Attendees had the opportunity on the second day of ASIS 2017 to listen to experts share their personal experiences in security, lead deep dives and panels, and gain insights from impact learning sessions.
Read below about a few of the sessions that the Show Daily team attended throughout the day.
All rise! Attendees-turned-jurors gathered to judge the results of a mock trial and the chance to explore the intricacies of who is liable when workplace violence occurs.
The cheeky, candid performance, kicked off by a robe-and-wig-wearing CALSAGA President David Chandler, discussed a fictitious case following a workplace bombing in which the victim sued her job’s security contractor, and that contractor in turn sued the company.
Multiple partners from Bradley & Gmelich ran the trial, with Roy Rahn, CPP, playing the security director; Matt Thomas, CPP, as the security officer; and Linda Florence, CPP, as the plaintiff. Bonnie Michelman, CPP; Geoff Craighead, CPP; and Mark Mooring, CPP, provided expert testimony.
It all began when community center executive director Rita Bennett fired Dexter Morgan, who grew aggressive and attempted to throw a paperweight at her head. He was escorted from the premises by a Lumen Security contract officer, and Bennett sent an email to all staff that Morgan should not be allowed back on the premises.
She then called Arthur Miller, the owner of Lumen Security, expressing her concerns about Morgan. Miller assured her he would take care of it and offered her additional armed services or risk assessments, but Bennett explained that the community center could not afford them. Miller did not take any additional actions.
Morgan later showed up at the facility and passed the security desk because the officer had not seen the email that Morgan was barred from the premises.
When Bennett stepped away from her office without her radio, Morgan planted the bomb and ran away. Once the security officer realized what was going on, he tried to notify Bennett on her radio—which she did not have—but it was too late. The bomb exploded, severely injuring Bennett.
Now, years later, Morgan has admitted to the crime, and Bennett is suing Lumen for negligence, so Lumen responded by suing the community center. The lively hearing—a two-week affair squeezed into two hours—illustrated the legal process in a humorous yet thorough way.
Attorneys and plaintiffs explored whether Lumen Security could be held liable for the bombing, or if the responsibility for Morgan’s actions lay with the community center and its lack of security measures, making attendees think long and hard about responsibility and duty of care when it comes to securing private facilities.
What drives a hacker? What motivates him or her to explore our computer systems—sometimes in the name of research and sometimes for malicious reasons—further than most people normally would go? And why are their efforts effective?
Those questions were the focus of “A Hacker’s Perspective on the Human Element in Society” by Coleman Wolf, CPP, CISSP, lead security practice consultant at Environmental Systems Design, Inc.
“I like to look at it as hackers in a generic sense,” Wolf said. “They have a deeper understanding of a system and they like to explore that system.”
Learning about hackers and their motivations is crucial because security professionals need to understand who initiates the threats and what tricks they use to perpetrate a hack.
For instance, hackers know that one of the best ways to understand how a system works is to break it, to “push it to its limits” to see what it’s capable of and master it as a technical challenge, Wolf said.
Hackers are also motivated by curiosity, to explore the cyberworld; amusement, such as through trolling; social causes, like hacktivism; or profit, such as espionage and extortion. They often view the “cyberworld as a visual world you can go to” through the computer, Wolf added.
To gain access to systems, hackers will typically exploit humans—often the weakest element in the security system because they cannot or will not abide by security policies and procedures—into granting them access.
To do this, hackers use the psychology of persuasion on their victims. Wolf divided this psychology into six groups: scarcity, authority, liking, social proof, reciprocity, and consistency.
For instance, in a ransomware attack, hackers will often use scarcity to convince victims to pay them. Wolf shared an example of a Popcorn Time ransomware, which displays a countdown clock on victims’ computers with the time left to pay the ransom or lose their files.
Other ransomwares, however, combine scarcity (limited time) with liking—making the ransom payment process easy and approachable by providing a helpdesk with instructions on how to obtain Bitcoin to pay the ransom.
By learning about hackers and their motivations, security professionals will be in a better position to understand who initiates threats against them and how to prevent staff from falling for the tricks they use to perpetuate a hack.
Self-awareness is one of the best predictors of leadership success, according to several psychology and leadership studies in recent years. Leaders need to know themselves before they can forge trusting relationships with others to create an effective staff.
Becoming self-aware is not easy, though, and most aspiring leaders are never taught how to do it. At the education session “Effective Leadership: What’s Self-Awareness Got to Do With It?,” participants were given advice on what it means to be self-aware, how to increase self-awareness, and how to leverage it to become a more effective leader. The session was supported by the CSO Center.
Instructor Rosemary Maellaro, an associate professor of management at the University of Dallas, told attendees that “leadership is all about achieving goals through others. We cannot do it all ourselves.”
And to have effective relationships with those you lead, a leader needs high emotional intelligence.
Emotional intelligence can be thought of as “a different way of being smart,” said Maellaro. It requires balancing intellect and emotions so that emotions can be used to effectively inform decisions. Those with low emotional intelligence do not often achieve this balance; they either let their emotions overwhelm their actions, or they ignore their emotions completely and rely on cold logic to make their decisions.
Emotional intelligence can also be used to develop self-awareness—a thorough understanding of one’s own strengths and weaknesses, and how others perceive one. But self-awareness takes effort, Maellaro said.
It requires thoughtful introspection, and an openness to honest feedback. The three pillars on which self-awareness rests are emotional awareness, an accurate self-assessment, and self-confidence.
Many leadership studies have shown that top performers usually score high in self-awareness. Some of its benefits include the fact that self-aware leaders usually have good comradery with their staff, are trusted, are good communicators, are perceived as authentic by those who work with them, and have the ability to accurately perceive their own emotions.