About

This is part two of a two-part special edition that was recorded at the 2019 Cyber Florida Conference. In the first part, a panel of cybersecurity experts discussed “Cybersecurity and the C-Suite,” while the second part discusses partnerships and opportunities that bridge the gap for qualified cybersecurity personnel and our interconnected cyber ecosystem. The panel was moderated by Sprint’s Chief Information Security Officer Mark Clancy. On the panel sat three cybersecurity professionals who have years of expertise: Diane Janosek, Commandant of NSA's National Cryptologic School; Andy Zolper, SVP, CISO, and Head of Technology at Raymond James Financial; and Terry Roberts, CEO and Founder of WhiteHawk, Inc. (To learn more about Janosek, Zolper, and Roberts, listen to the The No Password Required Podcast episode titled “Cybersecurity in the C-Suite.”)This No Password Required episode began with the question, “What can the big guy do to help the small guy?” and panelists discussed the role of large corporations and technology service providers. Often small-to-mid-sized organizations are understaffed when it comes to their IT department and/or they are solely reliant on external providers for their security. Many larger organizations and service providers are making the investment to provide advanced security protocols because it impacts their products and, for some, it gives them a competitive edge in the marketplace. Larger corporations and service providers are carrying the responsibility of protecting smaller organizations, but it is a symbiotic relationship. Smaller organizations must do their part to have good cyber hygiene and understand their risks and their roles in preventing those risks.Motivating smaller organizations to have a proactive cyber culture is often dependent on two things: communication and risk. A panelist emphasizes that the success of motivation revolves around language. The key to communicating with C-level executives and business stakeholders is to provide information as it relates to them, using their industry-specific lingo, demonstrating their profit and loss potentials, and illustrating how it impacts their community. By answering “how can we partner in a way that shows that we want to mitigate risks to a point that we’re a stronger business partner” can solve some of the gaps in cybersecurity. “Don’t wait for someone to offer, ask,” is the advice of Andy Zolper when it comes to mitigating risks.Mark Clancy asked the panel, “How do you cyberize the CEO?” Cyberizing the CEO often begins with a review of their cybersecurity risk profile. By mapping risks to reputation and quantifying revenue to business impact can be the necessary wake-up call. “Cyberizing” was a phrase coined in part 1 of this series that is interpreted as educating/training C-level professionals to understand their company’s tech, their role in cybersecurity and operations, and their leadership in corporate cyber culture. “Cyberizing” encourages insight that helps build an adequate IT team or relationship with technology service providers. Cyberizing naturally encourages investing in employees as the greatest assets. It holds the belief that employees are responsible for maintaining good cyber hygiene, managing customer and partner relationships, and evolving with technology.Another solution offered is “cyberizing the principal.” This involves instilling the value of cybersecurity as soon as a child is handed technology. One panelist advocates for developing educational programs that incorporate cybersecurity in programs from elementary to college, with her belief that it will carryover good cyber hygiene from the home to the public and business sectors.Another component of closing the cybersecurity personnel gap is by encouraging information sharing in new ways, as well as, encouraging IT professionals to transition through various sectors and educational opportunities to keep their experience fresh and relevant. The panel discussed some of the current issues and possible solutions that involve sharing information, the importance of nonprofit interlocutors, the problem with classified versus unclassified information sharing, zero trust, and more. The cybersecurity experts also discussed educational opportunities, crossover through sectors and the role of leveraging academia and cyber labs to find solutions.In the final segment of the podcast, the guests discuss some of the highlights of the 2019 Cyber Florida Conference and list topics that they would like explored at the future conferences.You can find part 1 and 2, as well as other episodes of No Password Required Podcast, on our website at https://cyberflorida.org/podcast/. This special edition was recorded at the 2019 Cyber Florida Conference in Tampa, Florida. Learn about upcoming Cyber Florida events, including the Annual Conference, at cyberflorida.org or follow us on social media.TIME STAMPS01:30 Partnering Competitively & Cyber Ecosystem07:17 Cyberizing the CEO10:43 Cyberizing the Principal13:48 Public-Private Partnerships15:51 Nonprofit Interlocutor & Scaling Partnerships17:32 Collaborating for Information Sharing19:00 Zero Trust24:42 Classified vs Unclassified Sharing25:30 Surprises from the Cyber Florida Conference