Rachel Arnold is The Human API and client relationships specialist at SecureNation, a client-focused cybersecurity platforms and services reseller. Her insider knowledge and expertise has made her an invaluable resource for clients and vendors alike.
Rachel is also the marketing director for the ISACA Baton Rouge chapter, an avid supporter of InfraGard Members Alliance Louisiana, passionate volunteer and fundraising dynamo for the Innocent Lives Foundation, and supports a local program within the East Baton Rouge school system, Career and Technical Education Center as an industry advising member of the board.
Rachel hosts a weekly live stream across five social media platforms, The Coffee Table Talks which aims to humanize cybersecurity across the industry and highlight positive influences to the global community. In a short amount of time, Rachel has solidified herself as a true connector of people and technology.
Question 1: Online threats are ever-increasing and causing billions of dollars in damages. With the current digital state, do you see a secure online architecture soon?
Rachel: As long as humans are humans that utilize technology, we will never reach complete digital security. We can, however, make strides to exist with safety in mind. Just as we walk down the street, aware of the cars that pass by and the dangers of the physical world, we have to ingrain the same level of awareness as digital citizens in a world built with hand-crafted code.
The roads we drive on for work, family, or anything else we may be up to, can be riddled with potholes, road signs, directions, misguided information, and fun activities- it’s up to us to understand how we can be affected by the dangers, the distractions, and the guidance we find all while ensuring the safety of ourselves, our passengers and others in a vehicle we are responsible for maintaining and fueling.
The physical infrastructure with its strengths and weaknesses is no different than the digital infrastructure that is provided by the code we utilize to travel through our digital environments. Just as road material varies from region to region depending on availability and the craftsmanship utilized, coding can vary greatly from developer to developer. The same challenges that face the physical infrastructure affect our digital building blocks too and the ability to ensure safety is just as important but cannot be standardized from one location to the other. Our online architecture is the same.
Question 2: An average internet user has little to no information or interest in cybersecurity. How should cybersecurity training and curriculum be made interesting for employees and students?
Rachel: It needs—no MUST—be a part of everything we do, not just a training exercise. Before you are given a loaded gun you need to know which end is dangerous and the consequences of not wielding it properly. We’re giving accounts and login credentials to people without properly explaining what the use of these things means to not only their ability to utilize platforms and tools, but to their own safety and the safety of the organizations they are associated with. It’s not cybersecurity training—it’s digital safety—and the sooner we all adopt the change in perspective, the better.
The internet—the way it functions, the way it’s built, and how we use it—should be discussed in a way that is easy enough for a child to understand. Children use it.
It is the responsibility of everyone who uses a thing to be responsible while using it; not only for their own safety but for the safety of those around them. You can be hyper aware of your own digital persona, but if your family and friends announce that big trip you took, or where you may be headed, or any other personally identifying information about you, it can be leveraged to target you and everyone around you, including the networks and data that are leveraged by each individual.
Question 3: Data from data breaches is readily available on hacking forums. How should companies ensure their data doesn’t end up on dark sites?
Rachel: You can’t ensure it won’t. But having a proper cybersecurity strategy in place will greatly reduce the risk. Organizations should all assume the data is out there and that the credentials have already been compromised, but with technologies that seek to remove the need for passwords completely and even the multifactor settings that are currently an option for many platforms and identity management controls this will no longer be the issue it is currently. Every recent breach and spread of ransomware can be traced back to compromised credentials.
The simplest answer is likely the best for often than not.
Question 4: Cybersecurity tools are largely accredited for providing online privacy and security. In your opinion, are these tools effective against growing online threats?
Rachel: Alone, tools are highly ineffective. Just as owning a hammer doesn’t get your house built, owning tools and expecting them to just work is silly. You need staff trained to wield them. You need to be aware if there are more efficient ways to do a job too. Example: Now that you know how to use a hammer and use it well, are you ready to move onto a nail gun? Will that cost be justified in the time and effort that is saved? If you’re building a whole house, maybe. If you’re building something smaller, you may not need to purchase something so robust. It all depends, but none of these things are valuable on their own.
Question 5: IT teams have the most challenging job – to keep intruders away and ensure the digital infrastructure is safe. How can reliance on these individuals be minimized?
Rachel: Reliance on IT teams should be increased, not decreased. Our reliance on the systems they maintain isn’t tracking down; why on Earth would our reliance on the people putting the processes into place be reduced? There are ways, however, to increase their efficiency and their passion for security. Support from the top is always a great place to start with that. Security and IT should be a part of every conversation a business has about strategy. An easy way to determine whether or not these teams should be included is for organizations to ask themselves. Is this process going to depend on hardware and software? Yes? Go grab the hardware and software people.
