The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Page 2 of 28

Faces of GPS: Meet Shannon McCarthy – Associate Director of Admissions and Student Services

Shannon McCarthy HeadshotIf you’re thinking about applying to a program at Brandeis GPS, you should have a conversation with Shannon McCarthy.

In her role as Associate Director of Admissions and Student Services, Shannon McCarthy works with applicants to our graduate programs, guiding them through the admissions process. Once they decide to enroll, Shannon helps them transition to working with a student advisor.

Born and raised in Taunton, MA, Shannon has stayed close to her New England roots. She received a degree in Sociology from Providence College before going immediately on to get her master’s in Higher Education Administration from Boston University.

As an undergrad, it was her internship in student affairs at Rhode Island School of Design that solidified her interest in higher education. After getting her master’s, Shannon worked first in admissions and then in academic counseling. She started at Brandeis GPS just over a month ago and enjoys her role because it is a combination of both.

Shannon wants students to know that she and the rest of the GPS team are available for any questions that they have. It can be challenging to come back to school after being in the workforce, all while juggling having a family and other personal and professional commitments. But the Brandeis GPS team is ready to work with you and help you succeed no matter what you have going on outside of school.

Shannon McCarthy HikingShannon is looking forward to working with students as they are applying and following up with them once they’ve started. She likes getting to see their next steps after they are accepted and continue to watch them be successful. She is also excited for her first graduation ceremony to see all the students get recognized for what they have achieved.

Outside of the office, Shannon loves spending time with her daughter, who’s almost a year old. She also enjoys taking dance and yoga classes and going hiking.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Avoiding black hat marketing

From healthcare to insurance to local boutiques, most companies today use digital marketing to drive business. As organizations find new ways to target users online and face increased access to customer data, digital marketers often find themselves at an ethical crossroads.

Black hat marketing techniques

“Black hat marketing” most often refers to certain SEO techniques. According to Omnicore, search engines drive 93% of all website traffic. To get ahead, companies will sometimes use black hat marketing to trick search engines into awarding their website a higher ranking, and getting it on the front page of search results. Other types of black hat marketing really fall into more of a grey area, and today’s digital marketers should have a plan for mitigating the risk of inadvertently executing unethical marketing strategies.

Ethics in Digital Marketing and Design

Brandeis GPS will be offering Ethics in Digital Design and Marketing as a part-time, fully online course during our Spring 2 session beginning in April. During the 10-week course, students will be presented with ethical dilemmas in digital marketing and work through the implications of various actions, including tricking search engines, posing as customers in social media, making false or exaggerated claims and using questionable or sneaky channels. Throughout the course, students will develop a set of principles and values through dialogue examining multiple perspectives.

At Brandeis GPS, you can take up to two courses before enrolling in one of our 12 online master’s degrees. If you’re interested in exploring the MS in Digital Marketing and Design, or would like to learn more about ethics in digital marketing for professional development, contact the  GPS office for more information or to request a syllabus: 781-736-8787, gps@brandeis.edu, or submit your information.

Project Management Certification or a Master’s Degree: Which Should You Get?

By Leanne Bateman

Leanne Bateman HeadshotAs the program chair of the Project & Program Management program at Brandeis GPS, one of the most frequent questions I have gotten over my 11 years at Brandeis University is this: Which is more important and valuable, Project Management Certification (Project Management Professional, or PMP) or a Master’s Degree in Project Management?

Honestly, the answer depends on what you want to accomplish in your career. The options are: work as a full-time Project Manager for a company, work as a project management consultant or just gain project management knowledge and experience in your non-project management related role.

If you’re primarily interested in working as a project management consultant—which involves either working through an agency on assignment at a company, or contracting directly with a company—then the Project Management Institute’s PMP certification is the first credential agencies and companies will expect. Coupling the PMP with Master’s Degree in Project Management will add tremendous value and distinguish you from other consultants/contractors. If your interest is to work as a full-time Project Manager for a company, then both credentials will help you get the job, but the Master’s degree is far more valuable and says much more about your commitment to your project management career. Similarly, if you’re currently a manager or employee interested in learning more about project management and integrating that discipline into your daily work, then once again, the Master’s degree is the way to go. And, your company may be able to contribute to your tuition.

The difference between the two credentials is this: PMP certification is a short-term study of the hard skills and knowledge needed to be a professional project manager, and this knowledge is validated through a 200-question exam that takes about four hours to complete. While there are requirements that must be fulfilled prior to taking the exam, they can be interpreted differently and unless the exam candidate is audited by PMI, the requirements may or may not be equal from candidate to candidate. Also, according to PMI, the number of PMPs has increased by 40,000-80,000 each year since 2009; this increase further dilutes the value of PMP certification.

With a Master’s Degree in Project Management, the value is greater on several levels:

  • First, because of the longer-term period of study over 10 graduate-level college courses, the breadth and depth of academic and experiential knowledge is more extensive. This knowledge covers not only the hard skills of project management but more importantly, the soft skills so critical for a successful project manager: leadership, communication, conflict resolution, influence, negotiation and team building.
  • Also, a Master’s degree in Project Management is more discerning to potential employers since few project managers have this credential.
  • Finally—and importantly—a graduate program whose faculty possess real-world experience as professional project managers is invaluable as they demonstrate the applicability of the hard and soft skills in actual projects and programs.

If one thing is certain in project management, it is that despite any earned credentials, practical experience is the most valuable credential of all. So, a Master’s Degree in Project Management taught by experienced faculty and demonstrated through practical coursework exercises is the next best thing to actually working as a professional project manager.

Leanne Bateman, MA, PMP, CSM, Six Sigma Green Belt, CIP is the program chair of the Project and Program Management program at Brandeis University Graduate Professional Studies, and the Principal Consultant with Beacon Strategy Group, a Boston-based management firm specializing in project management services. Leanne has 20+ years of project management experience across the areas of health care, biotech/pharmaceuticals, information technology, high-tech manufacturing, human resources, construction, housing/real estate, government, and higher education. 

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

The most promising jobs of 2019

Employment-oriented social networking site LinkedIn has recently released its list of the most promising jobs of 2019. It’s no surprise that jobs relating to Strategic Analytics, Software Engineering, and User-Centered Design dominated the top 15:

  1. Data Scientist
  2. Site Reliability Engineer
  3. Enterprise Account Executive
  4. Product Designer
  5. Product Owner
  6. Customer Success Manager
  7. Engagement Manager
  8. Solutions Architect
  9. Information Technology Lead
  10. Scrum Master
  11. Cloud Architect
  12. Product Marketing Manager
  13. Solutions Consultant
  14. Product Manager
  15. Machine Learning Engineer

LinkedIn based their rankings on salary, career advancement, number of job openings in the U.S., year-over-year growth in job openings, and widespread regional availability. LinkedIn also released lists of the top in-demand hard and soft skills for the year, which included Cloud Computing, Artificial Intelligence, and UX Design. Many of the part-time, online master’s degrees offered at Brandeis GPS directly correlate with the fields and industries LinkedIn identified as playing a critical role in the 2019 job market.

Students interested in pursuing a master’s degree with Brandeis GPS can take up to two courses for professional development before applying. To learn more, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps.

How to attract and retain talent

In the current competitive job market, workplace benefits and perks go a long way to attract and retain top talent. To remain competitive, top employers find themselves investing in health/wellness and culture packages that include  gym memberships, catered lunches and happy hours on top of more traditional benefits like medical insurance, PTO and retirement savings plans.

Education — and tuition reimbursement for professional development in particular — is one employee benefit area where companies can truly distinguish themselves from their competitors. According to the Society for Human Resource Management’s 2018 Employee Benefits Survey, the majority of employees (86%) indicated that professional and career development benefits are important to overall job satisfaction. If employees are satisfied with their jobs, they are more likely to stay with a company for longer. And particularly in today’s tech-heavy industries, companies that provide employees with opportunities for professional development will also ensure that their talent will stay on the cutting edge of new technologies and best practices in their fields.

