Security in Three Keynotes

I had the pleasure of attending (ISC)2 Congress this year in Orlando with my colleague and fellow advocate James McQuiggan.

KnowBe4 has a great working relationship with the (ISC)2 Center for Cyber Safety and Education and has sponsored Women in Cybersecurity as well as 2,000 children for cyber safety day Tampa Bay.

While many of the sessions were very good and educational, the stand out sessions were the keynotes which featured speakers who were outside of the industry sharing their message and in some cases tying it back to security and how we operate.

Three of these keynotes in particular stood out for me.

The opening keynote featured Captain Sully, the pilot who famously landed an airplane in the Hudson river, and who was portrayed by Tom Hanks in the movie.

It was a gripping keynote in which Captain Sully painted a picture of the experience which placed the audience in the cockpit with him on that fateful day.

An interesting point he made was that despite technological advancements in airplanes, the human factor remained the major consideration. A pilot needs to be a good leader, have trust in the processes, in their colleagues, and know that during a crisis, they will do what is needed to be done.

No matter how we model, unexpected things outside of our control will occur and, in those situations,, it’s more than likely a human will be the one to make a decision between life and death. 

Catherine Price is the author of the book, “How to break up with your phone.” And while on the surface it may not appear to have much to do with security, the psychology behind mobile phones and the apps on them is fascinating.

 She spoke about how a lot of the mobile apps are designed to steal our attention, in particular social media. How infinite scrolling and constant notifications not only distract us but prevent us from achieving success in any one task we are trying to accomplish.

 While she didn’t advocate completely ditching the phone, there is much to be said about a screen / life balance, and if your phone is the first thing you reach for when you wake up and the last thing you see before going to sleep, then maybe there is a need to achieve some balance.

What was perhaps the most telling thing for me, was that much of the psychology and learning from Catherine’s talk and book mirrored much of what my colleague Perry Carpenter’s book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. Because after all the human mind is the human mind, and just as developers are trying to steal your attention, criminals are doing the same. So it makes sense for security professionals to also enter the arena and hijack attention for the benefit of people.  

The closing keynote for the event was perhaps the most inspirational and was delivered by Admiral William H McRaven, author of Make Your Bed.

The talk consisted of many stories from his time as a Navy Seal and the lessons he learnt from training and active duty. Making one's bed was used as an analogy to be starting your day with a task completed and taking control over the things that you can.

By completing one task first thing in the morning, no matter how trivial, will set you up to complete more tasks through the day, and instill a sense of discipline and focus.

One of the reasons I liked the example so much is that it applies to security really well. All too often professionals can get hung up on trying to fix extremely complex, and sometimes fringe cases. Sometimes, the best strategy can start from trying to fix the basic, and mundane things one at a time. Patch a vulnerable system, securing an admin password, or teaching just one user how to identify a social engineering attack.

Doing the fundamentals on a consistent basis will likely bring about far more benefit in the long run than running after the next shiny tool that promises you the world.