Episode 166 – Reduce Cybersecurity Risk for your Projects

The goal of cybersecurity is to protect the data and integrity of your computing from malicious digital attacks. The challenge for a project manager is to implement effective cybersecurity measures to secure yourself, your team, your clients, and your projects as attackers become more innovative. Our guest is Andy Sauer a cybersecurity leader who helps organizations build cybersecurity maturity.

Table of Contents

01:47 … Meet Andy02:29 … Raising Awareness of Cybersecurity for PMs03:34 … A Case Study06:55 … Lessons Learned from a Cyber Attack09:23 … “Least Privilege Necessary” Model10:48 … Lack of Multifactor Authentication11:39 … Staying Ahead of Attackers13:35 … 10 Steps to Better Cybersecurity13:42 … Training for Phishing15:25 … Multifactor Authentication16:14 … Least Privilege Necessary17:34 … Apply Patches to Systems and Applications18:40 … Delete Old Accounts19:53 … Kevin & Kyle21:13 … Adopt Cloud Services22:15 … Building an Incident Response Plan25:16 … Establish Hardened System Baselines26:13 … Keep Your Backups Air Gapped27:21 … Store Security Logs and Watch for Unusual Behavior.30:18 … Security is Your Responsibility31:09 … External Cybersecurity32:25 … Concerning Emerging Technologies34:31 … Evolving Cybersecurity Threats36:32 … Get in Touch with Andy37:38 … Closing

ANDY SAUER: ...it’s very easy to look at cybersecurity concerns and think, that is not my problem.  We have a security team.  We have an IT team.  But I promise you when the compromise happens, the folks in the IT and cybersecurity teams are often focused on the technical and getting the systems back up.  They’re not particularly concerned about your specific project and your workload. You have to take that responsibility.

WENDY GROUNDS:  Hello, and welcome to Manage This, the podcast by project managers for project managers.  Thank you for joining us today.  My name is Wendy Grounds, and joining me is Bill Yates.  If you like what you hear, we’d love to hear from you.  You can leave us a comment on our website Velociteach.com, on social media, or whichever podcast listening app you use.

Today our guest is Andy Sauer.  Andy’s a cybersecurity leader who helps organizations build cybersecurity maturity.  Now, this was someone that Bill had been in touch with.

BILL YATES:  Yeah.  This is how I came across Andy.  I heard him speaking to a group of CEOs.  And what struck me was, okay, not only does he know cybersecurity, but he’s having an impact on this group.  I watched the CEOs taking notes, and some were texting.  It was funny, they were apologizing to Andy after his presentation.  “Hey, I wasn’t ignoring you.  You said something that struck me, so I was texting members of our team to see if we had done that yet.”  You know, I felt like, okay, for project managers, this is something we need to hear.  It’s something we need to be reminded of and raise our awareness.  So Andy’s going to be a great resource for that.

WENDY GROUNDS:  We talked to Don Hunt before on cybersecurity, and that was a few years ago.

BILL YATES:  Yes, yeah.

WENDY GROUNDS:  So I think it’s good that we retouch the topic again.

BILL YATES:  Right.

WENDY GROUNDS:  Hi, Andy.  Welcome to Manage This.  Thanks for joining us.

ANDY SAUER:  Hey, there.  Thanks for having me on.

Meet Andy

WENDY GROUNDS:  So tell us a little bit about your background in cybersecurity before we get into talking about this topic.  And something about your role at Sentinel Blue.

ANDY SAUER:  Sure.  I’m the CISO, the Chief Information Security Officer, for a small company called Sentinel Blue.  I’ve been in IT and cybersecurity for about 13 years, with the last five years really being focused in on cybersecurity, rather than IT.  Sentinel Blue is a cybersecurity services firm that works with small and medium-sized businesses, particular in the U.S. defense industry.  And our main focus is really on building cybersecurity maturity for those businesses.