Learning how to keep your business safe and protect your online data can be advantageous for your home and personal life as well. Your children and family can create awareness at school and with friends. Today’s guest is Greg Tomchick. Greg is a former professional baseball player turned award-winning cybersecurity coach. He has worked with more than 250 world-renowned companies, including American Airlines, Caterpillar, and Trinity Rail. He is regularly featured live on ABC, Fox, and is an expert contributor to Inc. Magazine. He is now the CEO of Valor Cybersecurity and host of The Connected Mindset.
“Everybody thinks security happens in the background until the curtain comes up and there’s nothing there. They don’t know the benefit until something bad happens.” - Greg Tomchick Share on XShow Notes:
- [1:10] – Greg shares his background coming from a military family and then as a professional baseball player before learning cybersecurity’s impact.
- [2:42] – As an entrepreneur, Greg’s business experienced a cybersecurity attack.
- [5:45] – The Connected Mindset is helping people become more consciously aware of how they navigate life both physically and digitally.
- [7:26] – Greg explains why they set up budgets of companies and individuals for cybersecurity at Valor.
- [9:25] – The focus should be on the mindset first.
- [10:27] – An unexpected positive is that cybersecurity gives a company or business a competitive advantage.
- [12:58] – Most people don’t think about security until after something has gone wrong.
- [14:43] – What is the difference between culture and mindset?
- [15:50] – Greg shares some of the mindsets and cultures that are unhelpful.
- [18:09] – As connected as we constantly are through technology, we have never been more disconnected.
- [20:50] – When Greg’s business had been attacked, there was no place to report the incident. Things have improved in recent years.
- [24:48] – No matter the size of the business or amount of money an individual has, everyone can be a target.
- [27:08] – Some companies are risking things by going remote without any plan, structure, or security in place.
- [28:45] – Every new device or software that is introduced needs to be considered.
- [30:16] – Greg discusses AI, including the costs and benefits.
- [34:03] – What is the minimum cybersecurity mindset that the everyday person needs to have?
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- The Connected Mindset
- Greg Tomchick’s Website
- Greg Tomchick on LinkedIn
- Valor Cybersecurity Website
Transcript:
Greg, thank you so much for coming on the Easy Prey Podcast today.
Chris, pleasure to be here. Looking forward to it.
I'm looking forward to this as well. Can you give myself and the audience a little bit of background about who you are and what you do?
Absolutely. Military born, both of my parents were in the Navy. I also got to travel around the beautiful United States and check out all the military bases across the country. I got to learn from a lot of great generals and military leaders on how they live life and how they looked at the world, obviously, from a more paranoid perspective.
Shortly after that, I became a professional baseball player through the different sports that I played. I was able to play with the St. Louis Cardinals for a couple of years. Great experience. A lot of mindset training and learning how to deal with people and how to work with people collaboratively to achieve a common mission.
I started a software development company in college out of Old Dominion University in Norfolk, Virginia. Always had that entrepreneurial spirit to create things that I think I thought they needed most. That company when it was at its height, we were doing six figures. Just actually surpassed that mark, had a cyber attack, very detrimental. It ended up putting the company out of business. That's where I learned what cybersecurity really meant to an individual in a business.
That led me to about five years later in 2021, after working for a variety of companies, I started Valor Cybersecurity to really help people have a central point to pick up the phone and call, whether it's a person or a business, when something bad happened. Our main goal at Valor is to get to people before the bad actually hits them. It's where we focus a lot of our time and energy today.
Thank you for sharing that story. I know that not a lot of people like to talk about their origin stories when it involves a cybersecurity incident. Can you tell me more about what actually happened?
Yeah, absolutely. We were developing websites and applications. A key point of any website or application is a database, where that information is stored and goes and processes throughout. We were actually expanding into India at the time. We're going into India as well as Pakistan, expanding our development teams across the world so that we could operate 24/7. As an entrepreneur, it's like, “This is the best thing since sliced bread to be able to develop all day, every day.”
Somebody did not like that we were expanding into their office and potentially taking some of their clients. They decided to execute what's known as a SQL attack, which is basically a database injection. They got in, wreaked all kinds of havoc, corrupted our database. Our clients started to get bad material on their website. These were yoga studios. These were heavy appointment-type businesses that we were supporting.
You can imagine their clients calling in and saying, “Hey, I was going to book my yoga class, but I noticed that this is content my kids should not be privy to.” It was one of those things. I was actually in major league baseball spring training at the time. Business partner called me about four times when I came into the locker room after a hot Florida day, running around, throwing a baseball around, and said, “Hey, something's happened. I don't know what it is. It looks like we've been hacked.”
That was really where I learned what cybersecurity was. I didn't know what it really was at the time. I learned the hard way; really want to help as many people through this episode, and learn things before that negative event hits them.
That's tough. Was your business able to survive that?
We survived for about four-to-five months after that. Ended up having to pay about $75,000 out of pocket to pay an investigative firm, a lawyer, and then all the other costs that came along with it to restore systems and try to make our clients whole. We survived about four-to-five months after that. We started to kind of get the revenues going a little bit, but we just realized that the reputation was better off to hand the clients off to a larger partner who could support them and restore our personal reputation to not do the same thing again, which could have happened.
As well as anybody, that these attacks typically don't only happen once. They happen duplicate times. We didn't want to be the person on the other end of that while we were trying to figure out, “What does this security thing really mean, and how do we run a business with it at the center of everything we're doing?”
Yeah, it's one of those things of if your reputation is tarnished, it's pretty hard to continue to help your clients.
Yup, definitely.
In launching Valor, the practice that you had in the military and learning how to operate in the military, how much of that influenced what you've done with Valor?
It's been huge. Both of my parents being in the military, you obviously operate on that defense mindset, not that you're paranoid, but you look at your environment to see what could be a vulnerability. That's been huge just from the way I look at the world. I'm walking around buildings, looking at cameras, like, “Hey, where's that angle going?” It just gives you what I call situational awareness, which is normal here.
That combined with baseball, which is more about athletic mindsets, that competitive advantage, I've tried to bring those two together to create what I call the connected mindset today, which is helping people be more consciously aware of how they navigate life both physically and digitally. A lot of that, people look at physically. But because digital is so intangible, sometimes they don't feel it. I tried to relay to whether it's a board member or a manager within an organization, what it feels like to be on the bad side of it so they could feel it before actually going through the detrimental impact that a lot of these cyber and digital attacks have at the end of the day.
Yeah. That seems to be one of the biggest challenges with a company's cybersecurity department or their defensive posture department is convincing management. “We need more resources, we need more money.” And they're like, “Well, but nothing's happened.”
Yeah, exactly. That's one of the things I noticed early on. I was able to work for a couple of great leaders after that attack happened, and then after I got out of baseball to really identify where the problem areas were. One of the main things that we do, which we don't see a lot of companies doing today is when we come in, we help them build a budget. Obviously, we want to be a part of that budget. But if we're not, we give them a plan and a budget to actually allocate money.
One of the things I noticed early on: Companies were having incidents over and over again. A lot of these companies didn't have a budget. They weren't spending money on proactive aspects of avoiding these types of attacks. -Greg… Share on XOne of the things I noticed early on: Companies were having incidents over and over again. A lot of these companies didn't have a budget. They weren't spending money on proactive aspects of avoiding these types of attacks. I think that's a key point. I've seen a lot of either individuals or companies really benefit from just saying, “We have a hundred dollars that's going to go towards security this month, and we're going to strategically invest it.” It makes their posture just that much better, and it keeps them out of what we call that low-hanging fruit that a lot of these attackers are going after because they're just easy targets. We all love an easy button to win the lottery for some people here.
Yeah, I can imagine. Has the sports background also played an impact as well? I think of, what little sports that I participated in, there was a lot of repetition and practice, practice, and do it over. “OK, that doesn't quite work. Make a little bit of a tweak; do it over and over and over until you get it right.”
Yeah, absolutely. The persistence, that ability to be consistent with anything just like security, sports is that in a nutshell. One of the other things I learned from sports is that everybody has a position. If you think about a cybersecurity program or any business, everybody has a position they're playing, and they're responsible for certain things.
I think about if a shortstop in baseball or a second baseman, these different positions on the field, if they're not accountable for their area on the field, things just go right through. I think about it from the same standpoint within cybersecurity, whether it's a tool, a person, or some type of tactic. If it isn't accountable and doesn't serve its purpose, somebody can walk right through the front door. I think that's critical from a sports standpoint.
A lot of it's culture and mindset. I noticed that the best coaches I had really focused on culture, mindset, and then skills. I think a lot of people today want to focus on skills. They want to focus on culture, and then they want to focus on mindset. It's a little bit backwards in today's world.
You can have all the skills in the world. You can be the best penetration tester. You can be the best defensive security person, but if that culture isn't surrounding you and that mindset isn't throughout your people, you're still going to be that low-hanging fruit that an attacker is going to go after. It's going to come back down on your desk to say it was your fault. I want to see less people and less seesaws go through that difficulty that we've seen so many go through up to this point.
What are some of the positive cultures and negative cultures that you've seen when you've gone in with your clients and prospective customers?
I think from a positive standpoint, it's really using security as a competitive advantage. I think once you understand that it is a competitive advantage, if your competitor gets hacked and you don't, you can use that as a, “Hey, you should probably work with us because we're doing our due diligence to protect what you value most.” I think that's the main positive.
Also, all of the stuff that we do at work translates to our household and vice versa. I think companies need to take more accountability when they do employ people to say, “We're actually training them somewhat for their life outside of here. We're enabling them to live a safer, more certain life, not just in this building or when they log onto the computer, but also in their life, which translates to their kids, which translates to their kids generationally.” I always look at that from a company standpoint.
When I've talked to executives about that, a lot of them want to embody that, but a lot of times, they forget about it because of the bottom-line or top-line revenues are so focused on the money, which we have to be to pay the bills. But if you start to think about those second, third, fourth order effects of implementing something like this, it feels good, which everybody likes to feel good. But also when somebody's kid says, “Hey, I protected my school from a cyber attack,” or, “There was something going on at this school and I knew what to do and what to tell my teacher,” those types of events just bring you back down to earth that I think we should all be doing our due care and those activities just to make sure that that's throughout our communities.
I see that a lot whenever I travel to Europe and other countries. They really care about their community, their culture, a little bit differently than some of the communities in the United States. They take accountability for everybody else, which is, I think, security is at the core of that. It's one of those hierarchy of needs that we all have. We want to feel protected and safe.
From the negative standpoint, I think when security becomes a behind-the-closet-type function, everybody thinks security just happens in the background until the curtain comes up and they're like, “Oh, there's nothing behind there,” or, “There's one or two folks trying to run the show with their hair on fire.” They're trying to do everything they can to do what's best for the business, but nobody is, and handing them coffee or saying, “Hey, you guys need anything today?” You don't know the benefit until something bad happens.
I think that's just where security culture has come from. The business folks have always said, “Digital or physical is not a revenue-generating thing.” We've proved time and time again to the executives that we work with at the board level that security is revenue generating and revenue protecting at the end of the day.
A lot of that comes down to representing it as technical debt. These companies are implementing all this technology, and they don't put security in place, so they're going deeper and deeper into that security or technical debt aspect. We've had a lot of companies, when we put together these budgets, they start to put that as a line item.
The CFO now understands that we're not going into debt monetarily necessarily immediately. But if we have an attack, all of that debt’s going to be realized in a very rapid fashion. It really helps to kind of lay things out in a numerical aspect for the business folks. At the end of the day, they're signing the checks.
We've shown that revenue-generating ability of security. When they do that, they want to invest more and more. When you see somebody, the light bulb go off and they're like, “Where else can we invest money in security to really feel better and protect the kids of our employees, the business, and the data we're processing and our clients?” It's just an amazing process that really feels good from a professional standpoint. It doesn't happen frequently enough. I want to be, along with my team, a more forward-facing proponent to that happening more often where people are questioning themselves—“Where do we need to invest?”—as opposed to feeling pain from investing and actually protecting themselves?
Yeah, you don't want to be feeling pain on this area.
Absolutely.
I think the culture and mindset are a little bit foggy for me. What is the difference between culture and mindset? What are the good mindset and the bad mindsets that you've seen?
I think culture to me is a collective mindset. Multiple people coming together and realizing a common mindset. When I look at mindset, I think about the individual. The individual has to bring a certain set of morals, values, and beliefs to that overall community. If they're able to get multiple people to buy into it, whether that's a team or a whole company, that creates the collection of culture. The mindset is more individual, the culture is the collective of those mindsets being brought together and being enhanced continuously.
I think that's what community can do. You get people from different perspectives to say, “Hey, your mindset may be a little bit off on where we all want to be headed,” and that helps everybody improve. When we start to talk about negative mindsets—“I think we're too small or we're too big for this to happen.” That's a key one that we commonly see.
We always say to folks, “How do you get somebody to do something they know they need to do but still don't do it?” That's one of those mindsets, like a lot of things in life, where we don't act until we have a heart attack, or we don't do something. We don't say we love our family member until something bad happens to them. Just little things like that that we're trying to help people wake up a little bit and say, “I need this mindset individually.”
Once I have that mindset, I can talk about it with the people I care about or the people I'm interacting with periodically to overall create an improved culture. That's the positive brush of the number of benefits that I highlighted earlier.
Got you. Where are the skills that you see that exist in most companies and the skills that are the most needed?
I think a big one that needs to exist is technology awareness, technology sprawl, or shadow it. I think a lot more people need to understand that. We use these tools and we use the benefits, but we all know the cost-benefit analysis, the cost-benefit balance in business. A lot of folks don't understand the costs until it's hitting them right in the face. They weren't prepared for that. A really key one is that technology awareness of what the costs are to these technologies.
We hear a lot about the mental health crisis. These technologies are focused on attention, they're focused on validation, and they're also focused on making you more addicted to using them. If there's not a mindset going back to that mindset and a shared mindset to build a culture around it to say, “I need to control my consumption of technology so that I can better connect to people around me,” that's a lot.
What I talk about on the connected mindset is we're so connected today that we've never been less connected before. It's one of those things where we can have a chat over Teams in our company, but it's way different than meeting me and you sitting in front of each other in an office building and really connecting where I can feel your body language, what you're saying, how you feel about something. I think we just need more of that.
When we used to sit around the fire hundreds of years ago and share stories, talk about our day, and we get that relaxation for our nervous system that I think a lot of us don't get, and technology is that dopamine hit, dopamine hit, dopamine hit. I think just the implications of technology, more people definitely need to understand, which to me is a current negative in the landscape, but technology does create a lot of positives as well. I'm not a negative Nancy. I like to point out both sides.
Technology makes it where we can call people from across the world and say, “Hey, what's the mindset that you've adopted lately, and how can I improve on that?” It's made knowledge so accessible, but I think we're still, from a human-societal standpoint and a cultural standpoint, still trying to adjust to how to use that information in a reasonable way so that we benefit, but also minimize the costs and just making those conscious decisions. I think a lot of us today are doing it unconsciously because it's just the way we've always done it or the way the world's headed. I think that that's a key aspect.
Yeah. I feel like I say this way too much, but the pandemic has caused us to shift to things faster than we might otherwise have done it. More people are working from home. A significant number of people haven't gone back to the office, and they're still working it from home. What might have been a key, multi-year generational shift from in-person meetings to Zoom meetings, it happened four years ago today. It was overnight, and it was all the meetings as opposed to some of the meetings. It really does change the way that we interact with people.
It's interesting to see, from my perspective, the in-person meetings were always much more effective. People left feeling better about things. The online meetings, you just don't feel connected to people, and you never quite seem to accomplish as much in twice the time.
Yeah, right. I think about the angry boss. You can just hang up on a Zoom meeting. Sometimes you can't just walk out of the room and say, “I'll see you later.” It's a completely different dynamic we're all trying to navigate. If we can do it a little bit more consciously, I think it makes us all better at the end of the day.
Yup. Earlier you talked about no place to report your cybersecurity incident. Has that changed since that incident happened?
Yeah, it has. The industry is definitely developed. When I had the attack, my area of Norfolk, Virginia, the biggest Navy base in the world, there's a lot of defense contractors, a lot of instant responders that would help the government. Obviously, you have the FBI, you have local police. Our infrastructure was based out of here.
When we had this happen, my first call was to a local defense contractor. I said, “Hey, we need help.” They're basically like, “All of our folks are onsite at a defense site that we can't really help you at this time.” I called a lawyer, called the FBI. I called local police and they're like, “Small business, we have bigger fish to fry.” We didn't really have an instant response shop like a FireEye or one of those companies to call and say, “Hey, we're a small business. Here’s what we had happen. We have six figures ready to pay you to figure this out.” We were trying to be somewhat cost efficient, cost effective there.
Today, I think a lot more companies put their phone number out there to say, “Call us to hit the red button.” I couldn't find that at that time, which was frustrating. Obviously, cost was a thing in my mind to figure out how I get through this, minimizing the costs to our clients, but also getting it figured out. I think it's definitely become, because of headlines, because of the news, because this stuff is really front page, the past five-to-seven years or so, it really created more avenues to reach out.
I also think things like CISA and the FBI, they've created a little bit more open doors to say, “If you have something happen, call us and we'll do our best to figure it out.” For me, it was calling the local FBI Norfolk office and saying, “Hey, we're a small business in your backyard and we need help right now.” They're like, “Yeah, you're 500th in line. Good luck.”
That's harsh news to hear.
Right. Yes, it is.
Did they ultimately refer you to anybody, or was this something you had to figure out on your own?
Yeah, it was figuring out on your own. They did say local PD, and then they said the same thing like, “Hey, we could help, but it may not be in a timely manner.” They referenced us out to a company in DC who ended up helping us out. We got that contact mutually through our lawyer. It was FBI, lawyer, and then eventually an investigative firm that helped us in the end.
I think this goes back to the strategic planning, the response planning that we really talk about a lot today at Valor. If you have that number already in a plan, maybe that's where your instant response plan is. It doesn't need to be that complex with all the processes and things. If you just have that number on the second page to say, “This is who we're going to call,” or, “These are the three people we're going to call and in this order,” that's a response plan. That's a good place to start.
If we would have had that, maybe we reduced the cost by $25,000. By having a retainer already set up, they could have responded. Some of the clients wouldn't have been impacted as deeply, and it would have been very productive for us. But since we didn't have it, we felt the pain to the maximum amount and definitely had the pain incurred.
I've definitely heard that analogy before that even if it's not much of an incident plan, even if it's not your lawyer currently, if you need a lawyer, here's who I'm going to call. If this happens, if I need a PR agency to deal with a negative PR incident, here's who I'm going to have to call because those are not, “Hey, yeah, this happened last night and I'm down,” you're calling all your buddies and friends saying, “Who would you use?” That's not the call you want to be making.
Yeah, absolutely not. It's critical to have that. We've actually helped executives that we work with set up digital wills from the personal side. Just like if something bad happens within their company, this stuff does happen to high-profile and even mid-profile, low-profile people that think they're not out there. But there are connections to potential money or some type of property assets, real estate that they have access to, that people are trying to go after. If you don't have a response plan or some type of digital will for other people to call when you may be out of pocket, it really does have a time impact that equals money. We try to minimize that.
Have you seen much of a transition in your business with more people working from home and having to extend that security posture into an environment where companies are not used to having a security posture?
Absolutely, yeah. Initially, it's very intrusive for the personnel. We've found some ways to make it where they're just logging into this home system for work specifically and then having a separate one for the personal side of things. I think that helps give some peace of mind.
I was lucky to be a part early on in my career, a large company that wanted to span it before Covid hit to say, “We have people that are working across the world. They're working from home.” They were some of the first movers in remote work, and they asked us the question on what would it look like to span our offices to people's houses and do it in the right way? We were able to set up some architecture that's not too complex, but it just shows how it segments out so people, when they come into the business, you say, “Here's how you log in at home—VPN or some type of piece of equipment. Don't log into this or let your kids log into it. This is your office away from the office.”
Today, as we know, with the shock of Covid, the boundary is just so wide. You can imagine that from an attacker standpoint, that's exactly what they want. They want a big boundary that they can find little nooks and crannies, little holes in the house, as I call it, or holes in the fort. They can crawl right in and get in.
We try to just show those gaps beforehand, set some architecture up to make it easy to understand but complex to get into, if that makes sense. It's been exciting being a part of that early project, seeing how things have developed, and seeing how a lot of companies are doing remote without even thinking about the implications.
We even see some executives that are almost hiding from it. We'll mention it and they'll be like, “No, no, no. There’s no security risks. They're working from home. Cox Communications, Verizon, they have it all figured out at home, so they'll protect my business.” We know that's not the case.
Yeah, I think that's one of those scary things. People think that, “Oh, my internet service provider is going to provide me cybersecurity resources.” The reality is, no, no, they won't.
Yeah. Just check your router at home, and you'll find that out pretty quickly that nothing's turned on because it makes their job easier. There's no resistance to connections, updates, and things of that nature. Yeah, especially your home router, if it's provided by your ISP, probably hasn't been updated since the day it was installed.
It's one of those areas we talked about earlier. It's a responsibility. We have to take accountability for our position in the digital world. Until more people do that, we're going to continue to see the wild, wild west of digital warfare both on the geopolitical side, but also just in our home area. There are people in your neighborhood potentially trying to get into your network just for fun. It's not all warfare. It's people. Just like the old crime that used to take place from a physical standpoint, it's just being recreated in the digital world, which is much easier to execute it.
As individuals, we almost need to have this thought process of every piece of technology I bring into my life, I have to think about, what is this to do with my security posture? What do I have to do to properly maintain this equipment? How frequently do I need to do it? Not so much of it, “Hey, is this fun and neat?” What are the obligations that come with this piece of hardware I'm bringing into my home or this software that I'm bringing into my home?
Absolutely. I think I got a little bit of that from the military world because that's how they somewhat think: “Hey, I'm bringing this new piece of furniture into my house. What if my kid falls off?” Just that kind of mindset of what could go wrong, but not being over paranoid where you're not able to enjoy life and finding that real balance.
It's situational awareness, but it's a step-by-step mindset. It's that, “OK, I'm bringing something new in. What are the implications here? What are the benefits?” Let's find a way to find that balance between the two so that we can really live an optimal life, both safety and enjoyment-wise.
Does AI keep you up at night?
Yeah, AI is definitely a big fish in today's world. I always look at AI as it's still a computer. A lot of people talk about AI as it's like this God or angel standing over us, but it is still connected by a cord. Obviously, that may not always be the case with batteries and how things are operating.
One of the main things that are my contentions with AI is everybody says that AI is going to take over cybersecurity. One of my main things that I always say to my clients is there's a lot of benefits to AI. There are costs, but you will always need somebody to secure the AI, adjust it, teach it, and really groom it. If it becomes bigger than that security professional, then you need to get multiple security professionals’ different perspectives to help secure it.
We just need to do it more consciously going back to that technology, consciousness, and awareness. Obviously, there's this concept of AI that's going to take over the world just like data. Data is going to take over the world and software. People have been saying software is going to take over the world for years. It somewhat has, and AI is just that logical next step where it's a package of software that's doing a lot of improvisation.
I think one of the things that AI can't do that a human can is have that intuition and have that context of what potentially is next. Obviously, AI can predict things based off of past events. I think we just need to keep the human and the machine a little bit separate. Obviously, we want to work together, but realize that if there is a battle that the humans need to stay strong enough, skilled enough from a skill set and a mindset standpoint to be able to pull that plug or chop the proverbial head off when needed.
As people start using AI for offensive cybersecurity, do you assume that the same amount of work will be done on the defensive side?
That's my hope. That's what we're hoping to contribute from a security standard standpoint. If we can keep the standards of security a little bit ahead of the capabilities from a development standpoint, then we have something to shoot for, a dome over it. If it's blasting off rockets, it's going to hit the roof of the highest standard.