Having their collaborative wisdom added to these discussions is pivotal for business continuity. You wouldn’t allow your employees to work in a physically unsafe environment or your consumers to do business in a compromised space. Traditionally, you bring in safety experts to consult in those sorts of plans, understanding that the digital environment IS just as important as the physical is a challenge that we are all trying to overcome nowadays and many businesses already have the brainpower on staff to avoid silly digital mistakes, but they have to be invited to the table.
Question 6: Do you believe in online privacy, or is it a thing of the past?
Rachel: Online privacy is a concern, 100%. For customers to safely share banking information, product preferences, health information, or any sort of Personally Identifiable Information (PII for short) is one of the ways that consumers trust an organization. It is up to the organization to protect that trust and up to the consumers to understand how much they can trust a business. Traditionally this is done in the US through programs like the Better Business Bureau (also known as the BBB), as well as other trusted references, etc.
Nowadays, with the spread of disinformation and consumers being presented with so many options it’s hard to recognize when to trust, how to trust and why they can trust an organization.
Privacy is compromised and given up in lieu of convenience, platform usage terms, and ease of use. Most of the general public doesn’t fully understand how their information can be used against them. They only fully understand once their business processes are shut down for extended periods of time, their financial accounts are empty, or law enforcement is at their door asking hard questions. Compliances like FERPA, HIPAA, etc. strive to give organizations a handle on the who, what, when, where, and how, but these compliance building blocks can be interpreted in different ways due to the fact that they have to blanket so many different digital infrastructures.
Question 7: As a volunteer at Innocent Lives Foundation, what’s your day like, and how do you overcome the challenges of the job?
Rachel: My day is likely the same as everyone else’s day, but my perspective on my interactions may be vastly different. I find myself considering how every interaction can or possibly could benefit from knowing the Innocent Lives Foundation, how they can help and how the resources they provide can be useful.
For example, I had a luncheon with a CISO of a private university last week. This person is a client of SecureNation. During our usual pleasantries and IT/Security roadmap discussions they mentioned that their 7-year-old had a YouTube channel that was gaining popularity. The conversation quickly turned from usual business dealings to concern for their child’s digital safety as well as the digital safety of the viewers that they attracted. We will have a meeting later this week to walk through the privacy and chat settings of the minor’s channel.
I am also keenly aware of the darkness that exists not only in our physical realm but also the digital play land we have created and bridged from one nation to the next. To be an IT/Cybersecurity professional means you also either intentionally or unintentionally know some of the methods that are utilized to extract and expose our human vulnerabilities. My organization, SecureNation, is focused on all things cybersecurity. I, as a mother of 3 small children that do utilize internet accessible devices for learning and play, find myself focusing on authentication platforms, privacy settings, network controlling and monitoring features of applications. I also tend to advocate for user education.
A loaded gun, by itself, is not dangerous. It’s the user’s education and intentions that determine the safety level of any weapon. The internet is not the thing that is dangerous, it’s the users that make it that way and it’s up to us in the industry to connect the users to proper training and education on how to use it in a way that doesn’t weaponize the way we connect to the rest of the world.
Question 8: Apart from work, how do you spend your weekends and vacations?
Rachel: Work and life for me is one constant strand of consciousness. My work focuses on bringing people, processes, and technology together safely to fulfill business outcomes and continuity. When we’re spending time together as a family we are, in one way or another, interacting with devices that are connected. By having my mobile device on my side, a threat actor could potentially know what park I’ve taken my children to, or what my plans are with others by reading my messages. They could potentially unlock my doors that are also connected, turn my clothes dryer on and overheat it, take pictures of the inside of my refrigerator, take control of my home’s safety systems, or infiltrate the viewing and gaming systems we use. They could speak to my family through our connected devices. I spend most of my time understanding the platforms we utilize for fun and ensuring that we are doing that in the most safe and secure way possible. I am afraid that is not how many families are operating. It may seem overanxious, but I ask you: what do you pack when you’re planning a trip to, say, the beach? Sunscreen, appropriate clothing, activities, health and hygiene products, or snacks for the road? You could probably list a million things that I’ve forgotten and many of us add to the list with experience and wisdom from previous trips. I do the same, but add to it all the ways I know to protect my family’s fun and folly from a digital perspective too.
If we’re not travelling to visit relatives or take in a few sights, we’re doing the things most families do, work in our yard, play outside, color together, cook together and basically value every second we have together as a chance to become better humans to not only each other, but to outsiders by building foundations of security and trust that I hope one day we can all experience in the digital realm.
Thank you very much Rachel for the interview. Our readers would definitely benefit from your thoughtful insights regarding digital safety. As for our readers, you can follow her on Twitter where she often tweets @Th3_Human_API or follow her on Linkedin https://www.linkedin.com/in/thehumanapi or watch her podcast https://www.youtube.com/c/thehumanapi.