C-Suite Network™

Categories
Growth Management Personal Development Technology

The Secret to Hiring Cybersecurity Professionals

I have had a successful career in Cybersecurity since 2005 when we called it Information Security. Ironically, my background should never have landed me the job, but it revealed an important hiring secret: Sometimes the best person for a cybersecurity position is not a cybersecurity professional.

I know that sounds paradoxical and confusing so let me explain. With the proliferation of job titles and educational programs with the word cybersecurity in them, it might make hiring managers think they need to hire someone with cybersecurity experience, and that is understandable. However, as we keep hearing that there are more jobs than qualified employees, the gap is going to continue and grow, and there is not enough diversity in the field, alternatives become necessary.

Therefore, instead of searching for the perfect cybersecurity employee with a very specific skill set, technical background, knowledge of one particular tool, set of certifications, degree, and many years of experience, look to the less obvious source to hire your next cybersecurity employee – the artist, the accountant, the liberal arts major, the writer, the veteran, or the gamer (to name a few). Here’s why.

Cybersecurity professionals are creative problem solvers, enjoy tinkering with new tools, and like connecting the dots or solving puzzles. They need to be strong leaders and proficient writers. Depending on the role, they may need to enjoy solitude or thrive in chaos. They are good communicators, team players, and dreamers.

My success in this field is because someone gave me a chance when I had no relevant experience. They needed my skill set as an auditor and gave me the opportunity to learn on the job, which I did with their help. The guys I worked with started me off slowly and then started to give me more and more responsibility. They saw that I would ask questions and that I could take what I was learning and use it. Before long I was on client sites alone, traveling internationally and given a lot of responsibility. If it were not for these guys who took a chance on me 13 years ago I don’t know what my career would look like today. I am forever grateful to them and why I have some recommendations for hiring your next cybersecurity employee.

My Top 5 Recommendations for Hiring Your Next Cybersecurity Employee

1. Know the underlying skills needed for the position. Many cybersecurity positions require lots of writing and documentation, sometimes for non-technical audiences. You may find an excellent candidate with a journalism degree or background in technical writing. You may just find that it is easier to teach a good writer about security than teach an IT or security expert how to write and it may offer more qualified candidates for the position.

2. Determine if the role require lots of solitary work like looking at monitors or analyzing log files. You want someone who enjoys the solitude of this type of work and also enjoys puzzles. People who can spend hours alone working on puzzles, crosswords, games, or other brain teasers are well suited for this type of work because they enjoy solving problems and thrive working alone. You will teach them what puzzle they are trying to solve and they will get busy solving them. This may be more challenging to identify in a traditional resume, make it part of the hiring questions or job description where applicable.

3. Know if chaos at the heart of the position. Depending on the role it may involve a lot of chaos like lots of moving parts, threats, cyber attackers, high visibility, high expectations, and competing priorities amongst the business executives and board of directors. Working well or even thriving in chaos takes a special individual; it’s not for everyone and you can’t teach it. Look at military veterans, former police officers, and people who have held positions where chaos was their daily norm, even if outside of IT and security.

4. Understand the amount of technical knowledge necessary. Many roles today are for compliance and a strong auditor could be a great fit, even if they don’t have a strong technical background. Auditors are skilled at learning new topics very quickly and analyzing information to determine deficiencies and gaps. When you give a strong auditor the information they need and the tests to perform they will pick the rest up quickly and learn on the job.

5. Consider on the job training. This will allow you to bring in more entry level employees with less cybersecurity or technical experience at a lower cost and train them with the tools and information that is important to your organization. With the right training and mentorship these entry level employees will thrive and grow into your next generation of leaders.

The traits I’ve listed above are those you need to consider whether you are bringing in someone with previous experience or whether you are looking to diversify and bring in raw talent. There are many qualified employees who will make excellent cybersecurity professionals if given the opportunity and they are hungry to learn and be part of this exciting field. All they need is the chance, a mentor, some training, and the opportunity to learn and grow in the field.

