Episode Transcript
WEBVTT
1
00:00:01.919 --> 00:00:07.190
Welcome to the chief of Cyber Security
Podcast, where we discuss relevant information concerning
2
00:00:07.190 --> 00:00:12.710
the cyber security workforce, Business Development
and best practices made possible by see miss
3
00:00:13.070 --> 00:00:17.789
learn more at seems Donet I.
for a list of authorized publications, visit
4
00:00:17.870 --> 00:00:23.660
Dwayne hardcom. And now here's your
host, Dwayne heart. I continue this
5
00:00:23.780 --> 00:00:28.620
episode of the Chief of Sobagecunity podcast
that I like to ask everybody of question.
6
00:00:29.539 --> 00:00:32.740
Do you have a soverage cudy mindset? All right, are you really
7
00:00:32.780 --> 00:00:36.969
thinking about soyber security or is this
that you're walking around say, Oh,
8
00:00:37.289 --> 00:00:42.810
I hope that I'm protected. Do
you know? Know, the mindset used
9
00:00:42.810 --> 00:00:48.130
by people can make a difference in
in successive favor, and that's no different
10
00:00:48.570 --> 00:00:54.600
with the oyper secuity feel because if
you don't have a sobergecuity mindset, you
11
00:00:54.759 --> 00:00:59.359
cannot channel your way through this industry
and you cannot figure out how those bad
12
00:00:59.439 --> 00:01:03.709
guys are working. All right.
So, and this podcast session we're going
13
00:01:03.750 --> 00:01:08.510
to focus on this oppe cybersecurity mindset. All right, and we really want
14
00:01:08.549 --> 00:01:15.629
to focus on that because because I
think is important to have a sobage cuitty
15
00:01:15.709 --> 00:01:21.579
mindset when you engage technology. Now, this is just not for business owners,
16
00:01:22.180 --> 00:01:26.859
just not for the facebook users.
It's for everybody. What is you
17
00:01:27.060 --> 00:01:32.019
soybage cuty mindset? Okay, and
do you have a soverage kitty mindset?
18
00:01:32.140 --> 00:01:36.930
So after this podcast session, I
want you to sit back and think.
19
00:01:37.650 --> 00:01:42.890
Do I really have a soverage cuty
mindset based on everything that I spoken about?
20
00:01:42.890 --> 00:01:47.799
Okay, so let's just talk about
something here. So let's see what
21
00:01:47.840 --> 00:01:51.920
we're going to talk about today.
All right. Well, we going to
22
00:01:52.000 --> 00:01:56.319
have to have a practical definition of
cyber security mindset, because you can go
23
00:01:56.439 --> 00:01:59.840
to Google and you can type in
many, many characters, you can go
24
00:01:59.959 --> 00:02:04.030
to facebook, you can pick up
a book, but does it really tell
25
00:02:04.030 --> 00:02:07.549
you what the Cyberg kid of mindset
is all about? I'm pretty sure most
26
00:02:07.590 --> 00:02:10.870
people understand mindset right, which is
the mentality, you know, to think
27
00:02:10.909 --> 00:02:15.020
of certain way. All right.
Now, there are certain components that go
28
00:02:15.340 --> 00:02:19.620
along with the Cyberge cuity mindset,
all right, and we're going to look
29
00:02:19.659 --> 00:02:25.379
at those components that make up the
Cyberge cuty mindset and really also to try
30
00:02:25.419 --> 00:02:34.729
to bridge this into real life occurrencies, incidents and things that you face on
31
00:02:34.810 --> 00:02:39.449
the daily basis, because we cannot
have separation from sybage cuty mindset and what
32
00:02:39.610 --> 00:02:44.560
you do on a daily basis.
Now I got something else to tell you
33
00:02:44.719 --> 00:02:49.159
too, and this is a little
secret and you can tell all your friends
34
00:02:49.199 --> 00:02:53.319
about it as well too, when
this podcast session is at the end.
35
00:02:53.639 --> 00:02:57.599
I got a surprise that I'm going
to tell you, and I really want
36
00:02:57.639 --> 00:03:00.830
you to stay with me for this
podcast sets because when you hear the surprise
37
00:03:00.909 --> 00:03:05.310
at the end, right, you're
going to be ready. You you're going
38
00:03:05.310 --> 00:03:08.349
to be mentally armed to combat cyber
security. Now, that's one of the
39
00:03:10.069 --> 00:03:15.379
familiar topics are always like to say, is that cybergecurity makes you mentally armed.
40
00:03:15.580 --> 00:03:22.060
All right, mentally arm means that
that you have the knowledge to go
41
00:03:22.259 --> 00:03:29.169
out there and to engage soyperecurity yourself. All right, I remember when I
42
00:03:29.289 --> 00:03:34.409
first started this industry what type of
mindset that I have. You know,
43
00:03:34.490 --> 00:03:38.129
I came out of the military,
so I was always prompt, ready to
44
00:03:38.210 --> 00:03:42.159
go. If I saw something wrong, I spoke about it. That was
45
00:03:42.319 --> 00:03:47.599
part of that cyber security mindset,
all right. Now, something else is
46
00:03:47.719 --> 00:03:53.319
that we want to really try to
define what sybergecuity mindset it's all about.
