Improving Businesses Cybersecurity Engagements

October 10, 2022 00:25:07
Improving Businesses Cybersecurity Engagements
Chief of Cybersecurity
Improving Businesses Cybersecurity Engagements

Oct 10 2022 | 00:25:07

/

Hosted By

Dewayne Hart

Show Notes

Business engagements for cybersecurity have focused on being the medium between suppliers, customers, and hackers. Many organizations suffer significant security risks due to changing risk profiles and attack surfaces. The management strategies may invoke defense tactics, but unless they have an accurate indicator of their landscape, they are prone and subject to failure.This podcast discusses several gaps, security visibility, and concerns businesses must address for cyber resilience and risk reduction. Listeners will gain insight into business engagements and their cybersecurity relationships.

View Full Transcript

Episode Transcript

WEBVTT 1 00:00:02.000 --> 00:00:05.280 Alright, we're back in the studio here in Atlanta and we have the rock 2 00:00:05.320 --> 00:00:09.080 star of the hour, a nothing other than Mr Dwayne Hart joining us. 3 00:00:09.080 --> 00:00:11.359 This has been a great series. I know I've been enjoying it. And 4 00:00:11.439 --> 00:00:14.880 today's topic is right in white wheelhouse as well as I'm sure a lot of 5 00:00:14.919 --> 00:00:18.079 our listeners. If you own a business, been in business, work for 6 00:00:18.079 --> 00:00:20.719 a business, this is it. Let's make it happen. So we're gonna 7 00:00:20.719 --> 00:00:24.480 be talking about cyber security tips to protect your business. Welcome to the show, 8 00:00:24.760 --> 00:00:28.800 Dwayne Art. It's always great being you know, rich, business is 9 00:00:29.679 --> 00:00:33.240 business all at risk. Um. But you know what, let's let's just 10 00:00:33.759 --> 00:00:37.759 let's just started off by saying that, Um, one of the one of 11 00:00:37.799 --> 00:00:42.840 the focus is I've always said is that sober secuity moves everywhere on the like 12 00:00:43.039 --> 00:00:47.359 every platform you can think of. Okay, So, so to all the 13 00:00:47.439 --> 00:00:54.119 listeners out there, take some good notes and active h of soybergecuity mindset because 14 00:00:54.159 --> 00:00:57.840 this is gonna be a great topic. And I should mention to mentioned Dwayne 15 00:00:57.920 --> 00:01:00.479 Hart joining us on the show. He is if you have an already heard 16 00:01:00.520 --> 00:01:03.120 the name uh in cybersecurity. He's kind of the top dog you're kind of 17 00:01:03.159 --> 00:01:08.200 the deal right in that space, right, So we're talking. Dwayne is 18 00:01:08.200 --> 00:01:12.920 the host of the Chief of Cybersecurity podcast. He's also written a book on 19 00:01:12.959 --> 00:01:18.000 the topic, uh, the Cypersecurity Mindset, and uh, he's here joining 20 00:01:18.040 --> 00:01:19.879 us in the studio today. So you mentioned a business, So I mentioned 21 00:01:21.319 --> 00:01:23.200 Uh, if you're in business or thinking about a business, A lot of 22 00:01:23.200 --> 00:01:27.560 businesses, there's a lot of hats that have to um and you know, 23 00:01:27.640 --> 00:01:32.319 things are juggling right of Uh, you know, getting the business started. 24 00:01:32.359 --> 00:01:34.519 You know, the viable product, a viable marketplace that customers. You're managing 25 00:01:34.519 --> 00:01:41.239 customers and customer challenges, getting your your product into the pipeline and your internet, 26 00:01:41.400 --> 00:01:45.439 right and that's where you're going to talk about. Uh, unless you're 27 00:01:45.439 --> 00:01:48.239 doing I can't think of a business that it's not using the Internet today right 28 00:01:48.359 --> 00:01:52.079 in some shape or form, Because even if you're not selling online, you're 29 00:01:52.079 --> 00:01:56.760 dealing with customer emails and communication, shipping logistics and so forth. That all 30 00:01:56.879 --> 00:02:00.319 goes through that pipeline. And if you speaking of pipeline and Matt like a 31 00:02:00.400 --> 00:02:04.359 hose, a kink of the hose, if that happens, you're kind of 32 00:02:04.439 --> 00:02:10.120 up the river without the paddle right, because because the ultimate strategy is to 33 00:02:10.240 --> 00:02:15.000 understand the architect of cybersecurity. Okay, okay, So when I speak about 34 00:02:15.039 --> 00:02:21.919 the architect of sobersecurity, I'm talking about all the intricate pieces