Paul Farley - A Cybersecurity Leader's Take on Societal Change
Critical Stats
LinkedIn: https://www.linkedin.com/in/paulfarley/
Started their cybersecurity journey in: 2001
Most passionate about: Growing talent and helping them understand the fundamentals.
Favorite zero-day: I don’t play favorites; I dislike them all!
Favorite song: Carrying Your Love with Me by George Strait
Introduction
Paul is a senior leader in information security, combining deep technical knowledge with broad security experience. He has a proven track record of aligning security strategies with organizational goals through strategic consultation and relationship building. He has proven to be skilled in communicating complex concepts to diverse audiences, and he has managed up to $20M in budget and global teams of 70+ individuals.
Paul is a cyber vanguard
We selected Paul because he is a cyber vanguard! He has been in the security space since 2001. As time progressed, he constantly evolved in the industry. As the technology changed, he adapted. But aside from his technical ability, he has proven to be a strong advocate for others. One example of this is his involvement with the City of Refuge. The City of Refuge is a not-for-profit designed to help individuals and families transition out of crisis. Paul has mentored several City of Refuge students and supported the organization as a wonderful ally. On top of all that, he is a recent graduate of the FBI CISO Academy (the academy's ultimate goal is to inform industry executives about the benefits of working with the FBI - before, during, and after a cyber incident). These qualities are stand-out characteristics that make him a One2 Watch recipient!
Without further ado, we asked Paul our standard set of 5 questions to rule them all, and here are his responses:
Five questions to rule them all!
1. What is the biggest problem we are dealing with in cybersecurity?
Cybersecurity started as a novelty, something that mischievous kids would do, and harm would come when something went awry and damage or disruption happened. As computers and the internet have become more embedded in our lives, this is a vector for everything from crime to espionage, no different than other technological changes in society. Our societal challenge is to stop treating cybersecurity as a novelty and embed safe cyber practices everywhere. Just as we have to teach children how to cross a street to stay safe, we have to teach them how to operate in a world with cyber threats safely.
2. How can we tackle the societal challenge to stop treating cybersecurity as a novelty and embed safe cyber practices everywhere?
Everything in society starts in the family. To minimize risk to our children, we must teach them that cybersecurity is something to pay attention to. But it doesn’t stop with our children; we must share knowledge with our spouses, parents, cousins, etc; the entire family needs to be involved. This then carries into institutional practices, whether public or private, where the success criteria for developing an initiative or a project includes measures to address cybersecurity concerns. This problem won’t be solved by just one group of people in an organization, like a security department chasing down issues, but by the entire organization (including marketing, finance, legal, etc). In summary, to help keep everyone safe, societal cyber literacy has to rise significantly for all of us, not just a select few.
Like our content? Let us do the same thing but for you. Interested? Let’s chat!
3. What are three actions a CEO can take to protect their company from cyberattacks?
Three actions a CEO can take to protect their company are:
Tie executive compensation and bonuses to security metrics. This clarifies the importance of security and shows that all have a role to play in their sphere of influence.
Adhere to well-known best practices like patching promptly, deploying multi-factor authentication broadly (at LEAST for everything facing externally), and hardening the environment to reduce the likelihood of something happening and limit damage if it does.
Hold employees accountable for adhering to security policy. When there is bad behavior, do not tolerate a lack of care or circumventing security for personal or corporate expediency.
4. What are the best resources for learning more about cybersecurity?
I read everything I can get my hands on, listen to podcasts on cybersecurity and leadership, and participate in information-sharing events to learn from others. When I was starting out, I took training classes to truly understand a particular area and build on that knowledge.
5. What is one piece of advice for those wanting to pursue a cybersecurity career?
Cyber is a multi-disciplinary field that is always changing. To thrive in cybersecurity, you have to embrace this and be willing to learn constantly. People I respect the most regarding their capabilities have one thing in common: they are curious and demonstrate this by having something they are playing with to expand their knowledge. It could be a lab (physical or virtual), or it could be experimenting with creating a LAN with amateur radio. There isn’t a cookie-cutter approach to this. You cannot know it all, so start somewhere that interests YOU and really understand the underlying technology, how it can be subverted, and then how it can be protected. Then, pick the next thing and repeat the process. There is no shortcut for consistency and hard work in developing yourself. This discipline of constant learning will not just bring you into the cybersecurity field but allow you to grow with it and contribute as new challenges arise.
Go ahead, make my day… serious, please do so by sharing this amazing interview with others!
Are you looking to go to a persona page?
Cyber 101 | The Solopreneur | SMB | BoD