47
00:03:53.639 --> 00:03:57.389
All right, so I could go
pick up western Western dictionary and I can
48
00:03:57.430 --> 00:04:00.069
read out of Webst ditionary and I
can tell you what cyber security is and
49
00:04:00.110 --> 00:04:04.469
I can see what mindset is all
about, but then listener still may be
50
00:04:04.550 --> 00:04:09.310
kind of loss so what I am
going to do is to break it down
51
00:04:09.389 --> 00:04:14.259
for you. So let's think about
this for a minute. The cybercurity mindset
52
00:04:15.259 --> 00:04:20.420
is it is nothing more than the
mentality required to engage cyber security. All
53
00:04:20.459 --> 00:04:25.410
right, so you can think about
this as a thinking process. All right,
54
00:04:25.850 --> 00:04:30.970
how do you get from point a
to point Z when you engage cybersecurity?
55
00:04:30.329 --> 00:04:35.009
All right, part of that if
you got to practice good cyber behavior.
56
00:04:35.449 --> 00:04:41.079
Now, what is behavior? Okay, it is it. It is
57
00:04:42.240 --> 00:04:46.600
really looking at cyber security and seeing
what's right and wrong and being able to
58
00:04:46.720 --> 00:04:49.839
address it. Some of the other
elements to is that you got to have
59
00:04:49.959 --> 00:04:55.350
a cyber focus attitude. All right, so you walk, talked and you
60
00:04:55.550 --> 00:04:59.990
breathe cybersecurity. All right, when
you walk, talk and breathe Cybersecurity,
61
00:05:00.389 --> 00:05:04.110
that's when you had that mentality and
you understand how is supposed to operating.
62
00:05:04.910 --> 00:05:09.180
All right. One of the other
factors to and I'm going to use this
63
00:05:09.300 --> 00:05:14.860
as a as a person's example,
right, you have to have a security
64
00:05:14.899 --> 00:05:17.779
engine. If you think about a
car, right, if you put enough
65
00:05:17.819 --> 00:05:21.569
gas in your car, right,
and if you have a key and you
66
00:05:23.050 --> 00:05:27.649
and you turn D eniction on,
all right, that car is going to
67
00:05:27.769 --> 00:05:30.529
come on and you're going to be
able to drive for a long distance.
68
00:05:30.050 --> 00:05:36.439
Well, if you're motivated to to
engage into Cybersecurity, which is your gas,
69
00:05:38.560 --> 00:05:42.879
your security engine will operate all right. And when you look at your
70
00:05:44.040 --> 00:05:49.990
security engine, it is really being
involved with cybersecurity. And one of the
71
00:05:50.029 --> 00:05:55.949
last piece is that you think holistically
about things. So that means that you
72
00:05:56.110 --> 00:06:00.790
looking at soyber security from three hundred
and sixty degrees. All right, so
73
00:06:00.910 --> 00:06:03.899
you're looking at all the elements and
putting together and coming up with the best
74
00:06:03.939 --> 00:06:09.660
practices. All right, this is
one of the most important pieces right here,
75
00:06:10.180 --> 00:06:16.459
as to think holistic about the way
you do sobersecurity, because cybersecurity mindset,
76
00:06:16.819 --> 00:06:23.089
it's definitely, definitely has, has
a crown connection to real world issues.
77
00:06:23.490 --> 00:06:28.329
Okay, so let's talk about those. One of those is that the
78
00:06:29.050 --> 00:06:35.759
responsibility chain. Right, who is
responsible for sobersecurity? And most organizations the
79
00:06:35.879 --> 00:06:40.560
CIS, so is the gatekeeper,
he is the one that has the key
80
00:06:40.639 --> 00:06:44.079
to the gate. All right,
and blame is going to be put on
81
00:06:44.160 --> 00:06:46.350
the CI so so for everything.
All Right, poor guy, all right,
82
00:06:48.069 --> 00:06:53.389
he's going to get the blame for
everything. All right, because he's
83
00:06:53.430 --> 00:06:57.750
a sober security guy. All right. But but people that work below him,
84
00:06:57.910 --> 00:07:01.100
they also have a responsibility as well
too. But but in this world
85
00:07:01.139 --> 00:07:04.300
as obscurity, you know, there's
always the shifting a blame. Okay,
86
00:07:04.740 --> 00:07:10.860
when you shift blame, okay,
so that means that you're not taking responsibility.
87
00:07:10.899 --> 00:07:14.699
This is one of the main problems
with Obersecurity Day. All right,
88
00:07:15.139 --> 00:07:17.730
when you are in that mindset,
you've dispel that. You put you to
89
00:07:17.810 --> 00:07:24.009
the side. Also to there are
people, process and tools that go along
90
00:07:24.649 --> 00:07:30.000
with this real world issues here.
Okay, people are the ones that that
91
00:07:30.160 --> 00:07:34.199
as she uses sobergecuity. Okay,
processes is good from point a to B.
