Embark on a riveting journey through the dynamic realms of emergency response, cybersecurity innovation, and strategic planning, guided by the insightful reflections of Dan Lurman, former Chief Security Officer for the state of Michigan. Our narrative begins amidst the chaos of a historic blackout in Michigan, where Dan and his team grappled with the aftermath for days, illustrating the resilience and adaptability required in crisis situations. However, Dan's journey is not confined to emergency response centers but extends to the realm of entertainment and entrepreneurship, where he honed his skills as a magician and ventured into the world of cybersecurity startups. As the founder of a pioneering startup focused on automated penetration testing, Dan brings a unique perspective shaped by diverse experiences and expertise. Join us as we delve into his practical tips for enhancing tabletop exercises, from preparing participants to throwing unexpected curveballs, and the imperative of collaboration among cross-functional experts in crisis planning. Through Dan's anecdotes and insights, we navigate the intricate intersections of experience, innovation, and collaboration, empowering organizations to confront the challenges of cybersecurity and crisis management with confidence and resilience.
Here is the verbatim discussion:
But two years after that we had a large blackout in Michigan where uh the whole Northeast lost power for two days basically we lost power and it was basically a situation where um you know we had to all go to the emergency coordination Center and respond to um you know no computers no power no um you know huge issues a lot of people thought it was in the US thought it was another 911 they thought you know it was another terrorist attack and uh all the people at the emergency coordination Center uh we were there for four straight days and a bunker with you know a generator and um responding to all kinds of issues that you know the state parts of the state came back like 24 hours later other parts uh came back more like two days later and some came back three days later but it was a major emergency and and New York was without power for a couple of days a lot of things happened and as a kind of little bit Prelude to the story which is important I used to do a lot of magic shows I mean long time back and bymagic shows I don't mean the rabbit out of the hat trick kind of magic shows but more like the David Blaine kind of stuff mentalism and um um closeup magic and those kind of stuff I used to do on stage as well so I was doing like opening shows for college fests and closing shows for college Fest so I'm doing I was doing it at a pretty decent level uh so and and also I started my first startup around that period we were doing this um automated penetration testing on the cloud so that was what we were working on sure uh Dan lurman I'm um Chief security officer and chief strategist and security mentor so we do security awareness training um and former CSO for state of Michigan and started my career at the National Security Agency great wonderful thanks but again this may be not a real situation but like here's what's happening in the world you know for an oil company the price of oil has plummeted yada yada yada y you know kind of Preparing People in advance for the scenario that's going to hit them on the day of the exercise so yeah I mean definitely that should always be part of so preparation and and and making sure people who are coming in know what their role is going to be know what their um know what you know some background is another thing we did so I start giv you some other tips what often happens at these is is they start th you know throw curves at people um and you know what I mean by that is you know kind of like you play cricket but B you know throw um us baseball you know curveball um change it up so what do I mean by that um like they would come in day one and say you you you you and you tap on the shoulder you're gone get up get out of here you know go stand in the corner of the room you're an observer you can't say anything it's like wait a minute that's the that's the CFL you just tapped on the shoulder you can't yeah but he's in Germany so he's not he's not able to be here right now so and what about that guy well yeah that's the C that's my chief security officer he's yeah he's on vacation at Disney World so so we're going to let him so we're going to put him down in the basement and you can call him on the phone but he can't be in the room here he can't look at any of the stuff you know going on so you know that happens a lot um so you know try and you know that's one way you can throw throw them a curve or you could something they're not expecting um because inevitably whatever you plan whatever you're thinking whenever you think you're ready you're never read right so Ci's Chief Information officers um also you know different um different types of experts in business area so whatever you know who knows which area might be hit last year the biggest area in the US was hospitals so if this was a hospital tabletop you know the scenarios for doctors might be slightly different than it might be for a government or if it's for a bank it could be different you know what are the different functions maybe it hits one part of the bank and maybe not another part of the bank so you want you know you want to make sure those leadership uh roles from all across the Enterprise are there at the table um and that's really important you know getting them involved the other thing is you want to make sure that as you're putting together your scenarios and I would just recommend you know go to in the USA I don't know um uh you know other parts of the world as well I know the UK and USA very well but you know nist is a great place to go.
Highlights:
Resilience Amidst Crisis: Our journey commences with Dan's firsthand account of navigating the aftermath of a significant blackout in Michigan, where emergency response efforts were tested to their limits. Through days of relentless effort in emergency coordination centers, Dan and his team exemplified the resilience and adaptability required in confronting unforeseen challenges.
Diverse Experiences and Entrepreneurial Ventures: Beyond the realm of emergency response, Dan's narrative unfolds to encompass his experiences as a magician and entrepreneur. From captivating audiences with magic shows reminiscent of David Blaine to founding a startup focused on automated penetration testing, Dan's journey reflects a diverse range of interests and expertise.
Practical Tips for Tabletop Exercises: Delve into Dan's practical insights for enhancing tabletop exercises, from preparing participants and setting clear roles to throwing unexpected curveballs. Through anecdotes and examples, Dan underscores the importance of adaptability and strategic planning in simulating realistic scenarios.
As our exploration draws to a close, we are reminded of the transformative power of experience, innovation, and collaboration in navigating the complex landscape of cybersecurity and crisis management. Through Dan's multifaceted journey, we gain invaluable insights into the resilience required to confront adversity, the creativity fostered by diverse experiences, and the strategic planning essential for effective crisis response. As organizations embrace these principles and cultivate a culture of preparedness, they empower themselves to navigate uncertainty with confidence and resilience. Join us in embracing the spirit of innovation and collaboration as we navigate the evolving challenges of cybersecurity and crisis management in an increasingly interconnected world.
Speakers:
Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.
Comments