Why the 'Why' is More Important than the 'What’ - Derek Fisher - Guardians of the Data - Episode #7
What’s the meaning behind the data your team is collecting?
Derek Fisher, Director of the Cybersecurity Defense and Information Assurance Program at Temple University, joins Ward to hash out the ‘why’ behind data security. Derek emphasizes the importance of understanding the integrity and proper usage of data, especially in scenarios like healthcare and financial services. The conversation also explores the differences in data security practices across various industries such as healthcare, financial services, and higher education. Derek shares insights on teaching the next generation of cybersecurity professionals and the relevance of the NIST NICE framework in aligning education and job roles. The episode offers practical advice for aspiring and current cybersecurity professionals on staying curious, demonstrating skills, and the importance of understanding the broader ecosystem of data security.
Takeaways:
- Question Every Data Collection: Before collecting any data, ask yourself if you truly need it. If the answer is no, don’t collect it. This reduces your responsibility to protect unnecessary information and minimizes risk.
- Show Your Work and Stand Out: Document and share your work, especially if you’re entering a new field like cybersecurity. Demonstrating your process and achievements helps you differentiate yourself from others.
- Data Minimization for Security: Avoid collecting data just because you might need it in the future. Every piece of data you store increases your attack surface. Only collect what is essential to reduce potential vulnerabilities.
- Use the NIST NICE Framework for Career Growth: Leverage frameworks like NIST NICE to understand the skills and knowledge required for specific roles. This can help you target your learning and career development more effectively.
- Stay Curious and Threat Model: Maintain a curious mindset and always think like an attacker. Regularly ask, “What can go wrong?” and “What will we do about it?” Practicing basic threat modeling is a critical skill for navigating today’s security landscape.
- Risk-Based Approach to Data Decryption: When deciding whether to decrypt data, use a risk-based approach. Work with legal and HR teams to set clear guidelines and avoid decrypting sensitive categories like healthcare unless necessary.
Quote of the Show:
- “ For me, teaching this next generation of cyber individuals or technologists, it's about showing them sort of the entire picture.” - Derek Fisher
Links:
- LinkedIn: https://www.linkedin.com/in/derek-fisher-sec-arch/
- Website: https://www.securelybuilt.com/
- Substack: https://substack.com/@securelybuilt
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
