Dr. Joye Purser - Stop Cybercriminals in Their Tracks: Advice for CEOs and Cybersecurity Professionals

Critical Stats

LinkedIn: https://www.linkedin.com/in/joyepurser/

Started their cybersecurity journey in: 2010

Most passionate about: Backup-and-recovery 

Favorite zero-day: Solar Winds

Favorite song: Thunderstruck by AC/DC (of course)!.

Introduction

For over 25 years, Dr. Joye Purser has been operating in the private sector and government, focusing on risk, audit, compliance, strategy, technology, operations, and global leadership. Her mission is to help organizations protect their data, assets, and reputation from evolving cyber threats while enabling them to achieve their strategic goals and optimize performance.

Joye also serves as a Leadership Board Member at the Cybersecurity Collaboration Forum (a network of Atlanta's 50 most influential cybersecurity executives), promoting security best practices, resiliency, and business expansion. Previously, she founded and ran a consultancy that provided expert advice on security, risk, strategy, and change management to clients across various sectors.

Joye is a mover-and-shaker

We selected Joye because she is a mover and shaker! She is very active in the cybersecurity community. The community turns to her because of her depth of knowledge and experience; they are second to none. She is also a skilled speaker and always willing to help others. These qualities are stand-out characteristics that make her One2 Watch!

Without further ado, we asked Joye our standard set of 5 questions to rule them all, and here are her responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

The biggest cybersecurity challenge we face as a society today is the rapid increase in threat actor sophistication.

2. How can we address the rapid increase in threat actor sophistication?

There are many ways to counter today’s sophisticated threat actors; here are two: 

• First, organizations need to understand ‘the attacker mindset.’ This is explored in the book Understand the Cyber Attacker Mindset: Build a Strategic Security Programme to Counteract Threats by Sarah Armstrong-Smith. Understanding what motivates threat actors toward your particular organization is key. For example, do hackers want your money? Do they want to sway an election? Do they want to cause reputational damage? Additionally, studying the tradecraft of cyber criminals helps organizations stay ahead of a perpetual game of cat-and-mouse. Thinking like a hacker can help prioritize the most effective countermeasure.

• Second, to counter more sophisticated threat actors, it is important to increase visibility into your data. You should be able to answer: What data do we have? Where is that data located? What is sensitive, regulated, and high-value? Tools by Veritas and others can help illuminate so-called ‘dark data’ that may be stored in a form that is difficult to work with and protect. You can’t protect data you can’t see.

3. What are three actions a CEO can take to protect their company from cyberattacks?

1. A CEO should have the Chief Security Officer (CSO) report regularly on the key security risks and mitigation strategies. I recently came across a LinkedIn post from a former Navy S.E.A.L., Jamey Cummings, who offered 5 key reporting items. He spoke explicitly about the “5 things boards of directors want to know from their CISOs,” but CEOs would also appreciate those same points from a CSO.

2. A CEO should ensure that cybersecurity basics, such as security awareness training and patched recent-version software, are funded and in place.

3. A CEO should validate organizational alignments so the security team can communicate openly with other teams, such as the infrastructure and legal teams. I see organizational stovepipes resulting in poorly configured anomaly detection rules, thus allowing threat actors to evade detection and do damage.

4. What are the best resources for learning more about cybersecurity?

My top resources for learning more about cybersecurity are:

1. A daily diet of news via podcasts, LinkedIn, and discussions with luminaries in security.

2. A vibrant professional network and conversations that enable me to learn, wade outside my comfort zone, and seek new knowledge.

3. Pursuing certifications or other learning programs allows my knowledge to evolve as the field does.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

Why stop at one!? I have a few:

1. Get certifications, but prioritize on-the-job experience — One way to get great on-the-job experience is to work at a help desk. This is a great way to learn about various IT issues and hone problem-solving skills.

2. Determine your strengths — I recommend using tools such as CliftonStrengths to help you.

3. Capitalize on your strengths — Once you learn where you excel, pursue work that uses those strengths. Continue to evolve and pursue areas of the security world that challenge and intrigue you.

4. Network like crazy — Quality, individual connections are extremely important within the security community. To develop them, you should:

   • Attend conferences and other events

   • Follow-up with people you meet

   • Give-and-take

   • Present yourself well

   • Be assertive

   • Be responsive

   • Be helpful

   • Be curious.

You're gonna need a bigger boat… to fit all the people that I am sharing this interview with!

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD