At our most recent Leadership Meeting (ITL), we learned about how the “old school days” of robbing a bank and predictive analysis have created several lessons that are applicable in a world of threat and cybersecurity. I want to thank Jim McJunkin for engaging us on the topic of Threat Security – How to build and scale a security team. We focused on a few areas but Jim’s background in the FBI allowed his focus to be on figuring out analytical ways to stop threats before they happened. I would also like to thank Elkay and Ulta Beauty for hosting our meeting. Now let’s get down to the topic at hand; Threat Security and good old Willy Sutton!
Jim started the meeting by introducing us to William Sutton. Willie Sutton was a bank robber in the early 1900s who robbed banks simply because “that’s where the money is”. Jim used him as an example to explain how in today’s society it’s so easy to become someone else through the use of technology and computers. Willie would change outfits and dress differently so he wouldn’t get caught. The same thing is happening today, but only through technology. These criminals are changing and making up identities by stealing information through malware, unsecured websites, skimming and credit reports to name a few. Jim explained how Discover ran into a few of these issues and to keep their customers safe and secure they chose to pro-actively patch systems on a routine basis as well as issue authentication codes for customers. Not knowing if these customers where truly customers, an authentication code was a measure taken to protect their clients, yet that would mean a slower speed while logging in and finding their information.
Jim then dove into how to build out your IT Security team in order to protect your company and customers from a possible threat. First and foremost, the entire company must be aware and understand that a possible threat may happen. Being from the FBI, Jim strongly believes in recruiting members that are NOT a part of IT and found great success with veterans. He believes in finding folks with a security or threat analysis background and then teaching them technical skills on the job. Then the IT security staff will work hand and hand with the other team members to create the perfect intelligence team. He also believes that the mind set is very important when it comes to creating your team. Combining the IT Staff with a nontraditional team member, a little training of the minds, and out comes a more crafty and aware team.
In the end, Threat Security is something that shouldn’t be taken lightly. After all, “that’s where the money is”. You can find the slides from Wednesday’s meeting, here.