92
00:07:34.800 --> 00:07:39.959
Tools are pretty much, if you
think of a software package that you
93
00:07:40.079 --> 00:07:44.350
can use to to manage sober security. Because if you are a security aneris
94
00:07:44.389 --> 00:07:46.910
out there somewhere, because you know
about arc site, because you know about
95
00:07:46.910 --> 00:07:51.269
splunk, you know about tenable nexus
and all the different software tools. Right,
96
00:07:53.069 --> 00:07:57.149
if you don't use them the right
way, they are meanless. All
97
00:07:57.149 --> 00:08:00.899
right. So so you have to
have a sobage cuty mindset, because if
98
00:08:00.980 --> 00:08:05.100
you look at at a threat log
that tells you that that someone should not
99
00:08:05.180 --> 00:08:09.980
have assets to the system and you
know that they should not have assets to
100
00:08:09.060 --> 00:08:15.209
the system and you sitting back watching
facebook and you're not engaged on that,
101
00:08:15.610 --> 00:08:20.050
your Soberg security mindset is by four
low. You are at negative one,
102
00:08:20.129 --> 00:08:24.209
at the bottom. All right.
Some of the other factors is that proactive
103
00:08:24.250 --> 00:08:30.519
versus reactive. Right, and this
modern world of technology, we always want
104
00:08:30.560 --> 00:08:35.960
to be proactive about the way we
have a business, because being reacted means
105
00:08:35.000 --> 00:08:39.080
that you got to play catch up
at the end. So when you have
106
00:08:39.240 --> 00:08:41.909
that soberagecuity mindset, what you're going
to be doing is you're going to be
107
00:08:43.149 --> 00:08:48.149
proactive about things. If you look
at a lot of incidents that have happened
108
00:08:48.149 --> 00:08:50.389
over the past couple of years,
if you can only look back and say,
109
00:08:50.429 --> 00:08:56.139
okay, only if they were proactive
at taking care of business, all
110
00:08:56.179 --> 00:09:01.259
right, all right. So part
of the element is that you have to
111
00:09:01.419 --> 00:09:09.210
be proactive more so than reactive,
because reactive is when you have an emergency
112
00:09:09.450 --> 00:09:13.049
in place. Now we don't want
to be an emergency mode all the time.
113
00:09:13.370 --> 00:09:18.370
All right, some of the other
factors. Is that a confused state.
114
00:09:18.690 --> 00:09:22.289
If you notice that when something happens, people, people are kind of
115
00:09:22.409 --> 00:09:28.639
not in a standard state, because
he's working in a confused state. So
116
00:09:28.759 --> 00:09:31.840
what they so what disvererge Cety of
mindset does? It actually allows people to
117
00:09:31.960 --> 00:09:37.480
have a standard to work by.
Okay, so you can resolve problems.
118
00:09:37.120 --> 00:09:43.029
All right now, these are the
connection to real world issues, but also
119
00:09:43.149 --> 00:09:48.830
to there are major, major components
of the soverage cuitty mindset, major components,
120
00:09:50.149 --> 00:09:52.139
and I and I really want you
to stay with me now, because
121
00:09:52.139 --> 00:09:56.779
if you're going to get a couple
of coffee now, I would like for
122
00:09:56.940 --> 00:10:01.419
you to at least sit down here
and stay with me for a second,
123
00:10:01.460 --> 00:10:05.419
because these are the major components that
make up to soverage cutty mindset. So
124
00:10:05.500 --> 00:10:11.169
so let's talk about these components,
all right. So, so let's talk
125
00:10:11.210 --> 00:10:13.769
about one of the main ones,
which is the inclusive culture. When we
126
00:10:13.889 --> 00:10:18.850
take about the includes a culture,
right, we are talking about at buying
127
00:10:18.929 --> 00:10:24.679
process, okay, we are talking
about and Organization of people that have bought
128
00:10:24.759 --> 00:10:30.799
into cybersecurity. What you notice is
that there's an image being followed. All
129
00:10:30.799 --> 00:10:37.230
right, everybody is on the same
page. People are having a certain language
130
00:10:37.269 --> 00:10:41.309
that they use. All right,
when you have an inclusive culture, that
131
00:10:41.509 --> 00:10:46.710
courtures built for that organization. If
you think about the government and the way
132
00:10:46.750 --> 00:10:52.779
that they practice cybersecurity, that's a
different culture. If you go to Bank
133
00:10:52.860 --> 00:10:56.740
of America because they are protecting financial
information, that's a different culture and people
134
00:10:56.779 --> 00:11:01.820
have to be a part of that
courture. Part of that culture is to
135
00:11:01.899 --> 00:11:05.330
have a growth mindset, is to
realize that because you have not had a
136
00:11:05.450 --> 00:11:09.409
cybersecurity incident, that does not mean
that you're safe. All right, and
137
00:11:09.730 --> 00:11:13.210
and if you believe you're safe,
see that's called a fixed mindset. All
138
00:11:13.250 --> 00:11:18.759
right. So part of that effort
is to have a growth mindset and knowing
139
00:11:18.879 --> 00:11:22.120
that although we don't see problems,
you know what, we still need to
140
00:11:22.200 --> 00:11:26.759
grow because you have to be vigil
one of the other factors to change.
