Precise Resource, Inc. Discusses Cybersecurity Standards and the Importance of Considering What You Upload
Janis Mitchell - Columbus Tech Power Player Honoree
Precise Resource, Inc.
Director of Market Strategy - Central Ohio
To listen to the podcast, click here!
CEO for Precise Resource, Inc., Janis Mitchell, discusses cybersecurity standards and the importance of considering what you upload.
Hello, and welcome to the comSpark podcast, where you will get to meet today's technology thought leaders. To learn more, visit comspark.tech.
SG: My name is Steve Gruetter - I'm with Expedient, and I'll be your guest moderator later today. Janice, let's get started. What is Precise Resource?
JM: We do executive search, specializing in information security, cybersecurity, data analytics in the banking and insurance space across the U.S.
SG: Great industry to be in right now. So much change going on.
JM: So much change, so much change.
SG: When you talk about security, what would you recommend to a company that's got a limited security or a governance plan? Where would you start with something like that?
JM: Well, first of all, I would...you obviously need to have a staff, but you need to sit down and figure out what framework you want to go off of to build your program, and in other words, I'm NIST standards, ISO, Cobit. That all depends on what your business is in. If you're doing a lot of business internationally, I would recommend you to do the ISO standard because it's an international standard and framework that you can work about up against everybody these days is going with the NIST standard because of what's happening in the cyberspace. So, you need to figure out what framework that you want to have, and then from there you need to do an assessment as to where your current state of the art is. Do your vulnerability assessments or pen testing. See where your holes are, see what needs to be fixed, see what the remediations are, get the report and line everything up.
Once you've looked at your current state and see where you are, you then need to figure out, okay, who's going to be on the committee corporate wide, and so you need to include and form a governance committee to oversee everything that goes on in your cybersecurity or in your security program and involve HR involve legal, involve accounting. You need to have a stakeholder from every area over the organization on board. Once you've done that, you need to put together your framework, disseminate it out, and then the most critical thing that a company needs to do is they need to make sure that they've trained everybody on the new process and procedures, because at the end of the day, it's kind of like garbage in, garbage out, and if we haven't educated everybody within the company as to the proper ways to go about things than our employees are our biggest weakness.
SG: Is execution the hardest step?
JM: I think execution is, but I also think that really understanding when you're designing the program, you have to get enough buy in from everybody in the company, because if you put policies and procedures in place and you don't have buy in from all of the team members, they are going to find a way to drill around the processes that you want. I mean, security in the past is about you can have the thought processes about keeping people out, but in today's society it has to be about putting proper boundaries around enough people. Letting people in who you want in and keeping people out that you don't want out in segregating them off to what kind of data that you have.
SG: I have seen that still far too many companies treat security as a checklist. It's not. It’s a living entity.
JM: It’s a living and breathing entity. And then the other thing is do we patch everything, or is it or is it more cost effective to take the fines and not do the patch? You know, it all goes back to who do we really have sitting at the table? Does your information security or your CSO really have a voice or are they just there to deliver bad news and then walk back out of the boardroom. So, it just depends on, you know, what you're looking for. But it also, you know, here in the US and here in the Midwest, I really think from what I see in my role, you don't have a lot of people that clearly understand the importance of privacy.
So, there's a big difference between security and a big difference between privacy, because security now is, let's just face it, Steve, you're going to get hacked. Everybody gets hacked and you're a fool, my friend, if you think that you're not going to get hacked. You know, even these millennials on Snapchat. They put something up as Snapchat and Snapchat says that it goes away in 24 hours. Well, it's technology, it has to sit on a server. So, to you, the end user, Mr. Millennial, I get that you think that it's not sitting there and that it's gone away in 24 hours, but the data of what you just captured, if you were sexting by the way, it's still there on some server and it will get hacked. So, you better be careful as to what you're putting out there in the public eye.
SG: So, a great lesson for a lot of our listeners.
JM: Absolutely. If you don't want repeated, don't put it out there. Just keep it in your head.
SG: Kind of like real life.
JM: Yeah. Kind of like real life, right?
SG: Janice, as a serial entrepreneur here, and I want to ask you about your career. Did you have a mentor early in your career? When did you get the big break?
JM: Oh, wow. What a great question. I think my father. My father was very influential in the state. He was the deputy director for ODOT. He had a very, very prominent role. He was very active politically, very active in the community, controlled all of the highways for six counties. And so you grow up as a shadow. You're the baby of the family and you're always following your father and you're seeing how he interacts with the mayor of Columbus or seeing how he worked very closely with all the governors that he worked with in his career. You know, I've always listened to my father about how you need to behave and even when it comes down to when I was time for me to create a board of advisors and handle stress. So, my mentor, I would have to say has been my father and very, very impactful. You know, you had asked me when do I think that I got the big break. It's Kind of like you, I grew up in Delaware, you know, it's kind of like a little itty bitty community and, and you never realized the impact that you have. But I remember distinctly being showcased out at RSA’s information security conference. We were one of their showcase vendors and I go up because, you know, I'm a squirrel trying to get a nut, right?
JM: And I introduced myself to an analyst from Gartner and I just got out of my mouth: “Hi, my name is Janice Mitchell” and he's like, “Hold on, I know exactly who you are. We need to talk.” And so, you're kind of taken back because here is Gartner and they had just published that we are running of the birds of the feather and I'm, here's this guy, I have no clue who he is, but he knows who I am. And that's when you're kind of think, “Okay, this little girl's not in Delaware anymore,” and you're just a little taken aback by that or cold calling into a large Fortune 500 company and saying, “Hey, this is who I am and this is what I do” and, “I know exactly who you are,” and you're going, whoa.
SG: It's a great growing up moment.
JM: It is a great growing up moment or you know, would you get out of a town car in downtown Manhattan and you'll look up at the building and you go into these big VC companies in, you're scared and you just feel like, "Holy Toledo, Batman, what do I just do?" You know, "How did I get here?" And that's when you just kind of realize: Oh yeah, okay, we got this.
SG: At our most recent IT leaders class, Doug McCullough came in and did a talk on the Imposter Syndrome, and that's what you just reminded me of like, "Okay, here we are. Let's go make this happen."
JM: Yeah, yeah. I mean, I like it myself. My whole life, I've been that little dog, the Dalmatian that's chasing after that fire truck, right? And then you catch it and you go, "Oh my gosh, I got it now what do I do with it? What do I do with it?" And that's kind of like me. That's kind of been my makeup my whole life, which translates back into your career and starting a company and getting into information security. I've been in information security since the year 2000 and now it's cool. Now it's the cool thing to do. And here I am, a woman in information security and I've been in that space since the year 2000 and it’s the year 2018.
SG: Without a doubt your impact on the community has meant something. So let's talk about the community. We know that Central Ohio is a great place to live and work. What do you think our local tech community needs to do to get to the next level to be a better technology hub?
JM: You know, I think technology only goes as far as our people, right? And so right now, everywhere across the country in Columbus exponentially is having a hard time finding people. I think Columbus does a phenomenal job beyond any other city with Columbus 2020. But the thing when we're trying to incorporate people into Columbus and hire them, for us to be the next technology hub, we need to see beyond and understand that a millennial not going to move to Columbus just because it's great place to raise your kids. A 24 year old isn't thinking about raising his kids. He wants to know after I've put in that hard day and after I'd been working on some of the coolest, latest and the greatest technology, I want to go out and kick it. You know, I want to kick it up a little bit and I think that's the one place that I think that we need to improve. And there's lots of lots of room for improvement, because they want to go have a good time. They don't want to go home. I think that we need to have something that's more social, more interactive, more cutting edge excitement to attract these people that we need so desperately. Ee have everything here. We've got the great communities, we great cost of living, unbelievable housing, unbelievable restaurants. We're just missing that one piece.
SG: Well, I think the excitement level attracts all levels and be at the 24 year old software developer millennial or the 54 year old marketing director, for example.
JM: Yeah. Well, and you know, and so many of these kids don't realize how cool Columbus really, really is. You know, my son’s 24 and you talk to all his friends and then I actually take them to activities and take them to the events and they're like, “Wow, momma Mitchell, we had no clue this existed in our town.” And kind of like, I feel like saying "Where’ve you been?" You know, you need to open up and explore and see just how state of the art we really are. You don't need to leave and go to Chicago. You don't need to leave and to go to…heck, I'm bringing those people from those cities here all the time.
SG: Thank you for doing that, because it's helping our community.
SG: Janice Mitchell, it's great to see you again. Thank you for your time. This is Steve Gruetter of Expedient, Janice Mitchell of Precise Resource. To learn more about these podcasts, please visit comSpark.tech. Goodbye, until next time.
To learn more about sponsorship opportunities for 2019, contact Michelle Ziegler at firstname.lastname@example.org