Episode Transcript
WEBVTT
1
00:00:02.000 --> 00:00:05.280
Alright, we're back in the studio
here in Atlanta and we have the rock
2
00:00:05.320 --> 00:00:09.080
star of the hour, a nothing
other than Mr Dwayne Hart joining us.
3
00:00:09.080 --> 00:00:11.359
This has been a great series.
I know I've been enjoying it. And
4
00:00:11.439 --> 00:00:14.880
today's topic is right in white wheelhouse
as well as I'm sure a lot of
5
00:00:14.919 --> 00:00:18.079
our listeners. If you own a
business, been in business, work for
6
00:00:18.079 --> 00:00:20.719
a business, this is it.
Let's make it happen. So we're gonna
7
00:00:20.719 --> 00:00:24.480
be talking about cyber security tips to
protect your business. Welcome to the show,
8
00:00:24.760 --> 00:00:28.800
Dwayne Art. It's always great being
you know, rich, business is
9
00:00:29.679 --> 00:00:33.240
business all at risk. Um.
But you know what, let's let's just
10
00:00:33.759 --> 00:00:37.759
let's just started off by saying that, Um, one of the one of
11
00:00:37.799 --> 00:00:42.840
the focus is I've always said is
that sober secuity moves everywhere on the like
12
00:00:43.039 --> 00:00:47.359
every platform you can think of.
Okay, So, so to all the
13
00:00:47.439 --> 00:00:54.119
listeners out there, take some good
notes and active h of soybergecuity mindset because
14
00:00:54.159 --> 00:00:57.840
this is gonna be a great topic. And I should mention to mentioned Dwayne
15
00:00:57.920 --> 00:01:00.479
Hart joining us on the show.
He is if you have an already heard
16
00:01:00.520 --> 00:01:03.120
the name uh in cybersecurity. He's
kind of the top dog you're kind of
17
00:01:03.159 --> 00:01:08.200
the deal right in that space,
right, So we're talking. Dwayne is
18
00:01:08.200 --> 00:01:12.920
the host of the Chief of Cybersecurity
podcast. He's also written a book on
19
00:01:12.959 --> 00:01:18.000
the topic, uh, the Cypersecurity
Mindset, and uh, he's here joining
20
00:01:18.040 --> 00:01:19.879
us in the studio today. So
you mentioned a business, So I mentioned
21
00:01:21.319 --> 00:01:23.200
Uh, if you're in business or
thinking about a business, A lot of
22
00:01:23.200 --> 00:01:27.560
businesses, there's a lot of hats
that have to um and you know,
23
00:01:27.640 --> 00:01:32.319
things are juggling right of Uh,
you know, getting the business started.
24
00:01:32.359 --> 00:01:34.519
You know, the viable product,
a viable marketplace that customers. You're managing
25
00:01:34.519 --> 00:01:41.239
customers and customer challenges, getting your
your product into the pipeline and your internet,
26
00:01:41.400 --> 00:01:45.439
right and that's where you're going to
talk about. Uh, unless you're
27
00:01:45.439 --> 00:01:48.239
doing I can't think of a business
that it's not using the Internet today right
28
00:01:48.359 --> 00:01:52.079
in some shape or form, Because
even if you're not selling online, you're
29
00:01:52.079 --> 00:01:56.760
dealing with customer emails and communication,
shipping logistics and so forth. That all
30
00:01:56.879 --> 00:02:00.319
goes through that pipeline. And if
you speaking of pipeline and Matt like a
31
00:02:00.400 --> 00:02:04.359
hose, a kink of the hose, if that happens, you're kind of
32
00:02:04.439 --> 00:02:10.120
up the river without the paddle right, because because the ultimate strategy is to
33
00:02:10.240 --> 00:02:15.000
understand the architect of cybersecurity. Okay, okay, So when I speak about
34
00:02:15.039 --> 00:02:21.919
the architect of sobersecurity, I'm talking
about all the intricate pieces business operations,
35
00:02:22.240 --> 00:02:28.039
customers, and all the legal aspects
that goes along with the businesses and how
36
00:02:28.120 --> 00:02:35.560
all of those integrate into cyber security
itself. Because one of the ways I've
37
00:02:35.599 --> 00:02:39.280
always thought that a business can strive
for success when it comes to cybersecurity is
38
00:02:39.319 --> 00:02:46.960
to really have an in depth view
of your visibility. Okay, what is
39
00:02:46.000 --> 00:02:50.360
it that you actually own, what
are the assets side there, who are
40
00:02:50.360 --> 00:02:54.560
your customers, what's the state of
your systems? If you don't know these
41
00:02:54.840 --> 00:03:00.680
intricate things about sobersecurity, then then
you set yourself up for failure. Uh.