141
00:11:26.799 --> 00:11:31.080
Change is always going to happen because
you have to embrace change, because cybersecurity
142
00:11:31.240 --> 00:11:35.590
is a change in industry. Okay, because today you're doing good and it's
143
00:11:35.629 --> 00:11:39.190
Friday afternoon and you're happy and you're
going to go to Miami, you're going
144
00:11:39.190 --> 00:11:43.669
to have a really good time,
but Monday morning when you come back,
145
00:11:43.629 --> 00:11:50.259
you got to pull your out okay. So you got to embrace change and
146
00:11:50.580 --> 00:11:54.259
part of that is to have a
buying structure. I always talk about a
147
00:11:54.340 --> 00:12:00.620
buying structure because people have to buy
into cyber security and be sold. And
148
00:12:00.779 --> 00:12:05.610
if you are upper manage management of
an organization, that's probably one of the
149
00:12:05.730 --> 00:12:09.610
hardest challenges that you ever going to
have is to go have a buy instruction,
150
00:12:09.009 --> 00:12:13.490
all right, for your people.
One of the other fact factor to
151
00:12:13.570 --> 00:12:18.840
a training, because when you bill
training, it should model the organization.
152
00:12:18.879 --> 00:12:22.960
All right. I know a lot
of time when we do cyber awareness training,
153
00:12:22.039 --> 00:12:26.639
you know, we see the little
cartoon characters, you know, and
154
00:12:26.799 --> 00:12:30.950
you hit the button and you keep
hitting the button and it's the same training
155
00:12:31.110 --> 00:12:35.269
over and over again. I've always
thought that video game should be used to
156
00:12:35.269 --> 00:12:39.629
give training. Make it more real
world, make it, make it functional
157
00:12:41.149 --> 00:12:45.740
for people, all right, because
people want to be a part of something
158
00:12:45.779 --> 00:12:52.059
that good. Make it more relatable. All right, I'll I just have
159
00:12:52.299 --> 00:12:56.299
my own pet peas about training.
I just think it should be fun.
160
00:12:56.980 --> 00:13:01.250
I just think that if it's one
of those factors where you can have people
161
00:13:01.450 --> 00:13:05.730
to get involved with it and it
could be fun. More so fun now
162
00:13:05.769 --> 00:13:13.120
now, outside of the inclusive culture, all right when you build that includes
163
00:13:13.159 --> 00:13:16.120
a courture. All right. What
you're going to get out of that is
164
00:13:16.200 --> 00:13:20.720
that people situational awareness is going to
be high. All right. For All
165
00:13:20.799 --> 00:13:24.600
you military people that are listening to
me, I know you heard of situational
166
00:13:24.720 --> 00:13:28.909
aware this before. If you was
on a naval ship in the middle of
167
00:13:28.950 --> 00:13:33.990
the ocean, situation awareness was in
front of you for combat warfare. All
168
00:13:33.029 --> 00:13:37.590
right, and that's what cyber securitiou
is about, combat warfare. All right,
169
00:13:39.629 --> 00:13:46.259
situation awareness is is really really thinking
about where you are, and normally
170
00:13:46.340 --> 00:13:50.659
something is wrong. Now the key
fact is that you have to understand the
171
00:13:50.740 --> 00:13:56.129
environment. Okay. Now that goes
back to the inclusive culture. Is that
172
00:13:56.250 --> 00:14:03.049
when you understand the environment, like
you know how a typical type of environment
173
00:14:03.090 --> 00:14:05.210
operates, right, and you can
engage on that. Let's just say,
174
00:14:05.289 --> 00:14:09.320
for instance, right, everybody in
here probably had an Arncle that was a
175
00:14:09.399 --> 00:14:16.480
mechanic, right, and he probably
worked on cards and and if you went
176
00:14:16.559 --> 00:14:22.720
out in the backyard and if he
turned on his favorite Cadillac, he would
177
00:14:22.759 --> 00:14:26.990
come back and tell you and say
she has a problem. You go wet
178
00:14:26.029 --> 00:14:31.029
because he knows how that engine sound. Right. The same concept for cyber
179
00:14:31.070 --> 00:14:35.029
security. If you part of that
environmental knowledge. You know how it operates
180
00:14:35.389 --> 00:14:39.860
because you know how the environment operates, because you know the IP address scheme,
181
00:14:41.299 --> 00:14:46.820
because you know how certain applications operating. Right. So, so if
182
00:14:46.860 --> 00:14:52.659
you have that situation awareness, then
you can make things happen. I remember
183
00:14:52.779 --> 00:14:56.129
my first engagement into situation wharing.
This was was been on the naval ship.
184
00:14:58.690 --> 00:15:01.929
You know, my primary mission was
to search aircrafts and try to engage
185
00:15:01.970 --> 00:15:05.610
out crafts, and I remember when
the captain was standing behind me and he
186
00:15:05.690 --> 00:15:09.600
said, chief heart, who is
that a cure frontal to the left or
187
00:15:09.639 --> 00:15:13.559
there? I like, well,
sir, that's a Pthree, and I
188
00:15:13.679 --> 00:15:18.080
had to give him information and I
knew it was a pthree because because I
189
00:15:18.159 --> 00:15:20.549
had certain sensors that I could look
at. Now, part of the cyber
190
00:15:20.629 --> 00:15:24.830
is part part of the situation whearing
this is to have a cyber sense,
191
00:15:26.110 --> 00:15:28.549
okay, a cyberth sense, and
saying that I know this is wrong.
192
00:15:30.070 --> 00:15:33.309
All right, think about this.
When you leave your house, you know
193
00:15:33.710 --> 00:15:39.659
how your furniture is arranged, you
know what are the lights are turned off
194
00:15:39.340 --> 00:15:43.019
and you know whether the TV is
off to right. So if you come
195
00:15:43.100 --> 00:15:46.700
back home and you know this your
TV is on and you see McDonald's on
196
00:15:46.779 --> 00:15:50.809
the table and nobody else has a
key to your house. That's your situation
197
00:15:50.889 --> 00:15:54.370
where the ship rise up. Is
something wrong, and that's his part of
198
00:15:54.529 --> 00:16:00.250
your environment, part of your environmental
knowledge. All right, but you have
199
00:16:00.450 --> 00:16:03.559
to trust your cyber senses, though, and you build upon your cyber senses,
200
00:16:03.960 --> 00:16:08.360
because if you're working in out and
you're working in Cyprus and cyber when
201
00:16:08.399 --> 00:16:15.159
you come on board and you see
something wrong, maybe a vulnerability right that
202
00:16:15.320 --> 00:16:18.830
you never seen before, you have
to investiget. I remember times when there
203
00:16:18.870 --> 00:16:22.070
were rolled devices on the network and
people just got medicine. Oh well,
204
00:16:22.149 --> 00:16:25.590
that's not part of the net with
what you need to investigate it. What
205
00:16:25.830 --> 00:16:30.350
is it? All right, I
was a early guy working as an HBSS
206
00:16:30.389 --> 00:16:36.179
analyst for you people that that are
in the dald space. You know about
207
00:16:36.220 --> 00:16:40.620
epararkers creator, you know those long
nights, a midnight to aid in the
208
00:16:40.659 --> 00:16:45.340
morning, standing a watch. I
was there watching a lot of things and
209
00:16:45.460 --> 00:16:48.210
I remember I used to see things
that were out of order, like rogue
210
00:16:48.250 --> 00:16:51.129
devices and so forth, and I
have to make all of those reports.
211
00:16:52.009 --> 00:16:53.929
All right. Some of the other
fact that that you want to think about
212
00:16:53.929 --> 00:16:59.169
to when it comes to situation where
in this is information sharing. Okay,
213
00:16:59.769 --> 00:17:06.000
information sharing. This very, very
important. Okay, because because we're information
214
00:17:06.079 --> 00:17:10.160
sharing, all right, because you
need to know who, what and why
215
00:17:10.319 --> 00:17:14.400
and went to share data with,
because if you don't, you could increase
216
00:17:14.519 --> 00:17:18.710
risk. All right. So,
speaking a risk, let's just talk about
217
00:17:18.789 --> 00:17:22.269
risk space thinking. You know,
it's getting far now. For you cyber
218
00:17:22.349 --> 00:17:26.670
security folks out there. You know
what risk space thinking is all about.
219
00:17:26.670 --> 00:17:33.259
All right, because in the normal
type of environment we are always compliance focus,
220
00:17:33.900 --> 00:17:37.339
but if you focus on risk,
you are looking at the entire picture.
221
00:17:37.779 --> 00:17:41.779
Okay, this is where the three
hundred and sixty degrees of security visibility
222
00:17:41.940 --> 00:17:47.410
comes comes to play into surface,
because with risks, right, we want
223
00:17:47.450 --> 00:17:52.210
to look at the entire picture.
We are thinking about holistic defense. All
224
00:17:52.250 --> 00:17:56.289
right, some of the elements that
go along with risks. Always like to
225
00:17:56.849 --> 00:18:00.599
give this a knowledgy here. Let's
say, for instance, if you had
226
00:18:00.640 --> 00:18:06.279
a hundred checks, right, and
if the organization say that if we get
227
00:18:06.440 --> 00:18:10.160
ninety of these right, we get
a ninety percent and that's how benchmark all
228
00:18:10.160 --> 00:18:12.829
right. So so you do your
compliant checks and you get a ninety and
229
00:18:12.910 --> 00:18:18.190
you pass it. Should you stop
there, all right, should you stop,
230
00:18:18.269 --> 00:18:22.710
get some coffee, go to McDonald's
and say, who excresses Ow it?
231
00:18:22.029 --> 00:18:25.829
Well, guess what? Discretion still
are you still got a ten percent
232
00:18:25.910 --> 00:18:27.660
factor there. So you have to
look at the entire picture, and this
233
00:18:27.900 --> 00:18:32.259
is where risk space thinking comes to
play a key role. Now, it's
234
00:18:32.339 --> 00:18:36.099
nothing wrong about compliance, because it
gives us a benchmark to go follow,
235
00:18:36.619 --> 00:18:41.569
but what we have to do is
to think about risk. We we have
236
00:18:41.690 --> 00:18:45.009
to look at the entire picture,
a scoping of thing. Okay, some
237
00:18:45.170 --> 00:18:52.250
of the other factors that goes along
with risk, spake snaking is your response,
238
00:18:52.609 --> 00:18:56.079
which is your responsible actions and ownership. Right. This is where shifting
239
00:18:56.160 --> 00:19:02.240
the blame comes to play a key
role here, right, because when you
240
00:19:02.480 --> 00:19:07.000
take response disability for cyber security,
and you see risk, it's not a
241
00:19:07.119 --> 00:19:11.670
bad thing because, because if you
don't know what's on your environment, then
242
00:19:11.710 --> 00:19:15.869
you can't protect yourself. So if
you find the risk, it's an opportunity
243
00:19:15.309 --> 00:19:18.950
to go take advantage of things,
because what you don't want to have is
244
00:19:19.069 --> 00:19:22.549
to have an environment what you so
reactive all the time, all right,
245
00:19:23.190 --> 00:19:26.940
because you want to be proactive.
