Honestly until 5 years ago I had no idea what Information Assurance and Cybersecurity was, much less how it affected me as a Program Manger. My cybersecurity OJT started when I ran a USAF weather program for large defense contractor. Luckily for me this organization had a well-established and effective cyber team willing and ready to help pull me as a junior PM through the world of DOD cybersecurity and IA requirements. Who knew just 7 short years later I would be promoting my own company’s cyber prowess.
As a small business owner of an engineering company, which offers cybersecurity solutions and services as a core competency, I have to be able to clearly understand and communicate our capabilities as well as instill a sense of confidence in said capabilities to our current and future customers…I have begrudgingly become a sales person of sorts on a product that I have very little understanding of when considering the language, definitions, and acronyms used around our organization every day. Up until becoming an owner I have always been very comfortable allowing the experts (my engineers) to do all the cyber talking and understanding. My current role has required me to place myself into situations where quite often I find myself engaged in conversation well above my level of understanding.
Not being comfortable in a conversation regarding an offering that my namesake provides is quite honesty terrifying. Over dinner and a beer (or 2) I shared this fear with my great friend, business colleague, and cyber expert, Mr. Adam Austin. As well as being one hell of a physicist, Adam is an expert on most topics related to cybersecurity especially when it comes to protecting an organization’s IP. To him the solution to my problem was rather simple… register for and take my first SANS course.
To be clear I am an electronics/avionics technician turned businessman, which in my opinion is the farthest experience away from cybersecurity. But as with everything I do I jumped at the idea of a challenge and learning something new. Especially something that would potentially give me the confidence I am looking for in a complicated cyber arena. Or at the very least give me enough knowledge to keep me from making a total fool out of myself and a mockery of our company. I took Adam’s advice and registered for SANS San Diego 2017, specifically SEC301 Intro to Cybersecurity. This is a boot camp style course designed for business owners and sales people who are looking to better understand the cyber world in general. I have no expectation of coming away from this course an expert in anything cyber. However, I have a full expectation to come away with a solid understanding of what cybersecurity entails and a better understanding of terminology and operations around protecting data and networks.
I am finalizing this blog entry in route to SANS security west 2017. The flight attendants just announced that they are preparing the cabin for landing in San Diego; I take this announcement as an indicator to wrap this bog entry up and get the laptop tucked safely under the seat in front of me. Although, it’s not a united flight so I would presume if I kept working I would only get a verbal reprimand but why chance it.
So here goes nothing, I will post another blog entry after the course to let you all know how it turned out and if I’m any more educated on IA and Cybersecurity.