Over the next twelve months this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career in cybersecurity.
In this month’s feature, Alexandra Panaretos, EY America’s Practice Leader for Cybersecurity Awareness and Training, shares her story about:
What is cybersecurity training and awareness, and how this is best embedded within an organisation's business? Panaretos describes “the key to cybersecurity awareness is not to create the mythical “human firewall” or turn every employee into a security specialist. The role of cybersecurity awareness is to:
The reality is that most employees are fairly educated on cybersecurity risks, but are not given “permission” to feel comfortable challenging odd behaviour or seeming uneducated on the technology. Teaching employees that it is Okay to trust their instincts and report if they:
Companies that have done this well have started 'The Day in the Life of the Employee' adapted to the role of the employee. Manufacturing floor employees play a different role than a non-connected worker (e.g., maintenance worker, janitor, cafeteria staff). Successful organisations take a step back and consider a risk and role-based approach. It's about cultivating a program relevant to the workforce and realising this is a living process. The program should never look the same year to year because the threats, technologies, and situations will change,” said Panaretos How have you identified and explored various opportunities during your career journey? Panaretos explains “I could tell a story with the Who, What, When, Where, Why and make it relevant for the individual to help them understand the risk. For example, posting a military deployment return date on social media is a big deal and real concern due to the public nature of these platforms. Adversaries are looking for information like this to piece together with other intelligence. What then is the low hanging fruit? It's people! Crafting the story of how the employee plays a role not only in their own physical security but also with their friends and loved ones transitioned well to the business world because of their continual focus on technology; as such, there has been minimal focus around what a company cannot control – their people. An organisation's high value asset and greatest vulnerability. I created content that was simple for non-technical people to consume and digest. The improvement and adoption of behaviour and cybersecurity hygiene was immense,” said Panaretos. What, if any, information you would have liked to know starting out in your career? Panaretos emphasises, “I didn't have to have a strong technical background. I know enough about the technology to be dangerous…I learned to ask better questions; however, I may not be the right person to define an organisation’s network architecture or deploy firewalls. The biggest misconception is that cybersecurity is dramatically technical. There are many roles in communications, marketing, psychology, and education to help cybersecurity teams succeed. We need technical people to build, develop, and remediate. We also need people with the skillset to communicate this back to the business. Currently, there is a skills gap because most outside the industry feel they need to be highly technical and that is not true. There is a wide spectrum of roles with varying skills required. I need to know what the role or tool/platform does, but I don't need to know the “how” it is accomplished. There is power in asking better questions. I ask people to explain concepts in a non-technical way, which in turn, enables them to better communicate their message to the enterprise,” Panaretos described. What motivated you to pursue your passion? Panaretos explains, “I found myself jumping in head-first because no one was recruiting this role, or they weren't advertising it. I found myself reaching to my network to ask if this was a feasible career, or if I needed the technical background knowledge to succeed. Through numerous conversations, I identified cybersecurity training and awareness was an in-demand career path, but with a lack of resources and skills necessary to support the adoption of end-user behaviour changes to better secure our organisations and families,” Panaretos describes. "Many people within in the technology industry still do not recognise cybersecurity awareness as a fundamental requirement for reaching the human aspects of cybersecurity." How would you suggest others new to the field get involved? Panaretos emphasises, “Two things:
For every tool, platform, and technology we develop, we need to be able to explain it to end-users. Alternatively, if highly technical why do you build/create things a certain way? Do you build cybersecurity into everything, or are you trying to stop an attack or adversary? Find your passion and adapt it to life in a digital world. We are currently amid one of the greatest technologically developed generation and part of the most impactful digital transformation since World War II. No longer are we living in a physical world, but we all have a digital presence as well. Find a career that is able to bridge the gap with both,” Panaretos urges. In conclusion, this month’s edition was brought to you by Alexandra Panaretos, EY Americas Practice Lead for Cybersecurity Awareness and Training. This area of cybersecurity is intriguing, in-demand by the market and considered as an excellent career starter. Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights With Leaders as the journey continues.
0 Comments
Over the next twelve months this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energize your career journey in cybersecurity.
Each month will serve as platform for a leader to:
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |