Harnessing the Sheepdog Effect

Harnessing the Sheepdog Effect

We often get two big questions at Beauceron Security: "How do you pronounce your name?" and "What does it mean?". Fun fact: a Beauceron (Bo-ser-on) is a breed of sheep dog from northern France.

So how does a cybersecurity company - that works primarily in human-centric cyber risk - associate with a sheepdog from northern France?

Enter the sheepdog effect.

Not so Bad Rabbit highlights on-going cybersecurity challenge

Not so Bad Rabbit highlights on-going cybersecurity challenge

October brought about the third major ransomworm attack of 2017, taking advantage of the same leaked NSA hacking tools as NotPetya and WannaCry.

While Bad Rabbit's impacts so far pale to the billions of dollars in damages done globally by NotPetya and WannaCry, its spread highlights why reducing the risk of these attacks means dealing with people, process, culture and technology. 

Creating a Proactive Cybersecurity Program: Podcast With Jamie Rees

We sat down to chat with Jamie Rees about the importance of proactively managing cyber risk. Jamie has over 20 years of progressive IT experience. He has spoken at a variety of global events sharing his perspectives and won several awards for his involvement in the industry. Jamie is currently the Senior Cybersecurity Strategist for Énergie NB Power.  

Throughout our conversation Jamie discusses lessons we can learn from the physical safety culture manufacturing firms have created, misconceptions about cybersecurity and first steps that businesses leaders can take to manage their cyber risk.

The full audio clip is about 30 minutes below; in this post I’m outlining some of the major themes that emerged in our conversation.

VALUE

Jamie admits early in his career he believed that security could be solved with more resources for technology. As he progressed in his career, and stumbled across Clayton Christensen’s book the Innovator’s Dilemma, he realized that creating security as an organizational capability required the organization to truly value it. 

Christensen defines values as “the standards by which employees set priorities” and classifies it as the most impactful factor in creating an organizational capability. Once an organization values security the other two factors, processes and resources, will follow.

Valuing security is the difference between pushing a product with security flaws to meet a deadline and pushing the deadline back to solve the security issue first.

LISTEN

In our conversation, Jamie references the classic 7 Habits of Highly Effective People, ‘Seek First To Understand, Then To Be Understood’ when talking about security within an organization.

It’s up to security professionals to listen and communicate with other departments to understand their roles and ensure that security is balanced with usability.

It’s also up to business leaders to listen when an individual says ‘this work isn’t secure’. If security is truly valued within the organization, individuals feel safe to raise security concerns without fear of negative retaliation. 

BELIEF

Rees says the most important part of building a proactive security campaign is having the support, time and belief from the organization. He believes that security is everyone’s business from the front-line employees to the support of the Board and Senior management.

Security leaders need to believe in the value of security every day and communicate that it’s valued.

 “Security isn’t something we buy in an organization, it’s something we instill.”

- Jamie Rees

 

Jamie joined our business development officer Kathryn Chamberlain in our Fredericton office to celebrate cybersecurity awareness month.  Jamie Rees is currently the Senior Cyber-Security Strategist for Energie NB Power, Chair of the ICT-Cybersecurity Leadership Council on Youth and Education and has previously held the Chief Information Security Officer position with the New Brunswick Government. Jamie can be found on Twitter @SecuRees

Cybercrime and cyber risk: It's all about people

Cybercrime and cyber risk: It's all about people

As a business leader, the challenge in today’s ever-changing environment is learning how to effectively manage cyber risk in the same balanced manner as all other business risks, from the risk of a new disruptive competitor to the risks of strategic mistakes or missed opportunities.