What It Takes to Become A Cyber Executive

An Interview with Aric K. Perminter

Today, more than ever, new products and software are under attack by a host of malicious actors. This makes the role of a C-Level Cybersecurity officer or a Chief Product Security Officer one of the most important lines of defense against cyber threats. What do you need to know to be a successful cyber executive today?  To address this, we are talking to  Aric k. Perminter, CEO of Lynx Technology Partners on  “What It Takes To Become A Cyber Executive, Today.”

The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

  1. Potential of AI – Done correctly, AI-enabled threat detection systems can predict new attacks and notify admins of any data breach instantly. AI-enabled GRC platforms can automatically generate multi-panel dashboards to include predictive insights simply by selection of a data element – with no report authoring needed.
  2. Quantum Crypto – To have a truly usable system, you may need to combine quantum cryptography with elements that are not quantum. Those other elements could be vulnerable to attacks in ways that theorists have not envisioned.
  3. Role of GRC in ESG – ESG and GRC share a common element: the G, which stands for governance. So, GRC begins with certain rights and clearly defined objectives for the areas of governance, followed by managing uncertainty and risks. As a result, organizations that integrate GRC into ESG reports can be relied on. The GRC capability model, when put in context, comprises four things: to learn, align, perform, and review. The essence of all these four processes is to provide a clear pathway for companies to report ESG targets competently.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

  1. Cyber Security Breaches – As technology continues to evolve at a rapid pace, so too do the methods used by cyber attackers. It is therefore important that businesses and individuals stay up-to-date with the latest developments in cybersecurity so that they can protect their data from malicious actors. Organizations must adopt new technologies and processes to mitigate the risk of a data breach and maintain a strong security posture. Some approaches include adopting multi-factor authentication systems with strong passwords, implementing encryption measures on stored data, and deploying Endpoint Security Solutions that prevent access to malicious sites. Additionally, organizations should ensure their networks are regularly scanned for potential threats and vulnerabilities so they can address any issues quickly before they become larger problems.
  2. Immature Governance Models – Integrated Risk Management (IRM) is a strategic and collaborative approach for organizations to manage risk across their entire group. It is a holistic, organization-wide approach that welcomes input from various functions, such as security, compliance, and IT. IRM includes all risk management procedures followed by an organization to improve its risk visibility and decision-making. Organizations can use IRM solutions to address their specific needs and challenges related to digital transformation. Solutions like Lynx Risk Manager IRM provide strategy-first integrated GRC capabilities that help organizations identify risks, assess the impact of those risks, prioritize them according to the organization’s goals and objectives, and take action accordingly.
  3. ESG – GRC is critical in ESG (environmental, social, and governance) initiatives. Organizations increasingly set ESG goals and metrics for themselves as part of their long-term strategy. In addition, GRC helps organizations identify risks that could have a detrimental effect on their ESG initiatives, such as financial losses or reputational damage.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain? Human Factor – Working from home created many new avenues of attack.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss? The device battery drains fast, the computer fan runs loudly, or websites consistently load slower.  We often self-diagnose and troubleshoot these signs with a reboot, yet the threat still exists.

What are the most common data security and cybersecurity mistakes you have seen companies make that make them vulnerable to ransomware attacks? Poor patch management processes and immature data storage plan (no encryption and inconsistent backups).

In today’s environment, in addition to computer systems, hackers break into the software running many products, such as cars or robotics, for malicious purposes. Based on your experience, what should manufacturing companies do to uncover vulnerabilities in the development process to safeguard their products?  I tend to agree with the Microsoft model that recommends the following. #9 and #10 are at the top of my list:

  1. Training
  2. Define Security Requirements
  3. Define Metrics and Compliance Reporting
  4. Perform Threat Modeling
  5. Establish Design Requirements
  6. Define and Use Cryptography Standards
  7. Manage the Security Risk of Using Third-Party Components
  8. Use Approved Tools
  9. Perform Static Analysis Security Testing (SAST)
  10. Perform Dynamic Analysis Security Testing (DAST)
  11. Perform Penetration Testing
  12. Establish a Standard Incident Response Process

Ok, thank you. Here is the main question of our interview. What are the “5 Things You Need To Create A Successful Career As A Cybersecurity Officer Today” and why?

  1. Adequate Budget – No matter how great one’s talent might be, underfunded cybersecurity programs inevitably fail.
  2. Peer Network – Cybercriminals collaborate with any boundaries; we must leverage our peer networks the same way.
  3. Clear Communications –Clear and consistent communications enable more real-time and informed decision-making.
  4. Professionalism –I’ve always said, professionalism over power wins every time. Bullies become boring over time while Pros are invited to every dance!
  5. Empathy – The most effective leaders demonstrate a keen ability to identify with or understand another’s situation or feelings. In doing so, they are better suited to provide various levels of support throughout their career.

You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂  I would create a nonprofit that trains former inmates to become risk analysts, providing low-cost risk assessments to state, local and educational institutions often underfunded to pay for these mission-critical services.  We’re in the process of launching something called the Risk Analysis Professional (RAP) Council!

How can our readers further follow your work online?  Twitter is @aricperminter and LinkedIN: https://www.linkedin.com/in/aricperminter/

This was very inspiring and informative. Thank you so much for the time you spent on this interview!