Mr. Anderson ft. Bryon Singh, RailWorks Corporation

Mr. Anderson ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On April 09, 2024

The iconic line uttered by Agent Smith, played by Hugo Weaving, to Thomas A. Anderson, aka Neo, played by Keanu Reeves, in The Matrix. If you’ve been living under a rock or in a good sized closet, The Matrix tells the story of how Neo is awakened to the reality that his entire existence has been within a digital simulation, leading him on a journey to fight against the machines that have enslaved humanity. This awakening is akin to the realization organizations must reach about the importance of cybersecurity awareness. Just as Neo must learn about the Matrix to navigate and combat it effectively, employees within an organization must be educated on the threats and best practices of cybersecurity to protect their digital environment.

The film highlights several key elements that can be applied to the development and maintenance of a security awareness program:

  • Awareness is the First Step to Defense: Just as Neo's journey begins with understanding the truth about the Matrix, the first step in defending an organization from cyberthreats is awareness. Employees need to be aware of the potential risks, the tactics that might be used against them (such as phishing or social engineering), and the importance of their role in the organization's security posture.
  • Continuous Learning and Adaptation: Neo's training in the Matrix emphasizes the need for continuous learning and adaptation to new threats. Similarly, a security awareness program should not be a one-time event, but an ongoing process that keeps pace with the evolving cybersecurity landscape. Regular updates, training sessions, and simulations can help keep security at the forefront of employees' minds.
  • Empowering Individuals to Act: In The Matrix, individuals are empowered to take action against the system that seeks to control them. In the context of cybersecurity, empowering employees means providing them with the knowledge and tools to recognize threats and respond appropriately. This could include knowing how to report suspicious emails or understanding the protocol for securing sensitive information.
  • The Power of Teamwork: Neo's success is not achieved in isolation, but through teamwork with Morpheus, Trinity, and others who have been awakened. This underscores the importance of fostering a culture of security within an organization, where cybersecurity is seen as a collective responsibility. Encouraging collaboration and communication about cybersecurity issues can enhance an organization's ability to detect and respond to threats.

CIS Safeguard 14.1 emphasizes the critical role of security awareness in protecting your organization. Your employees are your first line of defense against cyberthreats. A strong security awareness program educates them on how to recognize phishing attempts, protect sensitive data, and report suspicious activity. By transforming your employees from potential vulnerabilities into security-conscious individuals, you significantly reduce the risk of successful cyberattacks. Think of it like training your team to spot and avoid hazards, making the entire workplace safer.

Here’s a link to the Security Awareness Skills Training Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/security-awareness-skills-training-policy-template-for-cis-control-14

Here are some details on this specific Control/Safeguard. If you want more information, DM me.

CIS Control 14 – Security Skills Awareness & Training

Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.

Implementation Group 1

CIS Safeguard 14.1 - Establish and Maintain a Security Awareness Program

Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.