business operations, 35 00:02:22.240 --> 00:02:28.039 customers, and all the legal aspects that goes along with the businesses and how 36 00:02:28.120 --> 00:02:35.560 all of those integrate into cyber security itself. Because one of the ways I've 37 00:02:35.599 --> 00:02:39.280 always thought that a business can strive for success when it comes to cybersecurity is 38 00:02:39.319 --> 00:02:46.960 to really have an in depth view of your visibility. Okay, what is 39 00:02:46.000 --> 00:02:50.360 it that you actually own, what are the assets side there, who are 40 00:02:50.360 --> 00:02:54.560 your customers, what's the state of your systems? If you don't know these 41 00:02:54.840 --> 00:03:00.680 intricate things about sobersecurity, then then you set yourself up for failure. Uh. 42 00:03:00.960 --> 00:03:06.159 One of the topics in the sybersecated mindset is always talking about that three 43 00:03:06.240 --> 00:03:13.759 hundred and sixty degrees of security visibility, and that is important because that allows 44 00:03:13.800 --> 00:03:17.800 you to sit back and think about all the intricate pieces that actually operate your 45 00:03:20.240 --> 00:03:23.719 business when it comes to cybersecurity. Yeah, keeping all those assets up to 46 00:03:23.800 --> 00:03:28.280 date, and that changes on a pretty frequent basis, right, So you 47 00:03:28.400 --> 00:03:31.280 really have to have a team assigned, whether it's internal or you're contracting a 48 00:03:31.360 --> 00:03:35.439 company to kind of monitor all that for you. Right, yes, yes, 49 00:03:35.479 --> 00:03:39.560 because the whole premises is to reduce risk. Now, every organization is 50 00:03:39.599 --> 00:03:43.879 at risk. I am. I am not here to say that if you 51 00:03:43.960 --> 00:03:47.879 put a million people on staff that your company is gonna be a hundred percent 52 00:03:49.000 --> 00:03:53.319 safe. No, it's not gonna happen because technology is always changing. So 53 00:03:53.319 --> 00:03:59.680 so what the business have to do is gon realize their position in cybersecurity because 54 00:03:59.719 --> 00:04:06.560 of is served as a medium between hackers and the customers. Because because as 55 00:04:06.599 --> 00:04:14.319 your customer base increase, as your technology space increase, that also means that 56 00:04:14.360 --> 00:04:17.199 your attack surface will go increase as well, because your attack surfaces. Saying 57 00:04:17.240 --> 00:04:25.240 that, okay, you you as a corporation have have have a thousand endpoints, 58 00:04:25.480 --> 00:04:29.079 you know, all your computer service and everything else. Right now, 59 00:04:29.879 --> 00:04:33.560 now you move up to a million. Now you have a million endpoints, 60 00:04:33.560 --> 00:04:38.720 So that means that your attack surface increases a lot. And you know, 61 00:04:38.920 --> 00:04:45.519 the the more chances are being infiltrated has has pretty much increased. But but 62 00:04:45.680 --> 00:04:51.319 you can counter that when the when the concept of increasing protection and lower risk 63 00:04:51.399 --> 00:04:56.920 is in place, because as you bring on these different services and the different 64 00:04:56.959 --> 00:05:01.079 assets and these different customers. That's when you have to integrate sobersecurity in the 65 00:05:01.120 --> 00:05:05.839 process, because you don't integrate soberage security once you get everything up and operating, 66 00:05:06.120 --> 00:05:10.879 right, right, because it's not smart, it's not it's not great 67 00:05:10.879 --> 00:05:15.360 businesses. So we were talking before the show about what you kind of just 68 00:05:15.399 --> 00:05:20.879 alluded to was as your exposure escalates and elevates, which is great for business, 69 00:05:20.959 --> 00:05:24.399 right. So that's the yin and yang. Right, So you don't 70 00:05:24.399 --> 00:05:28.560 want to be the best kept secret in your industry. You want everybody as 71 00:05:28.959 --> 00:05:31.720 as especially your target audience, to know about here's what we do, here's 72 00:05:31.759 --> 00:05:34.319 our service, here's how to get in contact with us, here's how to 73 00:05:34.439 --> 00:05:39.160 do business with us. That's great for business, right, to have that 74 00:05:39.240 --> 00:05:42.879 kind of exposure in the marketplace. But also at the same time, Um, 75 00:05:43.000 --> 00:05:46.079 the yin and yang is that exposes yourself to the cybersecurity hackers. Right. 