Fly the Plane: A CIO's Approach to Cybersecurity Readiness

Fly the Plane is how Dr. Timothy Chester, Vice President of Information Technology, The University of Georgia, characterizes his philosophy and approach to cybersecurity readiness. Dr. Chester spoke at length about a proactive approach to information security management anchored on strategic planning, senior leadership commitment, strong teamwork, sophisticated intelligence monitoring, and robust training and testing practices. His candor and reflection made for a most interesting conversation.

Time Stamps

02:07 -- What is your take on cybersecurity preparedness? How do you approach readiness?

04:49 -- What are some cybersecurity blind spots? And how do you cope with them?

09:36 -- How do you ensure that your team has the latest experience and expertise in keeping up with these different evolving attack vectors?

12:51 -- What kind of help and support can you expect from the other business units, as well as the individual stakeholders, whether it's faculty members, whether it's students, what could or should they be doing to help secure the environment?

16:02 -- Anything that you'd like to add for people who are listening in, and who feel a little frustrated or let down that they don't see that level of active commitment from top management?

20:11 -- Now, there is a lot of research out there that speaks to the importance of customized training, that speaks to the importance of role-based training, training that shouldn't be one shot, because people often don't remember the first time what they were trained in. And then another aspect that often doesn't get addressed is how do you measure training effectiveness?

22:40 -- How do you customize cybersecurity communication and make it more effective?

25:46 -- From a faculty member's standpoint, what are some cybersecurity do's and don'ts?

27:08 -- Are you happy with the cybersecurity training exercises and rehearsals that are in place? Or can we do better?

30:46 -- Does the organization have a good structure and mechanism in place to process cyber intelligence?

34:53 -- Organizations seem to be struggling when it comes to identifying and using suitable cybersecurity performance measures. What's your take on that?

36:57 -- What would be some good rewards and incentive systems to achieve the desired cybersecurity behavior?

40:37 -- What are your thoughts about CISO (Chief Information Security Officer) empowerment?

46:47 -- Any final thoughts?

Memorable Tim Chester Quotes/Statements

"When we say fly the plane what we simply mean is through strong teamwork and strategic planning and foresight we try to think through constantly the types of scenarios that we could be facing; and we try to plan for the little bitty factors that probably aren't a high probability of occurring but could be high-impact if they do occur."

"Our human desire to basically live through rote repetition and structure that's comfortable and unchanging leads us to be creatures of habit. Creatures of habit who are following the habits and rote behaviors typically find themselves in circumstances sometimes where the plane starts flying them and the way in which they react to that plane, become wilder and wilder swings that could lead to a disaster."

-------------------------------------------------------------------------------------

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338