All right. So so if you have
246
00:19:27.220 --> 00:19:33.059
that risk space thinking, you are
always thinking about. Okay, I know
247
00:19:33.380 --> 00:19:36.660
that we got a ninety percent,
but I need to take it further.
248
00:19:37.059 --> 00:19:41.130
All right, when you have risk
space thinking, all right, you are
249
00:19:41.130 --> 00:19:45.369
always in that growth mindset category.
All right, you know, you're trying
250
00:19:45.410 --> 00:19:48.930
to grow and you're trying to get
better. All right, proactives have been
251
00:19:48.049 --> 00:19:52.849
reacting measures, right, you know
what. You want to be proactive about
252
00:19:52.849 --> 00:19:56.640
things. All right, this is
what risk space thinkings is all about.
253
00:19:56.400 --> 00:20:00.319
All right. Now, I know, for instance, that that if you
254
00:20:00.440 --> 00:20:06.000
are in this sobogscuted world and if
you have our ever have done a security
255
00:20:06.319 --> 00:20:11.190
assessment before, this is what wrist
space thinking comes to play a key role.
256
00:20:11.750 --> 00:20:18.349
Now, I realized that if organization
fails their security assessment test, that
257
00:20:18.990 --> 00:20:22.700
that the clients may get a little
worried, or if they fell an audit.
258
00:20:22.339 --> 00:20:25.940
And this is what risk space thinking
is come to play a key roll,
259
00:20:26.019 --> 00:20:30.779
because risk can be created by people
too, by by not giving the
260
00:20:30.779 --> 00:20:37.049
right information, by taking reports and
falsify them. I'm not I'm not here
261
00:20:37.089 --> 00:20:40.089
to make a statement and to say
what you can and cannot do. I'm
262
00:20:40.170 --> 00:20:44.210
just speaking the facts. All right, risk space thinking is very, very
263
00:20:44.329 --> 00:20:48.089
important because, because you have to
have an understanding of risk, so you
264
00:20:48.170 --> 00:20:52.319
know where you are headed at all. Right now. Now, if you
265
00:20:52.400 --> 00:20:57.839
understand risk, one of the things
that can happen is that that you can
266
00:20:57.920 --> 00:21:04.630
move into an area what you can
transform your mindset. Transforming the mindset is
267
00:21:04.710 --> 00:21:07.829
very a very important see now,
see, you know. Now it's getting
268
00:21:07.869 --> 00:21:11.230
good. Now it's getting really good. Okay, because when you transform your
269
00:21:11.269 --> 00:21:15.710
mindset, some of those always that
you have to a cybersecurity is gone.
270
00:21:17.269 --> 00:21:22.940
All right, because in this day's
right we are involved with digital modetization.
271
00:21:22.380 --> 00:21:26.819
When you go through digital modemization,
it a transformation, it is changing the
272
00:21:26.900 --> 00:21:32.859
way we do business. Part of
those elements that ashually go with transforming the
273
00:21:32.930 --> 00:21:38.210
mindset is to go realize that you
need to look at security from three hundred
274
00:21:38.289 --> 00:21:42.730
and sixty degrees. All I want
to make a statement here in the statement
275
00:21:42.930 --> 00:21:48.359
is that there's a direct link and
connection with everything that I'm talking about,
276
00:21:48.359 --> 00:21:51.960
because when I first started, I
said that there's elements that actually make up
277
00:21:51.960 --> 00:21:55.599
to cyberscrate mindset, because it's a
process. And now, as you see,
278
00:21:56.119 --> 00:22:00.279
when I spoke about the inclusive courtsial
situation, where in this wrist base
279
00:22:00.359 --> 00:22:04.549
thinking, and now I transform and
start to talk about transforming the mindset.
280
00:22:04.710 --> 00:22:10.470
Now you see what all the distance
working. Okay, because digital modization is
281
00:22:10.509 --> 00:22:15.069
about making things better, and part
of that digital modetization is to go and
282
00:22:15.109 --> 00:22:18.099
look at your people and, you
know, to make sure that people are
283
00:22:18.140 --> 00:22:22.180
properly trained. Because if you have
an organization out there, let's say,
284
00:22:22.180 --> 00:22:29.940
for instance, if you have a
bunch of your employees that are probably a
285
00:22:30.250 --> 00:22:33.609
security plus, Short, short five, which is which is good. But
286
00:22:33.730 --> 00:22:37.210
imagine if you can take the organization
and have everybody is to get to see
287
00:22:37.250 --> 00:22:42.369
I ssp. All right, this
is where the value proposition mentality comes to
288
00:22:42.450 --> 00:22:45.880
play, key roll, because if
you a business owner or if you are
289
00:22:45.920 --> 00:22:53.319
a candidate that is working in at
the value proposition mentality is very high.
