Eric Jergenson - Decoding Modern Cyber Threats

Mover-and-Shaker
Written By Michael F. D. Anaya | Founder
Eric Jergenson
Up and to the right graphic

Critical Stats

LinkedIn: https://www.linkedin.com/in/eric-jergenson/

Started their cybersecurity journey in: 2021

Most passionate about: Thinking outside the box

Favorite zero-day: Stuxnet

Favorite song: “Imagine” by John Lennon

Introduction

Welcome to our special Cyberween Edition of the One2 Watch! Trick-or-treaters are at your front door, while bad actors are at your network's back door. It’s when Cybersecurity Awareness Month and Halloween converge and turn into Cyberween! With that said, let’s get to our spooky interview! Muhahaha…

Eric is a results-oriented cybersecurity executive with a proven track record of building and leading high-performing teams. He is skilled in developing innovative security strategies, fostering a culture of integrity, and leveraging data analytics for informed decision-making. These skills have paved the way for him to excel in the public and private sectors.

We selected Eric as a One2 Watch recipient because he is a mover and shaker! He began his journey as an FBI Special Agent. In the FBI, he led and managed crisis response operations, created intelligence-sharing initiatives, and led various organizations in coming together to address terrorism threats. After he completed an exemplary career in the FBI, he entered the private sector as an executive and continued to excel! Eric managed a global security operations center, streamlined vendor management, and directed an investigations program. Eric possesses a rare combination of public service dedication and private sector efficiency. On top of that, he is a dad, husband, and overall kewl dude.

Without further ado, we asked Eric our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

The rise of sophisticated ransomware attacks remains a big concern. These attacks have become increasingly common, targeting not just large corporations but also critical infrastructure, healthcare systems, and small businesses. As more devices connect to the Internet (I am primarily referring to the internet of things [IoT]), the potential entry points for attackers multiply, making it challenging to secure systems. Ransomware can sometimes yield high financial returns for attackers, incentivizing them to develop more advanced methods and tools. At the same time, many organizations still lack robust incident response plans or adequate cybersecurity training, making them vulnerable. Additionally, navigating various compliance requirements across regions can be challenging, often leading to inconsistent security practices.

2. How can we address ransomware attacks?

Addressing these challenges requires a multifaceted approach, including improving employee training, investing in technology, and ultimately fostering a culture of cybersecurity awareness to enhance overall cybersecurity resilience. Let me expand on this a bit more. Here are eight ways to address ransomware attacks:

  1. Conduct robust cybersecurity training: Companies should implement awareness training to help employees recognize phishing attempts and other threats. Consider conducting phishing simulations to reinforce learning and improve response times.

  2. Deploy multi-factor authentication (MFA): Implement enhanced security measures such as MFA to access sensitive systems to add an extra layer of protection. Additionally, all software, including operating systems and applications, must be updated to patch vulnerabilities.

  3. Perform regular data backup and recovery: Maintain regular, secure backups of critical data. Ensure backups are stored offline or in a secure cloud environment. Also, develop and regularly test disaster recovery plans to ensure quick recovery from an attack.

  4. Establish an incident response team: Form a dedicated team to respond to security incidents and create a clear communication plan. Conduct tabletop exercises and drills to practice the response to ransomware attacks, ensuring that all team members know and understand their roles.

  5. Isolate critical systems: Segment your corporate network to limit the spread of ransomware if an attack occurs, safeguarding sensitive information.

  6. Implement advanced threat detection: Utilize advanced security solutions, such as AI-driven threat detection and endpoint protection. Perform regular security assessments and penetration testing to identify and address vulnerabilities.

  7. Join cybersecurity alliances: Participate in industry-specific cybersecurity groups to share threat intelligence and best practices. Collaborate with law enforcement and cybersecurity organizations for support and resources.

  8. Develop cybersecurity policies: Create and enforce comprehensive cybersecurity policies that outline acceptable use, data protection, and incident reporting. Adhere to relevant cybersecurity frameworks and regulations to ensure a baseline level of security.

Content by decodingCyber

Like our content? Let us do the same thing but for you. Interested? Let’s chat!

3. What are three actions a CEO can take to protect their company from cyberattacks?

A CEO can significantly enhance their company's resilience against cyberattacks and protect its assets, reputation, and customer trust. My recommended actions include the following:

  1. Prioritize cybersecurity in the business strategy: Cybersecurity should be viewed as a core component of the business strategy, not just an IT issue. By integrating cybersecurity into overall business planning, the CEO can ensure that resources are allocated effectively and security considerations are embedded in every aspect of operations. This proactive approach helps prevent vulnerabilities and fosters a security culture throughout the organization.

  2. Invest in cybersecurity talent and technology: Hiring skilled cybersecurity professionals and investing in advanced security technologies are essential for defending against threats. A strong cybersecurity team can implement robust measures, respond to incidents, and stay ahead of emerging threats. This investment not only protects the company’s assets but also helps build trust with customers and stakeholders, which is crucial for reputation and business continuity.

  3. Foster a culture of security awareness: Employees are often the first line of defense against cyberattacks. By promoting a culture of security awareness through regular training and open communication, the CEO can empower employees to recognize and report suspicious activities. This creates a more vigilant workforce and reduces the likelihood of human error, a common vulnerability in cyber defenses.

4. What are the best resources for learning more about cybersecurity?

The following resources collectively can provide a solid foundation for learning about cybersecurity, from formal training to real-world analysis.

  1. Cybrary offers a wide range of free and paid online courses covering various cybersecurity topics, from beginner to advanced levels. The platform includes hands-on labs, virtual environments, and certification preparation, making it an excellent resource for practical learning and skill development.

  2. The SANS Technology Institute is a leading provider of cybersecurity training and certifications. Their courses are taught by industry experts and cover a broad spectrum of topics, including incident response, threat hunting, and penetration testing. SANS also provides valuable resources like whitepapers, webinars, and research that help professionals stay current on the latest threats and techniques.

  3. Krebs on Security blog, run by journalist Brian Krebs, provides in-depth analysis and reporting on recent cybersecurity incidents and trends. Krebs’ insights are well-researched and accessible, making it an excellent resource for understanding the real-world implications of cyber threats. It’s a valuable read for anyone wanting to stay informed about the latest developments in the cybersecurity landscape.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

Quite simply, embrace a mindset of continuous learning. Cybersecurity is an ever-evolving field with new threats, technologies, and regulations emerging regularly. Staying updated through certifications, online courses, workshops, and industry news is essential. Engaging in hands-on practice, participating in cybersecurity communities, and working on personal projects or labs can enhance your skills and knowledge.

This commitment to lifelong learning will not only make you more effective in your role but will also keep you competitive in a rapidly changing job market. Cybersecurity is as much about adapting to new challenges as it is about technical knowledge; therefore, staying curious and proactive is crucial to success.

Exsqueeze me? Did you not share this interview?! Come on, bruh!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD

Michael F. D. Anaya | Founder

I’m a techie who’s been in cybersecurity for over two decades. My passions are being a top-tier dad, helping others, speaking in public, and making cyber simple. I am also partial to cheesecake and bourbon, but not together… well, come to think of it, it might be a killer combo! TBD.

https://www.mfdanaya.com
Next

Jude Fils-Aimé - Proactive Insights from a Cyber Expert