Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

How to expand your security candidate pool

Dr Mansur hasib

2-September-2015

When he was CISO at a company, Dr Mansur Hasib, CISSP, PMP and CPHIMS, ended the typical meeting format, in which everybody speaks for one or two minutes.

“I had rotating meeting chairs every meeting,” said Hasib. “Everybody had to learn how to develop an agenda and get practice in the leadership and art of running a meeting.”

Prior to the meeting the team member responsible for leading had to talk to everyone to develop an agenda by talking to everyone on the team. They learned about all of the work the team was doing. Everyone in the meeting was listening and engaged, because they’d have to put together the next agenda.

“Meetings require everyone’s brain power to polish a rough idea into something more brilliant,” he said. “All of a sudden the ideas come together fine. You can have a status report via email; you don’t need a meeting.”

Hasib spoke at SC Congress Toronto on June 10 this year. In addition to his books – Impact of Security Culture on Security Compliance in Healthcare and Cybersecurity Leadership, which has become part of the US State Department cybersecurity training program, he’s also produced a short, simple video explanation of cyber security.

Developing peoples’ skills – especially security mindsets – is what information security professionals have been harping on forever. As an adjunct cybersecurity faculty at Carnegie Mellon University and UMBC Hasib believes we’re making a mistake by focusing on technology training… in particular, calling cyber security a STEM (Science, Technology, Engineering, Math) field.

“In truth cyber security is STEMB, because we do all of these things with a business partner,” he said. “You also have risk management in the background. What is the business advantage of doing something?

“You need lawyers, psychologists, and the moment you start broadening that perspective, you’re going to get more people. If someone asks, ‘I have a Bachelor in political science, can I make it in cyber security?’ Sure, you won’t write a new algorithm, however if you attend my course you’ll learn enough to work in cyber security as a trainer or policy writer.”

As example Hasib cites Louisiana Cyber Innovation Center, which is teaching risk management and measurement of intangibles such as reputation loss.

“Those are all integral parts of cyber security,” said Hasib. “In that program, taken from middle school onward, they are engaging students in the holistic application of cyber security. They have achieved not only racial parity, but also gender parity. Because they succeeded in doing that, they received a grant to expand it nationwide.”