Smartest Person in the Room -  Christian Espinosa

Smartest Person in the Room (eBook)

The Root Cause and New Solution for Cybersecurity
eBook Download: EPUB
2021 | 1. Auflage
290 Seiten
Lioncrest Publishing (Verlag)
978-1-5445-1620-2 (ISBN)
Systemvoraussetzungen
11,89 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
Cyberattack-an ominous word that strikes fear in the hearts of nearly everyone, especially business owners, CEOs, and executives. With cyberattacks resulting in often devastating results, it's no wonder executives hire the best and brightest of the IT world for protection. But are you doing enough? Do you understand your risks? What if the brightest aren't always the best choice for your company? In The Smartest Person in the Room, Christian Espinosa shows you how to leverage your company's smartest minds to your benefit and theirs. Learn from Christian's own journey from cybersecurity engineer to company CEO. He describes why a high IQ is a lost superpower when effective communication, true intelligence, and self-confidence are not embraced. With his seven-step methodology and stories from the field, Christian helps you develop your team's technical minds so they become better humans and strong leaders who excel in every role. This book provides you with an enlightening perspective of how to turn your biggest unknown weakness into your strongest defense.
Cyberattack-an ominous word that strikes fear in the hearts of nearly everyone, especially business owners, CEOs, and executives. With cyberattacks resulting in often devastating results, it's no wonder executives hire the best and brightest of the IT world for protection. But are you doing enough? Do you understand your risks? What if the brightest aren't always the best choice for your company?In The Smartest Person in the Room, Christian Espinosa shows you how to leverage your company's smartest minds to your benefit and theirs. Learn from Christian's own journey from cybersecurity engineer to company CEO. He describes why a high IQ is a lost superpower when effective communication, true intelligence, and self-confidence are not embraced. With his seven-step methodology and stories from the field, Christian helps you develop your team's technical minds so they become better humans and strong leaders who excel in every role. This book provides you with an enlightening perspective of how to turn your biggest unknown weakness into your strongest defense.

Chapter 0


1. Why Are We Losing the Cybersecurity War?


Knowing is not enough, we must apply. Willing is not enough, we must do.

—Bruce Lee

Did you know you have to complete 1,500 hours of training to be certified to cut hair in the state of Arkansas? (I grew up from ages 12 to 18 in Clarksville, Arkansas, so I tend to use it as a point of reference.) That’s roughly 37.5 weeks of dedicated training before you’re let loose on the general public. If you want to cut hair in Arkansas, you’ve got to be passionate about it.

Cybersecurity experts on the other hand, the people who protect all your sensitive information (medical records, credit card information, Social Security number, etc.), can pass a test tomorrow and get hired the day after. No regulations mean no proper training is required. Score 70 percent or higher on a fifty-question cybersecurity quiz and you’ll receive your certification. You’re free to start work the same day, as many employers are eager to hire certified personnel.

Doesn’t this seem a bit backward?

Don’t get me wrong, I never want to get a bad haircut, but if something were to go awry, if my stylist were to accidentally give me a buzz cut or a mullet, that would be a lot easier to deal with than someone stealing my Social Security number or medical records. The fact that it’s significantly easier to get certified to protect my sensitive data than it is to cut my hair underlies the problems we’ve seen in recent years in cybersecurity. Let’s explore the causes.

Cybersecurity Certifications—Paper Tigers


Many people in cybersecurity think we are losing the cybersecurity war because of a lack of certified talent. They think we don’t have people smart enough to combat these cybercriminals and that we as an industry need to pay more to attract the top talent away from our competitors. They think that’s the only way we’re going to win. They believe people are the problem, because they believe there aren’t enough who are qualified. They’re referring to the quantity of qualified candidates.

It’s the quality of the candidates that’s the problem, though. The current certification process itself has led to a shortage of qualified talent. Unlike Arkansas’s beauty industry, many cybersecurity certifications are especially easy to earn. Being “certified” in cybersecurity has become something of a joke among industry leaders because anyone with an internet connection can search the web for the fifty-question, multiple-choice test and memorize the answers. Once they pass, they can quite easily get hired as an analyst or get a job protecting your data.

However, as soon as the job really gets intense, they prove they don’t have the skills needed to safeguard against cybercriminals. I can’t tell you how many times I have hired someone who looks really great on paper—has all the industry accreditations and certifications—but then looks like a deer in headlights when faced with a real problem. I call these types of cybersecurity professionals “paper tigers”—all growl and no teeth—and I try to avoid hiring them at all costs. The bar is dangerously low for cybersecurity certifications and often puts emphasis on skills that don’t really matter. Plus, the tests are typically based on theory rather than application. You often need to temporarily suspend your view of reality and drink the cybersecurity Kool-Aid before taking certain certification exams.

