Cybersecurity Training Works
MSP 1337 | Cybersecurity Education & Security GuidanceJuly 09, 2024
4
x
35
00:30:5528.61 MB

Cybersecurity Training Works

Ever wonder what the world outside of IT does with cybersecurity awareness training? If they don’t engage with an MSP, how many do it at all? I sit down with Jennie Johnson of TCE Company to get her perspective on transitioning from the world of education (K12) to working in the IT Managed Services space.
Ever wonder what the world outside of IT does with cybersecurity awareness training? If they don’t engage with an MSP, how many do it at all? I sit down with Jennie Johnson of TCE Company to get her perspective on transitioning from the world of education (K12) to working in the IT Managed Services space.

[00:00:06] Welcome to MSP 1337. I'm your host Chris Johnson, a show dedicated to cybersecurity challenges solutions a journey together not alone Welcome everybody to another episode of MSP 1337 I'm joined this week by my lovely wife, Johnston, Danny, welcome to the show Thanks for having me

[00:00:36] Well, this episode is going to be titled cybersecurity training works and after having some technical difficulties last week trying to get some recordings done I am now down to the wire to get this episode out there

[00:00:54] And I wanted to start by kind of going over the why behind this episode and then why you're such a good fit for helping share the narrative

[00:01:02] And it goes back to I think it was last week maybe the week before I had Charles Love on with Showtech and we were talking about email overload and automated emails

[00:01:13] And one of the stories he told during the episode was about one of his new employees who's new to the world of IT and the world of working in the technology industry

[00:01:23] Of supporting IT services to businesses that don't have internal IT resources and his story was about a skills or security awareness training That actually was able to help for a smithing attempt

[00:01:40] And so as we go through this narrative, I think everybody's been thinking about the value of security awareness training because as IT service providers

[00:01:47] I know even myself, I've been like why do I need to watch this video? Why do I need to go through this? I already know this stuff. I know what I'm doing. I'll be fine

[00:01:56] So Jenny and the and for those of you that know me know that Jenny now is no longer a teacher she now works in the IT industry like I do and it works from home

[00:02:08] And we get to share the same office space. So let me tell you I get some stories on a pretty regular basis about things that Jenny has observed

[00:02:18] That she wants to know if she's caught it kind of like hunting for an industry so Jenny and the ever evolving world of work here now a year into your career change and I thought I'd be curious if you could share the audience

[00:02:32] Tell me a little bit about the transition or the change from working as a teacher in a school district to now working in the IT service space for an MSP

[00:02:43] Thank you. Yeah, so one of the things I do want to correct is that you said I am no longer a teacher I will always be a teacher, but maybe not just in my profession. I got to point that out

[00:02:55] So I've been a teacher for 19 years. It's what I did straight out of straight out of school and I've loved it in the last six years I found myself working in a public school teaching social studies and English classes

[00:03:10] And the transition has been very interesting and I would say welcoming. I went from a very high high stress position to one that is for lack of a better term less stressful

[00:03:27] I think if I was to like think about the things that you shared with me and to just kind of, you know, I don't want to say jump ahead but you know that I know you love being a teacher. You love teaching both in the private Christian school space and in the public school

[00:03:43] Tell me a little bit about from a technology usage standpoint, you know the goals are different. I think and I know you and I talk about this yesterday that with regards to technology

[00:03:55] I'm just going to tell this out and I think this is a piece that shared amongst both the industry that you were in and the one that you're in now and that is like here's a laptop

[00:04:04] And there's an assumption that because you know, you are an adult and have had a career in regardless of what the vertical or industry is

[00:04:13] The use automatically know how to use technology. Would you say that's a fair assumption? Absolutely. I would find that my technology usage. I really, it was basically as you just said, here's a laptop go for it. Here's here's a new classroom with a different projector good luck

[00:04:34] There was not a lot of training in the education space for technology which for me, some people can handle that very well. That is not me it actually was quite stressful and at times I would avoid it or rely on other people that were more technologically savvy to figure that out

[00:04:55] And of course as a teacher I want to I want my kids, my students to have those fun interactions that can only be done through technology but it was a definite stressor in my job.

[00:05:09] Yeah, and in the so in four of the years for the last six years I actually for those of you listening I was the tech director. So I was the guy that in Jennings teaching profession for those four years I got to be the I often would use Jenny as the guinea pig to try new technologies out

[00:05:31] And guilty of assuming that Jenny or anybody else should automatically know how to use certain technology just because so I'll give you an example. We've all become familiar with using tools like airplane or the wireless casting Chromecast other technologies and that was a very big use use case in the school district the journey was at and the reason why it was so important is it allowed you to cast whatever was your teaching to your students.

[00:06:01] Without having to plug into a physical cable and so it was great you know when it worked and I think it's interesting to look at it through the lens. I'll just give you my lens and then Jenny I would like you to share it from your perspective.

[00:06:14] So from my side the response to the ways that I had were to make sure that the internet worked well that the access points in the classrooms weren't overloaded or saturated with student devices and that the experience when then we go to cast whatever it was a YouTube video.

[00:06:32] Some sort of PowerPoint slides that she was walking students through fill in the blank those were all part of what would have made up your classroom and immersive experience with technology.

[00:06:42] So share with the audience what that actually translates to when you were actually going to use the technology.

[00:06:51] Yeah so well I know for one of my classes our textbook was completely online and all of our students we were a one to one school so every every kid had a computer.

[00:07:04] And as we were trying to try to teach the students to take notes the only way to do that would be to show my text in front of this in front of the class and then have them follow along and learn how to notate as we were going reading through the text.

[00:07:20] But that became a problem when I would have substitutes come into my classroom because as many of you might know not every substitute is versed in the small amount of technology that I am so airplane something was extremely difficult and so.

[00:07:38] When I would have to have a substitute I would try and do my best to do other things off of you know things that would support the curriculum but it was in essence get us behind where I wanted to be because of that.

[00:07:50] And so because they're just weren't tech people walking around we had it we were in a very small school desk district and so my substitute would have to rely on my neighboring classroom teacher.

[00:08:00] If he or she ever had an issue with technology and airplane so we had enough issues with it that it just became way easier to keep technology out of the classroom.

[00:08:11] Whenever I wasn't there but if you fast forward to this year I have been able to spend a couple of days substitute teaching for some of my friends.

[00:08:21] In the district and it was just such a it was so comforting to walk into a classroom and already know how to.

[00:08:28] How to use the airplane and how to get on to the just get on to the Wi-Fi and all of the things that I needed it really made it for a more seamless transition from teacher to substitute.

[00:08:38] And and this teacher was thankful as well that she did not have to resort to everything on paper pencil again while I was there. Sure. Obviously most people listening know that. I'm straight and even when I was with school district it was still my passion.

[00:08:57] I'm really excited to have a question out there and I already know the answer to this and it's. And but. What time when the school. To find yourself going how do I just make this work and from a security standpoint sort of. Oh 100% that is that is correct.

[00:09:17] Yeah. Go ahead. Absolutely it was a very. Yeah, no it was just a very high stress situation where yeah who cares about security.

[00:09:25] I cared about security in the facts of what my students could or could not access on their computers in my classroom like if we were doing.

[00:09:34] If we were doing a research project on Egyptian gods or something like that then I was very concerned about the security of what my kids would be reading simply because if you know anything about Egyptian gods.

[00:09:45] They're pretty pretty out there and I was concerned about that but as far as me doing anything else. You're right security be damned you just get it up get it out so that I can move on with my class and do what I needed to do.

[00:10:00] And you you left teaching so you're out of your. Teaching space right when things let use of AI and some of those other things started to become prevalent in the accessibility from a student perspective.

[00:10:15] But I think about the challenges that we had my job was to keep them off, you know, bad sites things that were not appropriate for minors those kind of things.

[00:10:22] And your challenges similarly had to take that into account in monitoring what your students were doing but also making sure that they weren't cheating through the various means or cyber bullying or shown the blanks you had all of these challenges as a teacher. That as a.

[00:10:42] When you were in school where any of these things are of the teaching that you were educated on as a teacher and I don't mean just back at college, but like fast forward throughout your career time away.

[00:10:55] You ever had to take any sort of cybersecurity awareness training or. How to properly monitor or disable what kids. If I remember it was like if they do bad things take it away and that was about the extent of it.

[00:11:12] Right so and I for I forget the name of the program that we use but basically on my laptop, I could if I clicked on a certain students name I could see what they were looking at on their computer.

[00:11:22] The problem became is that the the kids very quickly learned how to sidestep that. Through multiple.

[00:11:30] Multiple users on their account and they would do like a three thing for swipe, and then things would change and so that was not as secure as I would have hoped it to be.

[00:11:40] And in my last in my last year, I do know that another teacher in the in the school did have issue with a student talking to AI and things getting inappropriate there and so she ended up just taking screenshots from her computer as to what she was seeing on that students computer.

[00:11:57] And then taking it to taking it to administration, but in which case they did end up taking the students computer away for a specified period of time. But that was it we were we weren't trained on anything cybersecurity in in all of my teaching career.

[00:12:15] And it's probably safe to say that the same is you know really true when it comes to students yeah we give them we gave them some exposure to you know cyber bullying I mean I remember doing the.

[00:12:26] The assemblies and and you know telling kids things like hey don't share passwords and don't use the same passwords and and I think one of the things that I look back now that I know now and perhaps you do too and I'm both to get your thoughts on this as we transition to more of the security we're just training part of this.

[00:12:43] You know the why is so important right like. Telling someone know or like you know when our kids were little like don't put your hand on the stove it's hot like why.

[00:12:54] Like all they experience some of those things they they don't necessarily understand how severe consequences can be until they either experienced it themselves or witness someone that they care about experiencing something that is you know that leaves that last impression.

[00:13:12] Is that a safe assumption like that even when we do the training we don't really give context as the why this is so important.

[00:13:19] Well yeah I wouldn't agree with that but I also think that to some degree the students I so I was working with middle school students.

[00:13:29] To some degree many many of them believe that they are just invincible right and I think part of that is their frontal lobe is not developed enough yet.

[00:13:39] For them to start making some better decisions but up until this point the majority of them have been if they ever found themselves in an difficult situation.

[00:13:48] It was a very easy family getting them out of that situation you know because there's just a true lack of consequences and I don't mean in family structures, but I mean just in the school system alone there's just lack of consequences for things.

[00:14:02] That just seemed to get kind of swept under the rug and I guess I'm speaking it from only my experience at the schools that I have been in.

[00:14:09] But it was very much not not a lot of consequences for things that I would consider would be serious as far as like bullying and looking things up on the internet and you know things that that that the school was very quick to say well it wasn't during school time so we can't be.

[00:14:26] We can't be held liable for it you know and I think that many many of the of the kids I worked with just did not just lack that understanding of the seriousness of the nature.

[00:14:36] And until they get to be an adult and there are actually legal consequences attached to their actions they probably will not understand that. Do you think that's partially tied to the physicality of it so I think about like you know if a kid punches another student.

[00:14:53] Physicality to that that you know especially if there's witnesses we know that it occurred or there's evidence left on the other child because it has occurred versus a lot of the things that happen in cyberspace.

[00:15:05] Even for those that would potentially go to great lengths to discipline a student unless they can find the evidence and they themselves are not so technically you know equipped.

[00:15:17] It's like well it's the he said she said and I can't prove that I don't have enough evidence to create a case that would like uphold right like.

[00:15:27] Yeah, so if I have to defend this two parents can I can I show any sort of real evidence that they did something that was actually wrong as I now have to explain to somebody who's potentially less tech savvy even than I am and I'm barely registering on the meter that says I understand how to use technology.

[00:15:45] Absolutely so anytime a fight would break out at my school. I promise you there were at least five five phone cameras going on to video this fight and then as well as the school security cameras.

[00:15:57] Sure. And so there was there was that evidence right there it's you can't well even though we had some students say. That wasn't me. Yeah, the cameras were lying that that wasn't me but but there's enough physical evidence that it's easy to show to.

[00:16:11] The responsible parties and say nope this in fact was was your son or your daughter versus the things done as far as bullying cyber bullying things like that those are done usually in secret and then when I say secret I don't mean at home.

[00:16:25] But one on one usually on a on a device to another person and so it is extremely difficult some of my students their parents I can think of one instance in particular where neither parents spoke spoke English.

[00:16:40] And although we had a Spanish translator walking around the school for parent teacher conferences we did not have a Vietnamese and one of this one of my students had gotten into a fight and I was reliant on her to talk to her parents about her performance in my classroom.

[00:16:57] And so I'm literally held at the mercy of the student who did in fact to get into some trouble that I was having to talk to the parents about and who knows if the parents ever found out the actual truth of what happened.

[00:17:10] But I think that can also translate to any any language speaking about when you think about the parents and how far about behind they are from their kids I know that if I am struggling with something on my phone I hand it to one of my sons and they're like oh wow mom here let me do this.

[00:17:26] I can't believe you don't know how to do this and it just gets greater and greater with each generation that just keeps on coming up is that our kids are going to be faster than us.

[00:17:34] And it's harder for someone of my age to understand exactly what they're doing and so when you go ahead.

[00:17:41] No, just to say it's funny you say that because our kids come to even me and say dad well you're the IT guy can you fix this and I'm like you know far more about that one thing than I do it's this assumption factor that we're all dealing with that the younger generations as they come up.

[00:17:58] Because they're quote digital natives that their native and their digital intelligence is at a level that says that they understand the the making of it and the reality is they know how to swipe.

[00:18:11] They know how to navigate what's been put in front of them but they don't know what makes it the reality they don't know what else is out there they don't know that the you know in some, you know the statement of the earth is flat sort of argument that people are now making say that they all know as.

[00:18:27] Why don't we go down this rabbit hole, but the the same thing is true about the internet like the understanding of how big the internet or the dark web or any of those things are and.

[00:18:37] You know you said this earlier and I thought it was really interesting the idea of not understanding that what they put on the internet has consequences if not now in the future and.

[00:18:47] You know the these kids are are naive enough to think that they could use a parents credit card on the internet and not understand how it was figured out there the ones that use the credit card right.

[00:19:00] So 15 gears a little bit and this is actually the the meat of the conversation you're now with an MSP you now have a completely different approach has been placed in front of you then probably anything you've seen in the last 20 years and while they.

[00:19:16] And while this is a career change for you it's not necessarily as much about a technology change other than there are some elements I think that have been introduced that were.

[00:19:26] Not foreign to you, but we're always kind of in the the fringe space of like yeah I don't have time for that or it's not a requirement or I'm not sure how this is going to be valuable to me.

[00:19:39] So talk to me a little bit. I know that as you came over to the your MSP that you've had to take some classes around cybersecurity and I'm just curious like. Just even at the beginning what did that open your eyes to.

[00:19:56] Well, the I guess the first thing is that I very quickly went from being the educator to the student and I walked into this I walked into this business full well knowing that I was.

[00:20:08] I needed to learn a lot and learn as quickly as I could in the shortest amount of time as I could and so I very easily started watching.

[00:20:18] The the proof point reach secure videos and I know that that some people might have an unpopular opinion about them, but they really got me up to speed things that I had never even considered before.

[00:20:31] I mean, and some of this stuff is common sense. I will say that, but it really opened up my eyes to the other types of cyber attacks like through. Vishing and smishing and all the things that rhyme with itching.

[00:20:43] There's just there's just a lot of those things that as I'm going through these through these different classes.

[00:20:48] I'm thinking, wow, I wish I could get my dad to sit down and do this because he's in his 70s and I believe he's very susceptible to being a part of these attacks and clicking on the links.

[00:21:02] Whereas I always I'm not a risk taker so I've always been like very concerned because I'm married to you.

[00:21:09] Because I know though, I know the horrible crazy stories that are out there and so I've always had I guess a second seconds wave of hey, maybe don't click on that link. That maybe most people wouldn't have.

[00:21:24] But this awareness training has I believe it has made me a more confident person in this this quote new world that I have been put into and I just I'm very thankful for it. And I know that some people wouldn't appreciate or maybe don't appreciate the.

[00:21:42] That elementary nature of some of the videos, but for me they have been really eye opening and I'm thankful that I've been able to do that.

[00:21:54] For sure and and I can relate to that so I mean I've been doing this for a really long time and I've had to take the courses from the know before proof point and others and you know one of the things that keeps coming back to me is is what you said like.

[00:22:08] I don't want to say it's always the elementary nature of the learning process where it assumes I know zero but I have found myself in more than one occasion thinking that hey because of what I do for a living.

[00:22:20] I'm going to skip the video and I'm just going to take it. And then I get one wrong and I'm like, oh my word, I can't believe I missed that and even.

[00:22:30] And I have this general understanding of what I would what I was supposedly sort of watched in the video and I think though to your point is a lot of the content is is starting you out at elementary level and there's a lot of training content out there that never really takes you past the elementary level.

[00:22:48] And I had a lot of time to think about that and I think the reality is because even though we might be learning from the courses or the classes or the sessions or the videos whatever you want to call it that we're taking.

[00:23:00] I don't know that we don't still fall victim to elementary level threats right so like if we think about email as an example when you get a link in an email it says hey your bobby.

[00:23:14] five but we couldn't deliver a click here or you've won $10 on gift card click here. We are programmed to click on link.

[00:23:24] It is who we are it is how the internet was created everything is involving and so I know that it is still easy to fall victim to that and I think that's partly why if you're not regularly taking the trained videos that continuously expose you to you know how to spot a smushing attack or how to spot when trying to spoof you or.

[00:23:44] You got a text message letting you know that your boss would like to talk to after this meeting can you please respond with when is a good time.

[00:23:52] If we are continuously exposed to that, those simulations I think we don't have that front of mind so thinking about that if you were to look at training going forward.

[00:24:06] Are there things that you would like to see that would help you navigate this space because I know for me I'm constantly thinking about like how would I help somebody understand and you mentioned one like parent education.

[00:24:18] The reality is you don't get a lot of prompts for you as a consumer like a personal consumer like outside of work like having like Amazon reach out to you and go hey.

[00:24:29] We noticed you do a lot of shopping to our platform here are a couple things we didn't know like maybe don't click on anything to send to you via this method we would never send you anything that way so no one advance if you get a text messages.

[00:24:42] As someone on you should know that it's not real and that was just a hypothetical on Amazon does. Is there something specific that you can think of that you would like to see done different. I feel like that Amazon was pointed straight at me as I do.

[00:24:58] I do a little bit of. On Amazon but no I think that would be a great thing I think that more companies should do that and I'm not sure that everyone is aware I think again about my dad and as he.

[00:25:11] He tends to avoid Amazon but he'll buy things from other from others online stores and he isn't aware about of those types of things that they won't text him and he would probably click on anything from.

[00:25:26] From that online store that came in and so I think that some of some of the responsibility should should lie in those in those stores reaching out to their consumers. Because not everyone is taking the security training I think that it would be a huge deal.

[00:25:42] I like that there's there's two that I that I think of right away one is that we don't do enough around like if you get a phone call and you don't recognize the phone number like maybe don't answer it or maybe at least be skeptical that they are going to prompt for some that is.

[00:25:59] I'm not that interested.

[00:26:01] Similarly to text messaging I know I say this a lot to those that I interact with like make sure that your leadership to get into your staff the thing that you and like I will never send you a personal text message asking you to run on me.

[00:26:18] I think that's the thing that I think that is a very important thing to do is to put the Amazon gift cards kind of thing but there's so much out there that I think we still have to overcome me assumption with that fairly you still feel like.

[00:26:30] You came into quote my world. You find yourself coming into this. Soon that's already being addressed because you would think at this point in the industry that we're doing a better job of addressing cybersecurity.

[00:26:48] You would think I'm just thinking about our own our own kids and how we've preached it you know if you don't know who's calling you please don't answer let it go to voicemail say really need to talk to you is going to be on a voicemail.

[00:27:01] So rewind about I'm going to say maybe just a month ago maybe six weeks ago one of our sons decided to answer and he ended up giving away.

[00:27:11] And that's not information or even flooding that person know that this was a legit phone line and there is a human on the other end and his.

[00:27:20] His checking account got had to very quickly now that might have been because he was shopping on a site that we would have in like wait we probably shouldn't you know if it's too good to be true. It is too good to be true.

[00:27:31] Yeah, I'm going to get a free shirt because I you know spent a dollar or something along those lines and so I think that that yeah that education.

[00:27:40] Even though it is partly that the big the stores responsibility is also our responsibility as parents and as loved ones to be able to share these things with our family and yes we have teenagers and pretty much.

[00:27:58] We don't know what we're talking about but there was a life lesson as he had to close his checking account he had to walk into the bank and get a new bank card.

[00:28:07] And so I would dare say that this kid won't make that mistake again and thankfully it was it was not a huge mistake.

[00:28:14] Yeah, well it was it was just one that we were able to catch quickly so that the impact was minimized I think I think that's a man and you to reinforce with our kids is that just because it seemed very. But nine.

[00:28:28] And so it was just uncomfortable is that it could have been something very different had it not.

[00:28:34] You know he didn't have that open conversation with you right away he wasn't he wasn't ashamed to talk about the the vulnerable state that he put himself in and I think that's something that's really important is that you can't do the shaming piece or next time no matter how good or bad it might really be it's still going to go uninsured.

[00:28:54] But you know before we wrap this up do you remember back when we were kids I know it's a long ways back but do you remember I have see points or like you would open a bottle and underneath the cap you'd have a code so.

[00:29:07] I should remember like hey this is like a free 20 ounce Pepsi or something along those lines. Yeah, I never participated in that.

[00:29:18] I remember for you because maybe that was you know I think that's the basis we still see some of that today and specifically I think that was actually what our song was targeted through. I know that in I think it's been five or six years.

[00:29:33] I said yes to a 30 minute denim demo from some vendor and remember what was and if I was one of the first 50 they've sent me a pair of beats studio pro headphones.

[00:29:43] I was like cool and as I went through the whole demo I started thinking like man this is totally a scam there's no.

[00:29:50] I'm like two and a half weeks later I got a brand new pair of beats headphones in the mail and there were no strings attached to it so there is a balancing act between there are legitimate things out there that do have some level of premium.

[00:30:05] It's a perk that you can achieve through participating in the program but like you said it seems too good to be true it's probably there's some string attached even if it's not malicious in nature it's not fruit.

[00:30:21] Any any thoughts and just chat audience before I close this out. I don't think so. All right for those of you listen this episode. Keep 30 seven thanks and have a great week.

Richardson & Richardson LLC © 2023. All Rights Reserved.