The New CISO Podcast: Train the Way You Fight, Fight the Way You Train
In this episode of The New CISO, Steve is joined again by Dr. Adrian Mayers, VP and CISO at Premera Blue Cross, to dig deeper into his knowledge of insider threat management and intelligence. As an experienced CISO, Dr. Mayers understands the difficulties of a cybersecurity career. With this in mind, he shares the day-to-day obstacles of the profession and what aspiring CISOs can expect from the job.
In this article:
- How to deal with the stress of being a CISO
- Taking a less desirable job
- A love of video games led to a career investigating insider threats
- Investigation starts with detecting behavioral deviation
- Get everyone on your team on the same page, process-wise
- Education empowers prosperity and lowers — but can’t eliminate — barriers
- Get a holistic picture of threats
- An astonishing amount of data gathering
- Continuing to learn
How to deal with the stress of being a CISO
Dr. Mayers acknowledges the stress and pressure a CISO may feel to be a “superhero,” stopping every cyberthreat. Although no one can prevent every obstacle, Dr. Mayers insists that every CISO must consistently try to stop every intrusion, compromised system, or adversary that comes their way. Dr. Mayers mentions, “When you think about and define your position, it leaves little room for error. It adds a tremendous amount of pressure and stress on the individual, and it can manifest itself within the individual, but also within the team. What you need to do is to be consistently attempting at a high level of motivation to protect and defend the environment, the organization, and the data.”
Taking a less desirable job
Steve asks Dr. Mayers if someone should ever take a “bad” CISO job. Dr. Mayers answers that every CISO needs to keep their eyes wide open with every gig, but that early in your career, you may have to take less-than-ideal positions in exchange for experience. Dr. Mayers states, “It’s going to be hard. It’s going to be difficult. What are the levers that I can pull to make it better?”
A love of video games led to a career investigating insider threats
Dr. Mayers shares that his affinity for investigating insider threats first developed from his love of video games. He remembers how he translated video games into a love for cybersecurity: “In a video game, how do you catch a spy? There was an affinity that grew over time. Thinking about the counterintelligence mission sets, what does that mean for an organization when it comes to insider threat management? The understanding that even though you do all the vetting that you need to do on the front end, certain triggers happen in people’s lives that potentially could take them down a road of being malicious, or just making sure that you have controls in place for that inadvertent unintended consequence if somebody made a mistake.”
Investigation starts with detecting behavioral deviation
After extensive research on counter-intelligence, Dr. Mayers says he understands that specific triggers in people’s lives can lead to unintended consequences or malicious intent. Steve questions the psychology that would motivate an insider to compromise the security of their company. Dr. Mayers replies that every insider who goes against their company has one thing in common: a desire to deviate from the norm. Determining that motivation helps the CISO manage their investigation. “That individual, for whatever reason, went a different direction than how they usually go,” says Dr. Mayers. “When we talk about ‘signal’, it’s not about signal to get to a conclusion immediately. It’s about collecting those signals — that intelligence — to be able to know that something has happened and then start a workflow after that. You will determine if it was malicious, inadvertent, compromised, paid off, or whatever that motivator is, but there’s a deviation to that behavior of the individual. That’s what you need to be able to pick up on and then start your investigation.”
Get everyone on your team on the same page, process-wise
Dr. Mayers knows it’s important that your team understands exactly what they’re doing before talking to vendors or others. By discussing with your team their current investigation’s boundaries, you can gain additional insights that will put everyone on the right path. Dr. Mayers mentions, “In the [security] space, we talk about people, processes, and technology, a lot. For these kinds of programs, the process is important to define before you go and start talking to vendors or pulling in all of this great, very invasive technology, which you’re going to need. Eventually, you want to define all of those different relationships, roles, and responsibilities. Make sure that everybody understands what we are trying to accomplish here. Run through some use cases and scenarios.”
Education empowers prosperity and lowers — but can’t eliminate — barriers
Years ago, Dr. Mayers pursued a doctorate in business administration specializing in international business. He then received additional certificates in the security field. Ultimately, his desire for further education came from his immense curiosity but also was prompted by the grief of losing his daughter. Dr. Mayers reflects, “‘Why am I doing this? What’s motivating me? Why am I invested?’ Doing that for my daughter, being the best version of myself for her was absolutely critical and paramount and continues to this day.”
Dr. Mayers always puts his doctorate before his name for several reasons. As a Black man from Canada living and working in the United States, he realized he would experience more hurdles than others in the field. Getting his education put him in the position to thrive. Dr. Mayers explains, “The societal constraints were potentially against me. In order to survive and thrive, I would have to work twice as hard. I went and got my doctorate degree and continued to educate myself. Things are changing. There’s more awareness, but those barriers are still out there. I’m going to have to fight. I’m going to have to figure out what I can do. Once I figure that out, I’m going to go and do it. That was really this huge motivator and path for me to become extremely educated in a number of things.”
Get a holistic picture of threats
“Threat intelligence is full-spectrum intelligence,” according to Dr. Mayers. By leveraging the information from your intel program and applying context around it, every security team should be able to determine the motivation for the threat and paint a more holistic picture. He states, “One of the definitions at Premera is that we think about threat intelligence as full-spectrum intelligence. By leveraging things that are coming in through those feeds, but also gaining context, being able to build out indicators of compromise, leveraging MITRE to understand TTPs of threat actors, what’s motivating them, and how are they organized. What are the things that we can glean from open-source intelligence to pull together a more holistic picture? I always say that there needs to be one more thing in front of that, and it’s anticipation. Anticipate that something’s going to happen and try to gain as much information as you can.”
An astonishing amount of data gathering
When Steve inquires about the most surprising things Dr. Mayers has learned from his background in threat management, he responds, “How much data is being vacuumed up by our adversaries in so many different kinds of verticals and industries — it’s staggering. The other piece that was a surprise to me was, from a U.S. perspective, how allies gather information and the amount of data our allies gather on the U.S. They’re gathering information based on things that are happening in this country. How they use that information and how they use that intel could vary.”
Continuing to learn
Dr. Mayers offers a final piece of advice: “Reading is fundamental. I read poetry, novels, biographies, obviously technical textbooks, and things of that nature. I listen to audiobooks. I’m also very visual. I’m on YouTube a lot, pulling in information. I need to [consume] as much information as possible. This goes back to my statements about being curious, you have to identify all of the channels that you can, that makes sense for you to gain that knowledge and wisdom.”
How Exabeam Can Help Drive Value With APIs
4 Requirements for Building a Successful Insider Threat Team
Exabeam News Wrap-up – February 1, 2023
Exabeam Survey: Prevention Prioritized Over Detection While Breaches Rise
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!