[01:00] Why don’t people want to get into cybersecurity?

People like the idea of cybersecurity because it’s a hot topic. That’s not a bad thing, because it needs to be. It’s not thrilling work all the time. Once you go through some audits, you understand it isn’t all that it seems. One of the biggest things I tell people when they want to get into this line of work is that you’re not going to be chasing someone across the screen with black and green numbers falling everywhere like you’re in The Matrix. That doesn’t happen.

[04:40] We talked before the recording about security and why it needs to be more people than tech-based. Can you speak to that?

That’s what security has to boil down to. Tech will evolve, and it will evolve to poke holes in the current tech, and people will catch that. There’s always going to be a hacker looking for ways in and the psychology side needs to be focused on more. 

[06:40] How did you get started and where are you now?

The mindset of “here are my walls and I want to defend that” has always been my interest. I have a protective mindset and a natural affinity for computers, so it seemed a natural fit.

[09:40] Back in the day, people didn’t take IT seriously. No one said you can do this for a living. What are your thoughts on that?

You have to have balance. In the 80s, everyone pushed to get degrees hard, and now we are lacking tradespeople, so the pendulum is swinging back that way. In security, you are seeing a dearth of talent. When it comes to the service industry side and how we treat those we see as subordinate, there’s a tendency to treat them as less than. Because of that, we have created the problems that we see in the service industry as a result. In security we don’t have a talent gap, we have problems with people communicating roles. Hiring managers don’t know what tech people need.

[19:04] When it comes to security, what’s your biggest frustration or concern?

Hiring. You need to establish a rapport, and it takes a kind of salesman mentality. It helps to overcome barriers and obstacles. Everyone is a salesman to some extent. Everyone is a customer. That’s why we have to own our treatment of other people. Treat them like humans instead of money-makers.

[35:36] Let’s discuss cybercrime and workplace crime.

Anyone can be caught out. If people are in a rush and it looks real enough, anyone can fall for a phishing email. People need education on how to spot these things.

When I was in college a class, I ended up in a discussion about the top 3 reasons people steal from their workplace. One is getting paid below-average wages. Paying your people is a top priority. Next is defining parameters and roles. The third is providing opportunities for theft. You need boundaries and separation of duty; you need checks and balances. One person shouldn’t have all the control.

[38:22] What are the things someone should have in a security policy?

You need a complex password policy. You need a separation of responsibility and duty. You also need multi-factor authentication. Preventative maintenance is necessary, so performance reviews also need to happen. People need to know where they stand in the company and what can be improved. You need to engage your workers.

[53:30] Let’s talk about security conspiracies. For starters, could Russian hackers shut off our electricity?

It’s possible. Universities don’t have studies and programs surrounding infrastructure protection if it isn’t possible. Secondly, we like things being networked together. Vulnerabilities exist. Look at the natural gas pipeline situation in Georgia last year. It can happen. It’s not a matter of if, it’s a matter of when.