One glorious Spring morning in the National Capital Region (NCR), the coffee meetup was scheduled just about 30 minutes away as the Jeep GC headed down the tree lined woods of Old Dominion Dr. through McLean, VA.
We were meeting at the First Floor Starbucks of the Westin Arlington on North Glebe Road.
The meeting this early Thursday was with a Chief Security Officer (CSO) of a large Defense-Industrial-Base contractor (_ _ _ _) and we had planned to catch-up and talk shop for 45 min.
As we recognized each other in the lobby and made small talk ordering our favorite Starbucks blend, the dialogue shifted to one of the key reasons for our meeting.
Our real focus on Operational Risk Management (ORM) that particular day was the “Insider Threat” best practices that we all were rapidly implementing.
Whether you are talking about an employee or a contract supplier who visits your facility or organization on a single or periodic basis, the threat exists.
It was April 2013 and little did we realize this morning, we both would be hearing the name of Edward Joseph Snowden in July.
“An ex-government (_ _ _) employee now working for another large DIB contractor based in Tysons Corner (_ _ _) as a system administrator, “Ed” might have been thinking about his eventual escape from a government regional operations center in Hawaii as we talked.”
In Northern Virginia just two months earlier, our conversation turned to the actual prescience of the DIB companies “Insider Threat Program” and how many employees working for his company were also current members of a specific large non-profit organization.
One example we discussed was a local non-profit that is excellent on educating and training members on the tools and strategies to enhance protection of intellectual property.
Gaining additional foresight, clairvoyance or the special ability to see or know about events before they actually occur, is your CSO ground zero.
Concern or preparation for the potential future threat event or incident, is on the mind of every Chief Security Officer in the corporate world. Yet, what are you doing this month to improve your own sixth sense?
How many people in your organization are members of non-profit XYZ or ABCDEF that are now focused on training their members on topics of relevant interest to you?
The lesson here, is that whether you are a local Bank Manager, a School Principal, a CxO or just a parent; people in your responsibility are counting on you.
They want you to ask them questions, they want you to test them on their readiness to use CPR or a tourniquet. They want you to make them even feel more safe every day by educating them about ransomware and cyber "phishing".
When our Starbucks coffee meeting was over by 8:00AM, my hunch is that Jeff went back to his Defense Industrial Base company a mile away to do some homework and some rapid internal recruiting of key employees.
As a CxO in your particular organization, how well do you really know your employees, contractors and suppliers?