Brandeis GPS  offers employers a corporate partnership program that enables companies to provide their employees with discounted tuition on top-tier master’s degrees and professional development courses. We partner with national brands ranging from startups to Fortune 500 companies, including PTCNorth Shore Medical, and Harvard Pilgrim.

The benefits of a corporate partnership with Brandeis GPS are two-fold: employees are financially empowered to position themselves for career advancement, and companies can groom the next level of leadership from within.

GPS offers 12 fully online graduate programs. Our curricula captures the latest applied technologies and industry best practices while incorporating the rigorous standards of excellence that make Brandeis University one of the top universities in the country. GPS courses are taught by instructors who are leaders in their fields and bring an array of experiences and industry connections to their classrooms. Each of our master’s degrees and courses are shaped by input from program-specific advisory boards, ensuring that they remain current and relevant for students who are active practitioners in their fields.

Learn more about our corporate partnership options on our website or contact Kathryn Wight, Director of Partnership Engagement, at kwight@brandeis.edu or 781-736-8725.

Don’t wait to create social impact – just do it!

By Subhadra Mahanti

The end of the year is a perfect time to reflect upon how one has done in the past year. Personally, I go back a few years looking for a trajectory that evolves towards growth and meaningful impact-personal, professional or social. I feel a life well-spent is one that has created a ripple effect of positive change in the lives around.

During my undergraduate summer internships with Tata Steel and Tata Motors in India, I was introduced to Tata’s legacy of blending business with philanthropy. Though I was already involved in various community activities, that was the first time I witnessed how a business can positively impact communities by bringing together its products, processes and people. Both these internships opened my eyes to corporate citizenry. Tata’s mission of integrating social responsibility with corporate strategy resonated deeply within me.

Not long after, I joined MathWorks. Since then, I have come to truly appreciate MathWorks’ commitment to establish itself as a global corporate citizen through its Social Mission program. I first participated in this program in 2007. I was fundraising for AID (Association for India’s Development) while training for the upcoming Chicago marathon . With the help of individual contributions and company match, I was able to raise about $7000 in spite of being a new employee then. I have found myself increasingly involved ever since, be it through a-thon fundraisers, STEM initiatives, end-of-year donations or disaster relief. I continue to be impressed with the growing outreach of the company’s social impact initiatives. My most recent experience was during the Tamil Nadu flood relief efforts where in a matter of two weeks, we collected a total of $40,000 in company match and staff donations worldwide. This is an excellent testament to the organizational culture and behavior.

And when an entire organization gets involved in the betterment of its society, that in my mind is corporate social responsibility at its best. What better way to explore and expand one’s impact than by engaging through such immersive experiences! I feel privileged to have had such an opportunity. At the same time, I recognize that there is still much to learn and so many avenues to discover.

For those of you contemplating to start out on this journey, there is a plethora of resources out there. Some of my favorite reads are: Creating a world without Poverty by Muhammad Yunus (a link to Yunus’ interview on Knowledge@Wharton) and The fortune at the bottom of the pyramid by C. K. Prahlad.

Also, McKinsey Quarterly published the following articles on the topic that caught my attention: Valuing Corporate Social Responsibility and Making the most of corporate social responsibility. Another site that I follow is Social Edge: it has posts and comprehensive discussions about personal experiences with for-profit, non-profit and the hybrid models-the challenges and the advantages.

Foundations like Scwab and Skoll probably pioneered the concept of social enterprise but the world has caught up fast. Organizations like Ashoka and conferences like Net Impact bring together social entrepreneurs round the globe and promote access to social financing and social venture capital firms. Now even top business schools have dedicated programs and tracks on social impact and entrepreneurship. After all, social responsibility is not a choice anymore: It is a necessity to sustain in today’s competitive landscape.

Read the article as originally published here.