290
00:22:53.599 --> 00:23:00.829
It's very good, because what happens
is that that you bring more capabilities,
291
00:23:00.589 --> 00:23:04.269
not so much to your company and
not so much from the company to the
292
00:23:04.390 --> 00:23:08.269
clients, but you bring it to
yourself. Just just imagine this, right,
293
00:23:10.109 --> 00:23:15.859
if it was a company out there
only only and only had maybe six
294
00:23:15.940 --> 00:23:21.460
or seven different type of cyber security
capabilities, and, let's say instant,
295
00:23:21.819 --> 00:23:25.819
I of if they wanted to expand
those to twelve and thirteen different type of
296
00:23:26.140 --> 00:23:30.329
capabilities right. A part of that
is having that workforce in place, and
297
00:23:30.609 --> 00:23:34.250
so they hire people that got background
in cloud, people that got got background
298
00:23:34.329 --> 00:23:37.049
in different, different areas of cyber
security, and you know, they have
299
00:23:37.130 --> 00:23:42.000
all these certifications. So what that
means that that your capabilities rises up.
300
00:23:42.480 --> 00:23:48.559
Now, once your capabilities increase,
now you are better service to your clients.
301
00:23:48.839 --> 00:23:52.960
And if you are better service to
your client now, what happens here
302
00:23:52.039 --> 00:23:55.829
is that you become a high value
asset. And if you are high a
303
00:23:56.069 --> 00:23:59.869
asset, that's where the money start
flow. They would not let you go.
304
00:24:00.470 --> 00:24:06.630
Now. This is part transforming the
mindset is to increase your capability profile.
305
00:24:07.230 --> 00:24:12.940
And it works whether you are a
steward and sobagecurity. What are Your
306
00:24:14.019 --> 00:24:18.500
Business or what are you just as
a client to that kind of wants to
307
00:24:18.539 --> 00:24:23.369
look at this and want your vendors
to have better capabilities. You know,
308
00:24:23.450 --> 00:24:30.609
it's well too. Part of this
element to when you when you transform the
309
00:24:30.650 --> 00:24:33.809
mindset is that you're going to be
wearing the hackers hat, all right,
310
00:24:34.289 --> 00:24:38.440
so so so when you wear that
hackers hat and so you're thinking like a
311
00:24:38.480 --> 00:24:42.480
hacker. All right, so you're
going to place your employers in a place
312
00:24:42.920 --> 00:24:48.240
where everybody thinks like a hacking.
Now now I'm talking on the ethical side,
313
00:24:48.640 --> 00:24:52.069
because there is the unethical hacking as
well too. But see, we
314
00:24:52.150 --> 00:24:56.750
talking ethical, right. And if
you can place your people to think like
315
00:24:56.829 --> 00:25:03.069
a hacker, you can a always
and always and always operate. And what
316
00:25:03.230 --> 00:25:07.900
I call the sober security mode of
operation. Now the cybersecurity mode of operation
317
00:25:07.140 --> 00:25:15.700
is has talk about ongoing practice and
looking at cybersecurity from a continuous monitor point.
318
00:25:17.299 --> 00:25:21.450
Part of that is to make sure
that you have that adaptive mindset.
319
00:25:22.130 --> 00:25:27.890
So let's talk about the adaptive mindset. The adapted mindset is really really looking
320
00:25:27.970 --> 00:25:33.769
at residence. Okay, knowing that
when you deal with Cybersecurity, you know
321
00:25:33.849 --> 00:25:38.279
that always going to be changes.
Okay, you can go one day and
322
00:25:38.400 --> 00:25:42.839
you got a system that is working
fine, but then fifteen or twenty minutes
323
00:25:42.880 --> 00:25:47.759
later there's a problem with the system. All right, and this is what
324
00:25:47.960 --> 00:25:52.470
that adapted mindset comes to play a
key role because you become resilient, because
325
00:25:52.509 --> 00:25:57.309
you realize that that you need to
put things back in place. But having
326
00:25:57.349 --> 00:26:03.710
that adaptive mindset goes back to being
proactive and what you do with cybersecurity.
327
00:26:03.190 --> 00:26:08.180
Okay. Now, now, part
of that too is to go and to
328
00:26:08.299 --> 00:26:18.690
also think about think about continuous monitor
yeah, because we can. We continuous
329
00:26:18.730 --> 00:26:23.809
monitor. You always engage and always
looking at side security and seeing sin exactly
330
00:26:25.049 --> 00:26:30.529
where you can go. All right. Now now let's talk about the industry
331
00:26:30.609 --> 00:26:33.799
usage. All Right, here's here's
the way. You take this oberscate of
332
00:26:33.839 --> 00:26:37.240
mindset and use it in the industry
and make it very simple. Oh,
333
00:26:37.440 --> 00:26:41.920
simple. Did I say simple?
Yeah, just I did say simple.
