Christian Espinosa - The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity

When Dick Cheney, former Vice President of the United States, found out his pacemaker was hackable, he had his doctors disable its wireless feature. He was terrified he would be assassinated via his pacemaker.

It sounds like fake news, but its not. You probably dont have pacemaker assassins following you, but right now, you are surrounded by invisible thieves who want to break in and steal from you.

They arent trying to burglarize your house or your corporate office. They arent lurking in the bushes or wearing ski masks. The thieves Im talking about are virtual. Thats why you cant see them.

Theyre called cybercriminals, and they are incessantly looking for openings on your computer or in your data center. They want to steal your information for financial gain, for terrorism, or something far more nefariousand maybe some of these criminals are trying to hack into your life - dependent medical device as Dick Cheney feared.

Whatever their motivation is, it doesnt matter; cybercriminals want to steal your information to wreak havoc.

This matters because you are responsible for protecting your companys data. You may be the CEO, COO, or CISO of your organization, and you are accountable for keeping your clients data, your medical devices, and/or your companys patents or intellectual property (IP) safe. You are on the front lines of a war most of us cannot see, with cybercriminals on one side and the good guys, the ones trying to lock all of your virtual windows and doors to secure your data, on the other side.

If this were our house or corporate office, wed be able to see the thieves trying to break in. Because this war is happening virtually, we dont think much of it until our personal computer has been compromised or our client or medical data has been stolen. Most of us dont realize these virtual crimes are happening until its too late.

Like thieves in the flesh, cybercriminals will always exist, and they will always try to hack into your network and steal your information. So what measures are the cybersecurity professionals like me taking to combat them? And are these methods working?

I would say they are not. In fact, I would go so far as to say these methods are failing . It seems as if every other day there is news of another major data breach. The cybercriminals are winning . Why?

Weve had this problem for years. I have seen it as an information assurance (IA) analyst, penetration tester, cybersecurity engineer, trainer, and consultant. There isnt a piece of hardware or software thats going to solve it because the people are the real issue.

Cybersecurity is a support industry, and a lot of professionals in the industry tend to forget that. These professionals think that cybersecurity is an industry unto itself, but it wouldnt exist without other industries (like manufacturing, healthcare, and financial services). Cybersecurity, like IT, supports those other industries. Heres a great definition of cybersecurity:

Measures taken to protect a computer or computer system (as on the internet) against unauthorized access or attack.

Business leaders rely on their cybersecurity staff to protect their company data. I have held executive - level positions in cybersecurity firms and founded my own company, Alpine Security, and in my more than thirty years of experience in cybersecurity and leadership, I found these technical employees are the root of the problem. Ive read the books and articles outlining overly complicated frameworks and best practices needed to win the cybersecurity war, but its the people and their egos at the nexus of the industrys failings, not the other way around.

That tells me two things: we need to come up with something different, and when we do, people need to pay attention.

Right now, almost every business has a team of technical employees who contribute to the problems within the cybersecurity industry. Your people and their poor communication skills are the reason your data was stolen, not your lack of cutting - edge technology. Their need to be the smartest person in the room and their substandard people skills have rendered them unable to communicate clearly and work effectively with others to solve problems. Thats why were losing the cybersecurity war.

So whats the solution? How can you protect yourself?

In my experience, open communication allows us to solve problems and commit to fixing them. If we strengthen our communication skills, we can also strengthen our ability to win the cybersecurity war. However, successful open communication requires soft people skills, such as empathy, active listening, vulnerability, and trust.

Many technical people struggle with people skills because theyre often, at their cores, insecure. They are uncomfortable interacting with others because they fear the ambiguity that goes along with it. They crave certainty and prefer things to be either black or white; most cant handle the shades of gray that come with human interaction and business politics rampant in large organizations.