Security Mentor CSO on the latest trends in cybersecurity

Sajid Khan

Dan, thank you very much for taking the time out of your busy schedule for this interview. Can you please begin by sharing your perspective on the role of Chief Strategist & CSO at the Security Mentor, Inc.?

‍

‍

Dan Lohrmann

Thank you Sajid for the very kind invitation to be interviewed for your MicroAgility blog. I love my job at Security Mentor and at the same time wear many hats.
My role starts with my passion for cyber awareness for everyone in society, since technology has become an ongoing imperative touching every area of our lives.

Security Mentor truly excels at providing training for everyone from small governments to global private sector enterprises in many forms.
We offer engaging, computer based end user security awareness training that changes your business culture for the better, using a mix of interactive content and gamification or game-based learning that is “sticky” and memorable and works.

We pioneered a model called brief, frequent and focused security awareness training, which changes the paradigm away from the traditional once a year 1-2 hour “death by PowerPoint” presentations to ten minute lessons offered monthly on a single topic.
I am the primary evangelist for our company – typically speaking at about twenty public events a year around the US and world on a variety of technology and security topics from cloud computing to mobile computing to the Internet of Things (IoT) developments

I also lead security awareness consulting efforts within governments and private sector companies to bring together different training channels for the best results in each situation. I meet with executives and security staff to enable the best possible mix of live and online training.
In my thought-leadership role, I work with our development teams to build up-to-date cyber training content for new and existing online materials.

I also blog and write articles for a range of media providers from Government Technology Magazine to CSO Magazine to mainstream media outlets like the Wall Street Journal (WSJ).
Finally, I manage our public sector business development efforts, coordinating actions with CIOs and CISOs all over the US in federal, state and local governments.

This role enables me to be active in boards for Michigan InfraGard, university cybersecurity advisory boards, NASCIO’s Corporate Leadership Council and several other groups.

Sajid Khan

What have been some of the biggest challenges faced by Computer & Network security organizations during the last couple of years?

‍

‍

Dan Lohrmann

There have been many challenges. Attracting and retaining talent must be the #1 challenge for organizations. That issue is well-documented.
Second, keeping up with technology changes and fighting yesterday’s battles. I don’t think our organizations are very good at learning from history – and we keep repeating the same mistakes.

Third, I would say balancing innovation and a “can do” attitude with cybersecurity initiatives that are often seen as disablers to the enterprise. We need security to be an enabler, but this is hard and takes tact and experience and an understanding of the business goals. For example, how do we get security right for smart cities?

Sajid Khan

How effective is Security Mentor in innovation and where do you see your company by the year 2020?

‍

‍

Dan Lohrmann

I think we are very innovative. As I mentioned earlier, we brought gamification to the end user security awareness training market. We also brought the “brief, frequent, focused” training concept to the industry – which is still a big leap for many, but is catching-on fast. They say that imitation is the best form of flattery, and other companies are starting to do what we’ve been doing for a while.

(Some even fought us on these best practice concepts, but now are implementing them.)

We added new topics that are emerging such as the Internet of Things and insider threats, which we are providing training on. Also, integrating phishing simulation and other tools into the training experience is the new normal to measure impact and success.

Moving forward, I see us adding even more targeted training for different roles, integrating more contests, more gamification and more topics as the industry evolves and grows.

Sajid Khan

What trends do you see ending their life cycle, what are some trends that you see for the future, for your industry?

‍

‍

Dan Lohrmann

Where to begin? There is a lot happening now, and cybersecurity architectures and training methods are changing fast! As we head towards autonomous vehicles, robots, more drone, smart cities and smart everything, etc., we will see new challenges in every area of life.

IoT was the #1 topic at BlackHat and the RSA Conference in 2017, and Bruce Schneier says we are seeing the “endless broadening of security into every area of life.”

I agree. And this will impact security training. Global hacking is growing in many forms for a wide variety of reasons, and people need to know how to protect themselves in cyberspace. I see this trend growing because the people side of security isn’t going to end. One specific trend: we will see more bug bounties with associated activities.

Sajid Khan

Would you like to share some of your key initiatives for the awareness of cybersecurity programs?

‍

‍

Dan Lohrmann

Gamification and game-based learning will be expanded in many new ways. Think about how we compete with friends and family members in counting steps on your Fitbit watch or other wearable device. Competitions are huge in the personal health and hygiene areas, and they are also growing in the end user security awareness training areas.

Also, look for more measurements, value-based actions for enterprises that want to ensure that messages are hitting home and changing security behaviors both offline and online. Ultimately, we want to be changing cultures to help build more cyber-savvy employees in different circumstances at home and work. There are some exciting new ways to do this, so watch this space for some new announcements.

Sajid Khan

What has been your greatest achievement in your career thus far?

‍

‍

Dan Lohrmann

Back on September 11, 2001, I was directing an eMichigan team on rolling out the first Michigan.gov portal for Governor John Engler. That sad day brought about the realization of the importance of security both offline and online for our nation and the world. I was able to articulate a new vision for cybersecurity for Michigan government and laid-out a multi-year plan to centralize information security into one government office.

I became the first enterprise-wide CISO in Michigan in May 2002, which was also the first of a kind in the nation. We built a great team that accomplished many things and won tons of awards and led the nation in state and local government cybersecurity efforts for more than decade. That was a rock-star team that included more than a dozen people that are cybersecurity leaders all over the world now.

In 2011, we centralized further and combine physical and cybersecurity. My top achievement was building that great team. I left in August 2014, but the initiatives are still going strong.

Sajid Khan

What advice would you offer to our readers who aspire to follow in your footsteps?

‍

‍

Dan Lohrmann

I have been blessed to have great professional mentors in my life who guided and directed my career journey. Find a good mentor (or two) that you respect and trust and follow-through on their recommendations. Here’s a bit more detail on that topic.

Sajid Khan

Is there anything else you would like to share with other fellow C-level executives?

‍

‍

Dan Lohrmann

I don’t think there has ever been a better time for technology and cybersecurity professionals to make an impact in our world than right now. I am very thankful to God for the opportunities that I have had so far in my career, and I still believe the best is yet to come!