Issue link: https://iconnect007.uberflip.com/i/1088168
MARCH 2019 I SMT007 MAGAZINE 71 turned 40, so I'm not that old, but I feel so much older when I'm talking to these kids and seeing where they're at compared to where I was at that age. In this day and age, it's very easy to get buried into your device and onto one path without being aware of the doors that are open to you. It was great to get that feedback from the audience on exposing them to ideas that they never thought about from their skill sets. Johnson: This is a chance here to give you some feedback as well. I was standing in line for dinner last night, and one of the students and attendees of your competition was trying to summarize it to a colleague. I'm paraphrasing here, but he basically said, "I came out of it learning everything that I needed to pay attention to keep a site secure." Humphreys: That makes me feel good because there are so many different areas that you need to consider holisti- cally as a security professional and I don't know if that comes across in their academic programs. They're great, but, again, it's very easy to get on a single track. I want them to see tracks available beyond that. I'm glad that I was able to contribute. Johnson: You have all these students and young professionals learning about cybersecu- rity so they can take it to their employers and mitigate what's going on there. But one step further down, let's talk about the employers themselves. If somebody is in electronics man- ufacturing, they have to deal with the fact that they may be sending IP data overseas electron- ically where there are ITAR issues and other sorts of IP protection concerns going on. This is a daily part of doing their business when their core competency is being a manufactur- ing facility. What should they be paying atten- tion to right now? Humphreys: In my session this morning, I told folks when you're interviewing for a job, that job description may be very singularly tracked, but as a young professional coming into a new career field, talk about the regulatory impli- cations that they have to deal with. That will blow the recruiter off their seat because they're not going to expect it unless it's specifically called out in the job posting, which I guarantee it probably isn't. If a young professional says, "I understand the operational side, which is what I'm pas- sionate about, but I also understand how that impacts regulatory implications and the ever- changing climate that we're seeing on the reg- ulatory side around things like supply chain management," they're going to stand out. They're going to be pushed right to the top of the candidate list because understanding the broader concept of the challenges of that organization that they're hiring with from a security perspective and knowing where their lane in the road would be with that current job position is going to be very impressive. Johnson: You've just mentioned some supply chain issues, but what are some of the other regulatory challenges that you're seeing right now that would fit in? Humphreys: In the electric utility industry, for example, I cite this example all the time about how technology and threat will always outpace regulation. The perfect example is our supply chain management standard in the electric util- ity industry under the NERC framework here in North America, which they just passed this at the end of this year. It was in response to the Stuxnet vulnerability of the Iranian nuclear program back in 2010–2011 when we saw the first instances of that. And what did we do? We had a knee-jerk reaction and said, "This happened. Let's stand up a drafting team to develop a standard that will take many years to get in place." In the meantime, the bigger attitude we need to con-