Learn the ways of your enemy, learn them better than you know their own. The world plays checkers, you need to start playing chess.
When you step into the office of someone who worked their way to the top, someone whose job role is to keep the company profitable, the last thing they want to do is part with it. One bad quarter will sink a CEO these days. They don’t want to gamble.
The attack is simple: Make them realize that the center of their business, whether it’s a means or an end, is digital. The protections on the digital perimeter are just as important as keeping the check book in a safe place.
Control that conversation. Establish a great rapport with the people in your organization that have what you need. Stop being the nerdy anti-social manager or technician that doesn’t want to be bothered. They won’t bother you for anything, not even the conversations and meetings that you need to be in. People are going to treat you the way you present yourself, they’re going to use what you give them. (You’re going to learn a lot of this when we start going over Social Engineering attacks.)
Learn how to be a business person, an executive. If you’re end goal is the CTO office or a company of your own, get a head start. Get into the meetings, even if they bore you. Why not learn on someone else’s dime if that’s what you’re going to do? This is a hack. Everything is a hack. Get the information, learn on your feet, put the picture together. Minimize your risk.
Explain how this wonderful new IDS is going to reduce your man hours. Explain how much overtime won’t need to be spent reviewing logs when you can correlate them in on spot. Explain how this is going to reduce your cyber liability premiums. Explain that demonstrating and implementing security measures is going to save them millions in court should anything ever get litigated.
Those are the things that are important to them. A $100,000 incident response and logging system is just gibberish to someone who only cares about numbers. It’s expensive, it’s big and it’s likely a few thousand shares of common stock. That’s going to impact bonuses.
When you start talking their language, understanding their thought process, you can control where it goes, what the narrative is and you who you can talk to internally to that can help you along the way.
Ken Pyle