Six Words Spotlight

Data Systems Analyst Luis Avila of Scripps Institution of Oceanography chose Prioritize, Funding, Evaluation, Education, Training and Proselytize. Let’s find out a little more about Luis’ thoughts on cybersecurity. 

...And now Luis in his own words: 

These words came to mind as a result of the fundamental challenges we face around cybersecurity.  It’s hard to deny that we need to improve how we go about our business processes. We can’t simply let ourselves be complacent  with past behaviors … so, what can we do?

We need to Prioritize. I’m not privy to where cybersecurity falls in the priority list of the university’s short and long term goals, but we should be honest with ourselves and take stock in the fact that we need better cybersecurity efforts in place, given the dynamic and growing landscape of intrusion  vectors.

In order to have priority, we must establish the Funding to back it up. In combination, the two ought to dictate the percentage of available resources we can allocate to this initiative. This can be thought of in terms of financial support and people’s work hours devoted toward decreasing the university’s vulnerabilities.

We need Evaluation protocols to better understand the present and future state of cybersecurity university-wide. Where do we want to be in terms of our security profile? We ought to also take a deep dive into our community’s mindset and behaviors, with all digital devices, if we are truly invested in making a lasting change. Otherwise we don’t know what requires improvement.

Once we know our strengths and weaknesses, we can implement targeted Education and Training programs to better inform our community on best practices. This is what resonates most with me. We are only as strong as our weakest link when it comes to security, and each of us, at some level, can dramatically impact one another positively or negatively; this awareness is key while changing behavior.

And to really cement our efforts, we must Proselytize. We must keep cybersecurity in the collective consciousness.  It has to be an ever-present mindset, not one based on fear but on awareness. This mindset ought to become second nature because the activities of cyber attacks are anything but static. There will always be new strategies to get around multi-factor authentication, for example, but we must make our mindset as dynamic as theirs and frequently reaffirm this kind of mentality.

In the end, I would love to see cybersecurity efforts focus more on training.  The new cybersecurity training, via LMS, seems much improved and relevant than those  from prior years.  Here at SIO we’ve implemented more layers of security after some intrusions detected in 2018.   While our IT staff  remain concerned and vigilant of potential threats, some of our users were rather surprised and unsettled with the level of sophistication aimed at our  infrastructure. Conversely, sharing a real life example can help nudge people toward a new mindset. Sometimes you need your cage rattled – even if it is at the higher leadership levels. We’re all vulnerable and even at our best we still have blind spots, but collective awareness can help fill in those gaps.   

Putting his words into action, Luis eagerly joined the campus Cyber Champions program shortly after this interview. His participation allows him to educate his colleagues and proselytize the efforts of the campus cybersecurity awareness program at the SIO location.