76 00:05:46.399 --> 00:05:48.439 So you already you get on the radar. You want to be on 77 00:05:48.480 --> 00:05:53.360 the radar of your customers and your marketplace, but that's the trade off. 78 00:05:53.399 --> 00:05:57.360 Now you're on the radar on their blip for the hackers. Right. Yes, 79 00:05:57.560 --> 00:06:02.879 yes, it's about having a balance cybersecurity approach. Balance means that you 80 00:06:02.920 --> 00:06:06.199 don't really take one air and more so serious than the other one, because 81 00:06:06.240 --> 00:06:15.240 they all all operate together to go form the cybersecurity DNA. Okay, because 82 00:06:15.680 --> 00:06:17.879 you know, let's just think about this for a second. If we take 83 00:06:17.920 --> 00:06:24.920 twenty four blocks and we stack them up based on every aspect of cybersecurity that 84 00:06:25.040 --> 00:06:29.639 the company has to face, and they all are connected, so that means 85 00:06:29.759 --> 00:06:33.399 if one of them fail, all the rest of them fail as well too, 86 00:06:33.839 --> 00:06:41.439 because those are your genetic makeups for cybersecurity. So I always like to 87 00:06:42.319 --> 00:06:47.480 make that statement in order to highlight the picture is that the balance approach works 88 00:06:47.519 --> 00:06:53.600 well because you have to make sure that you keep eyes and ears or your 89 00:06:53.680 --> 00:06:59.120 visibility up and operate. Now, businesses are challenged to do that because a 90 00:06:59.120 --> 00:07:01.959 lot of times, you know, the customer base and you know the technology 91 00:07:02.079 --> 00:07:11.160 is growing that people, and you know, the rapid speed of cybersecurity is 92 00:07:11.319 --> 00:07:15.720 probably growing them as well. So so we talked about the show about this, 93 00:07:15.839 --> 00:07:18.600 the tips to protect your business of aberage curity. So we covered a 94 00:07:18.639 --> 00:07:23.720 couple So we we talked about, um, you know, keeping your assets 95 00:07:24.240 --> 00:07:29.079 up to date. We talked about your exposure. Now let's talk about another 96 00:07:29.079 --> 00:07:32.600 tip we that I think should be on everybody's radar, disaster response plan to 97 00:07:32.720 --> 00:07:36.199 test it um. So what's involved? What does the disaster plan look like 98 00:07:36.959 --> 00:07:44.160 for a business? You know what a disaster recovery plan is opposed to hope 99 00:07:44.199 --> 00:07:47.160 you recover when you have an emergency situation. Let's say, if a system 100 00:07:47.199 --> 00:07:51.879 work was to go down offline, right and your disaster recovery plan, should 101 00:07:51.879 --> 00:07:58.279 it be activated and it should be seemlessly activated in a way that that no 102 00:07:58.319 --> 00:08:03.319 one knows that your system went down, right, and it should uh go 103 00:08:03.560 --> 00:08:07.800 from growth, go from like backup to like your recovery stage and so far 104 00:08:07.920 --> 00:08:15.480 right because because the premises is to ensure that all your vital critical systems that 105 00:08:15.560 --> 00:08:20.800 you have can actually stay up and operate. And this is where uh the 106 00:08:20.879 --> 00:08:26.600 availability principle comes to surface, because because you have customers that are working on 107 00:08:26.639 --> 00:08:30.800 the opposite end that that actually depend on your system. Let's just say, 108 00:08:30.839 --> 00:08:35.679 for instance, if you've got a primary database that is located in the city 109 00:08:35.720 --> 00:08:41.360 of Atlanta, and you know, let's say you have two other backup database 110 00:08:41.399 --> 00:08:45.639 centers that are located in New York and Washing d C. And let's say 111 00:08:45.679 --> 00:08:48.759 that if the City of Atlanta was to go offline, well one of those 112 00:08:50.360 --> 00:08:56.039 backup places up in New York or d C should automatically kick in, kick 113 00:08:56.080 --> 00:08:58.919 in, Okay, fail over right. Now, there have been times when 114 00:09:00.039 --> 00:09:03.879 it don't happen, and now this is the reason why why it don't happen, 115 00:09:03.960 --> 00:09:11.279 because these organizations may not be auditing their disaster recopy plan throughout an annual 116 00:09:11.320 --> 00:09:16.039 basis. You have to revisit that because it could be not just hackers, 117 00:09:16.039 --> 00:09:20.200 but it could be environmental impact. Yes, right, Uh, you know, 118 00:09:20.240 --> 00:09:24.279 weather phenomenons or what have you. Right, Um, So okay, 119 00:09:24.279 --> 00:09:26.000 so that that's great. On that, let's move on to another topic because 120 00:09:26.000 --> 00:09:30.799 we want to cover as many points as possible talking about tips to protect your 121 00:09:30.840 --> 00:09:33.519 business. So let's talk about we and we probably not a lot of time 122 00:09:33.519 --> 00:09:35.639 on this one because you've covered it so many times in previous episodes, but 123 00:09:35.720 --> 00:09:39.559 this is a good point to UM to mention about the employees hyper security awareness, 124 00:09:39.919 --> 00:09:45.960 right, that hype that hackers hat right, and that that UM involves 125 00:09:46.039 --> 00:09:48.879 text email alerts, regular training. Kind of hit a couple of points on 126 00:09:48.879 --> 00:09:52.399 that real quick before we move on to the next point. It's simple. 127 00:09:52.639 --> 00:09:58.279 You us a company has to make sure that your cybersecurity culture does support the 128 00:09:58.399 --> 00:10:03.919 organization and and I actually have a buy in and all of that goes into 129 00:10:03.200 --> 00:10:09.440 exactly everything you just stated, all right, because if if you have employees 130 00:10:09.480 --> 00:10:16.320 that are buying into the program, UM, they will maintain their awareness and 131 00:10:16.320 --> 00:10:20.879 and know that sobersecurity is very important because at the end of the day, 132 00:10:20.360 --> 00:10:26.080 you know that employee can um can actually lose some things as well too, 133 00:10:26.120 --> 00:10:30.240 because let's just say, for instance, if they hit the wrong button, 134 00:10:30.240 --> 00:10:35.639 then they can go to their own bank on account and change and actually give 135 00:10:35.639 --> 00:10:39.600 access, right So so what so what people have to understand it. Just 136 00:10:39.759 --> 00:10:46.200 because you're using a corporate system, that doesn't mean that when an incident happens 137 00:10:46.679 --> 00:10:50.399 that that is only the corporation that would suffer. You as a person would 138 00:10:50.399 --> 00:10:54.399 suffer as well too, especially especially if it's a fishing attack or something like 139 00:10:54.440 --> 00:10:58.360 that and it sends you to a bogus bogus website. You talk to us 140 00:10:58.360 --> 00:11:00.840 about fishing, because that was actually the say wait, and I say wait 141 00:11:00.840 --> 00:11:05.200 into the next topic. So UM, these involved these can involved scam phone 142 00:11:05.200 --> 00:11:09.519 calls, UM, you know, SMS messaging, you know, what are 143 00:11:09.559 --> 00:11:13.480 some do you have any examples or um, you know, some red flags 144 00:11:13.519 --> 00:11:18.440 when they're fishing comes into play and we're talking about um not the fishing pole 145 00:11:18.519 --> 00:11:22.279 whatever at the river at the lake. Right. But for those people that 146 00:11:22.399 --> 00:11:26.080 might be familiar with how would describe fishing in terms of cybersecurity attacks? What 147 00:11:26.120 --> 00:11:31.720 does that look like? Fishing is like making the user, making the It's 148 00:11:31.759 --> 00:11:37.879 like feeding the user some some baits. So I'm gonna abate you to go 149 00:11:37.000 --> 00:11:43.120 do something that is unethical, Okay, Okay, I am gonna have I 150 00:11:43.200 --> 00:11:48.200 am gonna have you to go to this website and I want you to put 151 00:11:48.279 --> 00:11:52.799 some personal information. Okay. So now now when the fishing emails come out, 152 00:11:52.919 --> 00:11:58.000 this is why people need to pay very close attention to the domains at 153 00:11:58.039 --> 00:12:01.600 the end of the email. All right, if it states uh, let's 154 00:12:01.600 --> 00:12:07.320 just say, for instance, cybersecurity at signed microsoft dot com, now that's 155 00:12:07.320 --> 00:12:13.559 the legitimate email address. But but if it comes from somewhere like uh, 156 00:12:13.919 --> 00:12:20.720 it states cyber security at sign m s M dot com, because people don't 157 00:12:20.720 --> 00:12:26.600 pay very very close attention to those domains at the end. Because efficient email 158 00:12:26.159 --> 00:12:30.200 is usually gonna come from a source that trying to get you to give up 159 00:12:30.240 --> 00:12:33.600 information or to go or it's just for you to go to a bogus bogus 160 00:12:33.639 --> 00:12:39.440 website, or they can put in and attachment in there and to the download. 161 00:12:39.480 --> 00:12:43.600 So so you have to be cognidant what you do, right, all 162 00:12:43.679 --> 00:12:46.000 right, because a lot of times we get those emails with that UM it's 163 00:12:46.080 --> 00:12:52.600 a just a highlighted text uh in blue and you go to click on it, 164 00:12:52.639 --> 00:12:54.480 it's gonna send you somewhere you shouldn't probably go. So what I generally, 165 00:12:54.519 --> 00:12:58.240 I don't know if this is a good practice, I'll hover over it, 166 00:12:58.440 --> 00:13:01.399 and if it's a long UM drawn out U r L, I'll avoid 167 00:13:01.440 --> 00:13:05.799 that. But somewhere within the email uh, their signature whatever, there's the 168 00:13:05.840 --> 00:13:09.039 actual domain name service I may be interested in. I'll just search for that 169 00:13:09.120 --> 00:13:13.360 service and find out it's legit. Much like you know when someone calls you 170 00:13:13.399 --> 00:13:18.600 want uh claiming there from the bank and they want to update some information. 171 00:13:18.039 --> 00:13:22.120 It may be legitimate, right, but um, you don't take that call, 172 00:13:22.159 --> 00:13:24.960 don't pursue that, don't go down that that that rabbit hole call your 173 00:13:26.000 --> 00:13:28.919 bank, right, It's that you've got to keep the hat on, right, 174 00:13:28.000 --> 00:13:31.440 yes, right, you gotta keep the right. I mean that get 175 00:13:31.559 --> 00:13:37.120 that a pretty good practice. Yes, okay, that was a short you've 176 00:13:37.200 --> 00:13:41.000 you've you've been asking some great question, rich exactly. So one of our 177 00:13:41.000 --> 00:13:45.799 our last points before we move on a couple of other topics is, um, 178 00:13:45.919 --> 00:13:50.320 what's this acronym m f A for multi factor authentication? What does that 179 00:13:50.360 --> 00:13:54.639 mean? In Layman's terms? Yeah, that means that you got more than 180 00:13:54.679 --> 00:13:58.919 one way to authenticate. Okay, okay, let's just say fantasy that you 181 00:14:00.039 --> 00:14:03.840 use name, password and a token device or something like that. All right, 182 00:14:03.879 --> 00:14:09.279 So have you have you actually noticed that that owned that you know, 183 00:14:09.399 --> 00:14:15.080 some of these websites right when you go to a website and you're putting your 184 00:14:15.120 --> 00:14:18.879 password, then it goes and send your code. Yeah, okay, okay, 185 00:14:18.000 --> 00:14:24.440 so you have to authenticate like a second, second secondary source. Okay. 186 00:14:24.559 --> 00:14:26.679 Um, you know, once you put your user name and password and 187 00:14:26.679 --> 00:14:30.519 then it could send your text or something like that there, So you have 188 00:14:30.559 --> 00:14:33.320 to authenticate. So that's what m f A comes in now now with certain 189 00:14:33.320 --> 00:14:37.879 companies city you know your companies, and they will go give you a token 190 00:14:37.879 --> 00:14:41.759 device, all right. It's a certain code on that token on that token 191 00:14:41.799 --> 00:14:46.600 device that you have to enter as well too. Okay, besides, you're 192 00:14:46.080 --> 00:14:50.919 using name and password just another level of security. Yes, that's another level. 193 00:14:52.080 --> 00:14:54.840 Sometimes kind of annoying from the consumers for the user experience, but it 194 00:14:54.879 --> 00:15:01.399 should um that extra five seconds reassures that some it is kind of looking out 195 00:15:01.399 --> 00:15:03.840 for your better interest, right yeah, yeah, because the use of a 196 00:15:05.120 --> 00:15:09.600 user name of password is secure. But but you want to be as secure 197 00:15:09.600 --> 00:15:13.200 as possible by just adding another level there, and that's where m f A 198 00:15:13.360 --> 00:15:16.480 comes in comes into place. We've got a couple more minutes here. Let's 199 00:15:16.480 --> 00:15:22.519 talk about UM switching gears a little bit in terms of uh, you know, 200 00:15:22.600 --> 00:15:26.320 solutions to some of this and talking about the you know um in terms 201 00:15:26.320 --> 00:15:30.039 of business. One of the issues is a lot of businesses, like we 202 00:15:30.080 --> 00:15:33.840 mentioned the top of the hour, there's so many moving parts to make a 203 00:15:33.879 --> 00:15:37.399 