Subhadra Mahanti is  a member of the Brandeis GPS Software Engineering advisory board.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

Technology Transformation for 2019

By Matthew Rosenquist

Digital technology continues to connect and enrich the lives of people all over the globe and is transforming the tools of everyday life, but there are risks accompanying the tremendous benefits. Entire markets are committed and reliant on digital tools. The entertainment, communications, socialization, and many others sectors are heavily intertwined with digital services and devices that society is readily consuming and embracing. More importantly, the normal downstream model for information has transformed into a bi-directional channel as individuals now represent a vast source of data, both in content as well as telemetry. These and many other factors align to accelerate our adoption and mold our expectations of how technology can make a better world.

This year’s Activate Tech & Media’s Outlook 2019 presentation provides a tremendous depth of insights in their slide deck (153 slides) with a great amount of supporting data. It highlights many of the growth sectors and emerging use-cases that will have profound impacts on our daily lives.

Transforming Tech IntelligenceWomen's face being scanned

We are moving from the first epoch of digitally connecting people, to the second epoch of making intelligent decisions through technology. Artificial Intelligence research is advancing and with it the infrastructure necessary to make it scalable across a multitude of applications. Solutions are just beginning to emerge and yet showing great promise to make sense and use the massive amounts of data being generated.

Overall, devices and services continue to evolve with more awareness and functionality. We are in the ramp of adding ‘smart’ to everything. Smart: cars, cities, homes, currency, cameras, social media, advertising, online-commerce, manufacturing, logistics, education, entertainment, government, weapons, etc. It will be the buzzword for 2019-2020.

Such transformation opens the door where tools can begin to anticipate and interweave with how people want to be helped. Better interaction, more services, and tailored use-cases will all fuel a richer experience and foster a deeper embrace into our lives. Technology will be indispensable.

Risks and OpportunitiesGears and numbers

Reliance in our everyday activities means we have the luxury of forgetting how to accomplish menial tasks. Who needs to remember phone numbers, read a map, operate a car, or know how to use a complex remote control. Soon, our technology will listen, guide, watch, autonomously operate, and anticipate our needs. Life will seem easier, but there will be exceptions.

All these smart use-cases will require massive data collection, aggregation, and processing which will drive a new computing infrastructure market. Such reliance, intimate knowledge, and automation will also create new risks.

The more we value and rely on something, the more indebted we are when it fails. We must never forget that technology is just a tool. It can be used for good or for malice. There will be threats, drawn to such value and opportunity, that will exploit our dependence and misuse these tools for their gain and to our detriment. At the point people are helpless without their intelligent devices, they become easy victims for attackers. As we have seen with data breaches over the past several years, when people are victimized, their outlook changes.

In this journey of innovation and usage, public sentiment is also changing across many different domains. The desire for Security, Privacy, and Safety (the hallmarks of Cybersecurity) continues to increase but may initially be in direct conflict for our desire to rapidly embrace new innovations. This creates tension. We all want new tech toys (it is okay to admit it)! Innovation can drive prosperity and more enjoyment in our lives. But there are trade offs. Having a device listen, record and analyze every word you say in your bedroom may be convenient in turning on the lights when you ask, but it may also inadvertently share all the personal activities going-on without your knowledge. A smart car effortlessly transporting you to work while you nap or surf the internet sounds downright dreamy but what if that same car is overtaken by a malicious attacker who wants to play out their Dukes of Hazzard fantasies. Not so much fun to think about.

In the end, we all want to embrace the wonderful benefits of new technology, but will demand the right levels of security, privacy, and safety.

Trust in TechnologyMan poking padlock

Unfortunately, trust in digital technology is only now becoming truly important. In the past, if our primary computing device (PC or phone) crashed, we breathed a small curse, rebooted and went on our way. We might have a dropped call or lost part of a work document, but not much more harm than that. That is all changing.

In the future, we will heavily rely on technology for transportation, healthcare, and critical infrastructure services. That autonomous car we expect not to crash, the implanted pacemaker or defibrillator we expect to keep us alive, or the clean water and electricity we expect to flow unhindered to our homes may be at risk of failure, causing unacceptable impacts. We want tech, but very soon people will realize they also need security, privacy, and safety to go along with it.

But how will that work? We don’t typically think of trust in terms of high granularity. We naturally generalize for such abstract thoughts. We don’t contemplate how trustworthy a tire, bumper, or airbag is, as those are too piecemeal, rather we trust the manufacturer of the car to do what is right for all the components that make up the vehicle we purchase. We want the final product, tied to a brand, to be trustworthy. For those companies that we trust, we tend to believe, whether correct or not, in all their products and services. This reinforces tremendous loyalty. The reverse is true as well. One misstep can become a reputational blight affecting sentiment across all a company’s offerings.

The saying “We earn trust in drips and lose it

in buckets” perfectly exemplifies the necessary

level of commitment.

Writing the word trustedTrust may become the new differentiator for companies that can deliver secure and safe products in a timely fashion. Those who are not trustworthy may quickly fall out of favor with consumers. Privacy is the first in many problems. Consumers, government regulators, and businesses are struggling to find a balance that must be struck between gathering data necessary for better experiences, but not too much that it becomes a detriment to the user. A difficult conundrum to overcome. Security and safety aspects will follow, where the potential risks grow even higher. The challenges are great, but so will the rewards for all those who succeed. I believe those companies which master these disciplines will earn long-term loyalty from their customers and enjoy a premium for their products.

2019 might be the first year where we witness this delineation as consumers may gravitate to more responsible companies and begin to shun those who have misplaced their trust. The big story for next year may in fact be how purchasing decisions for technology are changing, thus driving greater commitment to making products and services more security, private, and safe.

Interested in more insights, rants, industry news and experiences? Follow me on Steemit and LinkedIn for insights and what is going on in cybersecurity.

Read the article as originally published here.

Matthew Rosenquist is a member of the Brandeis GPS Information Security Leadership advisory board. He is a Cybersecurity Strategist for Intel Corp and benefits from 28 years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

How to stay current in your field in 2019

Technology’s impact on the world around us is undeniable and constant. From content marketing to e-learning, dabbling in the digital space is no longer optional for the majority of today’s industries. For those of us whose career advancement relies on staying on top of the latest trends and tools, flexible professional development options can be a saving grace.

The following online courses are built to help professionals keep abreast of some of the most anticipated trends of the upcoming year. What steps will you take to stay on top of your industry in 2019?

#1 Launching FinTech Ventures

Financial technology is a rapidly growing industry as new ventures continue to capitalize on technological innovations. According to FinTech Global, 2018 was a record year for global FinTech investment, with the sector raising $41.7 billion in just the first half of the year, far surpassing 2017’s total global investment. Launching FinTech Ventures provides a window into the world of FinTech innovation and FinTech startup financing. The course explores different options of venture capital investments, including crowd-sourcing and self-funding, and develop the skills needed to pitch your product, coming to understand financing from the perspective of both the investor and the entrepreneur.

#2 Robot Sensing and Perception

Artificial intelligence is at the forefront of technological innovations primed to change the world as we know it. Robert Epstein, senior research psychologist at the American Institute for Behavioral Research and Technology says that, “By 2030, it is likely that AIs will have achieved a type of sentience, even if it is not human-like. They will also be able to exercise varying degrees of control over most human communications, financial transactions, transportation systems, power grids, and weapons systems…and we will have no way of dislodging them.” This course in robot sensing and perception provides an introduction to Computer Vision and AI, with several topics relevant to robotics such as SLAM, 3D Geometry, 3D Reconstruction, object recognition, speech recognition, classification, and RANSAC. In the course, you’ll design, implement, and test programmatic solutions for solving robot perception tasks such as vision and speech.

#3 Writing for Digital Environments

Companies are always seeking ways to be better, faster and stronger to gain an edge over their competition. With developing technologies and growing staff, it’s important to have the skills needed to excel in a digital world. According to the  Strada Institute for the Future of Work, “There is a discernible labor market demand for agile and resilient thinkers who have a handle on digital literacies—basic technical skills like data analysis and digital fluency.” Writing for Digital Environments is a great course for learning how to excel in the art of content marketing for a digital audience. You’ll also learn to craft copy and messaging for a variety of online formats.

#4 Adaptive and Game-Based E-Learning Design

In addition to the rising trend in adaptive and game-based e-learning in higher education, the growth rate for game-based learning in corporate segments is very high with a five-year compound annual growth rate of 53.4% globally according to Meetari. In Adaptive and Game-Based E -Learning Design, you’ll learn how adaptive learning techniques, technologies, and platforms can be used to support personalized and customized learning and training. You’ll also have the opportunity to plan, storyboard, and prototype an adaptive learning game or interactive module.

Part-time, online professional development courses are a great way to stay current on what’s happening in your industry  while allowing you still balance your personal and professional commitments. At Brandeis GPS, all courses are asynchronous, allowing a lot of flexibility for students throughout each week, and students can eventually apply the graduate-level credits they earn toward a master’s degree.

Students interested in eventually pursuing a master’s degree with Brandeis GPS can take up to two courses before applying. To learn more, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps.

Looking back: the growth of Python

Since Guido van Rossum first released Python to the public in 1991, it has become one of the fastest growing major programming languages and established itself as the defacto language among varied scientific communities.

Python is particularly valuable to today’s forward-thinking industries and technologies, including data science and machine learning. Its intuitive platform makes it appealing for new programmers, yet it can also serve as a tool for more complex purposes.

Some of the features of Python include:

  • Minimal keywords, simple structure, and a clearly defined syntax
  • Code that is much shorter than former industry-leader JavaScript
  • A broad standard library that is portable and compatible on a number of hardware platforms
  • A mode allowing interactive testing and debugging of pieces of code
  • Tool customization for efficiency using added low-level modules

Master Python Programming

Brandeis GPS offers multiple online courses that teach the programming language specific to certain industries: Python Programming (FinTech), Bioinformatics Scripting and Python Programming (Bioinformatics), and Python for Robotics and AI  (Robotics). All three courses are available for professional development as long as students can demonstrate previous basic experience with a programming language (or undergraduate-level coursework).

Brandeis GPS offers rolling admission to our 12 fully-online master’s degree programs, so you can apply and be accepted at any time. However, we do have recommended deadlines if you are seeking admission for a specific term. The deadline to apply to our Spring 1 session is Wednesday, December 19. You can apply here. Those interested in taking a course who do not yet wish to pursue a full master’s degree can still take up to two online courses without officially enrolling.

To learn more about GPS courses or graduate programs, check out our website or contact gps@brandeis.edu or 781-736-8787.

When the Wrong Person Leads Cybersecurity

By Matthew Rosenquist

Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.

I am unhappy to report that the industry has a pervasive problem that few want to discuss: a propensity to enlist inexperienced or unsuitable professionals to lead cybersecurity. It is time to change that caustic and enabling behavior by first recognizing the problem.

As an example, recently in the news, there was criticisms for someone appointed with the responsibility to lead the cybersecurity effort for the 2020 Olympics, but had never used a computer. How does someone who has never used a computer and has difficulty answering basic questions about USB drives, be tasked with building a cybersecurity program to protect the digital security, privacy, and safety for hundreds of thousands of people?

Downward Spirals

Sadly, I have seen similar situations play-out over and over again across academia, business, and government sectors. Far too often, poorly suited people are appointed such roles and it simply does not make sense. Let’s be clear, most are truly knowledgeable and accomplished in their primary field, but a transition to security is a significantly different domain. Engineering and product management executives focus mostly on static problems where there is a solution and desired end-state. Whereas in cybersecurity, we face a highly dynamic set of threat agents, people who are creative, intelligent, motivated, and dynamic, who will adapt to any solution. There is no permanent fix for cybersecurity as it is an ongoing competition to managing risks between defenders and attackers.

Human nature, overconfidence, and a lack of understanding the challenges begins to shape a counterproductive mindset. It is common for a professional from a different discipline, transplanted and put in charge of cybersecurity, to believe their prior expertise is equally applicable to the new challenges. Somehow, magically, they think they are as proficient and insightful at an adjacent domain as their previous profession. To those experienced in adversarial challenges who have seen this unfold, it is an affront to common sense. It is no surprise that such dangerous situations most often result in momentous failure.

For years, the turnover rate in cybersecurity leadership positions across the industry has been very high, with most Chief Information Security Officers (CISO) only lasting 2 to 4 years. When surveyed, CISO’s cite a lack of executive management support or insufficient budgets were the pervasive motivators. But that is only one side of the story as many CISO’s have been let go.

I have always been curious what C-suites and board had to say. When I ask company leaders about a change in cybersecurity leadership, I often hear that an outgoing CISO was ineffective, could not communicate risks well, and demanded significant budget increases every year yet the organization did not show a commensurate benefit. Events culminated when a severe incident occurred and then the C-suite or board chose to find a new security leader.

With the shortage of CISO’s in the industry, those displaced quickly find another company and continue their ‘training’. This musical-chairs routine does not serve the company or overall industry needs very well and simply transplants problems from one organization to another.

Masters of All

This mistake occurs regularly with technical personnel, probably as cybersecurity is generally characterized as a technology problem by the unacquainted. An accomplished engineer or architect is put in charge of security and now with ‘cybersecurity’ in front of their title they truly believe they are a risk expert. They are not. Being savvy in technology vulnerabilities and exploits is far different than understanding the massive breadth involved in managing risk. Most are unwilling to admit their shortsightedness in the breadth and depth of the challenges and their arrogance simply becomes a hinderance to seeking the needed help to be successful.

Ego can be such a major hindrance when the fear, of being perceived as not understanding a problem or knowing an answer, limits your actions. It is typical for a person in such a quandary to retreat back to familiar areas they know, resulting in defining the problem and solution only in the terms of technology. This ignores the behavioral, adversarial, and process aspects that are crucial to managing risk. With blinders on, they continue to push forward regardless, thus the car wreck begins.

Cybersecurity is more than just a ‘tech’ problem and will never be ‘solved’ with technology alone (two pervasive misconceptions from engineers first joining cybersecurity). They are likely doomed. I have seen this happen countless times and can spot it a mile away. It is like an automobile accident happening in slow motion with an overconfident driver continuing to push forward as metal bends and glass shatters.

Enlarged Version of Cybersecurity Domains

Part of the issue is that people, who are experts in one field, assume they understand the entire problem set in another adjacent but ambiguous field. It is not until they are in the new role, that they then experience the unforeseen challenges of a different world.

Imagine a hospital. Would you promote the engineer who developed a defibrillation tool to be an emergency room doctor? No. Although tools and technology play a crucial role in medicine, it is not the same as predicting, preventing, detecting, and responding to health risks for patients across their lifespan. The same applies in cybersecurity. Technology is the battlefield, not the war. Understanding the terrain is important, but must be combined with a keen assessment of your opponents, and the ability to operationally maneuver in advantageous ways.

This is true in other fields as well. Aeronautical engineers aren’t promoted to fighter pilots and textbook publishers aren’t necessarily good grade school principals, so why do organizations make the mistake of a taking a software engineer or business-line product manager and expect them to be successful in leading cybersecurity?

Two Scenarios: Vastly Different Chances for Success

Now, I did say this is a recipe for failure most of the time. There are some, very rare situations, where an insightful but inexperienced person takes a cybersecurity leadership role and succeeds. It is possible. I have only seen it a handful of times and in every case that person was realistic about their knowledge and checked their ego at the door.

Guaranteed Failure:

An engineer, project manager, or business executive is put in charge of cybersecurity. They are confused or intimidated by security practitioners in their organization and respond by immediately surrounding themselves with like-minded, yet similarly security inexperienced people. They add other engineers, marketing, and legal people to their core echelon, inadvertently creating a self-reinforcing ineffective group-think team. Congratulations, an inexperienced leader has just encircled themselves with a cushion of people who don’t have the knowledge to challenge poor directives or independently deliver sustainable success. If you wonder what conversations with them are like, take a look at the Dilbert cartoon, specifically the ‘manager’ character. That is pretty close. Funny from afar, but frustrating up close.

Ineffectual organizations tend to grow fast, spend a lot of money, make hollow promises, tell a story of difficult times that are turning around, but have no real strategic plan, prioritized goals, or clearly defined scope with organizational roles and responsibilities. They seek non-existent cure-all solutions, and their long-term stratagem is to hope nothing bad happens while they battle daily issues. Even worse, the proficient security personnel, that may have been part of the team, will likely leave such a caustic environment for a better employer. That breaks my heart when I see capable people who want to make a difference, driven away. When quality employees begin jumping-ship en-masse, it is a sure warning sign.

The easiest way to detect this situation early on, is to look at their metrics, or lack thereof. If a security organization operates without the benefit of tangible metrics, it is a likely sign they have not defined or are not tracking against goals, roles, objectives, and probably aren’t measuring or tracking risk. What they are doing is responding to issues, self-marketing, rapidly growing the team, consuming significant resources, slowing down the business, and the looking for people to blame when their ineffectiveness becomes apparent. These orgs don’t last. They implode. People quickly leave and executive oversight will soon look past the whitewash to cut budgets, headcount, and eventually replace the leaders.

Potential for Success:

An engineer, project manager, or business executive is put in charge of cybersecurity. They understand they are not a security expert, so they assemble a team who has experience and talent in protecting digital assets, understanding threats, can articulate risks, and are intimate with the technology in use. They build an organization structure that is comprised of operations, engineering, and risk intelligence teams. Then listen and learn. Great leaders bring in the best people and let them excel. They quickly get clarification on the business goals and expectations from executives and customers. They then identify prioritized objectives, define a scope, derive the supporting measurable goals, identify areas in need of immediate attention, and establish the measures & metrics necessary to track progress.

Governance issues are addressed and a strategic process capability is embedded to constantly improve the organizations risk management ability to predict, prevent, detect, and respond to threats. They establish both the tactical plans necessary for immediate survival and day-to-day management, but also define a long-term directional strategy that takes into account the ever-evolving threat landscape, technology changes, and shifting expectations for security, privacy, and safety.

Proficient security workers thrive in such organizations and rarely leave. With a strong plan and capable team in place, leaders can effectively communicate and advocate across the organization. If all of these elements land in place, with the proper support, even an inexperienced security leader can have a chance at success.

Unfortunately, it rarely happens.

Failure is Expensive

Cybersecurity is difficult. It becomes exponentially more problematic when someone who lacks the necessary mentality or skills comes in and makes it profoundly worse. Cleaning up an ineffective legacy security program is painful, expensive, and time consuming. Simultaneously, a poor risk posture opens the door to more attacks and greater impacts until a capable security program is instituted.

We must understand that cybersecurity, like many other highly specialized roles, requires a depth of insight and experience to lead. I will echo Sun Tzu’s “…do what is great while it is small” and recommend putting a good leader in place the first time to build an effective and sustainable cybersecurity organization.

Let’s all break the silence and openly discuss the cycle of poor cybersecurity leadership, for everyone’s benefit.

For more insights on the challenges and required strategic deliverables, read my post Cybersecurity Fails Without Strategy.

Interested in more insights, rants, industry news and experiences? Follow me on Steemit and LinkedIn for insights and what is going on in cybersecurity.

Read the article as originally published here.

Matthew Rosenquist is a member of the Brandeis GPS Information Security Leadership advisory board. He is a Cybersecurity Strategist for Intel Corp and benefits from 28 years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

« Older posts Newer posts »

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)