Today’s guest on the Innovation in Compliance Podcast is Eduardo Campos – an expert in cybersecurity. He spent 25 years advising clients as large and illustrious as Microsoft and Bell Canada – and his focus was always on the human factor of cybersecurity, which is more critical than technology, policy or any other element.
Why is it So Hard for People To Understand?
He shares how it’s important to make the end-users of technology understand what your goals are – you have to avoid jargon and acronyms or no one is really going to understand what the goals of a cybersecurity program are. Tom mentions that often, tech professionals are speaking way over the heads of people listening to them, and asks Eduardo why that’s so often the case. Eduardo talks about the technical nature of the profession, and a lack of emphasis on communication, and practice talking to people who aren’t deeply involved in the different tools, terms and concepts being used. He always focuses on the importance of clear communication and makes it a part of every project he takes on.
The Importance of Communication Skills.
Communication around cybersecurity needs to go two ways. The person implementing the program and the people who will be using it are both sharing valuable information. Tom believes that the training in communication skills in compliance starts when new people are being hired, rather than training them after the fact, and Eduardo talks about the similarities in the cybersecurity industry. Communication is a critical part of the job that needs to be done, and that has to factor into hiring. When communication in a big cybersecurity project goes awry, it isn’t always the fault of the professionals implementing it. Communication is a skill companies need to hire and train for. Eduardo talks about the specific communication skills people need to have.
Is it Always Human Error?
Tom talks about how often security breaches are attributed to human error and wonders why hackers are so successful at breaching professional defenses. Eduardo reminds us that criminals have plenty of time to make plans and find new ways to get what they want. Cybersecurity professionals and program managers don’t. People in organizations, individuals who are likely to be targeted, are up against a very sophisticated threat – coming from email, social media, websites… and those high-risk individuals aren’t always being prepared adequately to recognize and avoid threats. Eduardo shares how this happens, and why.
Embedded-Knowledge
Eduardo’s business is called Embedded-Knowledge Inc, and it starts with the concept that all of the knowledge needed to solve a problem lives within the system. The key idea is that Eduardo and his team have developed a strategy for his clients to step back and look for a root cause of cybersecurity issues, rather than just reacting. He uses strategies like design thinking, and business model generation to create innovative solutions. A focus on people, how they think and how they behave is what makes Embedded-Knowledge unique in the industry.
Resources:
Go to E E Campos to download a free chapter of Eduardo’s book, get a free assessment, and join the newsletter!