Practical Certifications


I want to be clear—the concept of certifications is great, and there are many certifying organizations (such as CompTIA and EC-Council) that are doing the right thing. Instead of multiple-choice exams, they’re moving to methods that test the practical application of cybersecurity processes. When you’re being hacked in real life, no one presents you with a multiple-choice question and four options. Functional, practical certifications are fantastic and do a better job of preparing technical employees for cybersecurity in the real world.

And the problem perpetuates itself. You hire unqualified people; then, when the people who have passed these certifications get promoted into management positions and have hiring responsibilities, they tend to hire people who have passed the same certifications. They don’t want to hire someone they think might be smarter than them—remember, they want to be the smartest person in the room. If they hire someone who has real-life experience, rather than a certification, their own lack of knowledge and skills may be exposed. The so-called talent shortage exists because our technical hiring managers aren’t hiring qualified candidates.

I used to work with a really smart guy named Doug, and I noticed he tended to hire only people who were not an intellectual threat to him. As a result, his team continued to downgrade with each new hire, and consequently, his results suffered.

When I hired a CTO over Doug, it was the beginning of the end. Doug’s insecurities took over because he saw the CTO as a threat. We were in business to help people secure highly sensitive data, but Doug was more concerned about someone in the company knowing more about cybersecurity than he did. However, Doug couldn’t take it, and he didn’t last long at the company after that.

You can cheat and cut corners to get a cybersecurity certification. Most certifications don’t equate to quality talent. There are exceptions, and some certifications really do help qualify cybersecurity professionals. The majority, however, don’t.

I have more than twenty-five certifications. Given my experience with them, I know firsthand that most don’t single out quality talent like they claim to. Some certifications are great, but they simply aren’t the panacea everyone is after. Hiring someone with a bunch of certifications doesn’t mean you’re hiring someone who is actually qualified to secure your data.

The alternative to certifications isn’t much better, however.

Four-Year College Degrees


If you’re thinking we can easily solve this problem and hire quality talent by requiring four-year degrees, forget it. We’ve tried that, and in my opinion, requiring a college education is the other reason why we’re in this talent shortage predicament in the first place.

By requiring a four-year degree to work in cybersecurity, the qualified candidate pool instantly shrinks. There will naturally be less talent to choose from. Moreover, the four-year college model (like the current certifications model) has its own foundational challenges. The field changes faster than textbooks (and lesson plans) can be updated; how can we expect professors to keep up with the cybercriminals at that pace? Plus, there simply aren’t enough qualified cybersecurity university professors with real-world experience. Most understand only theory, so that’s what they teach. It doesn’t matter if theory is different than reality.

There are two distinct categories of universities. Traditional universities are research-driven, and this extends to their teaching methods. Universities of applied sciences on the other hand are more practice-oriented with the goal of educating students for professional work life. Universities of applied sciences are a little bit better than traditional universities (and their degrees more relevant to cybersecurity) but not by much. Neither adequately prepares its students for a real-life career in cybersecurity.

For two years, I was a cybersecurity professor at a university of applied sciences in St. Louis and taught a master’s-level ethical hacking class, but instead of creating lesson plans and using textbooks similar to those my colleagues were using, my lesson plans were based on real scenarios. At first, I was excited about my new gig, but it quickly soured when nearly half the students began complaining about their assignments.

They said the class was too hard for them.

Here I was, trying to teach my students advanced cybersecurity techniques, but it was clear they didn’t want to work hard to learn the skills they needed to succeed in the industry. (What would someone with nearly thirty years of experience working in the field know anyway?) They wanted the academic cybersecurity degree, but they weren’t passionate about cybersecurity in practice—or their ideas about cybersecurity were far removed from the reality I know. If they had been passionate, they would have dug their heels in to figure out the assignments and pass the class. In person, I have trained more than ten thousand students in cybersecurity and leadership, and it seemed to me that the majority of this group was only in it for the money a career in cybersecurity would bring them.

So I took a step back to evaluate the system as a whole. It wasn’t just the students or this university in particular; it was all universities peddling the same business model—get enough people through the program and entice employers by telling them the graduates have the skills they...

Erscheint lt. Verlag 2.2.2021
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Wirtschaft Betriebswirtschaft / Management Unternehmensführung / Management
ISBN-10 1-5445-1620-7 / 1544516207
ISBN-13 978-1-5445-1620-2 / 9781544516202
Haben Sie eine Frage zum Produkt?
EPUBEPUB (Ohne DRM)
Größe: 2,9 MB

Digital Rights Management: ohne DRM
Dieses eBook enthält kein DRM oder Kopier­schutz. Eine Weiter­gabe an Dritte ist jedoch rechtlich nicht zulässig, weil Sie beim Kauf nur die Rechte an der persön­lichen Nutzung erwerben.

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür die kostenlose Software Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99