How Awareness, Attention Can Improve Cyber Security

Building Cyber Momentum During 'Awareness Month'




Awareness Month

October is Cyber Security Month, and I’m writing this on a plane returning home from the AT&T Business Summit in Grapevine, Texas, where I spoke about diversity and inclusion in the space. One of the most important conversations I had at the conference wasn’t as a panelist alongside global thought leaders, but rather with Rosa at the AT&T Stadium. Rosa, a Latina dental assistant, was working nights at the stadium. She approached me – as no one had told her what the conference was about, and she was curious.

One of my talking points in the past year has been from the Kaspersky study that showed that most young people hadn’t met someone who worked in cyber security and that “63% of women think more positively about cyber security after meeting someone who works in the sector.”

Besides working nights, I learned in my fifteen-minute conversation that Rosa volunteers at an elementary school. She’d met no one who worked in cyber security, and the kids she worked with hadn’t considered it as a career option. They wanted to be rappers, they wanted to be marine biologists; they didn’t know there was a high-paying position called “security operations center analyst.”

See Related: Benchmarking Efforts Heighten Visibility, Improve Internal Comm.

(L-r) Belinda Rodriguez, Vice President, Human Resources, AT&T Communications, Corey Anthony, Chief Diversity Officer, AT&T Services and Kayne McGladrey, Director of Security and IT, Pensar Development. Photo courtesy of Kayne McGladrey.

It’s imperative that cyber security professionals take these opportunities in our communities when they arise, even if it’s inconvenient. Stop what you’re doing and take the time to talk to people about what you do in plain language. Let them ask questions. Their questions will surprise you, but the results will surprise you more. Unless something changes, we’re at a point where there will be millions of cyber security jobs going unfilled for the foreseeable future. We can no longer afford to be an exclusive club that requires that you live in one of the right zip codes and have the right four-year degree to get in. By taking the time to talk to those in our communities, we will help encourage them to consider cyber security as a future career option.

Except for highly specialized fields, people can plan on changing careers every five to seven years. Cyber security vendors have a faster pace, releasing new products every year. We need to keep those two realities in mind if we’re asked to contribute to, or write a job description for, a new cyber security position in our organization.

Too often, cyber security job listings focus on the tools in use at the time of writing, and it’s highly unlikely that your organization will find a candidate who’s used your exact blend of tools. Recognize that tools are a means to an end and that they will get replaced, but the goals will not change. If  your organization is using a specific intrusion detection/intrusion prevention system, the goal is not to use the tool well. Rather, the goal is to detect and prevent threat actors from gaining persistent presence on your computing infrastructure.

See Related: Budgetary Foresight: 3 Essential Cyber Security Programs For 2019

Rephrasing job descriptions in cyber security around outcomes rather than specific technologies helps to attract a wider number of potential employees, too. Multiple studies have shown that women will apply for jobs only if they meet all the listed requirements, where men will apply even if they do not.

Finally, it’s important to understand that meaningful change starts at home. Maybe you don’t like talking to strangers about work, and you don’t get asked to help with job descriptions. If you’re so fortunate to be a part of a child’s life, get them involved. This is easier than it sounds.

My partner and I have kids. Our teenage son has an interest in fraud and scams after watching a James Veitch video on YouTube. I asked him to send me examples of scams as he sees them, and this summer he sent me several suspicious-looking phishing emails and websites about Fortnite. Our daughter has a paid internship with me based on her asking me about my livelihood. For $5 a week, she now posts two tweets for me per day, each tweet combining a cyber security statistic with an image. These tweets are often my highest-performing content on any day.

A side benefit of getting kids and teenagers involved is getting additional perspective. Our daughter periodically asks me for help in understanding why a statistic is important, which forces me to think through how to contextualize the data. I’m often surprised at how quickly our son identifies what makes a website suspicious and have incorporated at least one of his techniques when talking to adults about phishing.

None of these changes require more than a few minutes of our time as cyber security practitioners. Starting this October, commit to making one small change that’ll have long-term benefits for all of us.

**********

National Cyber Security Awareness Month (NCSAM) has been observed every October since 2004. It’s sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security and the National Cyber Security Alliance (NCSA). A major component of the initiative is to bring attention to computer usage in its entirety – and remind users to remain vigilant on the web.

Be Sure To Check Out: Two Easy Steps To Reduce And Detect Threats In A Cloud Environment