Monday, May 12, 2025
My Account
Join Council
USA Wire
  • News
    • Politics
    • Sports
    • World
  • Business
    • Entrepreneurship
    • Finance
    • Marketing
  • Culture
    • Lifestyle
    • Celebrity
    • Travel
  • Entertainment
    • Gaming
  • Sports
  • Health
    • Food
    • Fitness
  • Crypto
  • Technology
No Result
View All Result
  • News
    • Politics
    • Sports
    • World
  • Business
    • Entrepreneurship
    • Finance
    • Marketing
  • Culture
    • Lifestyle
    • Celebrity
    • Travel
  • Entertainment
    • Gaming
  • Sports
  • Health
    • Food
    • Fitness
  • Crypto
  • Technology
No Result
View All Result
USA Wire
No Result
View All Result
Home Technology

How to Win at Cyber security: Become a “Sneaker” CISO

USA Wire Staff<span class="bp-verified-badge"></span> by USA Wire Staff
August 3, 2022
in Technology
Reading Time: 5 mins read
black and silver laptop computer
10
SHARES
68
VIEWS
Share on FacebookShare on Twitter

To protect against cybercrime, every organization needs to build a culture of information security. To do that, infosec leaders need to become “sneaker CISOs.” There are three elements to security: Technology, people, and processes. Sneaker CISOs are more focused on people and processes than on technology.

Too many security professionals today are so deep into the technology that they don’t pay enough attention to the people and processes. I used to be one of them. But technology can’t secure technology. That’s a lesson I learned the hard way when I started working with public utilities. 

Prior to that, I’d been working for government agencies where all we had to focus on was operations. The utility industry was for profit, and so it also had a business side, where systems were being digitized. At the time I started, the operational side was all analog. 

RecommendedReads

Empowering Generative AI with Scalable LLM Solutions: From Data Annotation to Deployment

Best 5 Online AI Sheet Music Generators [Free & Paid]

Securing Your Web App Against Cyberattacks: Best Practices for Developers

When the operational side started to be digitized, they committed the cardinal sin of connecting their operational technology to their business networks to make their regulatory reporting more efficient. Someone was able to make their way into the operational technology, which is typically not very sophisticated, and began to encrypt the systems that were running it and shut down a gas pipeline. It was quite terrifying.

If they had consulted a security engineer like me, we would have put some safeguards in place before connecting the systems. There’s little technological difference between the Windows 10 used in enterprise and the Windows 10 that the U.S. Air Force uses. The only difference is people and process. That’s when I realized that in the digital world, everybody in the organization has a role in security.

As a security leader, you need to partner with the people closest to the box, educate them, and empower them to protect the box. That is why the first step in building a culture of information security is always to put your sneakers on, walk around, and get to know the people. Here’s who to meet, what to talk about, and how to build those partnerships:

  • Build relationships with the technology owners. Understand their roles and processes, and how they’re using the technology to support them. Respect their specialized expertise, and they will come to respect yours.
  • Find people that will champion the cause. When you see things that are being done in a safe and secure manner, find out who’s behind those things. Get to know their mindset and approach and start working closely with them. 
  • Find your naysayers. In most organizations, there are people who have had bad experiences with information security professionals acting as the “no police.” Understand their position, and what kind of conversations you need to have to be able to work together.
  • Meet everybody who comes into the organization. Hold regular group and individual security training as part of the onboarding process. This allows you to get an understanding of people’s exposure to security and compliance. For example, somebody who’s been exposed to HIPAA probably has the right mindset, even if they’re joining a new industry. 
  • Get to know your infosec team members. Explain your position, your approach, and your successes. Often, they’ve come from an embattled culture of infosec vs. everybody else. If you can’t even fathom what a collaborative infosec culture looks like, it’s hard to help create one.
  • Become a consultant. Like me, many infosec professionals come out of government, where if people don’t follow policy, there are penalties. In the enterprise, you can no longer rely on that authoritarian stance toward policy. You have to call out the vulnerability, explain the risk, and offer potential solutions. Then you say, “What are your thoughts?”
  • Stay in your swim lane. Many security professionals see a vulnerability and they say, “you’ve got to fix it.” If it doesn’t get fixed, they can’t let it go. They don’t realize they don’t get to make those decisions. There are always business risks outside of information systems that have to be weighed and balanced when deciding how to allocate budget and resources. Our job is to educate, inform and remediate if the organization wants us to. Stay in your lane and you’ll stay sane.

As a security professional, it’s very rewarding to fix a vulnerability or thwart an attack. It’s a big part of why we get into the profession in the first place. But we have to realize that we can’t secure anything within the organization on our own.

Real security comes through a groundswell of collaborative effort. It’s more rewarding when the lights come on and people start to understand that they have an active role in the security effort. Attending the annual security training, updating your passwords and not clicking on suspicious emails is just the beginning.

Those are broad-based technical vulnerabilities. But everybody has a role that’s dependent on their role within the company. If you’re in AP, for example, you need to be up on the latest business email compromise scams, and have processes in place to spot and defeat them. If you’re working with external vendors, you need to be aware of your organization’s requirements for how they handle your information. 

Our job is to break down the us/them barrier and build those partnerships because security is a “we” thing. Early in my career, I unwittingly created resistance to security by focusing on rules and technology. Once I changed my approach, most of the barriers I had been encountering disappeared.  

Bugs and vulnerabilities can be fixed, but information security never ends. People, processes, and technology are always changing. We get updates to technology on a monthly basis. Processes are always being evaluated for efficiency and maturity. If you educate and empower the people, the processes can change. Technology can change, but the mindset stays. And that’s how you build a culture of cybersecurity. 

Tony Carothers is the Security Systems Engineer at Corpay, a FLEETCOR company. He has over thirty years of experience in information security, working in both the public and private sectors.

By Tony Carothers

Tags: CISOcybersecuritySneakertechnologywin
Share4Tweet3
Previous Post

HOTSHOT for Muscle Soreness

Next Post

Immortal Warriors: “Toast to the Brave” by Tarah Who?

USA Wire Staff<span class="bp-verified-badge"></span>

USA Wire Staff

USA Wire is a millennial-focused news publication that provides content in a way that relates to the modern world. USA Wire strives to provide unbiased and accurate coverage of current events, highlighting both the good and bad.

Related Posts

edit post
man in blue crew neck shirt wearing black vr goggles
Technology

Empowering Generative AI with Scalable LLM Solutions: From Data Annotation to Deployment

May 12, 2025
edit post
Best 5 Online AI Sheet Music Generators [Free & Paid]
Technology

Best 5 Online AI Sheet Music Generators [Free & Paid]

May 12, 2025
edit post
0 (1)
Technology

Securing Your Web App Against Cyberattacks: Best Practices for Developers

May 12, 2025
Next Post
edit post
Immortal Warriors: “Toast to the Brave” by Tarah Who?

Immortal Warriors: “Toast to the Brave” by Tarah Who?

edit post
man sitting on chair in front on window during daytime

The Importance of Realistic Thinking & Taking Calculated Risk

edit post
Express Yourself With Liberation Nails: Non-Toxic Polish to Be Your Own Kind of Beautiful

Express Yourself With Liberation Nails: Non-Toxic Polish to Be Your Own Kind of Beautiful

Discussion about this post

Follow us

Recommended

edit post
HomeSafe

Home Safe Solutions: Ensuring Your Sanctuary Stays Secure

12 months ago
edit post
Asphalt Maintenance

The Importance of Regular Asphalt Maintenance

10 months ago
edit post
Jacuzzi Hot Tub Models

Jacuzzi Hot Tub Models Compared: Which One Is Right for You?

4 weeks ago
edit post
Carb Cycling

Carb Cycling: The Weight Loss Secret for Menopausal Women, Says 5-Time Best-Selling Fitness Author

4 months ago

Categories

  • Business
  • Celebrity
  • Construction
  • Crypto
  • Culture
  • Electrical
  • Entertainment
  • Entrepreneurship
  • Finance
  • Fitness
  • Food
  • Gaming
  • Health
  • Home Improvement
  • Lifestyle
  • Marketing
  • Medicine
  • Movies
  • Music
  • News
  • Opinion
  • Plumbing
  • Politics
  • Renovations
  • Sports
  • Technology
  • Travel
  • Uncategorized
  • World

Topics

2018 League (12) America (11) Asian Games 2018 (20) Balinese Culture (10) benefits (15) Budget Travel (18) Business (36) celebrity (16) Chopper Bike (11) Digital (16) eco-friendly (11) Entrepreneur (10) Finance (10) fitness (12) food (11) fun (13) future (12) guide (32) Health (34) healthcare (14) hiring (11) home (29) industry (11) Innovation (11) Istana Negara (17) legal (14) Maintenance (11) Market Stories (22) music (14) National Exam (13) pandemic (11) Paws of War (13) performance (13) podcast (11) professional (11) Real Estate (10) Services (20) Social media (11) Software (13) summer (16) technology (13) tips (25) trends (15) Visit Bali (16) WonderWorks (19)
USA Wire

© 2024 USA Wire

Navigate Site

  • Join Council – Become a Contributor
  • My Account

Follow Us

No Result
View All Result
  • Join Council
  • Politics
  • News
  • Business
  • Culture
  • Sports
  • Lifestyle
  • Travel

© 2024 USA Wire

Go to mobile version