Episode Details

This is part two of a two-part special edition that was recorded at the 2019 Cyber Florida Conference. In the first part, a panel of cybersecurity experts discussed “Cybersecurity and the C-Suite,” while the second part discusses partnerships and opportunities that bridge the gap for qualified cybersecurity personnel and our interconnected cyber ecosystem. The panel was moderated by Sprint’s Chief Information Security Officer Mark Clancy. On the panel sat three cybersecurity professionals who have years of expertise: Diane Janosek, Commandant of NSA's National Cryptologic School; Andy Zolper, SVP, CISO, and Head of Technology at Raymond James Financial; and Terry Roberts, CEO and Founder of WhiteHawk, Inc. (To learn more about Janosek, Zolper, and Roberts, listen to the The No Password Required Podcast episode titled “Cybersecurity in the C-Suite.”)

This No Password Required episode began with the question, “What can the big guy do to help the small guy?” and panelists discussed the role of large corporations and technology service providers. Often small-to-mid-sized organizations are understaffed when it comes to their IT department and/or they are solely reliant on external providers for their security. Many larger organizations and service providers are making the investment to provide advanced security protocols because it impacts their products and, for some, it gives them a competitive edge in the marketplace. Larger corporations and service providers are carrying the responsibility of protecting smaller organizations, but it is a symbiotic relationship. Smaller organizations must do their part to have good cyber hygiene and understand their risks and their roles in preventing those risks.

Motivating smaller organizations to have a proactive cyber culture is often dependent on two things: communication and risk. A panelist emphasizes that the success of motivation revolves around language. The key to communicating with C-level executives and business stakeholders is to provide information as it relates to them, using their industry-specific lingo, demonstrating their profit and loss potentials, and illustrating how it impacts their community. By answering “how can we partner in a way that shows that we want to mitigate risks to a point that we’re a stronger business partner” can solve some of the gaps in cybersecurity. “Don’t wait for someone to offer, ask,” is the advice of Andy Zolper when it comes to mitigating risks.

Mark Clancy asked the panel, “How do you cyberize the CEO?” Cyberizing the CEO often begins with a review of their cybersecurity risk profile. By mapping risks to reputation and quantifying revenue to business impact can be the necessary wake-up call. “Cyberizing” was a phrase coined in part 1 of this series that is interpreted as educating/training C-level professionals to understand their company’s tech, their role in cybersecurity and operations, and their leadership in corporate cyber culture. “Cyberizing” encourages insight that helps build an adequate IT team or relationship with technology service providers. Cyberizing naturally encourages investing in employees as the greatest assets. It holds the belief that employees are responsible for maintaining good cyber hygiene, managing customer and partner relationships, and evolving with technology.

Another solution offered is “cyberizing the principal.” This involves instilling the value of cybersecurity as soon as a child is handed technology. One panelist advocates for developing educational programs that incorporate cybersecurity in programs from elementary to college, with her belief that it will carryover good cyber hygiene from the home to the public and business sectors.

Another component of closing the cybersecurity personnel gap is by encouraging information sharing in new ways, as well as, encouraging IT professionals to transition through various sectors and educational opportunities to keep their exp