One of the most critical elements of Cyber security is creating a culture of awareness & knowledge.
Marty, CFO of a utility company based in Denver, says that one of the most critical elements of Cyber security is creating a culture of cyber security awareness and knowledge. Thanks to Jeff Resweber, Marty says his organization has been able to do just that.
“One of the controls was that we had to implement was a cyber security awareness training program,” Marty said. “Jeff implemented and maintained that to the point now where everybody in the company, on a monthly basis, is required to participate in a training. The change in culture and the awareness of cyber security is palpable.”
According to Marty, Resweber’s capacity and demeanor have built cultural confidence in the mission.
“Jeff knows the subject matter at hand — and he's able to explain stuff in a way that everybody else can understand. He has the knowledge and he makes people confident that he's the guy with the knowledge.”
Marty says that Resweber answers questions in a way that not just, “Because I said so.” Resweber says, ‘Here's what it is. Here's why it is — and he’s able to be relatable throughout the process.”
Marty says Resweber’s success is rooted in the fact that he does a lot of homework behind the scenes. “In short, he's prepared,” Marty said. “If Jeff gets challenged on something or if someone asks a question, he has an answer — and he's able to explain it and support it.”
“He hits all of the marks,” Marty said. “Jeff's got incredible capacity to absorb information and then to present it a in a way that people understand it.”
Marty says that because Resweber simply knows the subject matter to a level that everyone in the company recognizes that he has a solid grasp on the issues.
“He’s able to say, ‘This is the way it has to be and here's how we're going to do it.’” Marty said. “When problems come up it's, "Let's work through it and figure it out."
Marty says he’s able to be rather objective as he sings Resweber’s praises.
“To be fair, we had another person working on Cyber security,” Marty said. “So, I had direct experience with someone trying to do the exact same thing — and the two experiences are night and day.”
The company is required to comply with onerous federal contracts with the government.
“We safeguard our information using a specified set of security protocols,” Marty said. “At the time that we engaged Jeff, we were starting to learn more about those and kind of scratching our heads trying to figure out how to go about implementing these protocols — this is a big project. We’re talking almost 130 different controls that had to be implemented and documented.”
Marty said the company gave Jeff the mandate to help wade through the process.
“Not too long thereafter, we got a specific request that said, ‘We need to have your system security plan and plan of action within two weeks.’"
Because cyber security is a growing mandate from the federal government in reaction to increased security risks, contractors often get reactionary requests that are almost impossible to meet.
“Had we not engaged Jeff and been ahead of this thing — what they were asking for is not something you can throw together in two weeks,” Marty said. “By making that task a priority for Jeff, he was able to get a system security plan that we were able to deliver in response to that request.”
The federal government was happy with what we provided.
“We were able to demonstrate that we are well down the path of where they want us to be so,” Marty said. “That was huge. Had we not been able to respond to that request, it would not have been a good thing for us as it relates to the contracts we have with the federal government — so that was a big deal.”