Because Advisory Council Members have told us they love learning from each other, we asked him some questions about his role and challenges. Here
SW: What is the most challenging aspect of your job?
MC: The most challenging aspects of my job are the sheer number and broad range of tasks, initiatives, and issues that I have to manage on a daily basis. One moment I might be reviewing our vulnerability management tool and the associated stats, then the next I might be finishing slides for a Board presentation, then maybe meeting with individuals on completing/signing off on vendor related security assessments. On a positive note, it is busy, interesting, and filled with collaboration across the enterprise, which makes the day go by quickly.
SW: What constraints or challenges do you see in the industry as a whole?
MC: Most of my peers verbalize, in one way or another, the same three or so challenges when we get together: 1) Staffing shortages; 2) Proliferation of devices, which compounds the widening attack vector; and 3) Using a value-based risk approach, which addresses your top risks with sophisticated tools that can mitigate the threat or shorten the breach to breach response gap. There are innovative ways that one can solve the staffing challenge, both from an internal perspective and externally. Device proliferation and attack vectors’ residual risk can be mitigated by items one and three. There are some really slick tools in the SOAR and AI/Machine Learning space that can help with item three.
SW: Where do you get your information regarding current threats or new security practices?
MC: There are a number of places to get these from. I like InfraGard, the partnership between the FBI and private sector for getting some good intel, not all from the FBI, but DHS and other agencies as well as peers that belong to InfraGard. The ISACs are also a good place. We belong to the FS-ISAC (Financial Services Information Sharing and Analysis Center), and they generate a wealth of intel. Vendors, peers, and local/national conferences are also a great place.
SW: If you had to choose, what’s the one security practice people can adopt that would have the greatest impact?
MC: Stay home and disconnect from the internet… haha, just kidding! I think security practices all start with awareness and knowledge. Being aware of what the risks and threats are to your organization, your family, and yourself. Once you are aware of those, you can mitigate them in one form or another. Knowledge comes from learning about the threats and appropriate protections possible. It’s a great industry to be in from an employment standpoint due to knowing that cyber is the new crime and there are plenty of criminals or nation states acting. The sky truly is the limit.
SW: What actor would play you in the latest cybersecurity/hacker blockbuster movie?
MC: Jake Gyllenhaal. We look alike and his acting chops are top notch.
SW: What’s the coolest place you’ve been?
Banff, Canada. It was 12 below zero when I visited. Haha! I’d have to say Boracay, Philippines. Not only is it a great place to scuba dive, but the island is full of hotels, pubs, eateries, and one of the best beaches in the world. The people are friendly, happy, and welcoming.
SW: Who’s the person you’ve met that you’ve been most impressed with?
MC: Muhammad Ali. I met him in my hometown of Onalaska, Texas, back in the late 1970s when I was around 7 or 8 and he was filming a movie. He was the nicest guy and took the time to chat with me for a while. I even got to box with him for a few minutes; it was a surreal experience.