Jihana Barrett, CEO of Cybrsuite explains the security needs from not just from an enterprise perspective but for day-to-day life. She also tells us about how her organization, Tech Sorority, provides valuable professional support and guidance for women in tech.
Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm
Stitcher: https://www.stitcher.com/podcast/the-tripwire-cybersecurity-podcast
RSS: https://tripwire.libsyn.com/rss
YouTube: https://www.youtube.com/playlist?list=PLgTfY3TXF9YKE9pUKp57pGSTaapTLpvC3
Tim Erlin: In the latest episode of the Tripwire Cybersecurity podcast, I had the opportunity to speak with Jihana Barrett. Jihana is the CEO of Cybrsuite, a company which offers cybersecurity consulting focused on small businesses and individual responsibility. Jihana is also the founder of Tech Sorority. Welcome, Jihana.
Jihana Barrett: Thank you for having me.
TE: We spend a lot of time on this podcast talking about cybersecurity and its relationship to large companies, but your focus is a bit different. You also have a clear opinion that cybersecurity is really something that the average consumer needs to think about as well. Is that right?
JB: Absolutely. Once you have a phone in your hand, or any “smart” device, or just your computer, cybersecurity becomes a concern. When you think about it, your phone has so much information about you and other people. You do so many personal things on your phone. Losing a phone is like losing a lifeline, so part of keeping it safe is taking cybersecurity into account and making it your responsibility.
TE: It's interesting to think about this. When we talk about cybersecurity for a large organization, we're so often focused on how they can operate their business securely, how they can accomplish whatever their mission is and do so securely. But when you think about individuals, it's a slightly different perspective because you have to start thinking about your life in terms of responsibility and as being a mission that you want to carry out securely.
JB: Absolutely. When you think about the larger enterprise, your employees have to be trained in order for any of these safety measures to work. If they have to do it for work, why wouldn't they do it for their personal situations? Why wouldn't you say, “It's my responsibility to make sure that I'm not leaving applications running that are possibly compromising my device. It's important that I don't save my passwords directly to my device.” Things like that are really important.
TE: I want to talk about that the people-in-tech piece of that. There was a point in time where people in tech or people in cybersecurity could understand holistically how the Internet worked, but with the increase in the complexity of the Internet and with the increased specialization of people in technical roles, it's more and more likely that I understand just the piece of it that I work on. And I'm just as as ignorant as the average consumer on a lot of the aspects of how the internet and cybersecurity work because they're not a focus area.
JB: 100%. I am in cybersecurity, and I am always fascinated by other people in cybersecurity that I meet that do something that I don't do. I started off working for the NSA in a pen testing role. So, I understood that. Then, I would meet people who work in compliance, law, and ethics, and I would see that there was more to it than what I thought.
One of the main questions that I get, even from people within the cybersecurity space or just tech in general, is, "Why do I need to know cybersecurity for my day-to-day life?" That question is part of the reason why cybersecurity became my mission. I went to social media, and I just started taking what I knew and understood and started telling it to the masses. It wasn't that there was anything new. The same things happen all the time, but it was the repetition that mattered. Before I knew it, people were messaging me saying, “Hey, they didn't get me to click that email or that text message link because you said, 'Don't click anything that you don't expect.'” I knew that my information was starting to take root, and I couldn't let them down at that point.
The approach that I've been taking to explain everything is to take something that people will know about. For example, last summer, when the Carnival cruise line had a huge data breach, I informed people about what happened and the why they should care all the time. I gave them the pointers on what they can do. For example, if a person used a credit card with Carnival Cruises, maybe they could check the credit card for any suspicious activity because they don't know where their information is at that point. The more I did that and explained why they should care, why it's their responsibility to care, it really started to take root.
TE: Yeah, and through the pandemic, the online interactions increased, and all of that increases your footprint as an individual. That's got to increase your risk, right?