334
00:26:41.359 --> 00:26:45.960
Simple means that you want to keep
security simple. You don't want to make
335
00:26:45.000 --> 00:26:51.470
it hard, because security shouldn't should
not be hard. Now it becomes hard
336
00:26:51.589 --> 00:26:55.390
because there is no order process.
There is no process, all right,
337
00:26:55.829 --> 00:27:00.029
because people are at hot now.
Ad Hoc means that that you're running and
338
00:27:00.150 --> 00:27:03.900
you're not going from a to be
to C. Right, you did,
339
00:27:03.059 --> 00:27:06.619
you know. You try to jump
from A to Z, but that's a
340
00:27:06.700 --> 00:27:08.700
process, all right. So when
you add hoc, you know you just
341
00:27:08.779 --> 00:27:12.859
trying to patch things and fix things
and put it together, but eventually that
342
00:27:14.460 --> 00:27:18.809
fault would come back again. So
what the soberscuated mindset does is focus on
343
00:27:18.930 --> 00:27:22.529
try to keep security simple. All
right, and it can be simple.
344
00:27:23.369 --> 00:27:30.119
Part of that is because you will
ressolve disc connections and I state. That's
345
00:27:30.160 --> 00:27:37.079
because there's a lot of disconnections and
sober security, all right, and when
346
00:27:37.160 --> 00:27:41.079
you have those disc connections, then
where you can't get things right. So
347
00:27:41.200 --> 00:27:45.750
you always going to be trying to
fight from the rear and, you know,
348
00:27:45.950 --> 00:27:48.509
to take things, you know,
the wrong way. All right.
349
00:27:48.910 --> 00:27:52.390
One of this, one of the
things I like to say is that the
350
00:27:52.509 --> 00:28:00.420
soyberscruatey mindset is also using use in
industries out there, and I've seen a
351
00:28:00.460 --> 00:28:07.660
lot of people that actually use cybersecurity
for the best of the works, because
352
00:28:07.700 --> 00:28:11.819
it helped resolve solutions, because that's
the end state of the soyberscated mindset really,
353
00:28:12.609 --> 00:28:18.410
is to help bizarre solutions, because
there's problems out there. But if
354
00:28:18.450 --> 00:28:21.730
you have that mindset in place,
then you can channel from point a to
355
00:28:21.809 --> 00:28:23.890
point CE. I'm going to keep
repeating that, point a to point Z,
356
00:28:25.049 --> 00:28:30.319
because it's a process, all right. Now, now I also like
357
00:28:30.480 --> 00:28:37.319
to say that when you think about
the cyberscrty mindset, it's it just really
358
00:28:37.359 --> 00:28:42.829
really works, all right, and
it works because because it's a thinking model,
359
00:28:44.349 --> 00:28:48.869
right, and there are many,
many other pieces to the syberscuatey mindset.
360
00:28:49.190 --> 00:28:53.029
And and I'm going to talk about
your big surprise. All Right,
361
00:28:53.630 --> 00:29:00.460
January, the twenty Tewcod of two
thousand and twenty two, the first ever
362
00:29:00.579 --> 00:29:04.380
release of my first book called the
sobrage good in mindset of virtual and transformation
363
00:29:04.539 --> 00:29:07.859
thinking mode will be released. I
want to save that to the end,
364
00:29:07.940 --> 00:29:11.690
so I let everybody know, because
what I have went over today it just
365
00:29:11.809 --> 00:29:15.690
a small piece of what the book
is about. All right, and this
366
00:29:15.890 --> 00:29:19.650
much more information in the book,
because the book is for everyone. I
367
00:29:19.730 --> 00:29:22.890
don't care if you'll ceias. Oh, I don't care, if you are
368
00:29:22.890 --> 00:29:26.640
a regular reader, if your journalist, if you are a radio station host,
369
00:29:27.200 --> 00:29:32.519
whatever the book is, the book
is right for you. And January
370
00:29:32.519 --> 00:29:36.720
ready, the first ever release of
a cyber secuit of mindset will be out
371
00:29:36.759 --> 00:29:38.509
in print and I can't wait for
it to come out because I'm going to
372
00:29:38.589 --> 00:29:42.789
have some podcast sessions and I'm going
to have have have some invites on this
373
00:29:42.869 --> 00:29:48.069
show. And I tell you what, it really really works, because because
374
00:29:48.150 --> 00:29:52.500
one of the things that that you
get out of the cyber security mindset is
375
00:29:52.619 --> 00:30:00.539
that you can see why safeguard privacy
and and information share and operate together.
376
00:30:00.579 --> 00:30:04.660
All right, because that is very
important right there, because that is a
377
00:30:04.740 --> 00:30:11.089
very, very key element to the
cybersecurity all right, and guess what?
378
00:30:11.690 --> 00:30:18.170
All right, and episode three we're
going to be talking about that. You've
379
00:30:18.170 --> 00:30:22.359
been listening to the chief of Cyber
Security Podcast, where you have gained relevant
380
00:30:22.400 --> 00:30:26.640
knowledge to enhance your cyber security mindset. Be Sure to visit dwayne heartscom to
381
00:30:26.720 --> 00:30:33.680
learn more about authored publications, show
notes and discover more information concerning cyber security.
382
-->
