Top Job Habits Every Cyber Security Expert Should Adopt: The Top Experts Speak

When it comes to data security, we’re collectively in the mission of keeping information secure. However with the recent Equifax, Yahoo and Disqus data breaches, the role of the cyber security expert is coming into the news. Reports emphasis the need for cyber security professionals in the field, and the lack of individuals currently to fill the job. We’re not here to criticize then, rather we want to help in every way possible to insure their role blooms. To help, we’ve reached out to top cyber security experts in the field to share their view. We asked them to share two important job habits that every cyber security expert should adopt in their workplace. Below you’ll find the responses to the question we posed:

What are two job habits every cyber security expert should adopt?

Top Job Habits Every Cyber Security Expert Should Adopt: The Top Experts Speak

Meet our Panel of Cyber Security Experts:

Bryce AustinChadd Carr
Trave HarmonBrian Smith
Pete StegemeyerMasseh Tahiry
Gregory MorawietzMagnus Nylund
Robert Wood
Pieter VanIperen
Rick Deacon
Holly Zink

BRYCE AUSTIN

Cyber Security Predictions for 2018: The Top Experts Speak

Bryce Austin is the CEO of TCE Strategy and a leading voice on emerging technology and cybersecurity issues. Austin was the CIO and CISO of Wells Fargo Business Payroll Services, and a Senior Group Manager at Target Corporation. Austin has first hand experience of what happens to a business and its employees during a cyber security crisis, as it did to Target because of their 2013/2014 credit card data breach.

Two job habits every cyber security expert should adopt:

  1. Cyber security is a lot like warfare. The enemy is trying new and innovative tactics to breach your defenses all the time. Cyber security experts need to stay informed of new threats every day, both theoretical ones and ones being exploited actively by cyber criminals, and then prioritize their spending on defenses according to the level of risk each vulnerability represents.
  2. Cyber security also requires an understanding that most breaches are caused by uneducated users doing things they shouldn’t or uneducated IT professionals making security decisions they shouldn’t. Small and mid-sized companies are usually breached, because of a lack of cyber security fundamentals. Cyber security experts need to be an evangelist for cyber security best practices every day. It is an essential part of developing a robust cyber security awareness program for their users, and a robust cyber security training plan for the IT professionals in the organization.

 

TRAVE HARMON

Cyber Security Predictions for 2018: The Top Experts Speak

Two job habits every cyber security expert should adopt:

  1. Automate, automate, and automate more. Automate patching, automate, monitoring, automate the security monitoring of your network. Manual scanning is extremely tedious and time-consuming. Make the computer do the work. We have written about this on multiple other platforms that you need to automate your system updates, patching, third-party updates and more. Because we have done this since day one. Issues such as petya and wannacry have never affected us and our clients.
  2. No matter what the system tells you, verify. If your system is telling you everything is fine, verify. Check the firmware manually weekly on switches, access points and devices to make sure that the system is actually performing as advertised. If the manufacturer says it can do something, verify. Do not trust on face value.

 

PETE STEGEMEYER

Cyber Security Predictions for 2018: The Top Experts SpeakPete Stegemeyer is a 2017 BlackHat Scholarship Awardee and Cyber Security Researcher. Stegemeyer currently lives and works in Manhattan.

Two job habits every cyber security expert should adopt:

  1. Paying attention to what is going on in the cyber security world. Always look for new stories, new threats, or new patterns, as well as new technologies and individuals. I try to learn at least one new thing and meet one new person per day and it has given me a much more complete picture of the world and the way it’s changing.
  2. Follow through. Hesitation = Devastation in this industry. Failure to quickly apply updates as they become available leaves you vulnerable to attacks, and failure to follow through with business associates or clients can have equally negative impact. Having a security plan is no good if you don’t stick to it.

 

GREGORY MORAWIETZ

Cyber Security Predictions for 2018: The Top Experts SpeakGregory Morawietz is an IT Security Specialist with over twenty years’ of network and security experience. Morawietz has worked with hundreds of firms on improving IT environments, consulting and integrating technology for the enterprise network.

Two job habits every cyber security expert should adopt:

  1. Keep your knowledge current. Since security is constantly being challenged security experts need to know what the newest technology is, the latest breaches, the latest resolutions, countermeasures, tools, applications, software, remediation, preventative measures etc.
  2. Maintain and understand your security policy. Knowing the right information is one thing, implementing that information into a written policy that  companies can follow is an important skill. Creating, changing, updating and maintaining a security policy is a critical skill.

 

ROBERT WOOD

Cyber Security Predictions for 2018: The Top Experts Speak

Robert Wood is a security technologist, strategic advisor, and speaker. Wood currently leads the Security, Compliance, and Risk initiatives at Nuna, focusing on informing and delivering meaningful change in the healthcare industry to those that need it most. Wood’s personal mission is to help improve the state of cyber security so that it doesn’t negatively impact lives.

Two job habits every cyber security expert should adopt:

  1. People working in this field need to practice empathy towards those not in our field. Since our job is so often geared around helping, guiding, and protecting individuals who aren’t security professionals, we need to practice seeing the world through their eyes to more effectively communicate.
  2. I firmly believe that security professionals need to do more reading and studying outside of the security field as so many problems we encounter have already been solved or may be opportunities for collaboration outside of our silo. Studying outside of our field helps reduce the inevitable groupthink condition that occurs when like-minded people spend too much time working alongside one another.

 

PIETER VANLPEREN

Cyber Security Predictions for 2018: The Top Experts Speak

Pieter VanIperen is a Founding Member of Code Defenders a collective the protects the long tail of the internet, an Adjunct Professor of Secure Code at NYU, a Certified Penetration Testing Engineer (Ethical Hacker) and a Certified Secure Web Application Engineer. Vanlperen has 15 years of of experience as a programmer and security expert.

Two job habits every cyber security expert should adopt:

  1. Adopt education as part of your tool set. Coders in the workforce often learn about cyber security and attack vectors through receiving pen test reports. And often just remediate the issue following the precise steps, but have no understanding of the cause or how the attack vector actually works. As a result they often repeat the same mistakes.
  2. Be transparent in how protected things really are. A lot of information will fly around organizations about the new tools, the new firewall put in place, the new pen tests being performed. But experts need to be transparent to the rest of their community that attack is imminent and every part of the org has to do its job. The newest tool will only help reduce risk, it will not eliminate the threat.

 

RICK DEACON

Cyber Security Predictions for 2018: The Top Experts Speak

Rick Deacon is an ethical hacker with nearly 10 years of experience who started Apozy, a cyber security startup backed by YCombinator.

Two job habits every cyber security expert should adopt:

  1. The first habit an information security professional should adopt is taking an analytics approach to security. Make decisions that move the needle, so to speak. I find that a lot of security spending is done on “feel good” products that produce vanity metrics or create a false sense of agency. Power isn’t key, security is!
  2. The second habit for infosec pros would be to appropriately distribute resources and strive for a quick decision cycle. Even with a small team, you can use time wisely and take the trapdoor approach to decisions. “If I make this decision now, am I stuck?” If the answer is “No.”, make it quickly and use the people around you.

 

HOLLY ZINK

Cyber Security Predictions for 2018: The Top Experts Speak

Holly Zink is a Digital Marketing Associate and Cyber Security Expert for The Powerline Group. The Powerline Group is a data security company that develops a multiple digital security, data recovery, and data aggregation products.

Two job habits every cyber security expert should adopt:

  1. Create Strong, Random Passwords. It’s important to have strong, random passwords online for any accounts or programs you use. Strong passwords are usually about 12-16 characters in length, have no relation to you personally, and have a combination of numbers, symbols, punctuations, and uppers & lowercase letters. Your password, even though strong, should not be repeated and unique to each account. This decreases the likelihood of hackers gaining access to your information.
  2. Constantly Backup Your Information. For any cyber security expert, it is highly important to have your information saved and backed up daily. You do not want to risk losing your personal and client information if something were to happen unexpectedly. The safest way to backup your information is saving it to an external hard drive.

 

CHADD CARR

Cyber Security Predictions for 2018: The Top Experts Speak

Chadd Carr is CTO and Global Lead for Innovation & Strategy at 6massive Holdings, LLP. Carr is responsible for overseeing our Cyber Security Labs. Carr has over 18 years’ experience in cyber security, intelligence, network intrusion investigations, computer forensics, and information operations.

