Image for post
Image for post

Cybersecurity Strategy: Compliance < Security

For as long as information security has been a function of the organization, there has been justified tension between focusing on compliance and pursuing security in the matter of cybersecurity strategy. As the President & CEO of The Penn Group, I often hear one of the most frustrating pressures to deal with as a security leader is budget. Your business stakeholders want to spend less on security, and you have to somehow figure out how to roll out next generation anti-virus to 10,000 endpoints to keep your business process secure. Often the conversation of cost is a driving factor in deciding the security strategy of your organization. Ultimately, a given organization has to content with cost prohibitive constraints. Often, the organization elects to abide by compliance requirements as the driving factor for the implementation of cybersecurity. After all, you have to meet compliance requirements. This approach leads to what I call The Walking Data Breach. …


The best way to reinvigorate your job is to fire yourself.

Image for post
Image for post
The best way to reinvigorate your job is to fire yourself.

We have all been stuck in the rut that feels like an eternity. You get to the office 5 minutes late, wipe the sleep out of your eyes, and plop down at your desk. Staring at your computer for too long, you decide to finally unlock it to get the day started. When you sign in, you’re greeted with the unmistakable familiarity of annoyance. You can’t believe your boss is already on your case about a deadline three weeks away. You write the email that says, “I quit.” You then backspace it quickly. Days turn to weeks; weeks to months. Eventually, you wonder how you got to this point. Didn’t you work hard enough? …


Image for post
Image for post
She said Yes

It was a brutally steamy evening in the summer of 2019, about mid-June. As with standard procedure, I was wearing a blue ultra-flex Ralph Lauren suit, with light brown chelsea boots . I plopped down on the bench and looked down the long bleacher. We were at a baseball game, and I saw some new faces. I recognized a red head with curly hair, who was talking a bit dramatically to what appeared to be her sister. Interested, I leaned out on the bench and began to conversate with her and her sister. Attempting to impress her, I began to brag about The Penn Group. Her response was that she had multiple businesses, and that I should ask her if I needed help. I popped the question right there. Just kidding; I was very impressed by her sass but decided to leave the conversation alone. She likes to say I told her to professionally “go away”, which is certainly true. …


Image for post
Image for post
The Misinformation Problem

The Misinformation Problem

With my deep background in cybersecurity, the scale and the depth of the effectiveness of misinformation is of the foremost concern. 2020, as an election year, isn’t a war waged on interest or ideals, but manipulation and division. Never before in our nation’s history has it been easier to spin facts into falsehoods and falsehoods into facts. Our leaders, our adversaries, and our wealth have taken note. By leveraging modern technology, like Facebook and Twitter, and more traditional technology like TV and Radio, the battle grounds of the election are no longer in states but in the screens that we wake up to. As the President & CEO of The Penn Group, I’ve constantly challenged myself to not just identify problems, but to solve them. The misinformation problem is a multi-generational, multi-cultural cacophony that has a common underlying issue. To solve this problem, we took modern technology to task and designed a dynamic system designed to defeat misinformation. I’ve written extensively about misinformation and refuse to refer to it by its slang term “fake news”. …


Image for post
Image for post
Are you frustrated at work?

In 2017, I was sitting in a board room listening to my boss’s boss talk about the results of an employee survey. In the packed room on the third floor of our corporate office sat all of the big personalities within the IT group. As the boss, who most people reasonably respected, continued to discuss the disparaging results of the employee survey, frustrations among the employees began to boil over. Soon, a full-on argument ensued between the big boss and his team. In one of the most impressive leadership moments I’ve ever seen, the big boss just stopped. He stopped talking and listened to his team. After the grievances were aired, attention turned to the center of the room as the big boss began to slowly address each of the concerns presented to him. The problems within the organization existed, and all fingers pointed at the big boss. As he continued to address the concerns of the employees in the room, the moral began to fade. …


The attack on trust in America.

Image for post
Image for post
Trust is the foundation of society

The foundation of American business is built upon trust. I take that back. The foundation of our entire society is built upon the foundation of trust. Trust is a fickle currency. The old adage describes trust as something that is collected in drops and lost in buckets. The higher you elevate in society, the more trust you’re extended. The higher you are compensated, the more you’re trusted. You can do everything right 99% of the time, but when you get it wrong your trust with your peers is lost. No wonder the anxiety within America has risen to record highs. At any given moment, we are forced to constantly evaluate if we trust people within our conversations, relationships, business, government, and even ourselves. “Trust yourself” was the advice that former President Bush gave President Elect Barack Obama prior to assuming office. …


Starting a company, hands in the middle.
Starting a company, hands in the middle.
Source: Pexels

At age 13, I sold my first website. I made $1,200 and bought myself a brand-new computer to play World of Warcraft with. Priorities change a little as you age, but the spirit you’re born with remains immutable. The passion to want more, to do more, and to be more never quite leaves you. For me, I was intoxicated by the very idea of success. I had largely below average grades and barely made it through 7th grade geometry. Naturally, I was on my way to a smooth career sweeping floors. But when I sold my website, for the first time, it connected the obscure dots between hard determination, and meaningful work, and transplanted them into a drive to make more for myself. In my short, 26-year existence, I’ve had the opportunity to start multiple companies. I sold websites before graduation. I started a computer repair company in college, and I founded The Penn Group after being laid off. I’ve learned a thing or six along the way about running your own company. …


Image for post
Image for post
Would you turn down a $125,000 a year salary?

I was standing outside a Mexican Restaurant in Perry, Oklahoma when the phone call came in. I had just moved to Ohio about 6 months prior, but I was home in Oklahoma visiting friends. It was my old boss on the other end of the line. He had been calling me relentlessly about taking various jobs around the United States that I knew I should be taking.

I answered the phone, and we spoke for a bit and the offer came in. $125k a year. It was in my home state, working for a premier organization that is a household name. Moving package. Everything you could have wanted. I stood there and had to make a major life decision in that moment. Was $125k enough to draw me away from my dream of being a CEO. …


Image for post
Image for post

When working with our clients, my team at The Penn Group works around a philosophy that we believe enhances our client’s ability to make risk-based decisions. Translating academia to operationalization, the goal is to improve your organization’s ability to do security while reducing your risk. In today’s blog, we are going to explore how to build your security operations for your organization.

Key Takeaways:

- The creation, implementation, and management of a Security Operations Center (SOC) is an expensive but necessary operational security activity.

- A Security Operations Center (SOC) provides immediate value to your organization and proves the return on investment on security. …


Drafting an information security policy provides definition to your organization’s security program, enabling your team to enforce a strong security posture.

Image for post
Image for post

One of the worst situations any information security team can find themselves in is to discover a large-scale security breach and have no idea what steps to take. Over my career as the President & CEO of The Penn Group, it doesn’t surprise me anymore when I find out how woefully inadequate most organization’s security actually is.

Defining Cybersecurity For Your Organization

Cybersecurity is still relatively new, and for most executives, it has been a non-factor until the last 5 years. For many organizations, security is still a new activity that is handled by an overtaxed IT team. Typically, the information technology team is busy just trying to keep the organization functioning on a daily basis. Security topics are an afterthought, and a false sense of security prevails. Outside of the enterprise, the mindset of “we’ve never been breached before, why would we now?” This attitude galvanizes the mindset of leadership against further preventative action on security topics. Ultimately, while the arguments in the meeting rooms are ongoing, the criminals have already infiltrated the network and exfiltrated the proprietary technology that enables the organization. This unfortunate situation is not only preventable but is also increasing in its commonality. …

About

Austin Harman, CISSP

An experienced cybersecurity leader serving as the President & CEO of The Penn Group. I hold the CISSP, CCSP, CAP, and Security+ certifications.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store