The CyberSec Sessions Episode 4 - with Fletus Poston
We discuss CrashPlan, working with the SANS institute, and how we can bring about a human-centric approach to security and the 'talent shortage'
We’re up to Episode 4 of The CyberSec Sessions, the lightning interview series where I interview CyberSec Leaders about what they’re doing, and what they think about the Industry.
Join us today as we discuss Fletus’ thoughts on the industry, and the part he’s playing to help.
Don’t have the time to listen? Here is an overview of what we covered.
Crash Plan helps when the inevitable happen
The vast majority of CyberSecurity tooling providers focus on preventative measures, trying thier best to prevent access to thier systems through firewalls, threat detection etc.
But what about if/when a bad actor gets around those measures? If you’re a big enough target it’s likely to happen at some point.
CrashPlan has a couple of different features to help. Thier endpoint backup & recovery solution lets you restore your data within hours of a ransomware attack, minimising revenue loss.
They can also put a Legal Hold on a device without needing to interact with the User, massively helping in containing the damage.
Finally, they have the more traditional backup and recovery where thier software does 15-minute backups across all major OS’s, so in the case of physical destruction or theft of device, you’re covered there.
Fletus moved from SANS User to an Instructor
After falling in love with thier courses in 2019, he began to take more and more courses and took their Security 401 bootcamp.
He worked with them on quality control and became a qualified technical consultant, helping out to make sure thier online training courses were accurate and working as intended.
From there he joined thier SANS.edu as a faculty research advisor. He helps grad students in day-to-day learning as an in-person TA and Virtual TA, as well as with thier research topics for their white papers.
Want to see Fletus and SANS in action? He’ll be at the Security Awareness Summit in Virginia at the end of July.
The best part about it is, like most SANS summit, it’s completely free, and you can find more online and virtual summits on the SANS website covering a range of topics, including a bit of what we’re covering in this episode.
The biggest problem in CyberSecurity? It Depends
There will be some constants, for example, supply chain attacks are becoming worrying. Especially given the recent changes with the SEC’s approach. Can anyone really say they trust every aspect of thier supply chain, even your mom-and-pop supply firm giving you paper products for example?
Any business-to-business connection is a potential weak link into your company.
Outside of that, everything comes back to having a human-centric mindset when it comes to security. These days there are so many IT systems we’re interacting with daily, from Smartphones, to all the home IoT devices, everything is monitoring and sharing information with you.
IoT is on the rise too, more and more buildings are implementing things like smart HVAC, windows or smart lighting. All of this is letting automation take over your life and is a risk.
Relying on things like AI and automation to make decisions for us can be dangerous, it cannot make the decisions we can, it's just 1’s and 0’s .
To reduce this, we need to focus back on the human, take a human-centric approach and realise that we should be thinking of security in our daily interactions, our risk management/security awareness programs at work can apply to daily life.
We need to avoid ‘traditional routes’ into Cyber, and train
To Fletus, looking only at people with traditional Bachelors or Masters Degrees are not the answer for True Cyber roles, because many schools are just teaching IT with some Security anyway.
Teams have to get used to oppurtunities to cross-train to onboard new talent. Finding out who is already in your organisation that has the aptitude or interest and let them job shadow. Encourage the learning, give them money to go to a boot camp or a class like SANS.
It doesn’t stop there, Fletus thinks we should look at people from a range of backgrounds who are interested in Cyber and support them.
Mentoring is huge in this, and Fletus has helped English teachers and mechanics get into cyber. You can teach security to people, as long as they have the aptitude and willingness to learn in this field.
At the end of the day, even seasoned CyberSecurity experts constantly have to learn as the indsutry changes. Gen AI, Machine Learning, even cloud, all these things didn’t exist before. So why would we not train up curious people .
Starting with children is important too, a lot of schools are working on some kind of computer/device these days, teaching your kids how to use these systems, teaching why they shouldn’t share passwords etc.
Spark that curiosity while they’re young, and remember, security starts at home.
That’s all Folks
I hope you enjoyed this week’s Episode Summary. Watch the full video below for more details.