JB: Absolutely. Instacart had a breach last year. We couldn’t go into the supermarket because of the pandemic. So, the place that you're using to go food shopping now has told you that they've had a data breach and your card information is out there. How do you handle that? What does that mean? What does that look like for you? What becomes your responsibility? It was really important that I continued to reiterate the point, and it's been working. Everybody's been catching on and becoming more aware, and that's what we should have because none of this is going to stop.
TE: That's true. The key around the idea of focusing on the fundamentals of cybersecurity hygiene has a lot of appeal. Making sure that a broad audience understands those fundamentals seems like a difficult challenge. How do you balance between good cybersecurity and fear? There's this perception that a cyber-attacker can do just about anything, but the reality is that there are limitations.
JB: With anything, if you have a healthy fear of it, you become more aware. That's not to say that I take that approach. Can you reduce the level of impact it's going to have, whether it's your business or disrupting your personal life? If you're aware of what could happen and you accept the responsibility to do at least the basics of how to help yourself, then you can move with cautious intention.
I don't expect the typical internet consumer to know how to implement a firewall and lock down a home network, but changing the default passwords on all of your devices and other basic things like that should be standard practice. It sounds like a lot, but that's because it's not our norm. Once it becomes normalized, I think it'll be a completely different story.
TE: I agree. Now, I want to change topics a little bit here. I mentioned at the start that you're the founder of Tech Sorority, and I just want to touch on that a little bit. Can you tell us a little bit about that journey?
JB: Tech Sorority was everything that I needed when I started in my tech career. I started in the Air Force, and I didn't see many women of color or women there who had career paths that I could follow. I remember feeling very lost and grasping at straws. Do I get a degree, or do I get a certification? I remember always being the one woman on a team of, typically, white men. So, it was definitely different, and I knew that every time I showed up, in addition to my skillset, I had the responsibility of representing both my gender and my race.
I attended an all-girls Catholic school in Brooklyn, New York, and I went back for career day. I walked into the room, and one of the girls said to me, “Oh no, this booth is for the person who's in tech.” I'm dressed up, hair done, clicking my heels with a nice dress on, and I was hurt by her statement. I literally had to change the conversation from what I was and what I did for a living to debunk the idea of what a woman in tech is. I had to basically help the girls understand that there is no stereotype of who a woman in tech is or what she looks like. Tech Sorority was born out of all of those experiences. It's just a community, a sisterhood for us, where we balance that fine dance between gathering. We all have this specialty of technology as our career choice, but we're still women, and we bring our own essence and flavor to that industry.
TE: You talked about being the only woman of color in a room full of white men, but has that really changed for you? It seems like, in terms of representation in tech and cybersecurity, that would still be the case today.
JB: It is changing. I know that there are more faces that look like mine popping up, but we're nowhere near it being equal. So, I want to acknowledge who's there now and making amazing strides, but we definitely know it can be a little bit more balanced. The more we create organizations and spaces, I think we'll see more women in security going forward. I am using who I am and what I know to communicate to an audience that probably wouldn't have paid attention to it before.
TE: We've talked a lot about the responsibility we have as individuals for cybersecurity in our professional lives. What are the top practical tips that you have for people in terms of improving their own personal cyber-hygiene?
JB: The main one is the importance of strong passwords. That is literally the keys to your digital identity, so that should be the first place that you start working on and start working with. Create a strong password, and to take all the guesswork out of it, get a password manager. That's the first thing that you can do. It helps you create the password. It helps you store the password. It prevents you from logging into a fake site.
Next, when you're shopping online, make sure that that website is a secure website. It shouldn't just say HTTP, but it should say HTTPS, indicating that it is an encrypted site. When you're entering your card information, it's not flowing over the internet that anybody who has a scanner nearby can see.
I would also recommend to be mindful of what you post on social media. For instance, if you are on vacation, don't post in real-time. Post it when you return home. The security questions that are typically asked on many platforms can probably be found out from your social media posts. Those are some of the tidbits that I suggest.
TE: That's great information. Thank you for joining us. It was really interesting and educational.
JB: Thank you for having me. This is great. I had a good time.