My Top 5 Don’ts for Hiring Your Next Cybersecurity Employee

1. Don’t assume someone with a long list of certifications is a good at security or good in the role you are looking to place them in. Many people can pass a certification, but that does not automatically mean they are right for the job. Does the job require skills that someone who passed the exam would have over someone without the certification? Plus you don’t know how many times they took the test before they passed. The person who finishes last in medical school is still called Doctor. Don’t assume a certification means they are a good fit for the job or that the job needs someone certified, be specific as to why the certification matters before making it a requirement.

2. Don’t dismiss candidates because they don’t have certifications. Yes, this is the opposite of number one, but just as important. I did not have any certifications when I was introduced to this industry. Some certifications require years of experience to get and you will miss out on some great employees if you set the bar for entry unnecessarily high with certification requirements.

3. Don’t assume that people with strong IT backgrounds make good security professionals. IT professionals may not know security just like security professionals may not be technically proficient. While most of what a cybersecurity employee does has to do with technology, it is not all about technology. Make sure that an IT professionals is being considered because they are a good match for the underlying needs of the position and not just because they have IT skills. If they fit into the category of being well suited for the needs of the position and can learn security on the job like the auditor, journalist, or artist we’ve mentioned before than of course they make a great candidate too.

4. Don’t write the job description so specifically or narrowly that only a few people in the world could match it. This is especially true if you are looking for more of a junior role. When you combine a desire for lots of experience with knowledge on very specific tools, and think that someone in your geographic area is going to be a fit, it could take a long time to fill the position. Go to #1 on the Do list instead.

5. Don’t dismiss the importance of soft skills. The best cybersecurity professionals have strong soft skills like communication, writing, and diplomacy. These positions are often in front of executives and other business leaders and require the ability to communicate in language that everyone will understand and in a way that will build relationships, not be adversarial.

Candidates with cybersecurity experience are great and you should definitely consider them as long as they fit the specific needs of the position, not just because of their general experience, education, or credentials. If you are hiring for a senior position or a consultant who will be out advising clients on topics of security, of course you need and want experienced employees; just make sure they are the right employee so that you and they have a long and happy working relationship together.

If you want to discuss hiring for cybersecurity, building teams, or cybersecurity strategy, email sharon@c-suiteresults.com.

Sharon is an information/cyber security veteran who has been helping clients navigate security and compliance challenges since 2005. She currently works as a Virtual Chief Information Security Officer (vCISO) for small to medium sized clients who don’t have their own CISO or security department. Sharon received her Masters in Forensic Science, High Technology Crimes Investigations from The George Washington University and currently is a Certified Information Systems Security Professional (CISSP).

Categories
Best Practices Culture Growth Health and Wellness Leadership Skills Technology

Your Privacy in the Wake of the Facebook Cambridge Analytica Scandal

While Facebook’s Cambridge Analytica scandal continues to play out,  one of the big “AHA” moments has been the discovery of the amount of information that Facebook has captured on it’s users. 

The fact that Facebook captures data on users is not really a surprise, but the breadth of data captured was stunning to many, as were the lax safeguards in place to protect that data.  The scope of Facebook’s data collection is still a bit of an unknown, as we haven’t learned of additional data captured by Instagram and What’sApp, both of which are owned by Facebook.    Facebook’s empire is a data collection machine that powers the marketing campaigns of business around the world.

And Facebook is not the only data collection machine.  Most tech companies collect data for marketing purposes, and privacy and data protection varies on each..  Google collects data  via search, Gmail, maps and Google applications.  But also captures data via Android phones, Waze driving applications, and it’s Nest home automation subsidiary.  

So what are we supposed to do?  Unless you are willing to completely abandon the digital world, you have to accept that privacy is elusive online.  But there are few things you can do to minimize the amount data collected and the accessibility of that data .  Here are a few tips that could help:

Be aware of the information available on you and adjust your privacy settings accordingly.   Both Google and Facebook will let you see a good portion of the information they collect on you.  It doesn’t cover all of the data collected from related businesses, but it is still helpful.  For example, I found out that Google knew the 10 different cities that I lived in my life, and was making that information publicly available.  While I couldn’t delete the information, I could make it private. 

Close unused social media accounts.  Many of us have tried new networks, but ultimately abandoned them.  Despite our neglect, your information is still out there.  Use justdeleteme to jog your memory and delete as many old accounts as you can.  Some do not make it easy. 

Don’t use Facebook’s or Google’s single sign on for other services.    When you start using a new service or retailer and are asked to “create an account”, many will ask if you want to login via Google or Facebook.  While it is convenient and one less password to remember, this service also allows Google and Facebook to track everything you buy with that retailer. 

Don’t use third party applications on Facebook.  Those cute quizzes and other entertainment might be fun, but they are also data collections devices.  These are the type of applications that supplied the data for Cambridge Analytica.  Some applications just collect data, but some require that you submit personal information that is often the subject of commonly used security questions.   Don’t play along.  The fun is not worth the risk. 

Delete unused applications on your phone, desktop and other devices.   Many of us constantly add new applications, but are less diligent about deleting old ones.  Applications collect a lot of data, even when they are not being used.  So if you have not used an application in a while, delete it.  I purge applications every six months, and end up deleting more than half the applications on my phone.   

While digital privacy remains elusive, you can take action to minimize the breadth of personal information out there.  Take control!

Categories
Best Practices Growth Management Personal Development Technology

What Cybersecurity Professionals Forget to Tell You

As a cybersecurity consultant and advisor, I often forget that my clients and those of you who are out there running your businesses don’t think about cybersecurity the way I do and that’s fair I don’t think about your industry the way you probably do. We all have our “thing” that we do really well and we forget that others don’t see our “thing” the same way.

Often cybersecurity professionals use FUD….Fear, Uncertainty, and Doubt to explain why cybersecurity is important and tactics such as listing lots of statistics on all the breaches, after which they will conclude, “It’s not ifyou’re breached, but when”, and make you wonder whether you’ve done enough.

What we have forgotten to tell you is that cybersecurity is actually a strategy you can use as a competitive advantage within your industry. It is part of running a successful and influential business. By implementing cybersecurity in a strategic way, you can reduce risks that can cost you more later, become more competitive, and improve your bottom line.

Brand loyalty is not what it used to be (unless your Apple or Android where there’s a fight to watch between loyalists). Consumers want to do business with those who want what is best for them and they will leave very quickly if they feel you don’t care about them. They want you to protect them and be willing and able to protect their information. In the case of many new products consumers need you to protect their physical well-being and in some cases their lives. Whether your product can track their location, their information, their privacy, or physically harm them if not developed correctly, your customers need your help. The more you can show you are doing the right things the more loyal your customers will be.

Maybe you don’t sell to consumers and are not concerned about brand loyalty from that perspective. If instead you sell a service to other businesses or to the government, cybersecurity may be the competitive advantage you are looking for. Many industries and any government contract will require their business partners, vendors, and service providers have a cybersecurity program to protect connections and data. If a potential business customer comes to you with a contract that would be great for your bottom line and says “we can do business with you if you can provide information and attestation regarding these 200 security questions”, I guarantee it will be much more fun if you can easily say yes and get that business. I constantly recommend to my clients when they are on the search for new business partners and vendors to have a due diligence process and only contract with those who can show they have implemented compliance and/or security programs. It is much easier to put the program in place before the contract shows up.

Other benefits include teaching your employees good security practices at work, which not only protects your organization, but also helps them stay safe at home too. When you care about your employees and teach them how to protect themselves you can add a level of employee loyalty. Not to mention it’s also being a great corporate citizen for your community.

If customer loyalty, new contracts, and being a great corporate citizen doesn’t resonate with you, then maybe improved stakeholder confidence is what you’re looking for. I’m not a stock market wiz, but last time I checked stock price valuation has a lot to do with confidence and when your customers and employees are confident in your organization and product, your stock price should reflect this.

That was the short discussion I wanted to have when I realized that we have forgotten to share all the good reasons to implement cybersecurity.

If you want to continue the conversation or have specific cybersecurity questions reach out via email to sharon@c-suiteresults.com. I’m happy to discuss stagey and options for improving your cybersecurity posture.

Categories
Marketing Personal Development Technology

The Most Powerful AI Needs Human Judgement

I grow weary of reading the simplistic headlines around the impact of AI. Some people say that AI will put many of us into a new leisure class that doesn’t need to work. Others argue that AI will make us all unemployed. They are both saying the same thing, actually, so it is just a personality test to divide optimists from pessimists. But there is no technology that in the past had that kind of impact, so why is this one different? It probably isn’t.

What is much more likely is that as machines do more, we humans will do something else. Something machines can’t do yet. That’s the way it has always been, so I think that is the way to bet.

What fuels my belief that this is true is that the most powerful AI we see today depends on human judgement. No, I don’t mean the highly-paid data scientists and AI engineers that are all the rage these days. Sure, they are important, but I am talking about ordinary people doing ordinary jobs using judgement that computers just don’t have. This technique is called semi-supervised machine learning or active learning.

Here is how it works. Supervised machine learning is what most AI applications use. They need human judgement, too. But they use it only at the beginning. They ask humans to tell the system the right answer to a question–for example, whether a tweet has positive or negative sentiment. You pile up enough tweets with human answers and use that to train the AI system. So, far, so good. But that is where most systems stop.

The most powerful systems keep getting better, using semi-supervised machine learning. The secret is something called the confidence score. Most AI systems can do more than just answer the question. Beyond telling you that they think this tweet is positive or that tweet is negative, they can tell you how confident they are in that opinion. So, the system might be 90% confident that this tweet is positive and just 60% confident that another tweet is negative.  This provides some interesting possibilities for semi-supervision.

You can set up your system so that your system handles automatically any tweet with over 70% confidence. If it is that sure of itself, let it provide that answer on its own. But if it is less than 70% confident, you can refer that tweet to a human being to check its answer. Is that tweet negative–the one with 60% confidence? Checking the answers the system isn’t sure of is semi-supervision, and it has two benefits. The first is that the system is more likely to get the answers right if it can ask a human to check its work.

The second benefit is that each new human answer is new training data that the system can use to improve its model. By constantly asking for help with the answers it is least sure of, the system is improving itself as rapidly as possible. You can add more training data at any time to any machine learning system, but if your new training data is merely adding more examples of what the system is already doing well, it doesn’t cause any improvement. Only by adding new training data in the areas that the system is getting wrong does improvement happen.

So, yes, machine learning is very important. But semi-supervised machine learning is what provides that most rapid way of continuously improving your machine learning application. If your team isn’t using that approach, it might be time to ask why not.

Categories
Culture Growth Management Personal Development Technology

Hackers are Your Friend

I get a lot of inspiration from reading articles, posts and conversations on LinkedIn about my field, Cybersecurity. Recently, a fellow security professional and friend posted an important correction regarding the use of the term “hackers” and how he is tired of the term being used negatively, since he considers himself a hacker and is by no means a bad guy. That made me realize that the term hacker gets thrown around in a way that paints all hackers with the same brush stroke.

Thanks to the media, news, television, and movies, a hacker is typically depicted as a young man in a hoodie sitting in his basement (or his parents basement) or some dark corner of the globe punching away at a keyboard and effortlessly doing nefarious things like stealing identities, credit cards, intellectual property, and basically wreaking havoc.

The PSA I’m sharing today is that, in reality, that is the picture of a cyber-criminal. Hackers, like my friend and many security professionals I know, are the good guys and gals that walk amongst us every day with no intent to do harm.

These “good” hackers are security professionals hired to secure organizations and government networks by legally and with permission attempting to break in and identify their weaknesses so they can be fixed before an attacker or criminal does the same. These professionals are often known as penetration testers, and in some organizations, especially the government, they are known as the Red Team. They are trained and skilled at doing what is shown on television as something evil. There is even a certification called Certified Ethical Hacker.

On the other hand, people who break into networks and systems without permission, gain unauthorized access, steal information, and in some cases make the data unusable to the organization are criminals. You can call them criminals, cyber-criminals, attackers, or cyber attackers if you want to be accurate but calling them a hacker makes it sound like all hackers are evil when in reality there are so many hackers who are security professionals trying to help protect organizations through their skills of hacking.

The criminal and the security professional use the same techniques, same tools, and same knowledge, but they have different agendas. The intent behind their action is completely different.

The next time you post or talk about hackers, be clear who you are talking about. Are you referring to criminals and if so be clear about that and differentiate between those who are nefarious and out to do harm from those who are there to serve and protect.

If you want to learn a lot from a good hacker that I admire greatly, follow Chris Roberts on LinkedIn.

If you want to talk about having a Certified Ethical Hacker or cybersecurity professional help you ensure you are doing what it takes to keep the cyber attackers out email me at sharon@c-suiteresults.com.

Categories
Growth Leadership Personal Development Technology

Social Media Is Dead! Long Live Blockchain Social Media!

Something is rotten in the land of social media.  The current behemoth social networks are tearing our country apart, while making money hand over fist.  Even technology executives won’t allow their kids on social networks.    For the first time since 2012, Facebook just reported a decline in daily visitors in the US and Canada.  Inc. wrote that the big social networks “are centralized in every way, decide what you will see and not see through their algorithms, and completely lack transparency. This sounds like something ripe for disruption.”  Queue the rise of blockchain social networks.

Many have heard of blockchain’s application in crypto-currencies, but the technology is now being applied in a variety of industries from financial services to pharmaceuticals.  It has already been tested in voting applications, and could allay voter fraud concerns while generating higher voter turnout.  Social media is one of those nascent blockchain applications.

Why are these new networks different from Facebook and the other large players?  Users of the traditional networks consist of a few content creators and many lurkers.   With few exceptions, there is little incentive to create great content.    The traditional networks monetize the content created by users and sell advertising against the eyeballs it generates. Stealing a page from Reddit, blockchain social networks reward content creators for creating great content.  Users decide what is great content. There are no algorithms.

Content creators and active participants are rewarded with some form of cryptocurrency and the rewards structures are relatively easy to understand.  And, as of yet, they have no advertising.  Consequently, they create a more engaging environment with active contributions from the people you actually want to hear from.

Numerous blockchain social networks have launched over the last year.  Steemit squarely competes with Facebook and Instagram, and its video platform could take on YouTube.   It is the largest blockchain network and will soon have over a million users.  It rewards creators and active users with Steem Power and its proprietary Steem cryptocurrency that can be exchanged for popular cryptocurrencies like Bitcoin and Etherieum (https://www.ethereum.org).

Twenty-one-year old Sven Lucas earned $4,000 by posting in his free time. While this is nothing compared to professional YouTube contributors, it is a significant incentive for casual users who earn nothing on the big networks.  He writes that he is “sticking around for the great content.”

Indorse is still in Alpha and is aimed squarely at LinkedIn.  It promises an authentic presentation of skills without the fake endorsements that plague LinkedIn.

So how will this impact the big social networks?  Some of the emerging blockchain networks will certainly be swallowed by the big guys, as Facebook acquired Instagram and WhatsApp.    All of the big networks are already experimenting with blockchain applications and will liberally copy successful features of the blockchain networks.   They will experiment with greater rewards for content creators.  But given their advertising model and huge scale, it is doubtful they could reward all contributors and active participants.

But they may not have to, as the blockchain social networks may be forced to meet them in the middle. As the new networks grow, they will have to figure out a revenue model to keep the lights on, reward content creators, and generate a return for their investors.  Brand marketing will likely play a role.  These new networks will have to balance their need for revenue with the needs of users, many of whom could be fleeing traditional networks because of privacy concerns and intrusive marketing.

But the ripple effects of blockchain social media could extend far beyond their initial impact on the big social networks.   Apple’s current business includes an ecosystem of devices, iTunes, applications and more.  It has disrupted several industries.  But Apple’s business started with the Mac, which made computing easier.  Amazon started by disrupting the book business, but has since built an entire ecosystem that is disrupting the grocery and health care businesses.

Successful blockchain social networks will foster similar ecosystems built on cryptocurrency and blockchain technologies. Cryptocurrencies and their underlying technology are complex and difficult to understand.  The simple rewards of these new networks provide incentives for cryptocurrency adoption beyond cryptocurrency and blockchain enthusiasts, which will foster business extensions.  The current plethora of blockchain start-ups, will explode as these networks take off.   Disruption of the big social networks may be an immediate effect of blockchain social networks, but, longer term, disruptions will ripple into other industries as these start-ups gain traction.

As is often the case when new players disrupt the marketplace, the big winner is the consumer.  They will see a more rewarding social media experience. This rewarding experience will ripple out to other industries as well.  Traditional social media may be waning, but blockchain social media is alive and well.

Grisdale Advisors helps current and aspiring C-Suite Executives build a powerful and influential social media presence, which helps their companies, their employees, their communities and themselves.  Contact us here  If you would like to subscribe to the monthly Grisdale Mail, click here.   

Categories
Best Practices Entrepreneurship Health and Wellness Human Resources Management Marketing Technology

The Millennial Attention Gap

Maybe my favorite generation is the millennials. I love their insights and ability to change quickly … and they can also learn from generations before them. So, I was excited when I recently watched the movie, The Intern, about a Baby Boomer going to work for a young, hip start-up company. This company was very successful, full of bright ideas and innovative ways to succeed. Initially, they looked as though they thrived in chaos, when in fact, they were suffering from the very methods that made them successful.

While the movie was a light-hearted comedy about an older generation fitting into a Millennial mindset, I couldn’t help but notice the number of mistakes the young professionals made because of information overload, a barrage of interruptions, and an obsessive need to multitask leading to a frantically fast paced life. They worked together for hours on end yet knew little about each other. They celebrated professional success while suffering personal losses in relationships at home.

The movie was fiction. The situation was reality.

Millennials weren’t the age of technological discoveries. They were born into the technological age we created. They never knew life before the internet, texting, streaming and social media. Before most of them could walk, they could operate an iPhone. Many of them watched their first programs streaming from their parents’ devices while sitting in a restaurant for dinner. As the Millennials grew up, they formed new languages ripe with acronyms as they felt there was no time, or need, to write in full, complete sentences.  Now that this generation has aged and entered the workplace, they struggle to turn their attention from devices and into real relationships that communicate openly, thoroughly and effectively.

At one point in the movie, a younger employee approached the Baby Boomer to ask for relationship advice. He admitted to having messed up with his girlfriend, and he failed to see how his attempts to mend the relationship were unsuccessful. He said he sent a “ton of text messages” – to which she never responded – and a “super long email” laced with acronyms and emojis. At which point the Baby Boomer simply suggested that he talk to her face-to-face. Guess what? The advice worked.

Now let’s hop over to real life.

How often do you, or Millennials in your life, attempt to communicate with others in this fashion? With phones buzzing, emails flying, and alerts binging, it’s no wonder we miss the connection. What if we encouraged Millennials to pay attention to relationships, not technology, and to address others in a real-time conversation, saving time and confusion from back and forth digital dialogue. Imagine the time we could save if we would focus on our relationships and began paying attention to what matters most.

Another hysterical scene in the movie came when the young CEO inadvertently sent her mom an email not intended for her to read. Watching these characters go to great lengths to undo a digital mistake made was a riot! I couldn’t help but consider the number of times we have all been guilty of hitting ‘send’ on a message not intended for the receiver, and the following countless hours/days/weeks/months/years we spent trying to recover from our lack of attention to detail. The Millennial boss was moving at such a fast rate of speed, dealing with one distraction after another, she almost risked a vital relationship in her life as a result. Ever been guilty of doing the same?

We have an opportunity to lead by example for Millennials and other future generations. We can show them how to slow down and pay attention to details. We can demonstrate how to step away from gadgets and build relational bridges with peers, employees, spouses and friends. Our time spent before the digital age could enlighten them on advantages that came with it.

Can you become like the Baby Boomer in the movie? Can you mentor young professionals and encourage them to invest in sincere relationships – getting to know each other on a deeper level? Can you lead by example by focusing on one task at a time, saying ‘no’ to distractions that lead to mistakes? Will you demonstrate what it means to stop living a ‘crazy busy’ life and start paying attention to what matters most?

Categories
Marketing Personal Development Technology

Why You Shouldn’t Be Aiming for Viral Marketing

Viral marketing seems like the business success a marketer can strive for–your message is out there, and everyone is sharing it. What could be better? Well, a lot, actually, because going viral says a lot about how many people see your message, but not a whole lot about how many people are buying your product.

Some of you might remember the feel-good stories or days gone by, such as Blendtec, that great blender whose messages went viral when they pulverized an iPod with that powerful little motor. And that viral marketing definitely led to sales–huge increases, in fact. So, why am I so down on viral marketing? A few reasons:

  • You’re not so unique. Nowadays, there is way more content vying for attention. The possibility of any marketer breaking through the way Blendtec did is much less than it was.

 

  • Facebook makes it hard. Facebook used to show any content–now it suppresses marketing content in the free feed to make you pay them for ads.

 

  • You’re not looking for everyone. This is probably the most important reason. If you’re Coca-Cola, then maybe viral is great, because your target market is anyone with a neck. But you’re probably not.

But the biggest reason that viral marketing doesn’t work, is that even if it goes viral, it doesn’t persuade anyone to buy. The best thing about those old Blendtec videos were that they showed off their differentiation. If it can obliterate an iPod, you can bet it won’t leave any lumps in your smoothies. But most viral attempts focus solely on sharing and reach and not at all on persuading all those people that they reach.

Focus on reaching the right people instead of all the people. Maybe that finally give you the boost in sales you really need.

Categories
Best Practices Growth Management Personal Development Technology

Cybersecurity Checkup

Most people understand that going to the doctor and dentist on a regular basis is good preventive practice for their health. Getting your teeth cleaned and x rayed can help prevent future damage, and getting regular blood work and physical exams can catch issues before they become serious.

The same is true for your technology and business practices around cybersecurity. Regular checkups and exams are necessary for the basic health of your systems and to prevent more serious problems later. Knowing early on if there is an issue that needs to be fixed can help you before it becomes too late or more costly.

As a security consultant I am akin to your general practitioner at the doctor’s office. I conduct checkups for systems and processes to determine the cybersecurity health and potential future needs for organizations. Having someone with this skill set to come in at least annually and look at your systems is key in maintaining a healthy network. The result of ignoring your security checkup can lead to an unavailability of system resources, which happens when attackers use Ransomware to keep you from accessing critical business data. Another concern that the checkup addresses is ensuring there is no weakness in the integrity of data or what seems to be the most common headline, the loss of data to hackers or attackers.

Let’s look at three important elements of a cybersecurity checkup.

First let’s look at your infrastructure, which you can think of as the bones that make up your organization. If a device or system on your network isn’t configured correctly it can cause many problems. Systems and data can become unavailable to users and customers, or worse, malicious users or hackers could gain unauthorized access to your systems and data. During the checkup your security consultant will look at system configurations to help identify any weaknesses and provide recommendations for fixing any breaks they find.

Second you need to look at the hardware and software that makes up your network and is part of your infrastructure. These devices can be infected by what are known as a computer virus or bug and in broader terms referred to as malware. With people we have ways to detect if there is an infection and ways to prevent them or cure them. For your systems, the main way this is accomplished is through the use of anti-virus or anti-malware software. This software can test the system looking for vulnerabilities and weaknesses (bugs and infections). Your security consultant conducting your system check-up will make sure that the software is current and working properly, and look to ensure that all current patches have been applied to fix known issues.

When you go to the doctor there are many tests in which you get poked and prodded, many of which are not fun, but incredibly necessary. A good friend of mine was recently diagnosed with cancer as a result of his prostate exam. I am quite certain the exam was not something he was looking forward to and he could have easily put off, but since he didn’t put it off he was diagnosed early and has a very good prognosis for being cancer free.

This takes me to the third and one of the most important and often underutilized type security checkup – penetration testing. This is the most important, but least common checkup. This type of test should be conducted by a subject matter expert, i.e. a specialist rather than a generalist. This professional conducts very technical tests against your organizations systems to try and break in like someone who is up to no good, but doing so with permission and ground rules. They can do this from the Internet like most malicious hackers and they can do it from inside your network to mimic a malicious internal user. External and internal penetration tests are some of the most important tests you can run against your systems to make sure you truly understand the cybersecurity health of your organization from the inside out.

These important security health checks should also be conducted throughout the year by your IT staff as part of their ongoing operating procedures in addition to at least annually by an independent third-party. If you have outsourced your IT to a service provider make sure they are conducting regular security checks in addition to having an independent third-party or internal audit group do an annual checkup as well.

Don’t be caught with a diagnosis that is hard or expensive to fix because you decided to skip the annual checkup. If you have questions and want to discuss all the elements of a security checkup in more detail email sharon@c-suiteresults.com.

Categories
Growth Leadership Personal Development Technology

Do You Know What Your Reputation Is?

Have you ever Googled yourself and been surprised by what you find?  I have a relatively common name, so I always find out things about the famous Tim Collins’s of the world… a Major League Baseball player, a British general, and more.  But one time, I came across something that I clearly did not want associated with my name.  I shared a name with a serviceman who involved in the Abu Ghraib prison scandal.   The story and its search results have long since faded into the background, but it taught me a lesson about monitoring and managing my online reputation.

The majority of business interactions happen online, including interactions with Executives.   Most people will Google you immediately after meeting you.  This includes hiring managers and recruiters, employees and prospective employees, vendors, journalists, and of course, customers. First impressions matter, so make sure you give people the right impression.  The first step is being aware of your online reputation.

Google just your name.  If you have a relatively unique name, your results will be straightforward.   But if you have a common name like me, you will see results from others who share your name.  While it can be informative and amusing, it can also uncover negative news that could rub off on your reputation.  Imagine sharing a name with Monica Lewinsky, as more than a dozen women on LinkedIn do.

Google your name + your current company.  Double check that the results aren’t derogatory, particularly on the first couple of pages.

Google your name + your last company.  Your results can get interesting if your former company has had a bumpy ride since you departed.  For example, I left Wells Fargo just a few weeks before their account scandal broke.  More recent negative company news can get mixed in with your historical accomplishments, particularly if there are others still at the company with similar names.

Focus your attention on results on the first pages.   Over 90% of searchers never go past the first page of search results.  If there is something derogatory on page one, action is required.   But 99% never go past page three, so a negative result on page six won’t really matter.

What do you do if you’ve found something negative?  For many, one relatively easy task is to create content that pushes the negative results down, ideally onto the next page.  For some this could be as simple as participating in a popular podcast or YouTube video that features the key words that yielded the negative result.  For example, I might create a contemporary video about “What Tim Collins learned at Wells Fargo?” with content that has nothing to do with their recent troubles.  Depending on where the derogatory information came from, the video may have to be posted on a site with some level authority to displace it.

Since the search engines prioritize active personal social media presences, another solution is to create a robust social media presence that pushes down negative results  Walt Bettinger, CEO of Charles Schwab, has a robust presence on Twitter and LinkedIn, and these two accounts both pop up near the top of his search results, pushing other content down.  Contrast that with Morgan Stanley, CEO James Gorman, who is not socially active.

Of course, building a robust social presence is something that I can help with.  But with really challenging online reputation issues, with multiple derogatory results, a reputation management company is called for.  One that I can recommend is Blue Ocean Technologies. There are numerous others.

But the first step is awareness.  Google yourself, and hope that the results you see are positive.  If not, take action.  Remember, first impressions matter.