Where in the World is Matt Lee?
Staying close to home, color coding like a toddler with the BIG pack of crayons, and committing his time for the rest of the year.
Where in the World is Matt Lee?
This month was a little slower for me, relatively speaking, on the personal events. I have been focusing heavily on Iconic IT. Lots of good stuff going on for us; from improved third-party integrations to tightening our own cybersecurity. I have been invited to many on-camera and virtual presentations throughout the end of the year, like a presentation with Channel Pro Magazine in November; this month was more about planning out the next few months to close out 2020 (yes, 2020 will eventually end, my friends). My future months will be spent with Virtual Mission Briefings and other PAX8 camera time, among many other upcoming events.
My COVID Silver Lining
I am finding that COVID 19 has advanced my mission. Doing my presentations on-screen takes far less time than travelling, meaning I can fit more into my schedule than I could possibly do prior to the pandemic. I can even attend several presentations at once, something that I couldn’t do before (obviously).
One highlight of this month was a cybersecurity training presentation featuring Jessica Barker, one of the twenty most influential women in cybersecurity in the UK. She suggests that we need to change the way we are talking about cybersecurity to increase our client buy-in. For instance, we should shift our focus when conducting phishing testing from the lower percentages of those users who fail to the large number of users who pass. The concept of social proof should be used with our approach to these phishing tests. This concept states that people who are dropped into an unfamiliar environment and aren’t sure what to do next will follow the crowd. Her suggestion? Positivity will get more positive results.
A New Concept and a Great Buy-In
Meanwhile, back here in Kansas, I’m touching base with a local bank who wants to take part in a concept that is new for Iconic IT. I met for coffee with the bank’s security/risk reduction manager and introduced her to the concept of Business Impact Analysis. A BIA takes a look at every application, function, infrastructure, and physical aspects of what makes a business tick. The BIA allows the company to rank these aspects: what is the most important function of your business? After the business ranks its functions, we can ask the important question: How do you want to protect your business?
The BIA invites conversations, like what a threat actor could do to the business’ top ranked functions. It forces businesses to think about cyber operations in a logical way, the way they already think about the physical side of their business. It lets them see the impact of an incident based on the criticality of the affected function. This allows us to discuss Restore Point Objective and Restore Time Objective, and create hierarchies for controls. The more important the function, the higher the controls. This can be framed as a cost-saving measure as well: do I need to back all my company data up on the cloud, or can I save money keeping some backups on servers? Considering the whole picture increases their awareness of their IT functions and the necessity of protecting them.
Train Your Brain
I’ve been thinking a lot about cybersecurity training, and how to talk about it. I want to bring alignment between ConnectWise and training, from the top down. ConnectWise is heavily focusing on tactical/operational security platforms for MSPs, and we are starting a mission to deploy these training topics. We do patching and updates for our clients, but we don’t patch or update our brains.
Cybersecurity is more than just tools. It’s human understanding, too. What are the security components that need to be taught and understood? Cybersecurity is more than just one level, it’s breadth and depth. We are starting to unify security training across the board. I will be taking a twelve-month cybersecurity training through ConnectWise to increase my own understanding of their focus, platforms, and technical commitment.
The Beards Talk Cybersecurity
For those always wishing they could see heavily bearded men discuss cybersecurity, your dreams are coming true. Myself and some of my other facial-hair blessed friends and peers are getting together to bring you “Talk Cybersecurity with the Beards” (name of this event may change), a platform for us big-bearded cybersecurity specialists to get together and discuss cybersecurity as a whole, MSPs, and the state of cybersecurity and SMBs.
The Deluxe Box of Crayons
With so many things going on every day, I decided to take advantage of color coding on my calendar. I might have had a little too much fun with this, and I colored between the lines this time. My calendar is lit up like a Lite Brite, and now I need a key to decode my own colors. Progress!
And that’s, as they say in show biz, a wrap. Take care, my friends, and I’ll see you all next time.