business successful. One of the challenges they don't really have the resources. Sometimes 204 00:15:37.440 --> 00:15:41.440 this is all good points, but sometimes they don't have the resources to deter 205 00:15:41.639 --> 00:15:50.360 these cyber threats. Right, So companies don't but but you know, that's 206 00:15:50.360 --> 00:15:56.120 why they have to balance out there, scale all ability because as they start 207 00:15:56.200 --> 00:15:58.960 to upscaled up, scaled up scale, that's when you have to look at 208 00:16:00.000 --> 00:16:04.600 cybersecurity and stay say okay, am I focus and am I aligned with cybersecurity 209 00:16:04.639 --> 00:16:11.120 itself? Because because as the as the company grows and the company started to 210 00:16:11.159 --> 00:16:15.679 bring on different clients and the company started to gain more business than that's when 211 00:16:15.799 --> 00:16:21.279 your cybersecurity footprint is going to grow, and you know, you have to 212 00:16:21.320 --> 00:16:26.360 have some some processes in place. Now. Now, I've always thought I 213 00:16:26.440 --> 00:16:30.600 thought that one of the other things that a lot of company do is that 214 00:16:30.600 --> 00:16:33.240 they would outsource work to like a third party. Maybe it's a company that 215 00:16:33.320 --> 00:16:40.600 is just directly focused on cybersecurity itself. Um, you know that that kind 216 00:16:40.600 --> 00:16:44.720 of works works as well too. But but a lot of that depends on 217 00:16:44.799 --> 00:16:48.360 the company and it depends on that budget. And you have a lot of 218 00:16:48.399 --> 00:16:55.720 companies that are able to survive because cybersecurity and I T is a segment or 219 00:16:55.799 --> 00:17:00.519 is it a a department located on the inside of the company. Yeah, 220 00:17:00.519 --> 00:17:03.840 I guess you hit that tipping point of the scale of the size of your 221 00:17:03.440 --> 00:17:07.720 of your organization, whether it warrants having in house, but those um the 222 00:17:07.759 --> 00:17:11.079 services providing you know, where you can outsource that much like you know you 223 00:17:11.160 --> 00:17:15.079 outsourced payroll. A lot of companies even small businesses you know, don't want 224 00:17:15.079 --> 00:17:18.960 to deal with the taxes and W twos and all that all that process. 225 00:17:18.200 --> 00:17:22.160 Much like you could change your own oil in your car. Right, it's 226 00:17:22.400 --> 00:17:26.359 easier just to do do a quick oil change. Um, this kind of 227 00:17:26.400 --> 00:17:32.519 alludes to. UH. There was a I s C cybersecurity workforce study and 228 00:17:32.559 --> 00:17:34.079 one of the things that came out of there was they were talking about the 229 00:17:34.200 --> 00:17:38.480 size of the workforce in term of size, security is sixty below what it 230 00:17:38.519 --> 00:17:42.759 needs to be. Right, and you talk, um, you had YouTube 231 00:17:44.279 --> 00:17:47.599 live stream as well as in your book and other podcasts, you talked about 232 00:17:47.920 --> 00:17:51.200 that there's a high demand. Right, that's the good news. There's a 233 00:17:51.200 --> 00:17:55.599 lot of high demand for people in this industry as experts. Right, right, 234 00:17:55.720 --> 00:18:00.000 this is this is probat of workforce modernization. I've actually made a large 235 00:18:00.119 --> 00:18:07.160 statement about that in the cybergecuity mindset is that now cyber security is growing and 236 00:18:07.319 --> 00:18:12.000 organizations spend an enormous amount of time on trying to upgrade their technologies in their 237 00:18:12.039 --> 00:18:18.519 business processes. But but it seemed to forget about, uh, workforce modernization. 238 00:18:18.640 --> 00:18:23.400 Now, now with waitforce modernization, it goes beyond certifications and education. 