author photo
By Clare O’Gara
Mon | Sep 23, 2019 | 5:30 AM PDT

A major goal of cybersecurity leaders is to get the entire organization engaged in the fight against digital threats.

But according to Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA), they need to stop using fear-mongering as their primary strategy.

Why Chris Krebs wants cybersecurity to 'stop selling fear'

During a recent speech, CISA's Krebs emphasized the need to get more of the nation involved in cyber defense, from governments, to companies, to students and everyday citizens.

"We've got to do more to extend our capabilities to float all boats."

But he also wants industry experts to avoid using fear as the motivation.

"One of the things we've got to do a better job of is [to] stop selling fear.

Fear sells, but we have far too much to offer to just be looking for the next mark. We’ve got to be more straightforward, more measured, more reasonable in how we talk about [threats].

We have to take the hysteria out of the conversation."

What else should cybersecurity leaders stop doing?

And according to Brent Lassi, CISO at Bluecore, Inc., there are a few other things that InfoSec leaders should stop doing.

"We need to stop thinking like an IT organization," he says.

In an interview with SecureWorld, he explains his CISO stop list and urges others in security to create their own "stop lists" for the year.

Here are some of the points he includes:

  • Stop being a curmudgeon
  • Stop selling fear
  • Stop talking about problems without bringing solutions
  • Stop hiring too many engineers and not enough programmers in security
  • Stop ignoring advice from trusted vendors

Says Lassi:

"We have to retool what we've been doing. And the way I approach that process is to make a list of things I should stop doing."