42
00:03:00.960 --> 00:03:06.159
One of the topics in the sybersecated
mindset is always talking about that three
43
00:03:06.240 --> 00:03:13.759
hundred and sixty degrees of security visibility, and that is important because that allows
44
00:03:13.800 --> 00:03:17.800
you to sit back and think about
all the intricate pieces that actually operate your
45
00:03:20.240 --> 00:03:23.719
business when it comes to cybersecurity.
Yeah, keeping all those assets up to
46
00:03:23.800 --> 00:03:28.280
date, and that changes on a
pretty frequent basis, right, So you
47
00:03:28.400 --> 00:03:31.280
really have to have a team assigned, whether it's internal or you're contracting a
48
00:03:31.360 --> 00:03:35.439
company to kind of monitor all that
for you. Right, yes, yes,
49
00:03:35.479 --> 00:03:39.560
because the whole premises is to reduce
risk. Now, every organization is
50
00:03:39.599 --> 00:03:43.879
at risk. I am. I
am not here to say that if you
51
00:03:43.960 --> 00:03:47.879
put a million people on staff that
your company is gonna be a hundred percent
52
00:03:49.000 --> 00:03:53.319
safe. No, it's not gonna
happen because technology is always changing. So
53
00:03:53.319 --> 00:03:59.680
so what the business have to do
is gon realize their position in cybersecurity because
54
00:03:59.719 --> 00:04:06.560
of is served as a medium between
hackers and the customers. Because because as
55
00:04:06.599 --> 00:04:14.319
your customer base increase, as your
technology space increase, that also means that
56
00:04:14.360 --> 00:04:17.199
your attack surface will go increase as
well, because your attack surfaces. Saying
57
00:04:17.240 --> 00:04:25.240
that, okay, you you as
a corporation have have have a thousand endpoints,
58
00:04:25.480 --> 00:04:29.079
you know, all your computer service
and everything else. Right now,
59
00:04:29.879 --> 00:04:33.560
now you move up to a million. Now you have a million endpoints,
60
00:04:33.560 --> 00:04:38.720
So that means that your attack surface
increases a lot. And you know,
61
00:04:38.920 --> 00:04:45.519
the the more chances are being infiltrated
has has pretty much increased. But but
62
00:04:45.680 --> 00:04:51.319
you can counter that when the when
the concept of increasing protection and lower risk
63
00:04:51.399 --> 00:04:56.920
is in place, because as you
bring on these different services and the different
64
00:04:56.959 --> 00:05:01.079
assets and these different customers. That's
when you have to integrate sobersecurity in the
65
00:05:01.120 --> 00:05:05.839
process, because you don't integrate soberage
security once you get everything up and operating,
66
00:05:06.120 --> 00:05:10.879
right, right, because it's not
smart, it's not it's not great
67
00:05:10.879 --> 00:05:15.360
businesses. So we were talking before
the show about what you kind of just
68
00:05:15.399 --> 00:05:20.879
alluded to was as your exposure escalates
and elevates, which is great for business,
69
00:05:20.959 --> 00:05:24.399
right. So that's the yin and
yang. Right, So you don't
70
00:05:24.399 --> 00:05:28.560
want to be the best kept secret
in your industry. You want everybody as
71
00:05:28.959 --> 00:05:31.720
as especially your target audience, to
know about here's what we do, here's
72
00:05:31.759 --> 00:05:34.319
our service, here's how to get
in contact with us, here's how to
73
00:05:34.439 --> 00:05:39.160
do business with us. That's great
for business, right, to have that
74
00:05:39.240 --> 00:05:42.879
kind of exposure in the marketplace.
But also at the same time, Um,
75
00:05:43.000 --> 00:05:46.079
the yin and yang is that exposes
yourself to the cybersecurity hackers. Right.
76
00:05:46.399 --> 00:05:48.439
So you already you get on the
radar. You want to be on
77
00:05:48.480 --> 00:05:53.360
the radar of your customers and your
marketplace, but that's the trade off.
