A year and a half ago, El Camino Community College (ECC) District in Torrance, California, hired Paul Yoder as its head of info security to conceptualize and implement a complete and thorough info security plan. With a background in network administration and security totaling more than 20 years, four CompTIA certifications (CompTIA Linux+, CompTIA Network+, CompTIA Security+ and CompTIA Project+) and years of computer security study under his belt, Yoder jumped at the chance to start his own security program from scratch. But, as he would soon discover, the task would encompass more than creating policies and procedures. It would take a true hands-on, grassroots effort to push info security to the top of the priority list.
Starting from Scratch
Before Yoder was brought on, ECC hadn’t had a dedicated info security specialist on staff. To create his own plan, he knew he had to revise current policies, create new procedures, establish a budget and screen countless security product companies to select the most cost-effective and sensible layered defensive strategy possible.
“This included next-gen perimeter firewalls, spam filters, IDS/IPS components, web-application firewalls, endpoint protection, printer security and end-user training programs,” Yoder said.
And, that wasn’t all.
“It took a lot of face-to-face evangelism, which is not a native trait for most IT folks. We tend to be a little reclusive and even anti-social sometimes,” he joked. “I made appointments with all the deans, vice presidents and, in general, anyone who would put me on their calendar!” Yoder joined the technology committee, which was putting together a five-year campus technology initiative, and re-wrote the info security section using the SANS Security Awareness Roadmap as a guide. After the study was complete and the votes cast, info security propelled to the top of the list as the top priority.
Award Winning Leadership
His efforts earned Yoder the 2017 McAfee/Center for Digital Government Cybersecurity Leadership and Innovation Award in the education category. Sponsored the awards honor leading contributors to information security knowledge and best practices across several industries.
“I think I was the only individual honored that wasn’t a chief information security officer, chief technology officer or vice president – it was absolutely surreal,” Yoder said of the distinction, emphasizing that the ECC info security program was a group effort. “Nobody could accomplish something like this on their own without lots of support and dedication from their fellow IT staff members and stakeholders.”
Yoder believes the proliferation of threats around the world should concern everyone and, fortunately, best practices are something we can all learn.
“You don’t need rigorous technical education to be proactive about your own valuable data,” he said.
Preventing Cyberattacks in Schools
That said, Yoder’s number-one suggestion for schools is to set aside a budget for dedicated info security staff and tools.
“In the California Community Colleges system, 75 percent of schools didn’t have a dedicated info security specialist when I first started here,” Yoder said. “That number hasn’t changed much since then.”
In addition, Yoder stressed user education, saying that most of the problems that schools will face originate from spam and phishing emails.
“You must educate users on how to spot and report suspicious emails. That alone will stop the majority of ransomware and malware threats that get through your defenses dead in their tracks.”
Part of his job is to stay on top of the latest threats. To that end Yoder stays briefed from his core list of reliable intel sources, which include WeLiveSecurity, Dark Reading, Information Security Buzz, SC Magazine, Tech Republic Security, FBI InfraGard bulletins, DHS info security alerts, and newsletters from organizations like the ISACA, the International Systems Security Association and CompTIA.
Currently, Yoder is putting together a book on cybersecurity and cyber-hygiene best practices for non-experts who want to protect their digital data. He believes ordinary citizens around the world have the power to thwart cyber-criminals and stem the tide of data breaches.
“People are always the weak link in any cybersecurity system, no matter how well designed,” he said. “The overwhelming majority of breaches happen because of human error, whether a misguided policy, consistent failure to follow procedures or a simple, one-time mistake. Knowledge, awareness and follow-through are key to preventing future incidents.”
Test your cybersecurity knowledge with our quiz, Are You a Cybersecurity Expert?