239 00:18:23.440 --> 00:18:29.640 It's just the fact of teaching people how to do that job right. So 240 00:18:29.640 --> 00:18:37.599 so the workforce itself is is slowly pacing behind because of the rapid increase of 241 00:18:37.640 --> 00:18:42.799 the cyber security need. Uh. Some some organization do not even have all 242 00:18:42.799 --> 00:18:47.880 the skill sets. But but it's hard to find a candidate. What about 243 00:18:47.920 --> 00:18:52.480 twenty five skill sets? See, that's where the problem. The problem is 244 00:18:52.480 --> 00:18:56.880 is because because you have a lot of technologies and you have a lot of 245 00:18:56.920 --> 00:19:03.400 business processes in the place, and trying to find one person that can fulfill 246 00:19:03.519 --> 00:19:07.000 all of that can be can be kind of hard. Now you know, 247 00:19:07.039 --> 00:19:11.880 the larger companies are good with this because because they can have a focused skill 248 00:19:11.920 --> 00:19:19.039 set. Okay, smaller, smaller companies, you actually have to almost almost 249 00:19:19.039 --> 00:19:22.880 build a robot, it's what I call it, right, But you got 250 00:19:22.880 --> 00:19:26.920 that one person with this the jack of all trades, and it's increasingly harder 251 00:19:26.160 --> 00:19:30.920 to go and do that. So so when this soybersecurity starts to grow, 252 00:19:30.079 --> 00:19:34.240 that's when a company has to modernize. Part of that modernization is to work 253 00:19:34.240 --> 00:19:38.720 with your talent management systems and working with your recruiters and making sure that your 254 00:19:38.759 --> 00:19:44.480 recruiters are asking the the right questions because if they're not asking the right question. 255 00:19:45.200 --> 00:19:48.559 You may lose out on a perfect candidate, or or you may bring 256 00:19:48.599 --> 00:19:53.640 on the wrong candidate. I would imagine and some of these smaller companies that 257 00:19:53.680 --> 00:19:57.880 their I T department is also managing their cybersecurity. Does that make sense or 258 00:19:59.440 --> 00:20:02.480 yes? Probably a viable early on, right, Yeah, you know the 259 00:20:02.559 --> 00:20:10.559 structure is usually under under the I T department itself and scaled out um from 260 00:20:10.680 --> 00:20:15.279 like these from like the SIZZLE, which is the chief information security officer, 261 00:20:15.680 --> 00:20:22.400 all right. Then you then you kind of have application networking database and and 262 00:20:22.480 --> 00:20:26.319 your health death which is your client services. So so when we look at 263 00:20:26.359 --> 00:20:34.160 these organizations, you know, a lot of the architect falls under cybersecurity because 264 00:20:34.160 --> 00:20:38.319 cybersecurity is the fabric of everything, all right, So so it follows in 265 00:20:38.319 --> 00:20:44.279 those organizations. But but that's why a lot of other organization likes to do 266 00:20:44.319 --> 00:20:48.759 a lot of information sharing and cross training because you know, it's hard to 267 00:20:48.799 --> 00:20:53.240 get that robot exactly. On that note, I don't know if there's any 268 00:20:53.279 --> 00:20:56.200 other point you wanted to hit as we wrap up here, uh, any 269 00:20:56.200 --> 00:21:03.200 closing thoughts in terms of you know, businesses looking to build a more robust 270 00:21:03.759 --> 00:21:07.319 UH security system. Yes, go out there in persons the cyber secuting mindset, 271 00:21:07.359 --> 00:21:12.400 because the cybersecuting mindset serves as a responsibility to go and to close those 272 00:21:12.440 --> 00:21:18.039 gaps some of the same problems that that you and I have spoken about today. 273 00:21:18.119 --> 00:21:25.400 I actually lay out a a thinking model and having businesses understand from the 274 00:21:25.400 --> 00:21:30.920 initial process that you put employees on board and building that culture up until looking 275 00:21:30.960 --> 00:21:37.599 at the risk factors that you deal with and then then transfer transforming your cooperation 276 00:21:38.039 --> 00:21:45.039 where you look at digital monetization and also looking at workforce modnetization and bringing those 277 00:21:45.680 --> 00:21:52.079 intricate pieces on board can can kind of help you build a picture and so 278 00:21:52.240 --> 00:21:57.240 that that you can see how to connect all the different dots together and drive 279 00:21:57.400 --> 00:22:03.839 cybersecurity because the purpose the cybersecuting misset is to go make readals think, because 280 00:22:03.839 --> 00:22:08.759 if people can think, then they can make wise decisions. Good note to 281 00:22:08.759 --> 00:22:14.880 close on and again, if you're in business, and uh, what's keeping 282 00:22:14.920 --> 00:22:18.279 you awake at night? Right? Is it the lack of customers or is 283 00:22:18.319 --> 00:22:22.400 it um something with your product to your widget? But that can all be 284 00:22:22.440 --> 00:22:26.839 in place. But if it's like insurance policy as well, Right, if 285 00:22:26.839 --> 00:22:30.440 you don't have cybersecurity, that's not on your short list. You need to 286 00:22:30.480 --> 00:22:33.480 add that to your list. And Dwayne Hart is a great resource for that. 287 00:22:33.799 --> 00:22:37.599 Not only for his podcast, um some of these episodes we've recorded, 288 00:22:37.880 --> 00:22:41.440 as well as his uh YouTube livestream, but he mentioned his book and so 289 00:22:42.079 --> 00:22:47.440 um cybersecurity mindset. That's kind of like a playbook or blueprint or a checklist. 290 00:22:47.960 --> 00:22:51.000 So you can go into within the book the subject that you need to 291 00:22:51.079 --> 00:22:55.160 kind of um be cognizant about, right and um and check that out. 292 00:22:55.200 --> 00:22:57.839 So all of that's available at Dwayne heart dot com. So, uh, 293 00:22:57.960 --> 00:23:03.599 Dwayne, well where rich You actually stole the show and you said everything that 294 00:23:03.720 --> 00:23:07.440 need to be said. You know, you know the only thing I like 295 00:23:07.519 --> 00:23:12.119 to say is that that that when you think of the cyberge get your mindset, 296 00:23:12.440 --> 00:23:19.559 think about your favorite football team offense and defense strategies. It's been what's 297 00:23:19.599 --> 00:23:22.920 what you get? And if you look at all the coaches, they always 298 00:23:22.960 --> 00:23:26.680 have a play sheet, right right? Okay, Hey, the cyberge geting 299 00:23:26.720 --> 00:23:32.039 mindset, iss your play seat, iss your playbook. Here is your resource 300 00:23:32.079 --> 00:23:36.680 guide. I like that you never mentioned the sports analogy. Um, that's 301 00:23:36.680 --> 00:23:41.559 a great analogy because he's in business. Your offense is making money, right, 302 00:23:41.559 --> 00:23:44.599 and making your product viable, your customers, making your employees happy, 303 00:23:44.599 --> 00:23:47.680 and so forth. But if all that's in place and you your defense is 304 00:23:47.720 --> 00:23:51.839 not up to up just uh snuff, right, you're gonna have a problem, 305 00:23:51.839 --> 00:23:53.759 you know, winning the game, the game of business, if you 306 00:23:55.119 --> 00:23:59.839 yeah, Because it's strategy. It's trying to strategize a way to score or 307 00:24:00.039 --> 00:24:03.400 to stop hackers from school, right. But you can only do that when 308 00:24:03.440 --> 00:24:07.599 you have a resource guide or if you have a playbook in place, Because 309 00:24:07.640 --> 00:24:11.960 hackers have a playbook, all right, and you know what they do with 310 00:24:12.000 --> 00:24:18.559 their playbook is that that you know how humans um approach cybersecurity, and they 311 00:24:18.640 --> 00:24:23.799 know the current state of technology, so they go and draft plays. Okay, 312 00:24:23.839 --> 00:24:27.400 So we find somebody that hates that company and he likes to sitting in 313 00:24:27.480 --> 00:24:30.720 the bar every day and talk bad about his company. So let's see if 314 00:24:30.720 --> 00:24:33.720 we can do some social engineering, and let's see what we can find out, 315 00:24:34.240 --> 00:24:38.680 and then after that maybe we can score a touchdown. How about a 316 00:24:38.720 --> 00:24:42.960 cybersecurity tailgate party? That sounds good to me, all right? The way 317 00:24:42.960 --> 00:24:47.559 we'll see on the next episode Rich casting over again here check out Dwayne Hart 318 00:24:47.599 --> 00:24:51.400 dot com. We'll see on the next show, and till then, have 319 00:24:51.480 --> 00:25:03.960 a great one and keep your business safe, cybersecurity safe,
Previous Episode
Next Episode

Other Episodes

Episode

May 31, 2022 00:34:09
Episode Cover

A Cultural Shift Defeats The Zero Risk Mentality

Numerous challenges have been aimed at technologies and their security culture, ranging from risk reduction to determining security readiness. The risk profiles are evaluated...

Listen

Episode 2

April 17, 2023 00:34:29
Episode Cover

How Cybersecurity Can Unlock Business Success

Cybersecurity is now a must-have for any business, and it's no longer a matter of if but when a cyberattack will impact its operations....

Listen

Episode

December 30, 2021 00:34:11
Episode Cover

How To Build A Successful Cybersecurity Career

There have been many concepts and information distributed concerning how to build a successful cybersecurity career. Some have had success, while others have left...

Listen