78
00:05:53.399 --> 00:05:57.360
Now you're on the radar on their
blip for the hackers. Right. Yes,
79
00:05:57.560 --> 00:06:02.879
yes, it's about having a balance
cybersecurity approach. Balance means that you
80
00:06:02.920 --> 00:06:06.199
don't really take one air and more
so serious than the other one, because
81
00:06:06.240 --> 00:06:15.240
they all all operate together to go
form the cybersecurity DNA. Okay, because
82
00:06:15.680 --> 00:06:17.879
you know, let's just think about
this for a second. If we take
83
00:06:17.920 --> 00:06:24.920
twenty four blocks and we stack them
up based on every aspect of cybersecurity that
84
00:06:25.040 --> 00:06:29.639
the company has to face, and
they all are connected, so that means
85
00:06:29.759 --> 00:06:33.399
if one of them fail, all
the rest of them fail as well too,
86
00:06:33.839 --> 00:06:41.439
because those are your genetic makeups for
cybersecurity. So I always like to
87
00:06:42.319 --> 00:06:47.480
make that statement in order to highlight
the picture is that the balance approach works
88
00:06:47.519 --> 00:06:53.600
well because you have to make sure
that you keep eyes and ears or your
89
00:06:53.680 --> 00:06:59.120
visibility up and operate. Now,
businesses are challenged to do that because a
90
00:06:59.120 --> 00:07:01.959
lot of times, you know,
the customer base and you know the technology
91
00:07:02.079 --> 00:07:11.160
is growing that people, and you
know, the rapid speed of cybersecurity is
92
00:07:11.319 --> 00:07:15.720
probably growing them as well. So
so we talked about the show about this,
93
00:07:15.839 --> 00:07:18.600
the tips to protect your business of
aberage curity. So we covered a
94
00:07:18.639 --> 00:07:23.720
couple So we we talked about,
um, you know, keeping your assets
95
00:07:24.240 --> 00:07:29.079
up to date. We talked about
your exposure. Now let's talk about another
96
00:07:29.079 --> 00:07:32.600
tip we that I think should be
on everybody's radar, disaster response plan to
97
00:07:32.720 --> 00:07:36.199
test it um. So what's involved? What does the disaster plan look like
98
00:07:36.959 --> 00:07:44.160
for a business? You know what
a disaster recovery plan is opposed to hope
99
00:07:44.199 --> 00:07:47.160
you recover when you have an emergency
situation. Let's say, if a system
100
00:07:47.199 --> 00:07:51.879
work was to go down offline,
right and your disaster recovery plan, should
101
00:07:51.879 --> 00:07:58.279
it be activated and it should be
seemlessly activated in a way that that no
102
00:07:58.319 --> 00:08:03.319
one knows that your system went down, right, and it should uh go
103
00:08:03.560 --> 00:08:07.800
from growth, go from like backup
to like your recovery stage and so far
104
00:08:07.920 --> 00:08:15.480
right because because the premises is to
ensure that all your vital critical systems that
105
00:08:15.560 --> 00:08:20.800
you have can actually stay up and
operate. And this is where uh the
106
00:08:20.879 --> 00:08:26.600
availability principle comes to surface, because
because you have customers that are working on
107
00:08:26.639 --> 00:08:30.800
the opposite end that that actually depend
on your system. Let's just say,
108
00:08:30.839 --> 00:08:35.679
for instance, if you've got a
primary database that is located in the city
109
00:08:35.720 --> 00:08:41.360
of Atlanta, and you know,
let's say you have two other backup database
110
00:08:41.399 --> 00:08:45.639
centers that are located in New York
and Washing d C. And let's say
111
00:08:45.679 --> 00:08:48.759
that if the City of Atlanta was
to go offline, well one of those
112
00:08:50.360 --> 00:08:56.039
backup places up in New York or
d C should automatically kick in, kick
113
00:08:56.080 --> 00:08:58.919
in, Okay, fail over right. Now, there have been times when
114
00:09:00.039 --> 00:09:03.879
it don't happen, and now this
is the reason why why it don't happen,
115
00:09:03.960 --> 00:09:11.279
because these organizations may not be auditing
their disaster recopy plan throughout an annual
116
00:09:11.320 --> 00:09:16.039
basis. You have to revisit that
because it could be not just hackers,
117
00:09:16.039 --> 00:09:20.200
but it could be environmental impact.
Yes, right, Uh, you know,
118
00:09:20.240 --> 00:09:24.279
weather phenomenons or what have you.
Right, Um, So okay,
119
00:09:24.279 --> 00:09:26.000
so that that's great. On that, let's move on to another topic because
120
00:09:26.000 --> 00:09:30.799
we want to cover as many points
as possible talking about tips to protect your
121
00:09:30.840 --> 00:09:33.519
business. So let's talk about we
and we probably not a lot of time
122
00:09:33.519 --> 00:09:35.639
on this one because you've covered it
so many times in previous episodes, but
123
00:09:35.720 --> 00:09:39.559
this is a good point to UM
to mention about the employees hyper security awareness,
124
00:09:39.919 --> 00:09:45.960
right, that hype that hackers hat
right, and that that UM involves
125
00:09:46.039 --> 00:09:48.879
text email alerts, regular training.
Kind of hit a couple of points on
126
00:09:48.879 --> 00:09:52.399
that real quick before we move on
to the next point. It's simple.
127
00:09:52.639 --> 00:09:58.279
You us a company has to make
sure that your cybersecurity culture does support the
128
00:09:58.399 --> 00:10:03.919
organization and and I actually have a
buy in and all of that goes into
129
00:10:03.200 --> 00:10:09.440
exactly everything you just stated, all
right, because if if you have employees
130
00:10:09.480 --> 00:10:16.320
that are buying into the program,
UM, they will maintain their awareness and
131
00:10:16.320 --> 00:10:20.879
and know that sobersecurity is very important
because at the end of the day,
132
00:10:20.360 --> 00:10:26.080
you know that employee can um can
actually lose some things as well too,
133
00:10:26.120 --> 00:10:30.240
because let's just say, for instance, if they hit the wrong button,
134
00:10:30.240 --> 00:10:35.639
then they can go to their own
bank on account and change and actually give
135
00:10:35.639 --> 00:10:39.600
access, right So so what so
what people have to understand it. Just
136
00:10:39.759 --> 00:10:46.200
because you're using a corporate system,
that doesn't mean that when an incident happens
137
00:10:46.679 --> 00:10:50.399
that that is only the corporation that
would suffer. You as a person would
138
00:10:50.399 --> 00:10:54.399
suffer as well too, especially especially
if it's a fishing attack or something like
139
00:10:54.440 --> 00:10:58.360
that and it sends you to a
bogus bogus website. You talk to us
140
00:10:58.360 --> 00:11:00.840
about fishing, because that was actually
the say wait, and I say wait
141
00:11:00.840 --> 00:11:05.200
into the next topic. So UM, these involved these can involved scam phone
142
00:11:05.200 --> 00:11:09.519
calls, UM, you know,
SMS messaging, you know, what are
143
00:11:09.559 --> 00:11:13.480
some do you have any examples or
um, you know, some red flags
144
00:11:13.519 --> 00:11:18.440
when they're fishing comes into play and
we're talking about um not the fishing pole
145
00:11:18.519 --> 00:11:22.279
whatever at the river at the lake. Right. But for those people that
146
00:11:22.399 --> 00:11:26.080
might be familiar with how would describe
fishing in terms of cybersecurity attacks? What
147
00:11:26.120 --> 00:11:31.720
does that look like? Fishing is
like making the user, making the It's
148
00:11:31.759 --> 00:11:37.879
like feeding the user some some baits. So I'm gonna abate you to go
149
00:11:37.000 --> 00:11:43.120
do something that is unethical, Okay, Okay, I am gonna have I
150
00:11:43.200 --> 00:11:48.200
am gonna have you to go to
this website and I want you to put
151
00:11:48.279 --> 00:11:52.799
some personal information. Okay. So
now now when the fishing emails come out,
152
00:11:52.919 --> 00:11:58.000
this is why people need to pay
very close attention to the domains at
153
00:11:58.039 --> 00:12:01.600
the end of the email. All
right, if it states uh, let's
154
00:12:01.600 --> 00:12:07.320
just say, for instance, cybersecurity
at signed microsoft dot com, now that's
155
00:12:07.320 --> 00:12:13.559
the legitimate email address. But but
if it comes from somewhere like uh,
156
00:12:13.919 --> 00:12:20.720
it states cyber security at sign m
s M dot com, because people don't
157
00:12:20.720 --> 00:12:26.600
pay very very close attention to those
domains at the end. Because efficient email
158
00:12:26.159 --> 00:12:30.200
is usually gonna come from a source
that trying to get you to give up
159
00:12:30.240 --> 00:12:33.600
information or to go or it's just
for you to go to a bogus bogus
160
00:12:33.639 --> 00:12:39.440
website, or they can put in
and attachment in there and to the download.
161
00:12:39.480 --> 00:12:43.600
So so you have to be cognidant
what you do, right, all
162
00:12:43.679 --> 00:12:46.000
right, because a lot of times
we get those emails with that UM it's
163
00:12:46.080 --> 00:12:52.600
a just a highlighted text uh in
blue and you go to click on it,
164
00:12:52.639 --> 00:12:54.480
it's gonna send you somewhere you shouldn't
probably go. So what I generally,
165
00:12:54.519 --> 00:12:58.240
I don't know if this is a
good practice, I'll hover over it,
166
00:12:58.440 --> 00:13:01.399
and if it's a long UM drawn
out U r L, I'll avoid
167
00:13:01.440 --> 00:13:05.799
that. But somewhere within the email
uh, their signature whatever, there's the
168
00:13:05.840 --> 00:13:09.039
actual domain name service I may be
interested in. I'll just search for that
169
00:13:09.120 --> 00:13:13.360
service and find out it's legit.
Much like you know when someone calls you
170
00:13:13.399 --> 00:13:18.600
want uh claiming there from the bank
and they want to update some information.
171
00:13:18.039 --> 00:13:22.120
It may be legitimate, right,
but um, you don't take that call,
172
00:13:22.159 --> 00:13:24.960
don't pursue that, don't go down
that that that rabbit hole call your
173
00:13:26.000 --> 00:13:28.919
bank, right, It's that you've
got to keep the hat on, right,
174
00:13:28.000 --> 00:13:31.440
yes, right, you gotta keep
the right. I mean that get
175
00:13:31.559 --> 00:13:37.120
that a pretty good practice. Yes, okay, that was a short you've
176
00:13:37.200 --> 00:13:41.000
you've you've been asking some great question, rich exactly. So one of our
177
00:13:41.000 --> 00:13:45.799
our last points before we move on
a couple of other topics is, um,
178
00:13:45.919 --> 00:13:50.320
what's this acronym m f A for
multi factor authentication? What does that
179
00:13:50.360 --> 00:13:54.639
mean? In Layman's terms? Yeah, that means that you got more than
180
00:13:54.679 --> 00:13:58.919
one way to authenticate. Okay,
okay, let's just say fantasy that you
181
00:14:00.039 --> 00:14:03.840
use name, password and a token
device or something like that. All right,
182
00:14:03.879 --> 00:14:09.279
So have you have you actually noticed
that that owned that you know,
183
00:14:09.399 --> 00:14:15.080
some of these websites right when you
go to a website and you're putting your
184
00:14:15.120 --> 00:14:18.879
password, then it goes and send
your code. Yeah, okay, okay,
185
00:14:18.000 --> 00:14:24.440
so you have to authenticate like a
second, second secondary source. Okay.
186
00:14:24.559 --> 00:14:26.679
Um, you know, once you
put your user name and password and
187
00:14:26.679 --> 00:14:30.519
then it could send your text or
something like that there, So you have
188
00:14:30.559 --> 00:14:33.320
to authenticate. So that's what m
f A comes in now now with certain
189
00:14:33.320 --> 00:14:37.879
companies city you know your companies,
and they will go give you a token
190
00:14:37.879 --> 00:14:41.759
device, all right. It's a
certain code on that token on that token
191
00:14:41.799 --> 00:14:46.600
device that you have to enter as
well too. Okay, besides, you're
192
00:14:46.080 --> 00:14:50.919
using name and password just another level
of security. Yes, that's another level.
193
00:14:52.080 --> 00:14:54.840
Sometimes kind of annoying from the consumers
for the user experience, but it
194
00:14:54.879 --> 00:15:01.399
should um that extra five seconds reassures
that some it is kind of looking out
195
00:15:01.399 --> 00:15:03.840
for your better interest, right yeah, yeah, because the use of a
196
00:15:05.120 --> 00:15:09.600
user name of password is secure.
But but you want to be as secure
197
00:15:09.600 --> 00:15:13.200
as possible by just adding another level
there, and that's where m f A
198
00:15:13.360 --> 00:15:16.480
comes in comes into place. We've
got a couple more minutes here. Let's
199
00:15:16.480 --> 00:15:22.519
talk about UM switching gears a little
bit in terms of uh, you know,
200
00:15:22.600 --> 00:15:26.320
solutions to some of this and talking
about the you know um in terms
201
00:15:26.320 --> 00:15:30.039
of business. One of the issues
is a lot of businesses, like we
202
00:15:30.080 --> 00:15:33.840
mentioned the top of the hour,
there's so many moving parts to make a
203
00:15:33.879 --> 00:15:37.399
business successful. One of the challenges
they don't really have the resources. Sometimes
204
00:15:37.440 --> 00:15:41.440
this is all good points, but
sometimes they don't have the resources to deter
205
00:15:41.639 --> 00:15:50.360
these cyber threats. Right, So
companies don't but but you know, that's
206
00:15:50.360 --> 00:15:56.120
why they have to balance out there, scale all ability because as they start
207
00:15:56.200 --> 00:15:58.960
to upscaled up, scaled up scale, that's when you have to look at
208
00:16:00.000 --> 00:16:04.600
cybersecurity and stay say okay, am
I focus and am I aligned with cybersecurity
209
00:16:04.639 --> 00:16:11.120
itself? Because because as the as
the company grows and the company started to
210
00:16:11.159 --> 00:16:15.679
bring on different clients and the company
started to gain more business than that's when
211
00:16:15.799 --> 00:16:21.279
your cybersecurity footprint is going to grow, and you know, you have to
212
00:16:21.320 --> 00:16:26.360
have some some processes in place.
Now. Now, I've always thought I
213
00:16:26.440 --> 00:16:30.600
thought that one of the other things
that a lot of company do is that
214
00:16:30.600 --> 00:16:33.240
they would outsource work to like a
third party. Maybe it's a company that
215
00:16:33.320 --> 00:16:40.600
is just directly focused on cybersecurity itself. Um, you know that that kind
216
00:16:40.600 --> 00:16:44.720
of works works as well too.
But but a lot of that depends on
217
00:16:44.799 --> 00:16:48.360
the company and it depends on that
budget. And you have a lot of
218
00:16:48.399 --> 00:16:55.720
companies that are able to survive because
cybersecurity and I T is a segment or
219
00:16:55.799 --> 00:17:00.519
is it a a department located on
the inside of the company. Yeah,
220
00:17:00.519 --> 00:17:03.840
I guess you hit that tipping point
of the scale of the size of your
221
00:17:03.440 --> 00:17:07.720
of your organization, whether it warrants
having in house, but those um the
222
00:17:07.759 --> 00:17:11.079
services providing you know, where you
can outsource that much like you know you
223
00:17:11.160 --> 00:17:15.079
outsourced payroll. A lot of companies
even small businesses you know, don't want
224
00:17:15.079 --> 00:17:18.960
to deal with the taxes and W
twos and all that all that process.
225
00:17:18.200 --> 00:17:22.160
Much like you could change your own
oil in your car. Right, it's
226
00:17:22.400 --> 00:17:26.359
easier just to do do a quick
oil change. Um, this kind of
227
00:17:26.400 --> 00:17:32.519
alludes to. UH. There was
a I s C cybersecurity workforce study and
228
00:17:32.559 --> 00:17:34.079
one of the things that came out
of there was they were talking about the
229
00:17:34.200 --> 00:17:38.480
size of the workforce in term of
size, security is sixty below what it
230
00:17:38.519 --> 00:17:42.759
needs to be. Right, and
you talk, um, you had YouTube
231
00:17:44.279 --> 00:17:47.599
live stream as well as in your
book and other podcasts, you talked about
232
00:17:47.920 --> 00:17:51.200
that there's a high demand. Right, that's the good news. There's a
233
00:17:51.200 --> 00:17:55.599
lot of high demand for people in
this industry as experts. Right, right,
234
00:17:55.720 --> 00:18:00.000
this is this is probat of workforce
modernization. I've actually made a large
235
00:18:00.119 --> 00:18:07.160
statement about that in the cybergecuity mindset
is that now cyber security is growing and
236
00:18:07.319 --> 00:18:12.000
organizations spend an enormous amount of time
on trying to upgrade their technologies in their
237
00:18:12.039 --> 00:18:18.519
business processes. But but it seemed
to forget about, uh, workforce modernization.
238
00:18:18.640 --> 00:18:23.400
Now, now with waitforce modernization,
it goes beyond certifications and education.
239
00:18:23.440 --> 00:18:29.640
It's just the fact of teaching people
how to do that job right. So
240
00:18:29.640 --> 00:18:37.599
so the workforce itself is is slowly
pacing behind because of the rapid increase of
241
00:18:37.640 --> 00:18:42.799
the cyber security need. Uh.
Some some organization do not even have all
242
00:18:42.799 --> 00:18:47.880
the skill sets. But but it's
hard to find a candidate. What about
243
00:18:47.920 --> 00:18:52.480
twenty five skill sets? See,
that's where the problem. The problem is
244
00:18:52.480 --> 00:18:56.880
is because because you have a lot
of technologies and you have a lot of
245
00:18:56.920 --> 00:19:03.400
business processes in the place, and
trying to find one person that can fulfill
246
00:19:03.519 --> 00:19:07.000
all of that can be can be
kind of hard. Now you know,
247
00:19:07.039 --> 00:19:11.880
the larger companies are good with this
because because they can have a focused skill
248
00:19:11.920 --> 00:19:19.039
set. Okay, smaller, smaller
companies, you actually have to almost almost
249
00:19:19.039 --> 00:19:22.880
build a robot, it's what I
call it, right, But you got
250
00:19:22.880 --> 00:19:26.920
that one person with this the jack
of all trades, and it's increasingly harder
251
00:19:26.160 --> 00:19:30.920
to go and do that. So
so when this soybersecurity starts to grow,
252
00:19:30.079 --> 00:19:34.240
that's when a company has to modernize. Part of that modernization is to work
253
00:19:34.240 --> 00:19:38.720
with your talent management systems and working
with your recruiters and making sure that your
254
00:19:38.759 --> 00:19:44.480
recruiters are asking the the right questions
because if they're not asking the right question.
255
00:19:45.200 --> 00:19:48.559
You may lose out on a perfect
candidate, or or you may bring
256
00:19:48.599 --> 00:19:53.640
on the wrong candidate. I would
imagine and some of these smaller companies that
257
00:19:53.680 --> 00:19:57.880
their I T department is also managing
their cybersecurity. Does that make sense or
258
00:19:59.440 --> 00:20:02.480
yes? Probably a viable early on, right, Yeah, you know the
259
00:20:02.559 --> 00:20:10.559
structure is usually under under the I
T department itself and scaled out um from
260
00:20:10.680 --> 00:20:15.279
like these from like the SIZZLE,
which is the chief information security officer,
261
00:20:15.680 --> 00:20:22.400
all right. Then you then you
kind of have application networking database and and
262
00:20:22.480 --> 00:20:26.319
your health death which is your client
services. So so when we look at
263
00:20:26.359 --> 00:20:34.160
these organizations, you know, a
lot of the architect falls under cybersecurity because
264
00:20:34.160 --> 00:20:38.319
cybersecurity is the fabric of everything,
all right, So so it follows in
265
00:20:38.319 --> 00:20:44.279
those organizations. But but that's why
a lot of other organization likes to do
266
00:20:44.319 --> 00:20:48.759
a lot of information sharing and cross
training because you know, it's hard to
267
00:20:48.799 --> 00:20:53.240
get that robot exactly. On that
note, I don't know if there's any
268
00:20:53.279 --> 00:20:56.200
other point you wanted to hit as
we wrap up here, uh, any
269
00:20:56.200 --> 00:21:03.200
closing thoughts in terms of you know, businesses looking to build a more robust
270
00:21:03.759 --> 00:21:07.319
UH security system. Yes, go
out there in persons the cyber secuting mindset,
271
00:21:07.359 --> 00:21:12.400
because the cybersecuting mindset serves as a
responsibility to go and to close those
272
00:21:12.440 --> 00:21:18.039
gaps some of the same problems that
that you and I have spoken about today.
273
00:21:18.119 --> 00:21:25.400
I actually lay out a a thinking
model and having businesses understand from the
274
00:21:25.400 --> 00:21:30.920
initial process that you put employees on
board and building that culture up until looking
275
00:21:30.960 --> 00:21:37.599
at the risk factors that you deal
with and then then transfer transforming your cooperation
276
00:21:38.039 --> 00:21:45.039
where you look at digital monetization and
also looking at workforce modnetization and bringing those
277
00:21:45.680 --> 00:21:52.079
intricate pieces on board can can kind
of help you build a picture and so
278
00:21:52.240 --> 00:21:57.240
that that you can see how to
connect all the different dots together and drive
279
00:21:57.400 --> 00:22:03.839
cybersecurity because the purpose the cybersecuting misset
is to go make readals think, because
280
00:22:03.839 --> 00:22:08.759
if people can think, then they
can make wise decisions. Good note to
281
00:22:08.759 --> 00:22:14.880
close on and again, if you're
in business, and uh, what's keeping
282
00:22:14.920 --> 00:22:18.279
you awake at night? Right?
Is it the lack of customers or is
283
00:22:18.319 --> 00:22:22.400
it um something with your product to
your widget? But that can all be
284
00:22:22.440 --> 00:22:26.839
in place. But if it's like
insurance policy as well, Right, if
285
00:22:26.839 --> 00:22:30.440
you don't have cybersecurity, that's not
on your short list. You need to
286
00:22:30.480 --> 00:22:33.480
add that to your list. And
Dwayne Hart is a great resource for that.
287
00:22:33.799 --> 00:22:37.599
Not only for his podcast, um
some of these episodes we've recorded,
288
00:22:37.880 --> 00:22:41.440
as well as his uh YouTube livestream, but he mentioned his book and so
289
00:22:42.079 --> 00:22:47.440
um cybersecurity mindset. That's kind of
like a playbook or blueprint or a checklist.
290
00:22:47.960 --> 00:22:51.000
So you can go into within the
book the subject that you need to
291
00:22:51.079 --> 00:22:55.160
kind of um be cognizant about,
right and um and check that out.
292
00:22:55.200 --> 00:22:57.839
So all of that's available at Dwayne
heart dot com. So, uh,
293
00:22:57.960 --> 00:23:03.599
Dwayne, well where rich You actually
stole the show and you said everything that
294
00:23:03.720 --> 00:23:07.440
need to be said. You know, you know the only thing I like
295
00:23:07.519 --> 00:23:12.119
to say is that that that when
you think of the cyberge get your mindset,
296
00:23:12.440 --> 00:23:19.559
think about your favorite football team offense
and defense strategies. It's been what's
297
00:23:19.599 --> 00:23:22.920
what you get? And if you
look at all the coaches, they always
298
00:23:22.960 --> 00:23:26.680
have a play sheet, right right? Okay, Hey, the cyberge geting
299
00:23:26.720 --> 00:23:32.039
mindset, iss your play seat,
iss your playbook. Here is your resource
300
00:23:32.079 --> 00:23:36.680
guide. I like that you never
mentioned the sports analogy. Um, that's
301
00:23:36.680 --> 00:23:41.559
a great analogy because he's in business. Your offense is making money, right,
302
00:23:41.559 --> 00:23:44.599
and making your product viable, your
customers, making your employees happy,
303
00:23:44.599 --> 00:23:47.680
and so forth. But if all
that's in place and you your defense is
304
00:23:47.720 --> 00:23:51.839
not up to up just uh snuff, right, you're gonna have a problem,
305
00:23:51.839 --> 00:23:53.759
you know, winning the game,
the game of business, if you
306
00:23:55.119 --> 00:23:59.839
yeah, Because it's strategy. It's
trying to strategize a way to score or
307
00:24:00.039 --> 00:24:03.400
to stop hackers from school, right. But you can only do that when
308
00:24:03.440 --> 00:24:07.599
you have a resource guide or if
you have a playbook in place, Because
309
00:24:07.640 --> 00:24:11.960
hackers have a playbook, all right, and you know what they do with
310
00:24:12.000 --> 00:24:18.559
their playbook is that that you know
how humans um approach cybersecurity, and they
311
00:24:18.640 --> 00:24:23.799
know the current state of technology,
so they go and draft plays. Okay,
312
00:24:23.839 --> 00:24:27.400
So we find somebody that hates that
company and he likes to sitting in
313
00:24:27.480 --> 00:24:30.720
the bar every day and talk bad
about his company. So let's see if
314
00:24:30.720 --> 00:24:33.720
we can do some social engineering,
and let's see what we can find out,
315
00:24:34.240 --> 00:24:38.680
and then after that maybe we can
score a touchdown. How about a
316
00:24:38.720 --> 00:24:42.960
cybersecurity tailgate party? That sounds good
to me, all right? The way
317
00:24:42.960 --> 00:24:47.559
we'll see on the next episode Rich
casting over again here check out Dwayne Hart
318
00:24:47.599 --> 00:24:51.400
dot com. We'll see on the
next show, and till then, have
319
00:24:51.480 --> 00:25:03.960
a great one and keep your business
safe, cybersecurity safe,