Collaboration & Motivation: Cyber Security Exec Shares Helpful Tips
InfraGard Nat'l. Member Aims To Praise & Empower
On the Aug. 13 episode of VoiceAmerica’s “Task Force 7 Radio,” host George Rettas was joined by Alain Espinosa, Director of Security Operations, Online Business Systems and Member of the Board of Directors for InfraGard National.
Espinosa’s work with InfraGard helps facilitate partnerships between the FBI and the private sector. He also oversees the security operations center (SOC) for Online Business Systems.
Discussing his work with InfraGard, Espinosa kicked off the show by giving a short history of the organization. He said it began in a Cleveland field office in 1996. Shortly thereafter, he said, the government realized both sectors needed the collaboration. By 1998, the program had expanded nationwide. It then took on 16 critical infrastructures and has grown to 57,000 members.
InfraGard members are assigned to one of 80 chapters around the country, all of which are aligned with an FBI field office. As such, members get access to seminars and various programs. Espinosa said there is a lot of activity at the chapter level.
The Many Perks
Further, membership benefits include access to the FBI’s secure managed portal, which provides access to sensitive information that isn’t available to the general public. It’s also vetted, trusted information that’s highly relevant.
Outside of the program perks, members also “develop a relationship with the local FBI,” Espinosa added. “It’s a real person, not just emails, bulletins or alerts. Part of the program is becoming engaged with someone at the ground level at the FBI. So, if something happens at the company, you have someone you can call.”
He continued, saying that the FBI is not a partner to “enforce compliance regulations.” They might aid in investigation, and “look in places you didn’t know to look.” Espinosa said, “They become a partner with you, not an adversary.”
The Three Es
The conversation then turned to leadership style. Espinosa said that he aims to “equip, empower and encourage” as an executive.
“The days are gone of sitting in a cubicle, and simply getting an assignment,” he said. “I’m glad for that.” The cyber security executive added that the role comes down to empowering others and not micromanaging every behavior. He also said he meets with staff, one on one, at least every two weeks.
That management style has not exactly been universally embraced, however. Espinosa said, “In IT and information security, oftentimes you get so focused on the technology, that you lose focus on the people, and investing in them.”
Another critical element of today’s security success: soft skills and communication. The “TF7 Radio” guest said he’s not quite sure that schools are teaching enough soft skills. He called it the “single biggest investment.” He pointed to: communication, presentation and public speaking, among others.
“The differentiator is going to be the soft skills,” he continued. “Can you communicate with the C-level? (You have to) communicate in business, and translate that back to technology.
The show’s guest then gave a bit of a personal history, which touched upon the importance of mentorship. He said he began his career as a bank teller and was lucky enough to land an interview at a small consulting company in New York City. While he had no IT experience, he was forthcoming about his lack of knowledge. The owner complimented his communication skills, thus allowing him to get a start in the industry. Oftentimes, he added, it’s about “seeing in people what they don’t see in themselves.”
Espinosa continued: “It’s about starting at the ground level – schools, teachers, programs… (It also involves) conveying to children that there are, and will be, opportunities for them in technology.”
The featured guest then took some time to discuss the most prominent threats to the enterprise. First, the executive pointed to consumer products, or the Internet of Things (IoT), saying how weaponizing these products could prove undeniably harmful.
The “TF7 Radio” guest also highlighted account hijacking (via social engineering), SIM card takeover, domain name registration and business email compromise (BEC).
On account hijacking, Espinosa said, “I’m surprised how many corporations aren’t using multi-factor authentication (MFA).”
With regard to SIM card takeover, Espinosa said threat actors access wireless carries and utilize phished information to receive or swap SIM cards to access accounts.
For other enterprises, the weak spot could be in the domain name registration – and associated email accounts.
For BEC, Espinosa said sometimes the schemes are so elaborate that the (faulty) transaction appears real. For example, he pointed to a CEO on vacation whose account has been compromised, and as such, the nefarious actor communicates with accounting for a swift wire transfer.
“(However), you can throw all of the tech you want (at the problems),” Espinosa said. “But at the end of the day, what it boils down to is the person in the chair, at the keyboard. And I don’t blame them. They might be the weakest link but I don’t blame them. People are a part of our security posture.”
Outside of security information and event management (SIEM) and the associated data inundation, Espinosa highlighted the basics. “Our approach,” he said, “involves identifying assets and what’s the most meaningful, looking at risk assessments and assigning a risk score.”
Despite security teams’ best efforts, ransomware remains a huge threat to corporations, too. “I don’t think it’s going anywhere, either,” the “TF7 Radio” guest opined. “It’s an easy way to get money out of people, and cripple businesses. It’s a tough one, but it goes back to process.”
He continued: “Lock your door, but be prepared for the break-in.”
The "Task Force 7 Radio" recap is a weekly feature on the Cyber Security Hub.
To listen to this and past episodes of "Task Force 7 Radio," click here.
Connect with Espinosa on LinkedIn, here.
Be Sure To Check Out: Cyber Expert Discusses Risk Assessment, Proper Skillset