What You’ll Learn From This Episode:

* Why investing in security is a MUST
* How to make sure not to focus on compliance but on good practice
* Why leadership and governance are the solution to most security problems

Related Links and Resources:
My free gift is a community gift. There is an organization called 'The Center for Internet Security', they're a global organization, they have well-defined practices, it’s www.cisecurity.org. To get to me directly, they can email me at keyaan.williams@class-llc.com or you can go to the website www.class-llc.com
Summary:
Keyaan Williams is the Founder and Managing Director of Cyber Leadership and Strategy Solutions (CLASS-LLC), a professional services firm that helps global clients with cybersecurity strategy risk management, and workforce development.
His reputation for leadership was established when he led the operational transformation of the Information Systems Security Association (ISSA) as the President of the International Board of Directors, and he has also been recognized for his service in the U.S. Army Chemical Corps.
Keyaan has contributed to many books and publications including The Language of Cybersecurity, Using Security Metrics to Drive Action, CISO Magazine, the ISSA Journal, and the Crisis Response Journal.
Here are the highlights of this episode:
1:32 Keyaan’s ideal Client: You read my bio, and it sounds like we're only working with very large companies but my ideal client really is small to medium size business. 66% of SMBs fail after having a data breach or a cyber-attack. So, my personal preferences are to work with those smaller businesses to help them stay in business.
2:03 Problem Keyaan helps solve: All businesses struggle understanding what security means, part of that is the security industry. People in this profession talk in technical terms and they have a hard time transitioning or translating that information into a business decision. So, one of the things that I help do is, it goes back to the old school decision support systems; where I tell people what they need to know so that they can make an inform decisions as one to benefit your organization and lead them to success.
2:51 Typical symptoms that clients do before reaching out to Keyaan: What's interesting is that, industry research says that it takes 9 months, 270 days for a mature organization to determine or to identify that they have a breach, or that they have some kind of cyber-attack. Because the attackers are very stealthy and their intention is not to get caught unless you're dealing with ransom lawyer. The objective of the business owner, regardless of the size of the business, is to make sure that they don't focus on compliance but they focus on good practices that are going to protect the organization. And then they invest in 'incident response' so that when a problem is found, they fix it as quickly as possible and get back to normal.
3:45 What are some of the common mistakes that folks make before finding Keyaan and his solution: There's two categories that answers the question. If the company is investing in security, most companies only invest in obligations that are define by a regulation or a contract. If you go back two years, 90% of the data breaches that have happened where in companies that were compliant with their regulations. So, it highlights the compliance is not the answer to the problem, it's the bear minimal. The other problem is that some companies don't invest in security or whatsoever. The National Association Corporate Directors identified that 61% of corporate executives will ignore security concerns to achieve a business outcome. But security concerns and failures in that area put 66% of companies out of business,