Creating a Culture of Cybersecurity
Speaker: Jerald Dawkins, Ph.D.
Jerald Dawkins [0:00] Hi I’m Jerry Dawkins, Chief Technology Officer here at CISO Global, and I just want to take a moment and talk to you about what is a security culture, and how to build a security culture, and what are some of those key elements of a security culture within an organization.
Jerald Dawkins [0:17] What’s interesting about this conversation is I’ve been in this industry for a long time, if you rewind, rewind the clock, security culture was really it was an IT problem….
Jerald Dawkins [0:28] Oftentimes … security is changing username, passwords or firewalls?
Jerald Dawkins [0:36] What’s the best antivirus software that that I have? And it was very product centric.
Jerald Dawkins [0:42] What I think we’re learning, as we mature in this industry, is that really security is everybody’s problem. This is a business problem.
Jerald Dawkins [0:51] That’s why you’re seeing regulations and, and requirements at the board level in order to have cybersecurity. Really, it has to come from the top.
Jerald Dawkins [1:01] Cybersecurity is everybody’s problem. Having that understanding, and that leadership at the top level, is really critical for establishing, building that security, that security culture. There’s something that I like to use your servers, and that security is a team sport.
Jerald Dawkins [1:17] It takes all of us in order to achieve a cybersecurity posture; that is everything from the people that manage their IT, the support desk. It’s the end users. It’s the people that are interacting with the client data….
Jerald Dawkins [1:33] It’s basically everybody that has technology in their hand, or on their desk, which is essentially everybody within the organization. So, we all have a role to play in the cybersecurity landscape.
Jerald Dawkins [1:46] I think…one interesting thing…
Jerald Dawkins [1:49] is to demonstrate that leadership, that security comes from a top down approach, it’s just, you know, if you look at who our Chief Information Security Officer, she is also the President of our organization.
Jerald Dawkins [2:02] That’s directly impacting security culture and how we manage security within our own organization.
Jerald Dawkins [2:11] Security is a team sport. Security is so important to CISO Global. CISO Global…
Jerald Dawkins [2:17] is a business entity that uses our own services in order to achieve our own security, so it is you have to practice what you preach and so part of that is certainly leadership. I think another thing is just an awareness. Everybody plays a role, but it’s like, what role? Where am I playing within this? ….
Jerald Dawkins [2:36] Oftentimes, that comes down to sound, security policies, security awareness and training.
Jerald Dawkins [2:44] While I don’t necessarily like a bunch of regulations imposing on or impacting a business, regulations and those standards, they impact and create awareness of things that I need to think about within the organization. So if you think about it from the importance of policy,
Jerald Dawkins [3:04] The importance of users understanding what they can and can’t do and should not do, really, at the end of the day, security is just doing the right thing.
Jerald Dawkins [3:15] Which is why when you look at security, ethics, ethical behavior, and proper configuration, all these things come into come into play. So I oftentimes use an analogy of …a GPS satellite. So you have these satellites so the more satellites you have, the more precise location you can get.
Jerald Dawkins [3:36] And so, from a security perspective, if the only person that’s focused on security is one person in your IT department who is responsible for security, that’s a whole lot for that one person to lead. And so therefore, your location is not going to be very accurate. And therefore, your security is not going to be there yet.
Jerald Dawkins [3:59] The more satellites and unit that you can have within your organization that are all pointing down and focused on cybersecurity, the more precise [you] can be, and the stronger your cybersecurity posture will be.
Jerald Dawkins [4:12] CISO Global is here to help fill in some of those satellites, but this isn’t one of those things that you can just outsource, your cybersecurity posture.
Jerald Dawkins [4:21] This is definitely a partnership that that needs to be established, and that’s what CISO Global is here for to help establish those satellites and even provide some additional guidance as we hone in on that cybersecurity posture.