Creating a Proactive Cybersecurity Program: Podcast With Jamie Rees

We sat down to chat with Jamie Rees about the importance of proactively managing cyber risk. Jamie has over 20 years of progressive IT experience. He has spoken at a variety of global events sharing his perspectives and won several awards for his involvement in the industry. Jamie is currently the Senior Cybersecurity Strategist for Énergie NB Power.  

Throughout our conversation Jamie discusses lessons we can learn from the physical safety culture manufacturing firms have created, misconceptions about cybersecurity and first steps that businesses leaders can take to manage their cyber risk.

The full audio clip is about 30 minutes below; in this post I’m outlining some of the major themes that emerged in our conversation.

VALUE

Jamie admits early in his career he believed that security could be solved with more resources for technology. As he progressed in his career, and stumbled across Clayton Christensen’s book the Innovator’s Dilemma, he realized that creating security as an organizational capability required the organization to truly value it. 

Christensen defines values as “the standards by which employees set priorities” and classifies it as the most impactful factor in creating an organizational capability. Once an organization values security the other two factors, processes and resources, will follow.

Valuing security is the difference between pushing a product with security flaws to meet a deadline and pushing the deadline back to solve the security issue first.

LISTEN

In our conversation, Jamie references the classic 7 Habits of Highly Effective People, ‘Seek First To Understand, Then To Be Understood’ when talking about security within an organization.

It’s up to security professionals to listen and communicate with other departments to understand their roles and ensure that security is balanced with usability.

It’s also up to business leaders to listen when an individual says ‘this work isn’t secure’. If security is truly valued within the organization, individuals feel safe to raise security concerns without fear of negative retaliation. 

BELIEF

Rees says the most important part of building a proactive security campaign is having the support, time and belief from the organization. He believes that security is everyone’s business from the front-line employees to the support of the Board and Senior management.

Security leaders need to believe in the value of security every day and communicate that it’s valued.

 “Security isn’t something we buy in an organization, it’s something we instill.”

- Jamie Rees

 

Jamie joined our business development officer Kathryn Chamberlain in our Fredericton office to celebrate cybersecurity awareness month.  Jamie Rees is currently the Senior Cyber-Security Strategist for Energie NB Power, Chair of the ICT-Cybersecurity Leadership Council on Youth and Education and has previously held the Chief Information Security Officer position with the New Brunswick Government. Jamie can be found on Twitter @SecuRees