Episode Summary

11:11 Systems Director of Product Market Intelligence Brian Knudtson is joined by guests Justin Warren, Gina Rosenthal, and Liron Amitzi for a conversation about how important it is for employees to be aware of cybersecurity. They discuss the effectiveness of security training, important tools to protect employees, and if executives should be able to avoid the training. Ideally, your organization should have a good culture of security so you don’t have to rely on trebuchets, guillotines, and always poison-checking your coffee.

Panel

Cloud Conversations

Topic 1

[04:10] What are some of the most effective ways to train employees to work more securely when there is a wide variety of different users, all of whom may be a vector of a cyber attack?

Topic 2

[15:51] Go a little bit more into what some of those approaches or solutions that may exist there that can help users stay in the safety zone or limit the damage that they can do on the back end.

Topic 3

[28:49] Are there other groups that should be excepted from the training and the controls that we’ve been talking about?

Cloud Bites

[04:44] “My operating assumption is that this is a system, and if your system requires perfect human behavior in order to behave securely and safely, then your system is broken.”  — Justin Warren 

[08:21] “You’ve got an entire other industry that’s trying to get people to click on these links. You’re never going to be able to keep ahead of them because they’re constantly looking to see, well, what would I do if I was a human?” — Gina Rosenthal 

[09:19] “People will do the easy thing. So I think a lot of this, unfortunately, what we end up doing is we’re trying to force people to do things the hard way instead of the easy way. So the secure way should be the easy way to do it.” — Justin Warren

[20:27] “Wouldn’t it be nice if you had something that could look at the traffic and the activity and see that that was out of the norm for how your organization works, instead of having to pay the price of everybody listening to boring training for 2 hours on a Monday. ” — Gina Rosenthal

[21:53] “I’m not talking about firewalls outside or between networks only, but there are database firewalls or web firewalls that are much smarter than regular firewalls.” — Liron Amitzi

[26:00] “ I think some of the incentives aren’t there for organizations to do good training, because it doesn’t need to be effective. They just have to tick a box.” — Justin Warren

[30:36] “I think if you explain this to people and you try to balance the access to the system with the security in place, but the usability as well, I think there is some balance that you can find that would be acceptable.” — Liron Amitzi

[33:22] “You need to make sure everything is good with your people. You need to make sure you’re constantly making it interesting for especially your professional staff, to understand what to look for.” — Gina Rosenthal