Charlotte Edwards - Insights on the Cybersecurity Landscape
Critical Stats
LinkedIn: https://www.linkedin.com/in/charlotte-edwards-2246a0119/
Started their cybersecurity journey in: 2021
Most passionate about: Personal cybersecurity, identity protection, and threat monitoring
Favorite zero-day: Not a zero-day, but the new SEC cybersecurity rules focused on executive and board cyber responsibility.
Favorite song: “Dy-Na-Mi-Tee” covered by the extraordinary Olivia Dean
Introduction
Charlotte might be new to the cybersecurity world, but she has a rich history of making an impact everywhere she has been! It is due to her desire to excel in the role she finds herself in. Charlotte is relentless in her pursuit of excellence, as evident in many of her answers to my question below!
Charlotte is up-and-coming!
We selected Charlotte because she is up-and-coming! I met her at an event with some of the top minds in cybersecurity. Since then, she has demonstrated a deep desire to learn, grow, and evolve. She is also highly articulate and possesses a passion for cybersecurity that many cybersecurity experts do not. In addition, I am impressed by her desire to help individuals learn and defend against today's digital threats.
Without further ado, we asked Charlotte our standard set of 5 questions to rule them all, and here are her responses:
Five questions to rule them all!
1. What is the biggest problem we are dealing with in cybersecurity?
Our collective inability to secure personal data in the advent of its growing utilization. Let me explain. In recent years, we've seen an ever-expanding digital footprint for individuals worldwide. This digital presence spans social media profiles, government portals, digital health files, and remote work platforms.
As we conduct more of our lives online, personal information becomes increasingly accessible… and exploitable. It is no secret that personal information is routinely aggregated, bought and sold. This widespread circulation of personal data amplifies the risk of exposure through data breaches facilitated by bad actors. Those bad actors can use your data to steal your identity, commit social engineering attacks, or access your company’s corporate network… or all three. All in one afternoon.
2. How can we secure our personal data?
There are some straightforward, basic steps individuals and companies can take. But as always, having multiple security layers is absolutely crucial!
As an individual:
Monitor your digital footprint: Regularly Google yourself to see your online visibility. You want to see what others can learn about you. If you find results, look at the privacy settings on the site that surfaced them. For example, let’s say you see results that point someone to your LinkedIn account. That might be what you want, but if not, log in to your LinkedIn account and modify your privacy settings to ensure your results are seen only when and where you want them. Check these regularly, as they are subject to change.
Strengthen your digital security: You can do a few things to harden your digital security, like using a virtual private server (VPN) or privacy-enabled browsers, but let’s focus on password management. Did you know that according to LastPass, 81 percent of confirmed breaches were due to weak, reused, or stolen passwords in 2022? I recommend everyone do three simple things to be safer online, they are:
Utilize strong, unique passwords for all accounts
Use a password manager
Enable MFA on your accounts.
As a company:
Establish data protection controls: There is so much I could share here, but at a minimum, you should implement strict data minimization practices and rely on robust access controls. You want to reduce the data inside your network to only what you deem critical and ensure you fortify how your employees access your network. On that last point, let’s chat about VIPs.
Secure your ‘VIPs’: When I say VIP, I mean individuals with privileged access. That might include senior leadership and board members, often at the top of a bad actor’s target list! These individuals are the most visible targets you have to protect. I recommend you consider extending security beyond the ‘corporate controls,’ ensuring their private and professional lives are equally protected. Since they will be the most visible targets, you must ensure they have comprehensive protection.
3. What are three actions a CEO can take to protect their company from cyberattacks?
I have a few thoughts on this! A CEO can:
Turn compliance into opportunity: For example, don’t think of the new SEC rules as a regulatory burden. Instead, see them as a chance to strengthen your company’s security foundation. Work closely with your CISO (or senior most cybersecurity expert) to truly understand your security strategy and roadmap. Ensure the leadership team knows what assets are critical and what risks you’re facing. It is not about checking boxes; it’s about allowing your company to innovate safely.
Educate your leadership team and board members: The public leaders of your company are prime targets for bad actors to attack. Take a hard look at their digital exposure: what personal information is publicly available about them? Have they been compromised in recent data breaches? What cybersecurity awareness training have they received? Do you actively train them on current cyber threats? Remember, these leaders hold the keys to your company’s most sensitive information and operations.
Make security an ongoing conversation: It might not be the most popular topic, but it definitely is one of the most important topics you will discuss. And it is not a one-time undertaking; it’s a critical part of your business operations. Keep it as a standing agenda item. As a reminder, you must evolve your security posture as your business (and the threat landscape) evolves.
4. What are the best resources for learning more about cybersecurity?
I am constantly learning and growing in the space! Of everything I am doing, here are my top three recommendations:
As an absolute number ONE… the cybersecurity community: Talk with people in the industry, ask questions, and discover what drives them. The cybersecurity community is known for its openness and willingness to help others.
Cybersecurity legislation: Next to cybersecurity, everybody’s second-most favorite topic is legislation! LOL. However, in all seriousness, legislation shapes security requirements (thus business discussions) and shows what experts and policymakers consider critical. I recommend you read articles on the latest legislation making its way through the legislative process.
Daily cybersecurity news: Set up Google alerts for keywords like “cybercrime,” “cybersecurity,” and “hacking.” This will allow you to receive daily updates on global security news. Every day, you’ll receive a list of articles; take 5 minutes to review them and read the ones you find interesting. This will help you stay informed on the latest cybersecurity news and incidents. There is so much I do not know. If you cast a too-wide net, narrow it down by adding more terms to your Alert criteria with the boolean operator “AND.” Something like “cybersecurity AND decodingCyber.”
5. What is one piece of advice for those wanting to pursue a cybersecurity career?
What?! Just one? I am bending the rules a bit because I have two pieces of advice:
Have an untameable eagerness to learn: The pace at which cybersecurity evolves is exponential. Continuous learning is not just beneficial; it is essential. Embrace the journey of constant discovery, whether you’re a cybersecurity veteran or just starting. Try to:
Attend conferences and workshops
Listen to cybersecurity podcasts
Read cybersecurity books
Join professional LinkedIn groups and online communities
Follow thought leaders in the field on LinkedIn
Prioritize soft skills and the human aspect
Prioritize soft skills and connect with others: The cybersecurity community is immensely supportive, and there is an incomparable willingness to share information and help each other. Add to that captivating environment by participating in and contributing to the community. Your soft skills and ability to connect with people are essential here! I recommend you:
Seek guidance or insights from the pros!
Participate in cybersecurity discussions, whether they be in-person or online.
Actively engage in the aforementioned activities by asking relevant questions and sharing timely feedback. Engaging in a dialogue with others will help the learning process!
Exsqueeze me? Sharing this article is required if you read it. #facts
Are you looking to go to a persona page?
Cyber 101 | The Solopreneur | SMB | BoD