I always say, we have standards in life in how we operate, expect other people to operate, and hold ourselves to. But a lot of us don't have a security standard of how we operate our lives in our businesses. Just thinking about everything that's going on and updating the standard before technology gets there. We have to be proactive in that aspect, both to stay a little bit either in concert or a little bit ahead of the attacker, which is very hard to do because they're incentivized to stay ahead of it.
That's exactly what I was going to do. They're going to try to get into the gap or get into the hole. We just really have to have a lot of great brains. We have to have the support of the big fish, the big companies, the governments from a global standpoint to really say, “This is in the best interest of everybody.” If AI blows up the world, it's not just going to be the United States, it's going to be every country around it. Really just getting together and saying, “Here's a standard that we believe can lay the foundation, which is in this cybersecurity framework,” or there's a bunch of them out there.
Let's create these for each industry to get specific on how these industries and people operate and have a common language, which somewhat does not exist in cybersecurity today, both the person as an individual from a non-technical standpoint and then the more technical individuals. It's like a little bit of an ego battle currently. I think eventually, when something does blow up, people will say, “Holy cow, my ego has gone too, and now I need to work with other folks to figure this out.”
As we come in for a landing here, for end users, people at their homes, what are the minimum cybersecurity mindset that you think they should have?
I think a dual-headed approach or dual-factor authentication. Just like you have locks on your doors, you want to make sure that anything you value, whether it's a person, whether it's a valuable, or whether it's a piece of technology, make sure you have two steps in order to get into that. That's physical and digital.
Take accountability. I think that is such a key mindset that I see not enough people have. But once they have it, it's like a light bulb breakthrough moment for them to say, just like you mentioned earlier, “I'm using this technology and I'm taking accountability for the potential costs. I'm going to make sure that I have a password on this that somebody is not just going to guess by clicking a couple of buttons on the keyboard.” That's a key one.
I think it's just a lot of awareness. I want to help as many folks as possible. Through all the resources I've put out, a lot of it's just, “Here's what's going on out there, here's what you can learn from it, and here's what you can put in place.” That's the recent book that I'm going to put out here later this month. It's really just helping people see examples of folks that I've walked through this process and give them some exercises.
I think we all put things in place from, we have to do it in order to understand it. Once those are out there for people to do, then it's up to them to do it. You can take a horse to water, but it might not always drink. We want to bring as many people to the water, give them the exact exercises that they need to protect themselves today and hopefully something that can scale into the future, and then it's really up to them to take accountability. We can't do it for them, but we can give them all the information that they need to go ahead and take action.
That's really the key aspect: taking accountability. It's just like anything in life. If you don't take accountability for it, it's not going to be something that you can benefit from. You'll probably eventually realize the cost of it, which we want to make sure less people do.
What's the name of the book?
It's called Cybersecurity for Everyday People. It's what we call the digital survival guide in today's world, in the modern age. It's what we see as the essential to survive where we're headed with AI, with machine learning, with some of the beneficial but also scary technologies that we're going to encounter going forward.
Perfect. We'll make sure to link that in the show notes. What was the name of your podcast again?
It's called The Connected Mindset Live. We host every Friday morning at 9:00 AM. We sometimes do it at 12:00 PM for the West Coast folks. It's all about bringing leaders on and talking about awareness, technology, and some of the things that we see as the biggest mindsets and cultures that are really benefiting people today. Definitely check that out if you're interested in those topics.
Where can people find you online?
Yeah, definitely all over LinkedIn. I do have an Instagram as well. This is the stuff that I post about. If you're interested in this topic, if you want to connect with me, definitely do it through LinkedIn or Instagram. We'd love to connect, share strategies, share insights. Most of the stuff I give away are completely free because I want to see more people take action.
One of the biggest things—because I didn't have a translator in my life, as I went through my blow up and my house was on fire—I try to be that translator of just saying we have so much access to information, but what does this actually mean to the person who may not be an expert as I've developed myself into? That's always top of mind. We'd love for that information to benefit you and help you, your family, your kids, your generations to come. That's why I do it at the end of the day.
I love it when people are wanting to give back and make the world a better place.
Absolutely.
Greg, thank you so much for coming on the podcast today.
My pleasure. Thanks so much, Chris.