Ethan Largent - Solving Cybersecurity's Human Problem

Critical Stats

LinkedIn: Check out his profile!

Started their cybersecurity journey in: 2015

Most passionate about (in cybersecurity): Making it easy to comply 

Favorite zero-day: Heartbleed

Favorite song: “What An Awesome God” by Phil Wickham

Introduction

Ethan Largent is a dynamic leader in privacy and data protection with over 25 years of technology expertise. Psst… he is also a gifted writer! Don’t believe me? Check out this article he wrote for us about data hoarding. It is quite compelling and easy to understand.

We selected Ethan because he’s a mover and shaker! His talent for operationalizing the intangible (translating complex privacy, security, and compliance requirements into actionable strategies that reduce risk and deliver business value) is exactly the insight we need. He is a Certified Information Privacy Technologist (CIPT) and a Certified Information Security Manager (CISM), and is personally driven by a passion to safeguard information and strengthen trust in the digital world.

Without further ado, we asked Ethan our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

Human beings will forever be the greatest asset for companies, but conversely, they pose the greatest cybersecurity challenge. Whether it’s an employee clicking on a link in an email and exposing the company to malware or failing to engage information security at the right time during a new effort to assess, identify, and protect against vulnerabilities in IT systems, humans make mistakes. Unfortunately, threat actors will always capitalize on those lapses in judgment, as they provide a path of least resistance.

2. How can we effectively address human errors?

To circle back to what I’m passionate about in cybersecurity, focusing efforts on making it easy to comply is essential. Certainly, improved training is a part of this, so employees are regularly reminded about the dangers of clicking suspicious links in emails and the importance of conducting information security reviews on new engagements. However, it’s not enough to rely on an employee’s memory from training they took 6 months prior to guarantee they won’t accidentally click on a suspicious link. That reminder must be in their face at the time that the link is present on their screen. Flagging emails as external to a company is a great example of this “just in time” awareness.

In summary, training combined with real-time awareness tools that enable employees to make informed decisions is key. When it comes to cybersecurity, the less guessing required by employees, the better.

3. What are three actions a CEO can take to protect their company from cyberattacks?

The CEO must:

1. Be a visible advocate for cybersecurity. Everyone in the company looks to the CEO for strategic priorities to enable success, and so if cybersecurity makes the list, people will take note.

2. Ensure that information security is sufficiently staffed to guard against cyberattacks.

3. Stay informed about the current state of cybersecurity affairs to the extent that they can make informed, risk-aware decisions that protect the company from unpalatable risks that may arise.

4. What are the three best resources for learning more about cybersecurity?

1. When I want to learn about cybersecurity, the most valuable resource I turn to is my network of peers and professional contacts. Having a well-established group of connections is invaluable because, as much as I think I know about a few topics, I’m guaranteed to always find someone who knows more.

2. Another resource I’ve been turning to more frequently is ChatGPT. When I’m engaged in conversations at work and someone brings up a cyber or tech topic that I’m not as familiar with, ChatGPT does an incredible job at providing an in-the-moment synopsis for me so I can ask more well-informed questions. The other benefit is that I can refer back to the sources used by ChatGPT to compile the information later for a more in-depth analysis.

3. Finally, YouTube has consistently proven to be an excellent resource for education. Whether it’s helping me to change the valve cover gasket on my 2006 Toyota Camry or learning how to set up Ubuntu on an old laptop to act as an access point to intercept network traffic, people are incredible in their willingness to explain topics in an easy-to-consume “how-to” format for the benefit of others.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

My advice remains the same for someone looking to advance in an existing cybersecurity career or break into the field: Survey the job market to understand where the industry is headed. Let me explain.

In part because of the numerous resources available today that were not available 25 years ago, someone with sufficient determination can become educated in a wide range of cybersecurity topics practically overnight. As such, a 4-year degree in IT or cybersecurity may no longer be the shortest path to success. Similarly, maybe it’s not getting certifications like the CompTIA A+, the Certified Information Systems Auditor, or the Certified Ethical Hacker. Or maybe it’s all 3. Where are the job openings, and what do the job postings say it takes to get noticed? That’s where your time will be best spent.

In addition, make time to build your network and share your interests with others, so that when they need to hire a cybersecurity analyst, yours will be the first name that comes to mind.

Round up the usual suspects and share this interview with them!