This past Sunday, March 8, was International Women’s Day. All weekend, #IWD2020-related posts topped my social feeds. Two posts in particular stood out – one was shared by a fellow cybersecurity professional and features a picture of his daughter, a bright student still in high school, beaming as she shows off a t-shirt that she designed for her engineering class. The t-shirt is black and features four lines of white text: Nobody Cares. Work Harder. The accompanying caption reads “There is a harsh message here that breeds success. This is my daughter [name omitted]. She made this shirt in her engineering class as she wanted to represent the idea that an excuse-based cultured doesn’t get you anything. No one cares why you didn’t do something. Only way forward is to be better and work harder.” The post had a polarizing effect on readers and has since garnered more than 600 impressions and 80 comments reflecting mixed responses to the message.
The second post came from a CISO and RH-ISAC member giving a public shout out to his wife, also a cybersecurity leader, for all that she does to give back to the field of cybersecurity including volunteer and board leadership contributions to promote education and training for underrepresented groups to break into the field.
I appreciate the underlying spirit and intent of both messages – that each of us is uniquely capable of, and accountable for, the results of our endeavors and that we also have the ability to lift others up in the process.
Whether you agree, disagree, or fall somewhere in the middle, it is these types of thought-provoking discussions that are helping us examine the human elements of cybersecurity. We saw many great examples of these important discussions at this year’s RSA Conference and our RH-ISAC CISO Networking Breakfast. Here are some highlights:
RH-ISAC CISO Networking Breakfast Highlights
Our Tuesday started off early with our CISO Networking Breakfast. We were thrilled to sit down with a core group of CISOs from retail and hospitality and dive into several executive-level security issues of importance to them.
In line with this year’s RSAC theme, the human element was front-and-center in many discussions including challenges and the wins associated with becoming CCPA compliance-ready. On this topic, Russell Findley, the head of information security at Sephora, noted that the relationships he’s developed with the department heads of various business functions has been a great benefit of undergoing preparations to become CCPA compliant. Related, one CISO shared that he meets with the leader of each business function on a quarterly basis to discuss data owned by function, where it lives, and how it is managed or shared.
Raffael Marty, vice president of research and intelligence at Forcepoint, summed up the sentiment shared by many when he said, “one of the key benefits of being at RSA and participating in events such as the CISO Networking Breakfast is to spend time with industry experts and colleagues to share insights from the cybersecurity frontlines and catch up on the latest developments in the product market.”
RSA Conference Session: Digital Transformation, Deception, and Detox: Security Leaders Anonymous
We attended several sessions throughout RSA and were able to connect with numerous RH-ISAC members and those interested in becoming part of our sharing community. One talk that stood out from the others was Elliott Franklin, director of IT governance & security at Loews Hotels.
Franklin talked about the very real effects of a culture that normalizes high levels of stress, pressure, and demand can have on the well-being of cybersecurity leaders including impact on their personal lives. During the talk, he provided an example of a scenario that all too many leaders can relate to: “Here’s the scenario: your leaders or executives have just returned from a conference or read another article in the Wall Street Journal and are now ready to take on this Digital Transformation Project. Here are the parameters: no additional staff, no additional budget. Are you going to present them your resource allocation plan and ask which projects you can put on hold or not do? Or are you just going to push through and work longer nights and weekends.”
This type of scenario is, unfortunately, all too common for many leaders. Franklin argues that we must prioritize our personal well-being to ward off stress and negativity that we are bombarded with in our daily lives in ways such as:
- Disconnecting from technology whenever possible
- Seeking healthy connections and community
- Connecting with our sense of purpose in life and values
Watch the talk here: https://www.youtube.com/watch?v=TI5z9nM4Ns8&feature=youtu.be
We saw a number of new technologies and insights showcased this year, including some standout ways in which the vendor community is putting the human element front-and-center when developing products and even in marketing campaigns.
One worth noting is Tripwire. This year, instead of putting marketing dollars toward t-shirts (i.e. conference schwag), Tripwire opted instead to give back to the community with its #TripwireCares campaign. For each social media engagement on Twitter and Instagram, the company donated $1 to four special organizations devoted to supporting diversity and cybersecurity talent development: Girls Who Code; Women in Tech (PDX Chapter), EFF, and Hackers for Charity.
Overall, we enjoyed our time in San Francisco. We were able to make the most of our time with fellow retail and hospitality organizations and look forward to attending this great event next year!