Cybersecurity Is a Discipline

There's a lot of talk about cybersecurity. Corresponding to geopolitical events around the world, experts say the likelihood of attacks is higher than usual. And of course, financial institutions like credit unions are prime targets because they have money and  personal information to steal.

On this episode of the CUES Podcast, guests Franklin Donahoe and Julian Waits share deep insight into cybersecurity today and how to hire the right people to lead and deliver on this ever-important function at your credit union.

Interestingly, Donahue says that what credit unions need to do in an era of heightened concern such as now is double down on implementing best practices that should already be in place, including looking out for the organization as a whole.

Effective cybersecurity is really about "the cybersecurity technical and others within the IT department and security departments understanding the business, being a good business partner," says Donahoe, CEO of CUES Supplier member Lynx Technology Partners. He says  leaders should always be asking such key questions as, "What is important to the business? What's important to the customer? What are the assets that we should be protecting in a cost-effective and responsible way?"

In turn, Waits emphasizes that cybersecurity is a discipline. To follow that discipline,  Waits, SVP/executive in residence for the cybersecurity firm Rapid7, recommends that leaders consider what risks need to be managed, what actions will help to manage those risks and what people are needed to do the job.

As chair of the board of the nonprofit Cyversity, which strives to achieve the consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to diversify, educate and empower, Waits says great cybersecurity people don't need to be awesome computer programmers, but curious, aware of their environment and good communicators.

"Most people I know who are in cybersecurity ... never expected to be in cybersecurity," Waits says. "We're usually ... IT people or ... governance people or we were doing other stuff. And oh, by the way, you know, gee, we need the security stuff.

"So the first thing I need to be is ... visually attuned to what's happening in my environment and I need to be curious," Waits adds. "And then I need to be smart enough to understand you know, if a mature organization, there's some processes I've already put in place. So I need to follow those processes and make sure I can communicate extremely well. 

"One of the most important things in cybersecurity professionals is not technology," he emphasizes. "It's their ability to communicate: one, that there is a problem; two, as best they understand it, what the severity of that problem is; and then three, what's the remedy? ... There's not a cookie-cutter sheet for cybersecurity people."

The show also gets into:

• Three key risks cybersecurity people need to consider
• How risks that feel more local are more likely to be addressed
• The work of Cyversity and how credit unions can get involved

Links for this show:

• Transcript
• Lynx Technology Partners
• Rapid7
• Cyversity
• First Line of Defense
• TalentED