The Social-Engineer Podcast
Ep. 219 - Security Awareness Series - Involve Me and Ill Understand with Ganesh Krishnan
Mon Jul 17 2023PodcastSecurity AwarenessCulture of TrustEmployee EngagementCommunicationCybersecurity Training
Description
The episode covers various topics related to building a culture of trust and security, including the introduction of the podcast, the speaker's background, strategies for changing culture, effective communication, and revolutionizing cyber awareness training.
Insights
Building a Security Culture
Building a culture of trust and security starts with involving employees in their daily workflows, providing personalized training, and shifting the focus from technology to people and culture.
Changing Culture and Getting Support
Changing culture takes time and persistence, and security teams should aim to be problem solvers rather than blockers. Getting top-down approval and support is crucial for successful security programs.
Effective Communication and Engagement
Effective communication is crucial for successful security programs, and security professionals should embrace negative feedback as an opportunity for improvement. Engaging with employees, prioritizing based on business context, and seeking personal support are also important.
Revolutionizing Cyber Awareness Training
Anjanarati is revolutionizing cyber awareness training by enabling organizations to systematically engage with employees on cybersecurity through contextual and flexible approaches.
Chapters
- Podcast Introduction
- Speaker Background
- Building a Culture of Trust and Security
- Changing Culture and Getting Top-Down Support
- Effective Communication and Cybersecurity Engagement
- Revolutionizing Cyber Awareness Training
Summary
Transcript
Podcast Introduction
00:03 - 06:28
- Podcast is the Social Engineer podcast, Security Awareness Series, episode 219.
- Hosts are Chris Hadden Aggie and Ryan McDougal.
- Invitation to join the Slack channel for discussions on social engineering.
- Introduction to Innocent Lives Foundation (ILF) and their mission to help law enforcement combat child abuse materials.
- Announcement of ILF Gala in September hosted by LaVar Burton.
- Information on how to volunteer or donate to ILF.
- Promotion of Clutch, a rock band, and their music.
Speaker Background
06:07 - 13:30
- The speaker has a background in writing IPsec and Ike device drivers for Windows 95 and 98.
- They worked at a security consulting company called Secure, which did work for companies like Yahoo.
- They joined Yahoo in 2001 as one of the early security employees and helped build their information security function.
- After leaving Yahoo, they joined LinkedIn in 2010 to work on fraud detection and cybersecurity.
- In 2016, they joined Atlassian to run their info sec and identity team.
- In 2017, they started a cloud security company called Amrit Secure, which was later acquired by Sophos.
- They spent three years at Sophos before leaving to start their own cybersecurity venture called Zena in late last year.
Building a Culture of Trust and Security
13:18 - 19:52
- Building a culture of trust and security starts with employees
- Employees should be seen as allies, not the weakest link
- Changing the culture in an established company requires persistence and a champion
- The Chinese proverb 'Tell me, I'll forget; show me, I'll remember; involve me, I'll understand' applies to building a security culture
- Organizations need to go beyond annual cybersecurity training and involve employees in their daily workflows
- Different employees have different cybersecurity needs and mistakes, so personalized training is crucial
- Security champions programs can help decentralize the problem and engage more employees
- Making security personal for employees by showing how it affects them at home can increase their engagement
- Technology-focused security teams need to shift their thinking towards people and culture
Changing Culture and Getting Top-Down Support
19:23 - 26:06
- Changing culture takes time and persistence
- Security teams should focus on people, process, and technology
- Security teams should aim to be problem solvers rather than blockers
- Interacting with the organization and being transparent is important for security teams
- Getting top-down approval and support is crucial for security programs
- Leaders should prioritize their program and be specific about the help they need
- Taking decisions against security in stride and providing input is important
- Navigating the organization is necessary to get top-down support
Effective Communication and Cybersecurity Engagement
25:51 - 32:30
- Effective communication is crucial for successful security programs.
- Security professionals tend to be introverts, which can hinder communication efforts.
- Negative feedback should be embraced as an opportunity for improvement.
- Reaching out to employees and being visible improves the stature of the security organization.
- Prioritizing based on business context and risks is essential for CISOs.
- Good communication and visibility are key for security teams dealing with people.
- Personal support, such as a spouse, can serve as a valuable mentor.
- The book 'How to Think Like a Rocket Scientist' by Zhan were all is recommended for its insights on first principles thinking and getting out of one's comfort zone.
- LinkedIn is the best way to reach out and interact with the speaker.
Revolutionizing Cyber Awareness Training
32:13 - 36:17
- Anjanarati is a company that is revolutionizing cyber awareness training
- They are building a product to enable organizations to systematically engage with employees on cybersecurity
- The engagement is contextual and related to what an individual employee is doing
- They have built a system that tracks employee actions and allows security teams to set workflows for engaging employees directly in their workflow
- The content the employee receives can be consumed through systems like Slack
- This approach is more engaging and flexible compared to traditional once-a-year training videos
- More information about their product can be found at azina.ai and zen.ai