- Security TWENTY
- Women in Security
With over 20 years of experience in IT and cybersecurity, I’ve realized that certain traits will help one succeed in their career. These traits are not the be-all and end-all of characteristics, but having these will make your work environment and career much more enjoyable, writes James McQuiggan of the security awareness training company KnowBe4.
I recently enjoyed listening to the Bob Iger audiobook about his time as CEO at The Walt Disney Company. He outlined nine items that he called Bob’s advice, which focused on his strength of leadership. I took a lot away from this advice and massaged it for guidance in the cybersecurity industry for newcomers and veterans alike.
Integrity plays a key role in the cybersecurity methodology given that confidentiality and availability are two industry pillars. We describe integrity as having strong morals, which I’ve learned is how you act when you’re not being watched or observed. You must be true to yourself and the people you work with each day, especially in the cybersecurity industry.
There is a saying in photography that you need to take 10,000 pictures before you get a high quality image. In cybersecurity, we don’t expect to receive 10,000 cyber attacks to prevent future attacks. We know that security is never one hundred percent, as it’s about managing risk and reducing the opportunities for attack or exploitation. While it’s frustrating to have a target that we cannot reach, this is one of those things in life that, as we work towards it, we can improve.
As a photographer, I’ve had dozens of over-exposed or under-exposed images. These are my photography mistakes. I examine what I did wrong and make sure to check the settings the next time. In cybersecurity, we see daily cyber attacks, including ransomware and data leaks. The idea is to have the awareness to understand why these organizations were impacted and to learn from it. Yes, mistakes were made within their organization. Whether it was one person who clicked on a link or a department that avoided mitigating a risk that allowed an attacker to gain access via an unpatched server or misconfigured firewall, mistakes are going to be made. What’s important is that we all must learn from them and avoid making the same mistakes again.
Now, at the same time, we will see these large and small organizations get hit by a cyber attack. Rather than scold them, we also must understand that we don’t honestly know their situation. It’s essential to be fair and give second chances for honest mistakes. Conducting a postmortem to learn from mistakes and to demonstrate to the industry how to avoid it is also key. Recently, there was a security company that was impacted by a phishing email with a loss of PII. This organization then shared the indicators of compromise with the world, so everyone could learn from and understand the attack. It’s okay to make mistakes; learn from them.
Sometimes arrangements provide the opportunity to take a few days, others require a few hours, but some involve making quick decisions that can have significant impacts on an organization. Whether it’s deciding to get engaged, what to cook for dinner, or how to prevent the malware from spreading within your organization, you have to make the best decision based on the available information.
In one of my previous roles, I developed an incident response plan for the division relating to our electronic products. Our incident response plan needed to be able to support our customer’s program. At the same time, it needed to support quick responses, but it could also take several days to assist. Having the necessary communication plans, actionable and repeatable procedures for isolating the incident and recovery options are needed to make the proper decision at the appropriate time effectively.
Along with embracing mistakes, is the need for radical transparency when it comes to your work and actions. Both Stu Sjouwerman, CEO of KnowBe4, and Marc Benioff, founder and CEO of Salesforce, promote transparency related to your objectives, results, and work.
Transparency is a two-way street between your leadership and employees. Whether you are a leader or an employee, it’s essential to have open communication and help the employees understand the vision and goals for the organization. It’s important to understand these concepts in the work environment, but with everything you do in life. Having this trait allows people to be empowered because they are helping towards the end goal. It’s a strong trait in human nature to want to have the feeling of contributing significantly to a team when the company is successful.
As we grow up as children, we are always interested in and learning about the world around us. We are sponges soaking it all up. Getting through elementary school, high school, and college, we are continually learning. Working in the cybersecurity industry, we want to be continually learning. When I got into computers, I learned how to build them, and I taught myself how to program webpages (HTML), then it was databases, networking, security (okay, you see how the story goes). People enter the industry and are curious about cybersecurity and think red teaming or pentesting, but in actuality, you want to try everything you can get your hands on. Create your Virtual Machine (VM) lab at home with Linux and Windows Operating Systems. Install a firewall and learn the various free tools in Kali Linux. Be curious about all things cyber to discover where your passion lies and follow that. It may not be apparent right away, but trying different aspects provides you the opportunity to learn more about cybersecurity overall before settling on a decision.