Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning, everybody. How's it going? Uh Coming to you live from the Atlantic Security Conference here in uh Halifax. Love to say sunny Halifax. But it's the typical Canadian spring. Clear out. It's a little uh drizzly. Um We're right down here on the harbor in the beautiful new uh convention center.
Um As always, uh the team here at Atlantic security Conference has put on a phenomenal event. We're off to a great start. We had a um keynote this morning um from Ted Demopoulos. I'm always going to mess up Greek names.
My Greek is horrible, but Ted came out and gave a talk around being an infosec rock star. Let me just adjust this. Give me an infosec rockstar, which is absolutely a phenomenal keynote. It was a great way to kick it off.
It wasn't what I was expecting. I don't think it was what a lot of folks were expecting. He's theme was really about how our role as security professional is, really about education, it's really about influence and that happens at all levels.
And I think that's absolutely critical. That's a theme that I've been talking about um year after year and that addresses directly this cybersecurity um talent crisis that we're talking about. So everybody is saying we are missing, there we go.
We are missing a huge amount of cybersecurity. Uh The jobs that saying uh 2 million by 2020 I believe is the number that's being touted around. That's true. We need way more folks in cybersecurity but the way we're going to get it is not by building out through traditional means, we're not going to be able to scale cybersecurity education programs and training to the point where we need, what we need to do is adjust how we approach it.
And I think Ted's keynote this morning hits on some themes that I've been harping on for a long time, especially a talk I gave here two years ago about whether or not you're set up to fail. And I think you are realistically in security.
You need to be an educator. That's your job. Number one is to educate people in your organization, in your community to help them understand their role with insecurity. And Ted went through um the um aspects of influence.
He went through a number of areas on um how this all plays out and how you can't just come in and dictate how you have to build that influence. If you build communication, if you build networks and part of that is really just kind of putting yourself out there.
So doing something like, I don't know, maybe a live stream every morning to try to get the word out. And realistically, no matter what level you're at, you have something to contribute. There's always someone who's further behind you on the ladder, as well as there's always someone who's further ahead of you on the ladder.
And I think we need to look around and share amongst ourselves. We need to talk to each other. We need to communicate freely without judgment. And really, you know, see ourselves primarily as educators, even if your job is running a firewall or an IP S system or threat hunting user awareness training.
It doesn't matter what your role in security is. If you have a security mindset, I think it's incumbent on you to help sort of infect everybody else in your organization. I say, in fact, even though that might be a bad way or bad analogy, I think realistically what your goal needs to be is to ensure that you're raising everybody's security level and raising the awareness in general as to what people know and understand about security.
So here's a couple of easy things you can do and I'm sorry about the camera adjustments. I remember why I use tripods at home. Um, so the one thing you can do right out of the gate is to make sure that if you have tackled a strong problem that you found challenging or that wasn't immediately obvious that you write it up, share that internally on a wiki, share that publicly on medium, fire it up in a linkedin post something, get that information out there.
Sure. You know, hide any information that's specific to your company or your problem that might be incriminating or something that's identifiable. But share that out there. Get the, get the information out there. It's easy we can all do it.
These are free tools to get that info out there also, next time someone comes to you with a security problem instead of judging and saying, oh, that was really dumb. Why'd you write your own crypto library? Help them understand the free and open source alternatives.
Um You know, walk them through this problem. Take that mindset and be very, very positive about it. Remember, your primary role is as an educator that will help you build influence. There's a huge upside, selfish upside for this as well.
If you're seen as an educator, if you're seen as somebody who helps other people get wins and raise their knowledge, then you're going to advance your career. And I think that was a key takeaway from TED as well is that you can really advance your own career by being an educator, by helping other people out by being an influencer.
It was a great way to start off the day here at Atlantic Security Conference. We've got a whole day packed today, full of great talks, jam packed schedule, multi track and another full day ahead of us tomorrow.
Lots more to come. Follow me here on Twitter at marknca for live tweets throughout the day. I'm on stage three local time. That's Atlantic time talking about the paradox of cybersecurity and operational technologies. I think that will be interesting for the audience here.
It's really trying to introduce them to a new idea, to a new area because I've spent the last year or two exploring that area and found a lot of things that I think is important for people to share with.
So this is my way of trying to get back and trying to educate and you know, a small piece of the puzzle, but that's how we're going to get ahead of this. That's how we're going to get better security for everybody is by everybody contributing back a little bit.
So that is my morning rant number 40 of this. Thanks for staying tuned. Thanks for bearing with me as always hit me up here on Twitter at marknca love to chat about the education about security, anything else.
And if you're watching this on youtube or other social after the fact, comment below. Let's get a discussion going because that's how we all get ahead. Have a great day.