As a full-time employee by day and part-time, remote grad student by night, the juggling act can be tough. I’m constantly on the run trying to manage coursework and group projects with work obligations, as well as my actual life that includes working out, meal prep, and seeing my friends and family. During this week’s Reimagining Cyber podcast episode, Today, everyone needs to be Cyber savvy, with Bob Guay, CISO at Momenta Pharmaceuticals, I was reminded to stay savvy. That entailss keeping my eye on the prize (especially when it gets overwhelming), the importance of being invested, leaning on my peer network (it’s important, even though it may be remote), and always approaching big projects and presentations with a “So what? What’s in it for them?” mentality.
Guay kicks off the episode by tracing his career from the FBI to his shift to the pharmaceutical industry, taking what he learned in the federal sector to the world of pharmaceuticals. In the pharmaceutical industry, he’s had the opportunity to build cyber programs from scratch. The key, he says, is investing in people within your organization to help build the program. Without “skin in the game” and hiring the right people in key roles, you won’t have the same results.
“Part of the problems I saw there [in pharma], too many people were outsourcing security. If you don’t have the skin in the game, you won’t get as good of a service as if you had staff for that company. So, as things started to progress, getting pharma up on security where policies, you’ve got to have the foundational policies, as those organizations started to go more and more in the cloud, that became a problem as well. Whereas [with] your data/ vendor management, etc., it has been an uphill battle.”
When building a cyber program, it can be challenging to get non-technical people to understand why being cyber-savvy is important. Things like dual-authentication or regularly updating computer passwords may seem like a nuisance but are so important. Guay credits his success by putting himself in the other person’s shoes, figuring out why it’s important to them, and how they can work together.
“You should be thinking cyber-savvy all the time; you’re dealing with a breach yourself. Everything you do is a target of threat actors, so I try to make sure that all the training and resources we have is about everything they do all the time; to protect themselves, the company, and our patients. The bottom line is, we’re protecting patients to have a better life; if we don’t do our due diligence, we may not be able to do that. Trying to focus on that has been dramatic. I’ve always thought that if I could make the staff, the team, the board see, ‘what are you guys doing for password management? You’re the focus for these attacks.’”
Lastly, Guay relies on his peer network for support when he needs it. “I can’t tell you how many times I’ve said, ‘Hey, are you seeing this?’ Brings me back to [the days of] firewall logs, and reaching out. You cannot possibly do this on your own. You have to have some means of receiving info, it’s so fast. That’s a bonus to social media, you can get immediately notified, and having the capabilities with the AI to take action. [For example], ‘we are bringing up a domain that says Momenta Pharma but one letter is off,’ gets immediately taken down. It prevents headaches. You wouldn’t know it was there until someone told because you don’t have that resource of people looking.”
Regardless of issue or life stage, it’s important to stay savvy, stay focused, make investments where it’s needed, and put yourself in someone else’s shoes to determine what’s in it for them. How will you stay savvy this week? Let me know in the comments below. We’ll keep each other accountable.
CyberRes is a Micro Focus line of business focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberResilient.com.