Welcome to the Spotlight Series with cybersecurity experts and Insider Risk Management leaders that are presenting at the upcoming 2022 Insider Risk Summit this September.
What are the biggest takeaways you hope attendees walk away following your session?
Chase: I am a threat without realizing it. We are all threats, and that’s only part of the problem. It’s important to think about the reality of the space and the actual threat, not the perceived shenanigans. In my session, we’ll talk about personal experience and what being a threat actually looks like.
On a larger scale, I want attendees to understand how impactful the Insider issue really is. Everyone is so focused on external threats like Russia and China, but the immediate concern should be “what is someone doing inside my enterprise that they shouldn’t be doing?”
What do you think is the biggest misconception about Insider Risk?
Chase: People still see Insider Risk as Draconian - they think we are monitoring everything and looking at everything you are doing. It’s not about that. Yes, I have a need and the right to defend my enterprise, so I have to look at data movement, but there’s context. Technology allows us to turn the dial to things I need to pay attention to and there’s a lot of history that gives an indication of what’s valuable and what’s not.
What do you think is most exciting about the security industry today?
Chase: There’s an acceptance of the value of strategy in the security space. We are past the days of buying stuff until you get it right, the “hedge your bets” approach.
What area in security or business gets a lot of attention but doesn't really have as much meaningful impact on security posture or business outcomes?
Chase: Phishing training. Sending a phishing email to employees doesn’t improve the security culture within an enterprise. We should train employees, but rather than relying on people to be a technical solution to a technical problem, we should use technology so that employees don’t have to be security people.
What was your proudest moment as a security professional? Or, what was your most challenging moment?
Chase: Getting into a data center with a balloon as a red team person. I was contracted to get into an internal data center and the servers were very heavy and had motion sensors. With a bit of creativity and a trip to the local CVS, we were able to get in by blowing up a balloon and putting it in front of the motion sensor.
What is your life mantra?
Chase: Have an “I Owe” mentality vs. a “You Owe” mentality. It helps to understand people, practice empathy and if you come from a place of “you owe them”, you are working to make others better.
Want to learn more about Chase? Check out his podcast, DrZeroTrust where he discusses all things ZeroTrust and cybersecurity related.
Join us at the Insider Risk Summit
The Insider Risk Summit, the industry’s leading conference on Insider Risk Management (IRM), brings together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. More than just one moment in time–the Insider Risk Summit is a community of organizations and security professionals that understand collaboration, productivity and enablement of users while meeting data security challenges. In its inaugural year in 2020, more than 2,000 security professionals registered for the event, which is held annually in September during Insider Threat Awareness month. For the most up-to-date news about the Insider Risk Summit and the IRM community, go to insiderrisksummit2022.com or follow along on LinkedIn and Twitter.