Two job habits every cyber security expert should adopt:

  1. Practice what you preach. Often times, the most security-savvy individuals are the biggest culprits relative to failing to observe proper cyber hygiene. Whether due to elevated risk tolerance stemming from constant exposure in dealing with cyber threats, probability numbness, or simply mental fatigue, sometimes those tasked with securing our valuable data are the largest vulnerability.
  2. Remember your audience and stick to the basics. In today’s highly dynamic environment, it is easy to become over reliant on technology (behavioral analytics, smart intelligence, etc.). Safeguarding data should begin and end with people. Training is perhaps the most referenced, however, under-valued form of cyber security. Cyber security, much like life, requires collaboration.

 

BRIAN SMITH

Cyber Security Predictions for 2018: The Top Experts Speak

Brian Smith has over thirty years of information technology experience with the last fifteen years in information and cyber security in the financial and pharmaceutical industries.

Two job habits every cyber security expert should adopt:

  1. A strong desire to learn, learn and learn some more. In the fast moving area of cyber security, an “expert” cannot rest on their laurels. They must have a constant drive to continue to learn. Cyber security is not an industry or topic that you can learn for a period of time and take a break. There are constant threats being developed and deployed and cyber security countermeasures to mitigate and prevent the threats. By having a mindset of a constant learning continuum, a cyber security expert will be knowledgeable in these threats and countermeasures and what potential options are available to thwart off the threats.
  2. Understand the business and how cyber security is intertwined and how it should minimize the impact to business operations. Managers don’t want to hear how cyber security controls will impede the business from growth. Yes, cyber security controls should be a requirement in every company; however, they should be deployed in the most non-evasive way to minimize the impact to the operations of the organization. This is a difficult challenge because the controls cannot be minimized, otherwise it could allow for a weakness to be exploited.  With the proper cyber security knowledge, due to constant learning, tied to knowledge of the business processes, any cyber security expert should be able to work with the business managers to implement solutions that are a win-win situation – strong cyber security controls that don’t impact business process too much. By creating a win-win situation for the organization and implementing sound cyber security and business processes together, the organization can be successful and use their deployment of cyber security as an organizational selling point to their customers.

 

MASSEH TAHIRY

Cyber Security Predictions for 2018: The Top Experts SpeakToffler Associates is a strategic advisory firm that helps businesses and public entities capitalize on opportunities, build agility, and mitigate risk in an uncertain future. As a strategic advisor, Masseh guides public and commercial organizations in exploring the dynamics of current and future operating environment across related and unrelated domains, industries and markets.

Two job habits every cyber security expert should adopt:

  1. CDig through the micro, but operate at the macro. Cyber security is a complex field and as the world becomes more digitally connected, it’s critical that cyber experts not only truly understand what’s happening at the ground level, but are able to identify and communicate the impacts at the strategic level – across organizations, economies, and consumers.
  2. Talk “cyber” with anyone and everyone. Cyber security has become fairly romanticized, leaving many leaders reluctant to really tackle what it means for their business. It’s important that today’s cyber security expert regularly and proactively shares cyber risk details with those not comfortable talking cyber; taking care to effectively translate the information for accurate understanding of the cyber risk and the associated value proposition.

MAGNUS NYLUND

Cyber Security Predictions for 2018: The Top Experts Speak

With more than 10 years expertise in the CIO and now COO role for Learning Tree International, Magnus Nylund is responsible for establishing Learning Tree’s cyber security best practices, as well as guidance to the curricula we sponsor to teach security professionals how to protect and defend their organization.

Two job habits every cyber security expert should adopt:

  1. Determine and communicate your organization’s policies and procedures – ideally utilizing a best-practice framework, such as NIST.
  2. Plan training for all levels of your organization, not just those with security as part of their job roles. Cybersecurity is everyone’s challenge – from support staff to the C-suite.

Then, your cyber security experts can act on daily, weekly and monthly checkpoints to ensure testing and controls are followed for the best line of defense.

READ MORE IN THE SERIES:

Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak
What Computer Security Experts Wish You Knew: The Top Experts Speak
Cyber Security Predictions for 2018: The Top Experts Speak

Megan Thudium

Megan Thudium

Megan Thudium is a Berlin-based writer with a passion for curating actionable and enlightening content for business leaders. A seasoned author, her latest works encompass topics in travel, business and information security. Follow Megan on twitter @megan_thudium.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *