C-Suite Network™

Categories
Best Practices Culture Entrepreneurship Industries Leadership Skills Technology

The Industry 4.0 Advantage

This visceral image of “industry” being gritty and exclusively blue-collar is true to some degree, but when “4.0” is added to it, it takes on a whole new meaning, and blue-collar workers end up believing the narrative that robots and artificial intelligence (A.I.) will delete their jobs.

Though common, this fear is unwarranted. Despite the now-proven Hard Trend that A.I., advanced automation and robotics, 3D printing, and other industrial Internet of Things (IoT) advancements often replace mundane tasks in manufacturing, Industry 4.0 transformations allow us to work alongside machines in new, highly productive ways.

Industry 1.0 to 4.0

Manufacturing in every industry has evolved as four distinct industrial revolutions since the 1800s. The first industrial revolution took place between the late 1700s and early 1800s. Manufacturing evolved to optimized labor performed by the use of water- and steam-powered engines with human beings working alongside them.

The second industrial revolution began in the early part of the 20th century, introducing steel and use of electricity in factories. These developments enabled manufacturers to mobilize factory machinery and allowed for capitalizing on manpower in mass production concepts like the assembly line.

A third industrial revolution began in the late 1950s, which brought with it automation technology, computers, and robotics, increasing efficiency and repositioning the human workforce. Near the end of this period, manufacturers began experiencing a shift from legacy technology to an increase in attention to digital technology and automation software.

The current industrial revolution is Industry 4.0, which increases interconnectivity and networked intelligence through the Internet of Things (IoT) and other cyber-physical systems. Industry 4.0 is far more interlinked than revolutions before, allowing for improved company communication and collaboration.

The general definition of Industry 4.0 is the rise of digital industrial technology. To better understand, let’s take a look at nine building blocks of Industry 4.0.

Big Data and Analytics

Industry 4.0 allows for streamlining, collecting and comprehending data from many different sources, including networked sensors, production equipment, and customer-management systems, improving real-time decision making.

Autonomous Robots

The ability for robots to interact with one another while accomplishing rhetorical tasks increases productivity and opens new job opportunities for employees willing to learn new things. These future autonomous robots will cost less while having greater range of capabilities.

Advanced Simulation

Advanced simulations will be used more extensively in plant operations to leverage real-time data, mirroring the physical world in a virtual model. This includes machines, products, and humans and allows operators to test and optimize the machine settings in the virtual world first, accelerating a predict-and-prevent operational strategy for downtime issues.

Horizontal and Vertical System Integration

Universal data-integration networks in Industry 4.0 increase connectivity among departments, suppliers, and partners. This resolves lack of communication or miscommunication within a project crossing departmental boundaries.

Industrial Internet of Things (IIoT)

Decentralizing analytics and decision making while enabling real-time feedback is key in today’s age. IIoT means connected sensors, machines communicating with each other, and more devices having embedded computing enabling Edge Computing, where networked sensors get new data instantly and automated decisions happen faster.

Agile and Anticipatory Cybersecurity

Secure means of communication and identity management is quite important to cybersecurity in Industry 4.0, as increased interconnectivity brings the risk of security issues. Manufacturing companies must pre-solve problems in cybersecurity and implement anticipatory systems by adding a predict-and-prevent layer to A.I.

Advanced Hybrid Cloud and Virtualization

As data increases, local storage will not suffice, which brings us to Cloud Services and Virtualization. Elements of high-speed data analytics coupled with A.I. and machine learning enable real-time knowledge sharing. Advanced Cloud Services also enable anticipatory predict-and-prevent strategies.

Additive Manufacturing (3D Printing)

Advanced additive-manufacturing methods will be integrated into mass production systems, providing a new level of speed and customization along with the ability to solve complex manufacturing problems while also functioning as a standalone system for custom manufacturing.

Augmented Reality

According to my Hard Trend Methodology, this relatively new technology will gain more traction as augmented reality (A.R.) apps for business and industry are developed. For example, in Industry 4.0, AR can help quickly find parts in a warehouse by looking around from one location.

The adaptation of any of the new technologies in Industry 4.0 will face an uphill battle, as blue-collar manufacturing industries are not often open-minded about embracing new technology often seen as a job eliminator. Embracing the ever-changing spectrum of Industry 4.0 technologies allows acceleration of innovation, pre-solving seemingly impossible problems, and developing and implementing digital manufacturing solutions.

Leaders should help their managers and employees anticipate disruption and change to get excited about learning new skills that will keep them employed and ensure development in their careers. Start with my latest book The Anticipatory OrganizationI have a special offer for you!

Categories
Best Practices Growth Management Personal Development Technology

Arming the Cyber Defender – Your Employees

Too often cybersecurity professionals talk about people being the weakest link in security, but I would much rather look at these individuals, your employees, as your first line of defense rather than the weakest link. That is because they are your first line of defense in the cyberwar waged against us.

You may think I’m being melodramatic when I use the term cyberwar, but this is exactly where we are. Our biggest adversaries are foreign governments who use their immense resources to gain access to our personal information and our intellectual property in order to gain advancements and a competitive edge over our country, our companies and our technologies. This is happening every day and China is leading this war against us while we do very little to respond.

You may think that you can’t do much against the Chinese Communist Party, but that is where you need to think differently, there is a lot you can do and it will take you and many more organizations being armed and ready to take action. We are mistaken if we have the attitude that someone else will take care of the problem. That is because we are not fighting this war on the traditional battlefield, the fighters are not the military, they are you and me and we all have a part to play.

For your organization, the defenders in this war are you and your employees, the people sitting in front of a computer all day or connecting a device to your network. They are your first line of defense, but they have not been weaponized, as in, they don’t know how important their role is in this fight; actually they don’t even know the fight exists.

Here is a checklist you can use to help ensure you have your bases covered in arming your employees in this war and protecting your organization and our countries assets.

  • Provide security awareness training that connects the user to their responsibility for security – teach them how to behave, what to do, what not to do, and how to respond then reinforce the training on a regular basis. Make sure they understand their role and how important it is. The more interactive and real the training the more they will connect with it and remember what they have learned.

 

  • Do not allow users to have administrative rights to their computers, talk to your IT department about this because this right gives attackers more access and a much better chance of installing malicious software on your network.

 

  • Do not allow users to disable end-point security like host-based firewalls or anti-virus software and keep the software current and working properly.

 

  • Provide users with clear instructions that are easy to find and follow for how to report suspicious or anomalous activity – make sure they know what it means – test them. Then ensure the response team knows what to do in various situations and test them too. Testing reinforces what people have learned, make it part of the process and not something for them to be afraid of.

 

  • Provide specialized security training for your business leaders and empower them to discuss security with their employees. Engage your security teams or security consultants to help. This is specialized knowledge that you have to teach everyone in your business, you can’t leave it up to the small group of security experts when all your users are your first line of defense.

 

  • Provide users with secure methods for transmitting sensitive data and teach them how to use it. They need to know that email is not secure unless you have given them a secure method for using it.

 

  • Provide users with secure methods for storing sensitive data and make sure they know where those locations are and how to ask for access. Users need to understand that storing sensitive data on their computers or unprotected network file shares opens the risk to losing that data to an attacker.

 

  • Keep the conversation in front of everyone at all times, don’t become complacent or allow your people to become complacent. This is on-going and ever changing topic and so must be the conversation.

When I said test them there are many ways you can do this. You can use products that simulate phishing attacks that users will learn from if they click on the email. You can use a penetration test to simulate an attack and test your response capabilities. You can use consultants who can perform social engineering tests to see if users provide sensitive data like passwords or customer information. Testing helps ensure the training you provide is working. It is not to punish those who don’t respond correctly. The only way to know where you stand and correct behavior is through testing, training, and re-testing.

What I like about all of this is that not only are you protecting your organization, but you are empowering your employees to go home and protect their home computers through what they have learned. They can teach their friends and families what to look for. Our attackers are not just after our organizations they are after anyone who can give them the edge they are looking for and that includes you, your children, your parents, and your friends. The more you can teach your employees and the more other leaders do the same, the more we are arming our people at home and at work to be our best line of defense.

This is a high-level list that will help you get the conversation started with your IT, security, and executive team. If you want to dive deeper email sharon@c-suiteresults.com and we can discuss your individual situation. For more articles on this topic visit my C-Suite Advisors Page.

Categories
Growth Management Personal Development Technology

The Secret to Hiring Cybersecurity Professionals

I have had a successful career in Cybersecurity since 2005 when we called it Information Security. Ironically, my background should never have landed me the job, but it revealed an important hiring secret: Sometimes the best person for a cybersecurity position is not a cybersecurity professional.

I know that sounds paradoxical and confusing so let me explain. With the proliferation of job titles and educational programs with the word cybersecurity in them, it might make hiring managers think they need to hire someone with cybersecurity experience, and that is understandable. However, as we keep hearing that there are more jobs than qualified employees, the gap is going to continue and grow, and there is not enough diversity in the field, alternatives become necessary.

Therefore, instead of searching for the perfect cybersecurity employee with a very specific skill set, technical background, knowledge of one particular tool, set of certifications, degree, and many years of experience, look to the less obvious source to hire your next cybersecurity employee – the artist, the accountant, the liberal arts major, the writer, the veteran, or the gamer (to name a few). Here’s why.

Cybersecurity professionals are creative problem solvers, enjoy tinkering with new tools, and like connecting the dots or solving puzzles. They need to be strong leaders and proficient writers. Depending on the role, they may need to enjoy solitude or thrive in chaos. They are good communicators, team players, and dreamers.

My success in this field is because someone gave me a chance when I had no relevant experience. They needed my skill set as an auditor and gave me the opportunity to learn on the job, which I did with their help. The guys I worked with started me off slowly and then started to give me more and more responsibility. They saw that I would ask questions and that I could take what I was learning and use it. Before long I was on client sites alone, traveling internationally and given a lot of responsibility. If it were not for these guys who took a chance on me 13 years ago I don’t know what my career would look like today. I am forever grateful to them and why I have some recommendations for hiring your next cybersecurity employee.

My Top 5 Recommendations for Hiring Your Next Cybersecurity Employee

1. Know the underlying skills needed for the position. Many cybersecurity positions require lots of writing and documentation, sometimes for non-technical audiences. You may find an excellent candidate with a journalism degree or background in technical writing. You may just find that it is easier to teach a good writer about security than teach an IT or security expert how to write and it may offer more qualified candidates for the position.

2. Determine if the role require lots of solitary work like looking at monitors or analyzing log files. You want someone who enjoys the solitude of this type of work and also enjoys puzzles. People who can spend hours alone working on puzzles, crosswords, games, or other brain teasers are well suited for this type of work because they enjoy solving problems and thrive working alone. You will teach them what puzzle they are trying to solve and they will get busy solving them. This may be more challenging to identify in a traditional resume, make it part of the hiring questions or job description where applicable.

3. Know if chaos at the heart of the position. Depending on the role it may involve a lot of chaos like lots of moving parts, threats, cyber attackers, high visibility, high expectations, and competing priorities amongst the business executives and board of directors. Working well or even thriving in chaos takes a special individual; it’s not for everyone and you can’t teach it. Look at military veterans, former police officers, and people who have held positions where chaos was their daily norm, even if outside of IT and security.

4. Understand the amount of technical knowledge necessary. Many roles today are for compliance and a strong auditor could be a great fit, even if they don’t have a strong technical background. Auditors are skilled at learning new topics very quickly and analyzing information to determine deficiencies and gaps. When you give a strong auditor the information they need and the tests to perform they will pick the rest up quickly and learn on the job.

5. Consider on the job training. This will allow you to bring in more entry level employees with less cybersecurity or technical experience at a lower cost and train them with the tools and information that is important to your organization. With the right training and mentorship these entry level employees will thrive and grow into your next generation of leaders.

The traits I’ve listed above are those you need to consider whether you are bringing in someone with previous experience or whether you are looking to diversify and bring in raw talent. There are many qualified employees who will make excellent cybersecurity professionals if given the opportunity and they are hungry to learn and be part of this exciting field. All they need is the chance, a mentor, some training, and the opportunity to learn and grow in the field.

My Top 5 Don’ts for Hiring Your Next Cybersecurity Employee

1. Don’t assume someone with a long list of certifications is a good at security or good in the role you are looking to place them in. Many people can pass a certification, but that does not automatically mean they are right for the job. Does the job require skills that someone who passed the exam would have over someone without the certification? Plus you don’t know how many times they took the test before they passed. The person who finishes last in medical school is still called Doctor. Don’t assume a certification means they are a good fit for the job or that the job needs someone certified, be specific as to why the certification matters before making it a requirement.

2. Don’t dismiss candidates because they don’t have certifications. Yes, this is the opposite of number one, but just as important. I did not have any certifications when I was introduced to this industry. Some certifications require years of experience to get and you will miss out on some great employees if you set the bar for entry unnecessarily high with certification requirements.

3. Don’t assume that people with strong IT backgrounds make good security professionals. IT professionals may not know security just like security professionals may not be technically proficient. While most of what a cybersecurity employee does has to do with technology, it is not all about technology. Make sure that an IT professionals is being considered because they are a good match for the underlying needs of the position and not just because they have IT skills. If they fit into the category of being well suited for the needs of the position and can learn security on the job like the auditor, journalist, or artist we’ve mentioned before than of course they make a great candidate too.

4. Don’t write the job description so specifically or narrowly that only a few people in the world could match it. This is especially true if you are looking for more of a junior role. When you combine a desire for lots of experience with knowledge on very specific tools, and think that someone in your geographic area is going to be a fit, it could take a long time to fill the position. Go to #1 on the Do list instead.

5. Don’t dismiss the importance of soft skills. The best cybersecurity professionals have strong soft skills like communication, writing, and diplomacy. These positions are often in front of executives and other business leaders and require the ability to communicate in language that everyone will understand and in a way that will build relationships, not be adversarial.

Candidates with cybersecurity experience are great and you should definitely consider them as long as they fit the specific needs of the position, not just because of their general experience, education, or credentials. If you are hiring for a senior position or a consultant who will be out advising clients on topics of security, of course you need and want experienced employees; just make sure they are the right employee so that you and they have a long and happy working relationship together.

If you want to discuss hiring for cybersecurity, building teams, or cybersecurity strategy, email sharon@c-suiteresults.com.

Sharon is an information/cyber security veteran who has been helping clients navigate security and compliance challenges since 2005. She currently works as a Virtual Chief Information Security Officer (vCISO) for small to medium sized clients who don’t have their own CISO or security department. Sharon received her Masters in Forensic Science, High Technology Crimes Investigations from The George Washington University and currently is a Certified Information Systems Security Professional (CISSP).

Categories
Best Practices Culture Growth Health and Wellness Leadership Skills Technology

Your Privacy in the Wake of the Facebook Cambridge Analytica Scandal

While Facebook’s Cambridge Analytica scandal continues to play out,  one of the big “AHA” moments has been the discovery of the amount of information that Facebook has captured on it’s users. 

The fact that Facebook captures data on users is not really a surprise, but the breadth of data captured was stunning to many, as were the lax safeguards in place to protect that data.  The scope of Facebook’s data collection is still a bit of an unknown, as we haven’t learned of additional data captured by Instagram and What’sApp, both of which are owned by Facebook.    Facebook’s empire is a data collection machine that powers the marketing campaigns of business around the world.

And Facebook is not the only data collection machine.  Most tech companies collect data for marketing purposes, and privacy and data protection varies on each..  Google collects data  via search, Gmail, maps and Google applications.  But also captures data via Android phones, Waze driving applications, and it’s Nest home automation subsidiary.  

So what are we supposed to do?  Unless you are willing to completely abandon the digital world, you have to accept that privacy is elusive online.  But there are few things you can do to minimize the amount data collected and the accessibility of that data .  Here are a few tips that could help:

Be aware of the information available on you and adjust your privacy settings accordingly.   Both Google and Facebook will let you see a good portion of the information they collect on you.  It doesn’t cover all of the data collected from related businesses, but it is still helpful.  For example, I found out that Google knew the 10 different cities that I lived in my life, and was making that information publicly available.  While I couldn’t delete the information, I could make it private. 

Close unused social media accounts.  Many of us have tried new networks, but ultimately abandoned them.  Despite our neglect, your information is still out there.  Use justdeleteme to jog your memory and delete as many old accounts as you can.  Some do not make it easy. 

Don’t use Facebook’s or Google’s single sign on for other services.    When you start using a new service or retailer and are asked to “create an account”, many will ask if you want to login via Google or Facebook.  While it is convenient and one less password to remember, this service also allows Google and Facebook to track everything you buy with that retailer. 

Don’t use third party applications on Facebook.  Those cute quizzes and other entertainment might be fun, but they are also data collections devices.  These are the type of applications that supplied the data for Cambridge Analytica.  Some applications just collect data, but some require that you submit personal information that is often the subject of commonly used security questions.   Don’t play along.  The fun is not worth the risk. 

Delete unused applications on your phone, desktop and other devices.   Many of us constantly add new applications, but are less diligent about deleting old ones.  Applications collect a lot of data, even when they are not being used.  So if you have not used an application in a while, delete it.  I purge applications every six months, and end up deleting more than half the applications on my phone.   

While digital privacy remains elusive, you can take action to minimize the breadth of personal information out there.  Take control!

Categories
Best Practices Growth Management Personal Development Technology

What Cybersecurity Professionals Forget to Tell You

As a cybersecurity consultant and advisor, I often forget that my clients and those of you who are out there running your businesses don’t think about cybersecurity the way I do and that’s fair I don’t think about your industry the way you probably do. We all have our “thing” that we do really well and we forget that others don’t see our “thing” the same way.

Often cybersecurity professionals use FUD….Fear, Uncertainty, and Doubt to explain why cybersecurity is important and tactics such as listing lots of statistics on all the breaches, after which they will conclude, “It’s not ifyou’re breached, but when”, and make you wonder whether you’ve done enough.

What we have forgotten to tell you is that cybersecurity is actually a strategy you can use as a competitive advantage within your industry. It is part of running a successful and influential business. By implementing cybersecurity in a strategic way, you can reduce risks that can cost you more later, become more competitive, and improve your bottom line.

Brand loyalty is not what it used to be (unless your Apple or Android where there’s a fight to watch between loyalists). Consumers want to do business with those who want what is best for them and they will leave very quickly if they feel you don’t care about them. They want you to protect them and be willing and able to protect their information. In the case of many new products consumers need you to protect their physical well-being and in some cases their lives. Whether your product can track their location, their information, their privacy, or physically harm them if not developed correctly, your customers need your help. The more you can show you are doing the right things the more loyal your customers will be.

Maybe you don’t sell to consumers and are not concerned about brand loyalty from that perspective. If instead you sell a service to other businesses or to the government, cybersecurity may be the competitive advantage you are looking for. Many industries and any government contract will require their business partners, vendors, and service providers have a cybersecurity program to protect connections and data. If a potential business customer comes to you with a contract that would be great for your bottom line and says “we can do business with you if you can provide information and attestation regarding these 200 security questions”, I guarantee it will be much more fun if you can easily say yes and get that business. I constantly recommend to my clients when they are on the search for new business partners and vendors to have a due diligence process and only contract with those who can show they have implemented compliance and/or security programs. It is much easier to put the program in place before the contract shows up.

Other benefits include teaching your employees good security practices at work, which not only protects your organization, but also helps them stay safe at home too. When you care about your employees and teach them how to protect themselves you can add a level of employee loyalty. Not to mention it’s also being a great corporate citizen for your community.

If customer loyalty, new contracts, and being a great corporate citizen doesn’t resonate with you, then maybe improved stakeholder confidence is what you’re looking for. I’m not a stock market wiz, but last time I checked stock price valuation has a lot to do with confidence and when your customers and employees are confident in your organization and product, your stock price should reflect this.

That was the short discussion I wanted to have when I realized that we have forgotten to share all the good reasons to implement cybersecurity.

If you want to continue the conversation or have specific cybersecurity questions reach out via email to sharon@c-suiteresults.com. I’m happy to discuss stagey and options for improving your cybersecurity posture.

Categories
Culture Growth Management Personal Development Technology

Hackers are Your Friend

I get a lot of inspiration from reading articles, posts and conversations on LinkedIn about my field, Cybersecurity. Recently, a fellow security professional and friend posted an important correction regarding the use of the term “hackers” and how he is tired of the term being used negatively, since he considers himself a hacker and is by no means a bad guy. That made me realize that the term hacker gets thrown around in a way that paints all hackers with the same brush stroke.

Thanks to the media, news, television, and movies, a hacker is typically depicted as a young man in a hoodie sitting in his basement (or his parents basement) or some dark corner of the globe punching away at a keyboard and effortlessly doing nefarious things like stealing identities, credit cards, intellectual property, and basically wreaking havoc.

The PSA I’m sharing today is that, in reality, that is the picture of a cyber-criminal. Hackers, like my friend and many security professionals I know, are the good guys and gals that walk amongst us every day with no intent to do harm.

These “good” hackers are security professionals hired to secure organizations and government networks by legally and with permission attempting to break in and identify their weaknesses so they can be fixed before an attacker or criminal does the same. These professionals are often known as penetration testers, and in some organizations, especially the government, they are known as the Red Team. They are trained and skilled at doing what is shown on television as something evil. There is even a certification called Certified Ethical Hacker.

On the other hand, people who break into networks and systems without permission, gain unauthorized access, steal information, and in some cases make the data unusable to the organization are criminals. You can call them criminals, cyber-criminals, attackers, or cyber attackers if you want to be accurate but calling them a hacker makes it sound like all hackers are evil when in reality there are so many hackers who are security professionals trying to help protect organizations through their skills of hacking.

The criminal and the security professional use the same techniques, same tools, and same knowledge, but they have different agendas. The intent behind their action is completely different.

The next time you post or talk about hackers, be clear who you are talking about. Are you referring to criminals and if so be clear about that and differentiate between those who are nefarious and out to do harm from those who are there to serve and protect.

If you want to learn a lot from a good hacker that I admire greatly, follow Chris Roberts on LinkedIn.

If you want to talk about having a Certified Ethical Hacker or cybersecurity professional help you ensure you are doing what it takes to keep the cyber attackers out email me at sharon@c-suiteresults.com.