Phishing

Transcript

Opening

Welcome to What's the Problem, a show that explores problems that buyers and practitioners of security products and services face. Today, we are lucky to have Ebony Hall joining us.

Conversation

Mike Krass: Ebony, thanks for being on the show.

Ebony Hall: Thank you for having me, Mike.

Mike Krass: Absolutely. Now, Ebony, we always ask this question at the beginning. Why are you qualified to speak about security?

Ebony Hall: Well, Mike, I've been in the IT industry for over a decade now. I've done some in the United States Army and then did some classes where I obtained my Certified Ethical Hacking (CEH certification) and my Security Plus. I also work a lot of hand in hand with the security team at my current job.

Mike Krass: And what is your current job, Ebony?

Ebony Hall: My current job is Systems Engineer.

Mike Kass: Awesome. So your current job is Systems Engineer, and you're in a University setting, correct?

Ebony Hall: Yes.

Mike Krass: Awesome. Systems Engineer in the education space. So talked about some of your working experience and the academic work you've done over the years. So tell us a problem. What's the problem with security in your world?

Ebony Hall: One main problem that I see is user education. So user education is one of the most important things in security. I think that the vendors are getting better by providing this type of information for end-users to use so that they are equipped enough to know when to report phishing. They understand what's phishing and when to report it and how. Now you have a plug-in in Microsoft, but there's still a lot for learning for the end-users. I think another thing, too, is with us going over to Cloud. When they are trying to sell to the buyers, some of the vendors are not honing in on the company's pain points. Their pain points loss of revenue. Do they have enough staff to cover these backup servers' redundancies? They're not making sure they have the correct security software. So I think there's a disconnect between the vendors and the buyers themselves.

Mike Krass: And you mentioned a few pain points there. Are those unique to the education space, or are there specific pain points in the education space that you didn't bring up in your response earlier?

Ebony Hall: Those are for the education space.

Mike Krass: Got it. And then circling back to end-user education. What do you think that needs to look like in user education?

Ebony Hall: They need to know the difference between phishing. They need to know what they need to click when they need to report something when it's unnecessary for them to click any things to look for in emails when there is phishing because you can have some emails where it looks like it's coming from your department or company. We're looking for small things like a misspelling of words or the inhumane of the email address. Those are things that I see a lot that come across my desk where they think this is a regular email coming from someone within the company.

Mike Krass: Have you seen that end-user education has gotten better or worse over the past decade of working in the IT space, in your opinion?

Ebony Hall: I honestly think it's gotten a lot better. It's about when you speak to some of these vendors. When you're purchasing this stuff, they give you a very broad explanation of what you do have. So I think within the company itself, our security team can do better by digging in there to see every single thing that we have to cover all aspects of the security side.

Mike Krass: Yeah. It seems like an opportunity on the vendor side to make sure that their sales engineers can speak in detail and give you paths forward. Right? Not speaking broadly like you just said, here are very specific things you can do. You can basically pick up and drop your organization in terms of standard operating procedures, training, etc., which will make your life easier.

Ebony Hall: Yeah, definitely. Whenever you're purchasing for security, you have four different types of buyers that I think they should be educated to know how to sell some things. For example, you have your security-centric buyers. They evaluate purchases, security products, and services based on the specific needs that they want, and then you have other buyers who want stuff to have, like they may have something where they want. All of these different reports coming up that they can see every month to monitor everything that's going on with the security for the company.

Mike Krass: Yeah. It's an important distinction to make on the vendor side of who we are talking to and at what stage are we talking to these folks in terms of the buyer. That makes a lot of sense. Now we're to our final third question. It's the fun one. So, Ebony, fun haircut or worst haircut that you've ever had? Bring us home on this episode with a smile.

Ebony Hall: Oh, my gosh. When I was in the military, I went home for leave. I knew I was going to be gone for about thirty (30) days. I had a shortcut, so I wanted a little design. I wanted a star in my head. So the guy is cutting it, and I'm looking in the mirror, and I'm like, okay, that's looking nice. Everybody is saying it looks nice, and it's done. I turned around, and that was not a star. I don't even know what it was with this thing on my head and wait till it grows. And sometimes, when you have a design and that hair grows back, it's really ugly, so I have one stage of ugly and then the worst stage of ugliness coming along with that.

Mike Krass: It's one of those experiences where it gets worse before it gets better.

Ebony Hall: Yeah, definitely.

Mike Krass: Did you ever find out what the shape was? It wasn't a scar. What was it?

Ebony Hall: I don't know. It looks like an upright triangle and an upside-down triangle going through each other, but kind of side by side. It was really weird.

Mike Krass: Wow. It was going to take a while. Guess and say, you never went back to that Barber again.

Ebony Hall: I said ‘’I'm never coming back here, Dude, I have to pay for this’’. I was like, yeah. I was like, okay, so I just won't be back now.

Mike Krass: Yeah, I'll do anything to get out of this Barber chair right now. Awesome. Well, Ebony, I appreciate you sharing your experience, both practical as well as academic experience, with our listeners. Thank you for joining What's the Problem Again, the show that explores problems that buyers and practitioners of cybersecurity face in today's world. Thanks, Ebony.

Ebony Hall: Alright. Thank you.

Mike Krass: Thank You.