Dane Bamburry - The Cybersecurity Whisperer: How to Make Cybersecurity Speak Business

Cyber Vanguard
Written By Michael F. D. Anaya | Founder

Critical Stats

LinkedIn: https://www.linkedin.com/in/danebamburry/

Started their cybersecurity journey in: 1999

Most passionate about: I am most passionate about bridging the gap between cybersecurity and business. Cybersecurity often gets a bad rap for being a business disabler, but this perception can be changed with good partnerships, effective communication, and clearly defined benefits on both sides.

Favorite zero-day: WannaCry

Favorite song: Smooth Operator by Sade.

Introduction

Dane has over 20+ years of experience defining and leading the implementation of business-driven technology strategies, principles, and standards at all organizational levels. He is an articulate communicator who can fluently speak the languages of both business and technology, blending technical expertise with exceptional interpersonal skills. In addition, he has a consistent track record of successfully leading enterprise-level transformational initiatives and a proven ability to align strategic IT initiatives with business needs. All the while, he is incorporating industry best practices.

Dane is a cyber vanguard

We selected Dane because he is a cyber vanguard! As our introduction shows, Dane is a skilled and proficient leader. His years and depth of experience make him uniquely positioned to provide guidance and expertise in an array of situations. So much so that many people and organizations have turned to him for mentorship and guidance. He is a board member of several of these organizations, including the Technology of Georgia (Information Security), Atlanta Technology Professionals, and Information Technology Senior Management Forum. These qualities are stand-out characteristics that make him One2 Watch!

Without further ado, we asked Dane our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

Today's biggest cybersecurity challenge is failing to communicate cybersecurity's value to the business. I have seen a significant increase in the dependency on technology and technology tools driving business operations year over year throughout my career. Cybersecurity has failed to keep pace with such innovative technology growth, but the business process of integrating with technology does a much better job of staying aligned with this growth. Two fundamental reasons continue to perpetuate this growing gap:

  1. First, the cybersecurity industry has failed miserably in translating business value when articulating the value of cybersecurity products and services to business leaders, both internal and external. The industry has not equipped its customers with the correct information to give them a warm fuzzy feeling.

  2. Second, young and experienced business leaders have the mindset that “if it is not broken, don’t fix it.” So, they operate in a reactive mode, which creates a big challenge for cybersecurity professionals who are trying to protect organizations and their digital assets from bad actors.

2. How can we address the failure to communicate cybersecurity's value to the business?

To change this mentality requires a couple of basic steps.

  1. Cybersecurity sales and marketing vendors must be educated in true business value and what is most important to customers. They need to stop trying to sell the shiny new cybersecurity object and connect with their customers on what matters most: cost savings, revenue growth, and operational efficiencies.

  2. Corporate boards need to have experienced cybersecurity leaders sitting on their boards so they can drive the correlation between business value and cybersecurity from the top down.

  3. Lastly, cybersecurity training programs and cybersecurity-focused college programs must incorporate business, communication, and marketing classes within their programs. It is similar to how a Management Information Systems degree, while focused on information technology, infuses the foundational business classes within the program.

Like our content? Let us do the same thing but for you. Interested? Let’s chat!

3. What are three actions a CEO can take to protect their company from cyberattacks?

Three actions a CEO can take to protect their company are:

  1. Issue a company-mandated cybersecurity training program as a part of the onboarding process, develop an ongoing refresher/update of the training program, and tie it to employee performance.

  2. As a part of their long-term growth strategy, insist that the board add cybersecurity-minded board members to help drive strategy across new business growth, including mergers and acquisitions.

  3. Base a portion of an executive’s bonus on cybersecurity compliance in the area within the organization they oversee. For example, if they manage all of Finance, then the cybersecurity compliance for all finance personnel would be assessed to determine whether the executive would receive a portion of their bonus.

4. What are the best resources for learning more about cybersecurity?

My top three resources for learning more about cybersecurity are:

  1. Attending in-person and virtual events where you get real-world experiences from cybersecurity professionals and leaders on the front lines. You not only get the technical assessment, but you also get the cultural impact of the challenges that they face daily.

  2. WSJ Pro Cybersecurity Newsletter—This newsletter provides a business impact lens on cybersecurity threats. It informs you on global and national cybersecurity policies and how they impact business from a regulatory perspective.

  3. Gartner documentation—Gartner docs provide strategic guidance on where senior cybersecurity leaders are focused and potential threats we need to consider with new and innovative technologies that have not become part of the mainstream technology landscape.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

The one piece of advice I would give those pursuing a career in cybersecurity is to become bilingual in both business and technology. It will provide value beyond your current comprehension. This will, in turn, enable you to become a better storyteller, which will be extremely valuable in communicating cybersecurity challenges to your business counterparts in a manner they can relate to. Relatability is an underused tool in a cybersecurity professional’s toolbox. Sometimes, it is not even in the toolbox. We in the cybersecurity profession often act like we are smarter than our other technology counterparts and business partners. It creates a ring of arrogance and isolates us from the rest of the organization, so the ability to connect on a common level will be a crucial success to your career growth as well as helping to change the narrative of cybersecurity always being the “no you can’t do that” department. That may have been more than one piece of advice, but in my mind, it is all connected.

Ready for some epic articles?

Here’s our latest and greatest!
Decoding the “Feds”: Law Enforcement vs Regulation
Decoding the “Feds”: Law Enforcement vs Regulation
Vendors Explained: Navigating the Digital Defense Landscape
Vendors Explained: Navigating the Digital Defense Landscape
The World of Hackers: White, Black, and Gray Hats
The World of Hackers: White, Black, and Gray Hats
The Critical Role of a CISO in Modern Organizations
The Critical Role of a CISO in Modern Organizations
SIEM and SOAR: Are They Right For Your Organization?
SIEM and SOAR: Are They Right For Your Organization?
Conquer Cybersecurity Challenges in the Cloud with SASE
Conquer Cybersecurity Challenges in the Cloud with SASE
Misinformation vs. Disinformation: Ways to Combat Fake News
Misinformation vs. Disinformation: Ways to Combat Fake News
The Biggest Security Threat You Might Not Know About: Insider Threats Explained for SMBs
The Biggest Security Threat You Might Not Know About: Insider Threats Explained for SMBs
DevSecOps for Startups: Building Cybersecurity into Your Product From the Beginning
DevSecOps for Startups: Building Cybersecurity into Your Product From the Beginning

Here's looking at you, kid. Best share this interivew with your pals, champ.

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD

Michael F. D. Anaya | Founder

I’m a techie who’s been in cybersecurity for over two decades. My passions are being a top-tier dad, helping others, speaking in public, and making cyber simple. I am also partial to cheesecake and bourbon, but not together… well, come to think of it, it might be a killer combo! TBD.

https://www.mfdanaya.com
Previous

Paul Farley - A Cybersecurity Leader's Take on Societal Change
Next

Dr. Joye Purser - Stop Cybercriminals in Their Tracks: Advice for CEOs and Cybersecurity Professionals