Cyverity

Get Started

Russell Eubanks at RSA Conference 2022: Key Insights and Takeaways

Contractor listens to webcast at home and preparing new approach

Speaker: Russell Eubanks

Event: RSA Conference

Date: June 7, 2022 

YouTube Link: https://www.youtube.com/watch?v=YG0WiBa2Ias  

At the RSA Conference 2022, Cyverity Managing Partner and SANS Principal Instructor, Russell Eubanks shared invaluable insights on leadership, security culture, and bridging the gap between technical and business priorities. Hosted by Stephen A. Hart, this engaging live session emphasized the importance of practical skills, effective communication, and fostering a positive security culture. 

 

The Mission Behind SANS 

From its inception, SANS has been a mission-driven organization focused on empowering cybersecurity professionals with practical skills that make the world a safer place. Through courses, certifications, cyber ranges, and scholarship programs, SANS consistently delivers high-quality training and resources for security practitioners at every level. 

As Russell shared during the session, “What makes SANS unique is its ability to teach skills that professionals can immediately apply to solve real-world problems.” 

 

Key Takeaways from the Live Session

1. The Value of Security Leadership

Russell, a former CIO and CISO at the Federal Reserve Bank of Atlanta, emphasized that cybersecurity leaders must be “bilingual”—able to speak both the technical language of security and the business language of leadership. 

Key Points: 

  • Understand the Business Mission: Leaders must align security initiatives with the organization’s mission and objectives. For example, security policies and compliance efforts should directly support the organization’s broader goals. 
  • Communicate in Business Terms: Executives prioritize metrics and outcomes that reflect the health and success of the organization. Security leaders should frame their requests and updates in terms of business value. 

Actionable Tip: Develop business cases that translate technical risks into business priorities. Use language that resonates with stakeholders, such as cost savings, risk reduction, and operational efficiency. 

 

2. Fostering a Positive Security Culture

A strong security culture starts with leadership but requires participation at all levels. Russell highlighted that culture is shaped not only by organizational policies but also by the attitudes and behaviors of the security team. 

Key Points: 

  • Lead by Example: Security leaders have a unique opportunity to shape the culture of their teams and, by extension, the entire organization. Russell shared how he actively influenced his team’s culture to align with organizational values. 
  • Shift the Narrative: Instead of waiting for others to “fix” the culture, leaders should take ownership and drive positive change. “When I look in the mirror,” Russell said, “I see someone who has a lot of influence over the culture of my team.” 
  • Embed Security into the Organization: Security should not be seen as a liability but as an asset that helps the organization achieve its goals more effectively. 

Actionable Tip: Use tools and templates, such as those provided in the updated SANS Management 521 course, to assess and improve your team’s security culture. 

 

3. Practical Updates to SANS Management 521

Russell also provided updates on the SANS Management 521 course, which focuses on building a strong security culture. The course has been refined based on feedback from global practitioners and now includes enhanced resources to support real-world application. 

What’s New in Management 521: 

  • Digital Download Package: Includes playbooks, templates, and metrics for tracking and improving security culture. 
  • Improved Metrics: New tools to help leaders measure and communicate cultural impact. 
  • Enhanced Practicality: The course emphasizes actionable steps, ensuring participants can apply what they learn immediately. 

Actionable Tip: Consider enrolling in Management 521 to access these updated resources and gain deeper insights into fostering a security-centric culture within your organization. 

 

4. The Importance of Basics in a Complex Landscape

While the RSA Conference showcases cutting-edge technologies and solutions, Russell reminded the audience to focus on foundational security practices. 

Key Points: 

  • Prioritize Basics: Effective patching, vulnerability scanning, and system configuration remain critical. 
  • Bridge the Gap: Security leaders must communicate these priorities to executives in a way that highlights their importance to the organization’s success. 

Actionable Tip: As you explore new tools and technologies, take time to evaluate your current practices and identify gaps in basic security hygiene. 

 

Engage with SANS and the RSA Community 

SANS remains committed to supporting the global cybersecurity community through training, resources, and events like the RSA Conference. If you missed this live, you can view the full session here – https://www.youtube.com/watch?v=YG0WiBa2Ias 

To learn more about Management 521 and other leadership-focused courses, visit SANS LDR 521: Security Culture for Leaders. 

 

Closing Thoughts 

As Russell emphasized, cybersecurity leaders have the power to shape culture, align security with business objectives, and drive meaningful change. By leveraging resources like SANS courses and engaging with the broader community, you can elevate your leadership skills and make a lasting impact. 

 

Your Next Steps: 

  1. Reflect on how well your current security initiatives align with your organization’s mission.

  2. Explore training opportunities through SANS to enhance your leadership and technical skills.

  3. Start small: implement one or two takeaways from this session to strengthen your team’s security culture.