Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 0

Your Role As A Security Educator

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Good morning, everybody. How's it going at coming to you live from the Atlantic security conference here in at Halifax. Love to stay sunny Halifax, but it's the typical Canadian spring clear out the little a drizzly. I'm we're right down here on the Harbor in the beautiful new convention center.

And as always at the team here Atlantic security conference. If I put on a fan to a great start. We had a keen on this morning. I'm from Ted Demopolis. I'm always going to take him out and gave a talk around being an infosec Rockstar looking at the justice and give me an infosec Rockstar which is absolutely a phenomenal and he know it was great way to kick it off and it wasn't what I was expecting.

I don't think it was what a lot of folks are expecting and Hughes theme was really about how our role as a Security Professionals is really about education is really about influence and I happens at all levels and I think that's absolutely critical that the team that I've been talkin about a year after year.

I demand that address it directly via cell cybersecurity Talent crisis that were talking about everybody saying we are missing their we go. We are missing a huge amount of cyber security jobs saying I 2 million by 2020. I believe those then I'm going to think of it around and that's true.

We need way more on folks in cybersecurity and but the way we're going to get it is not by building out through traditional means we're not to be able to scale cybersecurity education programs and training to the point where we need. What we need to do is adjust how we approach and I think Ted's Keno this morning hits on some things that I've been harping on for a long time.

I'm supposed to talk to Dave here are two years ago, but whether or not you're set up at the fail and I think you are realistically insecurity. You need to be an educated Lester job. Number one is to educate people in your organization in your community to help them understand their role within security and Ted went through the aspects of influence.

He went through a number Areas on how this all plays out and how you can't you come in and dictate how you have to build that influence. If you build communication of your build networks and part of that is really just kind of putting yourself out there. So doing something like I don't know maybe a livestream every morning to try to get the word out and realistically no matter what level you are at.

You have something to contribute there's always someone who's further behind you on the ladder as well as there's always someone who's further ahead of you on the ladder, but I think we need to look around and share amongst ourselves. We need to talk to each other. We need to communicate freely without judgment and really see ourselves primarily as Educators.

Even if your job is running a firewall or an IPS system or threat hunting or user wearing his training doesn't matter what your role is a curious. If you have a security mindset, I think it's incumbent on you to help sort of infect everybody else in your organization. I say in fact, even though that might be a bad way or bad analogy.

I think realistically what your goal needs to be is to ensure that your lawyer easing everybody security level and raising awareness in general as to what people know and understand about security. So here's a couple easy things you can do and I'm sorry about the camera adjustments. I remember why I used tripods at home.

So the one thing you can do right out of the gate is to make sure that if you have tackled a strong a problem that you found challenging or that wasn't immediately obvious that you're right it up share that interest Wiki share that publicly on medium fired up in a LinkedIn post something get that information out there sure you don't find any information that specific to your company or your problem.

That might be something that's identifiable information. It was really dumb ways to write your own crypto Library help them understand the free and open-source alternatives to walk them through this problem at take that mindset and be very very positive about it. Remember your primary role is as an educator that will help you build influences a huge upside selfish upside for this as well.

If you're seen as an educator if you're seeing if somebody who helps other people get wins and raise their knowledge, then you're going to advance your career, and I think that was a key takeaway from Ted as well as that. You can really am Advance your own career by being an educator by helping other people out by being an influencer was a great way to start off the day here to Atlantic security conference.

We've got a whole day packed out today full of a great talk so jam-packed schedule multitrack in another full day ahead of us tomorrow and lots more to come follow me here on Twitter at Mark NCAA for I like to eat throughout the day. I'm on stage 3 local time and that's Atlantic time at talking about the Paradox of cyber security in operational Technologies.

That I will be interesting to the audience here. It's really trying to introduce them to do idea, and I'm to a new area because I spent the last year or two exploring that area and found a lot of things that I think is important for people to share with us as my way of trying to get back and try to educate and party on small piece of the puzzle ever.

That's how we're going to get ahead of this. That's how we're going to get better secure a little bit. So that is my morning rant number for Tia. Thanks for staying Tunes. Thanks for bearing with me as always. Hit me up here on Twitter at Mark NCAA. Love to chat about that education was security anything else and if you're watching this on YouTube or another social after the fact, but was given discussion going because that's how we all get ahead.

Have a great day. Good morning, everybody. How's it going at coming to you live from the Atlantic security conference here in at Halifax. Love to stay sunny Halifax, but it's the typical Canadian spring clear out the little a drizzly. I'm we're right down here on the Harbor in the beautiful new convention center.

And as always at the team here Atlantic security conference. If I put on a fan to a great start. We had a keen on this morning. I'm from Ted Demopolis. I'm always going to take him out and gave a talk around being an infosec Rockstar looking at the justice and give me an infosec Rockstar which is absolutely a phenomenal and he know it was great way to kick it off and it wasn't what I was expecting.

I don't think it was what a lot of folks are expecting and Hughes theme was really about how our role as a Security Professionals is really about education is really about influence and I happens at all levels and I think that's absolutely critical that the team that I've been talkin about a year after year.

I demand that address it directly via cell cybersecurity Talent crisis that were talking about everybody saying we are missing their we go. We are missing a huge amount of cyber security jobs saying I 2 million by 2020. I believe those then I'm going to think of it around and that's true.

We need way more on folks in cybersecurity and but the way we're going to get it is not by building out through traditional means we're not to be able to scale cybersecurity education programs and training to the point where we need. What we need to do is adjust how we approach and I think Ted's Keno this morning hits on some things that I've been harping on for a long time.

I'm supposed to talk to Dave here are two years ago, but whether or not you're set up at the fail and I think you are realistically insecurity. You need to be an educated Lester job. Number one is to educate people in your organization in your community to help them understand their role within security and Ted went through the aspects of influence.

He went through a number Areas on how this all plays out and how you can't you come in and dictate how you have to build that influence. If you build communication of your build networks and part of that is really just kind of putting yourself out there. So doing something like I don't know maybe a livestream every morning to try to get the word out and realistically no matter what level you are at.

You have something to contribute there's always someone who's further behind you on the ladder as well as there's always someone who's further ahead of you on the ladder, but I think we need to look around and share amongst ourselves. We need to talk to each other. We need to communicate freely without judgment and really see ourselves primarily as Educators.

Even if your job is running a firewall or an IPS system or threat hunting or user wearing his training doesn't matter what your role is a curious. If you have a security mindset, I think it's incumbent on you to help sort of infect everybody else in your organization. I say in fact, even though that might be a bad way or bad analogy.

I think realistically what your goal needs to be is to ensure that your lawyer easing everybody security level and raising awareness in general as to what people know and understand about security. So here's a couple easy things you can do and I'm sorry about the camera adjustments. I remember why I used tripods at home.

So the one thing you can do right out of the gate is to make sure that if you have tackled a strong a problem that you found challenging or that wasn't immediately obvious that you're right it up share that interest Wiki share that publicly on medium fired up in a LinkedIn post something get that information out there sure you don't find any information that specific to your company or your problem.

That might be something that's identifiable information. It was really dumb ways to write your own crypto Library help them understand the free and open-source alternatives to walk them through this problem at take that mindset and be very very positive about it. Remember your primary role is as an educator that will help you build influences a huge upside selfish upside for this as well.

If you're seen as an educator if you're seeing if somebody who helps other people get wins and raise their knowledge, then you're going to advance your career, and I think that was a key takeaway from Ted as well as that. You can really am Advance your own career by being an educator by helping other people out by being an influencer was a great way to start off the day here to Atlantic security conference.

We've got a whole day packed out today full of a great talk so jam-packed schedule multitrack in another full day ahead of us tomorrow and lots more to come follow me here on Twitter at Mark NCAA for I like to eat throughout the day. I'm on stage 3 local time and that's Atlantic time at talking about the Paradox of cyber security in operational Technologies.

That I will be interesting to the audience here. It's really trying to introduce them to do idea, and I'm to a new area because I spent the last year or two exploring that area and found a lot of things that I think is important for people to share with us as my way of trying to get back and try to educate and party on small piece of the puzzle ever.

That's how we're going to get ahead of this. That's how we're going to get better secure a little bit. So that is my morning rant number for Tia. Thanks for staying Tunes. Thanks for bearing with me as always. Hit me up here on Twitter at Mark NCAA. Love to chat about that education was security anything else and if you're watching this on YouTube or another social after the fact, but was given discussion going because that's how we all get ahead.

Have a great day.