Episode 41 - Proactive and Reactive Cybersecurity with Dr. Eric Cole
Dr. Cole has worked with a variety of clients ranging from Fortune 500 companies, to top international banks to the CIA. He has been the featured speaker at many security events and also has been interviewed by several chief media outlets such as CNN, CBS News, FOX News, and 60 Minutes. We talk about what is working and what isn’t when it comes to IT and agriculture, focusing most of our conversation on artificial intelligence.
Eric shares so much of his knowledge about business intelligence and cybersecurity. He shares the biggest security risks for companies and ways to maintain top security with your workforce working from home. He also shares practical steps any organization can take to be more proactive with their cybersecurity.
Show Notes:
- [01:18] Eric shares how he got into IT and cybersecurity. He majored in computer science and decided to study cybersecurity.
- [03:13] He left the CIA because he was an entrepreneur at heart and he started his own company. He helps companies be on the defense of cybersecurity.
- [03:58] Now he runs his own business, Secure Anchor. They help companies build out an effective roadmap that actually protects and secures their critical assets.
- [05:06] The biggest risk that any company has no matter their size is they don’t think they are a target. It is important to let data drive decisions. Many companies don’t think that cybersecurity is their responsibility.
- [06:01] If you haven’t detected an attack in the last two years, it is because you haven’t looked in the right spots. It is not because it is not happening. The indicator of good security means your detecting breaches.
- [06:56] If you want to have the best cybersecurity make sure you have a network visibility map, no all of your assets visible from the internet, patch them, and make sure they don’t contain any critical data on them.
- [08:27] The two most dangerous applications on planet earth are email clients and web browsers.
- [09:01] Have a Windows computer as your primary work computer. Then have a non-Windows based computer that you use for surfing the web and checking email. He does all of his web surfing and email on his iPhone.
- [10:01] Passwords are not a great idea. We need to start moving everything to the Cloud with an authentication layer.
- [11:11] Any solution that is designed has to be location agnostic.
- [13:32] You have two choices. The first one is to wait for the breach that will happen or really start getting aggressive protecting the endpoint with authentication.
- [14:36] A penetration (pen) test is sometimes called ethical hacking. You are trying to break into an organization from an attacker’s standpoint. The problem with a pen test is that it is not comprehensive.
- [17:32] Eric is not a fan of pen testing but he is a fan of doing threat mapping or a full-blown security assessment.
- [19:49] From an attacker standpoint the biggest change they have seen is that it is all monetary driven.
- [21:07] Eric believes that in 12-15 years we will have an international cybercrime unit for all governments.
- [23:01] His concern is that for the last 5 years every memory chip or CPU has come embedded with malware that hasn’t been activated yet.
- [25:08] The idea of zero trusts is we don’t trust any computer. Every system is isolated, independent, and has its own controls.
- [26:49] Eric shares his advice for beginners in the IT and cybersecurity fields. Start a regiment of reading a book a week for an hour a night.
- [28:10] Bet and believe in yourself and start your own consulting company. Do it for a year or two and then reevaluate.
- [29:13] Eric shares his best worst boss story.
- [30:34] Sometimes you have to be willing to take calculated risks.
- [32:10] He also shares a crazy story of him being a boss.
- [33:18] Cybersecurity is a real threat and one of the biggest to your organization. Have an assessment and make sure you understand what is happening in your organization.
Links and Resources:
D'autres épisodes de "State of the CIO"
Ne ratez aucun épisode de “State of the CIO” et abonnez-vous gratuitement à ce podcast dans l'application GetPodcast.