599
skill sets, you can help this
cooperation become a high value asset. And
312
00:30:07.640 --> 00:30:11.799
when the end, when the organization
becomes a high value assets that customers and
313
00:30:11.839 --> 00:30:18.599
clients want them to be around,
everyone benefits. Offer the value proposition,
314
00:30:19.319 --> 00:30:26.400
mentality and it will move multiple communication
lanes and also to its support clients.
315
00:30:26.440 --> 00:30:34.480
Gamment and and you hear a great
turn by the team. We can reduce
316
00:30:34.599 --> 00:30:40.119
risks. And last will not least, as I stated before, when you
317
00:30:40.200 --> 00:30:47.720
have a cultural shift, that's when
the organization become a high value asset.
318
00:30:47.759 --> 00:30:53.160
If you work in government, government
contracting here is something that's very important because
319
00:30:53.519 --> 00:30:59.559
if you can install yourself as a
high a asset, you always get contracts.
320
00:30:59.680 --> 00:31:04.759
But to make that happen, you
have to be of your capabilities.
321
00:31:04.799 --> 00:31:08.200
In order to be your capability,
you need to have a winning team,
322
00:31:08.319 --> 00:31:15.279
certification, train people that are constantly
engaged into cyber security. See that balance
323
00:31:15.359 --> 00:31:22.519
cyber security from the front line.
Now Workforce Development is a very critical issue
324
00:31:22.559 --> 00:31:29.240
now, if we think about the
way the workforce is shaped and moving.
325
00:31:30.359 --> 00:31:37.759
You know, the workforce has to
perform outside of the certifications and grow outside
326
00:31:37.799 --> 00:31:44.079
of certification, because that's one of
the main problems with cyber is that team
327
00:31:44.200 --> 00:31:49.720
spend a lot of time working on
certification and working on education, but then
328
00:31:49.759 --> 00:31:56.480
when it becomes an engagement for during
the job, that's when the challenge is
329
00:31:56.519 --> 00:32:00.200
happened, okay, and there's no
set stone or something written down that teaches
330
00:32:00.279 --> 00:32:06.559
people how to do their job.
Individual has to stay engage, leadership has
331
00:32:06.680 --> 00:32:15.119
to be in place and biocracy and
unwritten rules have to be known. Now,
332
00:32:15.160 --> 00:32:22.799
the workforce for cybersecurity works across many
lines, looking at the financial industry,
333
00:32:22.920 --> 00:32:27.359
looking at the government industry and also
to just looking at the healthcare sector.
334
00:32:27.480 --> 00:32:32.720
You know, the healthcare sector has
many challenges, from like robotics software
335
00:32:32.880 --> 00:32:39.960
to medical devices, to data privacies, hipper and Pi, because the medical
336
00:32:40.000 --> 00:32:45.799
industry is strong at trying to protect
data, and this is where cyber security
337
00:32:45.920 --> 00:32:51.880
operates as well too. But there
are a lot of challenges for the help
338
00:32:51.920 --> 00:32:55.559
scare sector and if you are someone
that works in the healthcare sector, I'm
339
00:32:55.559 --> 00:33:02.119
pretty sure you have seen many issues
as relates to cyber security. But stay
340
00:33:02.200 --> 00:33:07.200
with me because an episode six we're
going to talk about security challenges for the
341
00:33:07.279 --> 00:33:14.599
health care sector. And keep in
mind you are only a safeacial mindset you've
342
00:33:14.599 --> 00:33:17.799
been listening to the chief of Cyber
Security Podcast, where you have gained relevant
343
00:33:17.839 --> 00:33:23.119
knowledge to enhance your cyber security mindset. Be Sure to visit dwayne heartcom to
344
00:33:23.200 --> 00:33:30.160
learn more about authored publications, show
notes and discover more information concerning cyber security.