Jeff Johnson - How Patching Can Make Your Organization Safer

Critical Stats

LinkedIn: Jeff Johnson's profile

Started their cybersecurity journey in: 1998

Most passionate about: Intelligence and Insider Threats

Favorite zero-day: Heartbleed

Favorite song: Epic by Faith No More

Introduction

During his career, Jeff Johnson, an accomplished corporate security professional and leader, has held positions of increasing scope and responsibility. These include: Head of Security; Global Head of Cyber Security Defense and Intelligence; Senior Director of Information Security; Global Lead - Information Security Competence, Awareness, and Training; and Data Privacy and Information Security Manager. Jeff has continued to learn, grow, and apply his expertise in new and novel ways with each new position.

Jeff is a cyber vanguard!

We selected Jeff because he is a cyber vanguard, meaning he has a wealth of knowledge and experience that few have in the field. More than that, he is intelligent, hardworking, and always willing to share his knowledge.

Without further ado, we asked Jeff our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

As a “get the basics right” kind of person, I always see patching as a critical challenge. When many exploits take advantage of known vulnerabilities with existing fixes, why worry about Artificial Intelligence?  It isn’t sexy, but if we just patched it right, it would make the cyber community safer.

2. How can we address the lack of patching?

Patch and verify, and then do it again. It is a rinse-and-repeat process. It is critical to secure cyber hygiene. Educating new cybersecurity professionals on getting the basics right should make us all safer.

3. What are three actions a CEO can take to protect their company from cyberattacks?

1. Learn the risks and what it takes to address them. Cyber risk carries business risk like any other.

2. Invite CISOs to address the board and hold them accountable just as the rest of the business.

3. Don’t defund cybersecurity just because there haven’t been incidents.  If your company has been secure, it may be due to good cybersecurity practices and money being well spent. Learn about it before you or the CFO cut funding.

4. What are your top three resources for learning more about cybersecurity?

1. Peers - Have a diverse group of them and listen to all opinions.

2. Professional groups like Infragard, DSAC, CISA, BlackHat, Krebs on Security, etc. Have a diverse group of sources. 

3. decodingCyber and other similar non-product-related sites, blogs, and podcasts.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

Determine your area of interest, as cybersecurity has so many aspects. Explore as many areas as you can and determine what excites you. Also, remain open to areas you didn’t expect. Cyber intelligence and counterintelligence were not on my radar but became my passion when we needed someone to develop the team. I jumped in and loved it.

All that glitters is not gold, but this site shines and is worth more than all the gold in the world…right?

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD