Leading the Digital Front: Military Lessons in Cybersecurity with Elizabeth Stephens

Cole Cornford
Hi, I’m Cole Cornford. And this is Secured, the podcast that dives deep into the world of application security. Today, I’m joined by Elizabeth Stephens, CEO at DBS Cyber. Elizabeth is a former pilot in the U.S. Marine Corps before moving into cybersecurity at Microsoft. She’s spent seven years there and started at DBS Cyber with a goal to help keep children safe online from the threats we face every day. We speak about her career in military service, how that’s influenced to her approaches to cybersecurity, about her recent book launch, and how she’s making the transition from practitioner to director. I hope you enjoy the conversation.

And I’m here with Elizabeth Stephens. How are you going today, or should I say tonight?

Elizabeth Stephens
Yeah, it’s going great. Thank you for having me. How are you today?

Cole Cornford
It’s good. I’m missing my family overseas. It’s odd being a bit of a bachelor. I’m going around just either putting a lot of effort into work or I’m doing absolutely no work and putting a lot of effort into video games.

Elizabeth Stephens
There’s never a bad thing, never a bad thing.

Cole Cornford
But anyway, less about me, more about you. So, Liz, everyone wants to hear a bit about your background. And it’s why I brought you on the Secured. So, maybe you could tell us a bit about where you came from and what you’re up to now.

Elizabeth Stephens
So, my name is Elizabeth Stephens, former Marine Corps, United States Marine Corps pilot and aviator. Did a bunch of stuff, growing up as a young woman in the South who knew nothing about the military and nothing about technology very quickly because I had an “I’ll try that” attitude. Found myself not just joining the military but going to the United States Naval Academy, not just leaving the Naval Academy to become a sailor, but in fact leaving the Naval Academy to become a Marine Corps pilot. Yes, they have those corps, little did I know.

Spent some time in the military doing some stuff that I truly loved and fell in love with, like flying airplanes, operations systems, deployed a couple of times, learned about being a leader and a teammate, a follower and a servant. Retired fairly quickly out of there after about 20 years. I say fairly quickly, but, you know…

Cole Cornford
Fairly quickly, 20 years, yep.

Elizabeth Stephens
It’s what we do. And was invited to come play a matchmaker for a team of, not my words, his tree hug and hippies that were an IT department that I think of still fondly at a utility, an unregulated utility out in San Diego. I spent about a year there learning everything there was to learn about routers, switches, fell in love with infrastructure, and then headed over to Microsoft to do something similar or what I thought was similar. Figured out, probably about two years in at Microsoft, during the great Azure outage, that perspective and people are absolutely essential to operations at that scale, at that global scale. Whereas, the person that was sitting beside me was frustrated and tired, rightly so after being at work for about eight hours or actually 48 hours at that point, trying to recover from the outage. He said that he was complaining that it was inappropriate, that we should be working this hard-to-get kids back on their Xbox.

And it was at that moment I realized that, unless people like you or me were in these seats and in these places, no one would actually understand the impact that the technology has on us. So, from my perspective that night, my customer was the women and children of Texas. That organization is an organization that provides food and funding. Specifically, our part was the ACH portion of that server string. And so, the outage, to some, may have been about Xbox and playing video games, but to others was about some child not being able to feed their kid because that’s what critical infrastructure is.

And at that moment, I decided that, if there was a technology that we were dependent upon, if there was critical infrastructure that we needed to know about, that somebody more than likely me at the time was going to have to be in the room to make sure that people understood what we were doing and why. So, that’s how I started. That’s how I went from aviator through a bunch of different things in the Marine Corps to becoming a principal software engineer, director of cyber risk for the global data centers at Microsoft, and now founder and CTO of my own business, DBS Cyber, which is about protecting families.

Cole Cornford
That’s really good. I like that you have a reason to being… a reason to… and I know that I meet a lot of people in cybersecurity say, “Hey, I just want to do cool technical work. I want to hack things.” And it’s completely disconnected away from the reason of why we make decisions that we do on a day-to-day basis. I still think, obviously, you need technical chops, but if you can’t put it into perspective about what you are doing and how it impacts individuals who consume those technology systems, then what are you doing?

And I’m not surprised that big technology companies making people work tremendously long periods of time, like 48-hour shifts, who probably sleep at the office, and a pizza as a reward, it seems to be, especially back in the day, that was just how it was. You just had to do that. Nowadays, I completely rebel and hate that entire concept. I understand that you need to be able to respond to large system outages, but I also think that there’s the human element of human costs. You have to have better processes in place. You need to have handover. You need to have good reliability engineering. You can’t just have the one guy who understands the back-end system working his ass off, probably to exhaustion. I don’t know how long ago that was. Hopefully, that wasn’t too modern.

Elizabeth Stephens
No. Right now, we talk about it, too. The whole point is, when you’re at eight hours of uninterrupted operation, not uninterrupted rest, right? That’s what we talk about in the aircraft. You’ve worked for eight hours, your skills are less, your brain is less, everything is less. And so, even if you are the best at what you’re doing, do you really want to have the people counting on you that count on you on a global scale, counting on you might as well you being actually drunk because you don’t have enough sleep?

Some of the problems, I think, of the past with the way things have changed because of COVID for the better and the way that we do visits now for the better with the hybrid environment, is that recognizing that the investment needs to be in the people in order to enable all of the processes. If you run surge on all your people all the time, it’s not surge. It’s called exhaustion and you end up losing them.

So, from my perspective, the biggest part of us figuring this out and the best part of the new technology, which is why we’re here, is this level of productivity, this level of innovation that’s happening right now, every single one of us should be involved in that, not just because you’re smart or you’re fast or you’re good at this or you know anything about tech, but because people like me are going to be out here looking at you to go, “What’s the next use case you want us to solve?” And without you, the user and the people in that investment, we’re not really going to go anywhere, and the bad guys and girls are going to win, whether it’s AI or theft or a DDoS attack.

Cole Cornford
Yeah. So, going back to the idea of democratization, I know that’s something that UK quite deeply about, is, how do we use technology to better help everyday people, especially women and children who may not otherwise participate or even consider that they can leverage it to better their lives? I know there’s a common quote on the internet that, “I want AI to stop doing painting and writing so that I can force myself to do laundry and cooking.” I want to say that, how do we flip it so that it’s more valuable for people?

Elizabeth Stephens
I think that’s the exact right question. So, first, the question becomes, who’s driving the use cases? AI, cyber, any of the tech that we’ve had in the past is driven by revenue and total addressable market. And who has the majority of the technology right now? Larger companies that are pointed at commercial use cases. But some of the other companies and some of this technology is so accessible that people like you, people like me, can easily go, “Okay, this is how I’m using it.”

For my purposes, if there is a cyber innovation, then I want to utilize that cyber innovation, not just for my company or my customers, but for myself. Every single one of us has a right to be able to protect ourselves. And right now, in Australia, it’s a little different than it is in the U.S. In Australia, all of your information, all of your data is already out there and being handled by your government. For us in the United States, that wasn’t exactly something that is expected or even enjoyed, right?

And so, with the advancements in the spaces that we’re talking about, whether it’s AI, data, even the internet or smart traffic, smart schooling, productivity, water, or even, like, in the medical field, because right now we’re having people recognize that they don’t go into the doctor to update their insulin shots. So, with all of this stuff, no one’s going because we’re the little people. Those investments, the people that I said we need to invest in, again, no one’s going, “Hey, how does this make my life easier and how much does it cost?” And that’s what we would do, right?

So, I have a special needs kiddo. Every year we have to do an individualized education plan. Each school is different. Every teacher is different. Every year, we do something that is new and improved. But the idea is that, this is the contract between me, the parent, her, the child, and then the child’s teacher through the school district that says, “This is what we’re working on.” And so, instead of me having to go through all of the IEPs and go find other people and do these things that are so very taxing, as well as all the other jobs, I took the concept of the IEP and some technology and established a pattern that I liked with one of our things, art pieces of technology, so that, now, whenever I’m looking at what we’re doing for the updates for the year, I can go, “This is what she should be working on. This is what I should be looking at. This is where I need to be going with it,” as opposed to having to do that all at once and counting on the teachers to give me the information.

Now, the reason I say that this is about all of us is because, as soon as I figured out how to do it for myself, the next step was trying to get it somewhere where people could use it publicly. And that’s just one, that it’s a big deal, but you don’t want to put your information out there. And it’s expensive to use some of these tools to do that for you. So, we’re figuring out ways to do it so that it’s not expensive and it’s safe. And I think that’s where those two circles connect. The innovation and the cyber security, cyber compliance, et cetera, that’s what’s allowing people to make strides in figuring out how to use the AI to figure out what’s for dinner or to plan around their lives. So, we’re talking consumer productivity from a lifestyle perspective. That’s where I want it to be. That’s where we’re going.

Cole Cornford
I wonder what parts of my life would be easier. I know this is so funny, but a few weeks ago, there was an article on the ABC, which is the Australian Broadcast Network, and it was about Deebot vacuum cleaners by Ecovacs taking photos and being horrendously insecure. And literally a week beforehand, I was on a podcast with Adam Haskard. And we were just talking about how secure robotics is going to be the future and we need to care about our weapons of vacuuming destruction. And then there we go. It’s blowing up.

So, what I liked about that is… I know you said, you mentioned that you have a child who has special needs. Not even a week ago, I had knee surgery not too long back, and I still got up out of long crutches and went to go see this place in Newcastle called First Chance, who they help families teach children with autism to catch up on workload outside of hours.

And well, what I went there for was, as part of their whole-day planning session, is a conversation about how do we leverage artificial intelligence and also be considerate of the safety and privacy implications of using it. And everyone was super excited about, “Hey, I can use it to automatically take case notes for me based on what’s happening in my lesson because, further, my job is to fill in information about what do we do during the day,” or, “I want to produce books and reading material that’s customized or uses a simpler language or uses a foreign language or has artwork so I can make it easier.”

Elizabeth Stephens
Social stories, visual schedules, right? This is what I’m talking about right now. I wish I could unplug the camera and take it with me downstairs to show you the basement at this point. A part of this is I wish people… I get it. You know me well. I don’t like people being excited about innovation and not actually understanding the hazards of the innovation, but I would like people to recognize it’s our time right now.

No one knows all this stuff because it hasn’t been created yet. If you’re a single mom or a mom of 17 or a dad who’s trying to figure out how to keep the kids from rioting, every single one of us has the ability to come up with something specific that these tools, not just the cyber tools, but also the AI tools can help us with. It’s about not doing the thing that everyone’s telling you to do. It’s about doing the thing that you need done.

So, I say invest in the people and the process first for whether you’re a consumer, whether you’re a non-profit, whether you’re a commercial. You got to invest in your people because the people are going to plan out your process. You’re going to watch them do the process, then you know your process is solid. Okay. There is definitely a process, a morning routine, a noon routine, a afternoon routine for just about everything we do, whether you’ve mapped it or not. And these tools can help you with that. And then at the same time, as I’m sitting here in the safety of America, talking to you out there in Australia with all your data.

Cole Cornford
Out there. Come on.

Elizabeth Stephens
[inaudible 00:15:25] down under. I’m up here in the south. Yay, tornadoes, hurricanes, many other things that we won’t talk about, but some of this is about me going, “Hey, do you know that there’s a piece of gear, probably about a $200 piece of gear,” I’m not advertising anybody, this one’s on the way to my house, too, “that you buy. It’s a firewall for your house. It’s extremely inexpensive. You can plug it in downstream or upstream of your chosen service, and then you get to control everything that comes in and out of your house.”

This is not expensive. I mean, it’s not a cheap piece of gear, but it’s also not that expensive. It costs about, for some people, if you’re in the United States, a week’s worth. It’s two weeks of groceries for a single person, a third of a week if you have kids. But you plug this in, and now you know for sure the signals that are coming in and out of your house. Not only that, you’re becoming more up-leveled on how this stuff works and what the sounds are.

Then guess what? Next thing you can do is, instead of being afraid of where you’re putting your information on your television or your stove or your computer, now you know that there are no signals coming in and out because you’re in full control of that. Now, that’s scary, too, because then you’re going, “Okay, because my Alexa doesn’t work, my da-da-da-da.” And some of my friends out there, yours and mine both, going, “Did she just say smoke check your home internet?” Yes, I said it. Smoke check your home internet.

That’s security. Guess why? Because now you’re in complete control of what information goes in and outside of your house. Now, coming down on the other side of that, then your kids got to come to you and go, “Mom, my Roblox isn’t working,” but guess what? Now, you get to have that conversation with them. So, one piece of gear means everything inside your house is safe except for insider threat. That one piece of gear isn’t even… it’s not even high speed, low drag. It’s just a good piece of gear.

Now that you protect your house, people process, you’ve got the house protected. Now, what are some of the things that you’re doing? Oh, I’m getting my kids ready to go to school, or I’m cooking, trying to figure out what to make meals for the week. Everybody’s got a meal planner, but does everybody have a meal planner that you can set up to say, “Hey, I’ve got these three kids in the house. This is their dietary requirements. They hate this, this, this, and this.”?

No, you don’t, but guess what? You could, because now that you have a safe environment where you can tinker around with any number of free AI that are out there, you can set up your own AI to help you figure out what to order, when to order, what to fix, how long it’s going to take, and then with a little bit of education, a little bit of tutoring, a little bit of YouTube, do it yourself. You can even have it look at your calendar and tell you what you should fix on what days because of the amount of time it takes, but that’s a use case.

For me, you get to go, “Okay. We can use the AI to do X, Y, and Z. What if…” Like the example you gave, it was like, Okay. I can get my notes done. I can do that. What if, for each one of the kiddos, you set up an AI optical that could walk in the room, you got the camera, you walk in the room, you scan the room, and the room goes, “This is too much yellow, too much blue, too much speckles,” for said named kiddo AI that I was programmed for. “We can’t be in this room. It’s going to put us at this level of agitation.” How nice would that be?

Cole Cornford
Yeah, okay.

Elizabeth Stephens
That is literally the use case. Now, could you do that for all kids? Nope. Can’t make a product that said, “This is an autism spectrum sensory analysis.”

Cole Cornford
Yep. It’d be hard to have a large enough market to be able to win from that.

Elizabeth Stephens
Would it?

Cole Cornford
I want to unpack two things that I had there. So, UX. So, one of the things you suggested is let’s put a firewall or something that analyzes traffic in for a home. And I’ve got a few friends who’ve done this. And their experience… Well, in my household, it’s extremely challenging to do because my wife uses a lot of Chinese stuff, and it’s basically impossible for me to really take a step back and say, “Cool. What is that? What is that? What is that?” Even if I use AI to translate, it’s just not worth it without upsetting her. And so, I’m taking the person first and saying, “No, I can’t do that.”

Elizabeth Stephens
Love it.

Cole Cornford
And even with a few of my other friends, when she’s gone and visited, they’ve like blocklisted everything that’s coming from a .cn or from a WeChat or from a Pinduoduo or so on. And they’re like, “What’s all this Chinese traffic coming from? It’s all blocked.” And my wife’s sitting there angry being like, “Why can’t I use my phone at your friend’s house?” I know that you have to be considered as a needs for people. And it’s not easy for us to make blanket statements. And I also know that I can’t really say, “Hey, I’m sorry, I’m just being secure because-“

Elizabeth Stephens
No.

Cole Cornford
“… you’ll get angry.” And also, using AI to create recipes, that could be quite fraught because I’ve seen some hilarious things. I remember looking up a recipe for whiskey on the rocks, and it’s literally pouring Talisker directly onto some stones. And I think that that is not a good use of Talisker personally, but…

Elizabeth Stephens
Nobody might like it. No, I think part of it, too, is when we say this, it’s not about the infrastructure person to me is going and then you give her her own environment and then nothing comes from that environment to the other environment.

Cole Cornford
Yeah, but then you’re in a situation where you have to maintain multiple environments then. And it’s like, I guess, as a CE, there’s a lot that I could be doing and choosing to spend time maintaining a home network just so I can have my wife on a separate VLAN. It’s hard.

Elizabeth Stephens
Again, we’re talking about the difference… Remember, American versus Australia. We’re talking about the difference between… And it was a big deal when one of the CEOs said, “Well, what difference does it make if they know who you’re calling and how often?” Here, we’re all like, “Are you… Excuse me? Blink, blink, blink, blink.” In other places, maybe not because they have it all. My personal perspective is this. If you exist in that way, the question is whether or not the things that she’s doing look like bad traffic because they look like bad traffic or if they look like bad traffic because somebody has a biased register.

Cole Cornford
I don’t want to have that fight.

Elizabeth Stephens
You know what I’m saying. The question is she’s like, “Hey,” because if it was anywhere else, you’d be like, “What’s this .com address?” “Oh, that’s from my Instagram.” “Okay.” But then if it’s congee or something else, everybody’s like, “Why? What… To give it a… Yeah, we definitely should block that.” How do you know? You should ask the question.

Cole Cornford
Look at these Cyrillic characters going to Russian website.

Elizabeth Stephens
Are you serious?

Cole Cornford
Well, there was a student at the local university who was complaining that she couldn’t go and look at just her online grocery shopping online to buy groceries for her dad in Russia-

Elizabeth Stephens
In Russia.

Cole Cornford
… and then because the university was just blocking basically everything that had Cyrillic characters effectively.

Elizabeth Stephens
Right.

Cole Cornford
And so, that’s the highest domain. And she’s just like, “I don’t know. I’m an international student here. How can I buy my dad groceries? It’s called Bite.” And the university was just like, “Russia is bad. So, no.” And she’s just like, “I don’t understand. I’m a Russian student in Australia. Am I bad?”

Elizabeth Stephens
Look, this is what I’m saying, right? You’re like, “So, exactly why aren’t we checking?” Because in some places… I love that about it, too, though. I’ve told you nothing about my pain. Part of my passion is making sure that this is democratized. Some of the work that we’re doing right now is Project Management Institute that everybody wants to do an AI strategy.

I honestly love using our skill set to innovate and create amazing things, Cole, but truly, the thing that we do that other people don’t do is think about it from the whole person perspective. My thought process and my prediction, at this point, because we’re about proactive cyber defense and proactive defense period, but my thought process is this. Over the last 70 years, since Big Blue, things have happened exponentially faster regardless of whether you go technology versus culture or culture versus technology. It’s been an exponential growth curve.

And it’s going to continue to be that. I would say where we are with AI from where we were then is the difference between where I was flying the Osprey from where I started flying the CH-46. Fly by wire and analog, completely different transmission versus algorithms, completely different that fast, and it’s going to continue to get faster. I don’t think we’re talking Terminator. We’re not talking the T, whichever thousand coming at us to stop us.

We’re talking about you and me and our two GPJs or JPTs or, I don’t know, maybe they’re the DBS 2000s running around with Liz and Cole and you name said name, other person. We’re all working together because of the way we are. The future for us is not about men versus machine. It’s about men and machine, women and machine versus women and men and machine. And so, from my perspective, there’s a lot of stuff out there that people don’t want to do. The example of… Okay. I don’t want to have to get into the discussion about shutting down all the sites of my significance at the…

Cole Cornford
Yep.

Elizabeth Stephens
At the same time, I’m going, I hate the fact that my kids are captives of Roblox. This is one of the best marketing. I need to mimic whatever Roblox is doing. It’s working. I have counter terrorized my kids to the nth… to most degree. They know how social engineering works, but Roblox has them.

And that, to me, says like, “Hey, man, it’s going to be a lot of trouble for me to figure out what they’re doing and why and show them how it’s a negative,” but the reason that you and I have to figure that out is because it’s the same reason that I had to be in that space and learn more about cybersecurity because our use cases aren’t going to be witnessed. They’re not going to be advocated.

They’re not even going to be built in that scenario. It’s easy. You said it. It’s easy for entire governments to go, “Nope. It’s the wrong alphabet, looks weird, shut it down.” What if the only way to manage insulin in rural areas in the U.S. is going through a VPN that requires this code? We’re going to shut that down? Yeah, we would, right? I say smoke check for the people that aren’t infrastructure people. Smoke checking is when we shut everything off and see who starts screaming and…

Cole Cornford
That’s it. Seeing if there’s some smoke and learn out where everything’s burning, so.

Elizabeth Stephens
Exactly. You’re like, “Where the fire is.” But in this case, I think from a American angry perspective, not American angry, but who we are, the Marine in me, I see it as already being on fire, and so I feel like that’s what we got to do. Make it easier. Yeah, that’s my job. Make it easier for the little guy.

Cole Cornford
So, taking a step… Actually, to go back to that. So, you spent 20 years in the military. And I know that you’ve come out and you said that people and processes and perspectives are the most important thing and that technology should be supporting those other aspects. What other types of leadership did you learn in the military that you bring into your new role as a CTO to cyber security company?

Elizabeth Stephens
So, I mean, straight up from the top down, it’s going to be servant leadership. One of the things that you get from the Marine Corps, and I think from some of the military services that I’ve met in the globe, honestly, is this need to make sure that the actions that you’re taking and the outcomes benefit more than just yourself, whether it’s altruistic, whether it’s as a part of a company, or whether it’s because you believe in, like some of us do, that helping others is of value.

So, the servant leadership came out of the military and, potentially, some of the upbringing. The thing that I learned that was unique from my perspective, specifically in the military and in aviation, was this tendency to ensure… from a Marine Corps perspective, had to be, but this tendency to ensure that you understand the cost of life and labor on the back end of that. And so, even though, at some point, we’re responsible, each squadron is 12 airplanes, you knew every single person that was required to run those 12 airplanes.

It wasn’t about the production at the end. It was about maintaining the resource that is the people investing in the resources, the people. Earlier, I said it’s eight hours of uninterrupted rest. That comes from aviation because your mental faculties, your ability to operate decreases significantly when you start talking about human factors. And for the level of responsibility people like you and I have, especially when we’re incident responders or when we’re making huge decisions that seem small because it’s just a decision from some of the work we’ve done in the past, just a small decision in our project scope that has global implications, the thing that you have to remember is that it’s the person in the seat that’s got to be on point. The machines will do what machines do.

Cole Cornford
For better or worse. That’s a good thing about computers. They’ll do exactly what you tell them to. The bad thing about them is they’ll do exactly what you tell them to.

Elizabeth Stephens
They’ll do exactly what you tell them to do, but that person in the seat is the person that’s going to run. And so, instead of thinking… I mean, we talk about a lot, like how do you run a small business? How do you run a startup? Is it any different? On this side of the fence, from a Marine Corps perspective, we build it one brick at a time. From Silicon Valley, from the West Coast, and my corporate history, we build it $1 at a time. Being out here as a founder and CTO, we build it one person at a time, each whether that person’s my use case, which is my customer, whether that person is the end user, which is my customer’s customer, whether that person’s my CEO or one of the apprentices.

The thing that I learned in the Marine Corps is all the tools in the world are amazing. You can do whatever you can have. It’s great to feel funded, it’s great to feel rewarded, but if you can’t get from A to B in a $1 million airplane, and then you’ve got the $50,000 airplane with a bunch of Marines that have gone back and forth from A to B 16 times while you’re trying to get started up, then what good is it? So, I take I do more with less perspective from the Marine Corps, but that is I also take that your people are your most important asset from the Marine Corps. So, if you got to spend money somewhere, spend it on your people.

Cole Cornford
So, I know that you’ve recently been spending a lot of time to write a book. Would you be able to maybe tell us a bit about why did you want to write a book because it’s a lot of hard work, and something I’ve been playing with the idea of, but then realized that I have an almost 2-year-old, and that is very hard to write a book with? So, what inspired you? And what’s your book about?

Elizabeth Stephens
So, the book is called Building a Resilient Digital Future: A Comprehensive Guide to Cyber Risk Management. So, the book is about, basically, the inception of the idea was this concept that, about a year ago, summer, 2023, there was this big push for people to go full on into whatever the newest cyber thing was. And then at that point, we were just at the tip of the newest AI thing. And so, people kept asking the question, “What do we do first?” And instead of… so many people were like, “Okay. We do this. We do this. We do this.”

And instead of watching people crash and burn, I go, “Wait. Time out. Pause. What do we need?” If we’re going to do anything, we need to start at home, know yourself, know your troops, know your job. And so, it started out with the Cyber Risk Manifesto, which was a completely different document when I started, but as I wrote that doc, then I was like, “Well, what else?” because people would ask questions. Cyber Risk Manifesto is a call to action.

It’s about being proactive and not reactive. It’s about using intelligence-led and intelligence-driven, so data-driven, data-led, decisions, and it’s about the integration of all of your resources, business, IT, cyber, everybody, and then using that with a couple of things like continuous learning and collaboration to make sure that you kill it for your cyber posture. And that’s what the manifesto was about. Over a period of time, the questions which one to many, many to one, all had a sort of a pattern.

And so, I went from, “This is what we all need to get together. We all need to do this. Sign up. Let’s all get on board for this call to action. Let’s start building it out,” turned into about 30,000 words of, “Okay. This is the intelligence-driven portion. This is what you think about when you talk about risk in a cyber defensive perspective. This is what the threat looks like.”

And that turned into probably about 250 semi-pages of, “Here’s a handbook on how you can approach your own stuff and build out your environment in a way that focuses on your people and your business and the things that you have organic and inherent native even to your systems to propel you forward exponentially.” That’s what the book’s about.

Cole Cornford
I find that most cyber security books focus on either preparing people for certifications and exams or they’re about it quality, so how to do… basically, audits and assessments to improve IT quality. And I don’t-

Elizabeth Stephens
No.

Cole Cornford
… think we need to walk. There we go. Look, big picture of building a digital resilient future.

Elizabeth Stephens
I like shaking it, the data work. So, I’m not into graphics. I had someone do that for me, but I think you hit the nail on the head. No one’s really talking about how to do it and what to do. My focus is, and I think that’s part of the way that you and I… when you and I met, why we hit it off so well, was that, in truth, there’s a lot of people out there that are selling certifications and leveraging badges, for lack of better term.

I won’t call any out in particular, but not a lot of people actually know how to implement any of the things that they’re trying to implement. And for that reason, especially recognizing that the people that are impacted the most in the world, not just here in the United States, but in the world, are people that are disadvantaged and don’t have access. For me, it’s rural, underserved communities. You know what that looks like for Australia.

Cole Cornford
Yep.

Elizabeth Stephens
And that’s why I had to write it, because whether you’re in the beginning chapters where you’re going, “Okay. What is risk? What is cyber? What is a cyber risk management or monitoring plan? And what’s the difference?” or you’re at page 71 going, “Oh, yeah, I remember her talking about threat types. Do I need to know what SQL injection is? No, but it’s right here in case I wanted to know. Oh, and here’s all your examples of different things you can do.”

Those are the kind of things that, if we can build a culture, like a community, Cole, if we can build a community that speaks the same language, whether they’re at home, at school, on this side, getting ready to go to bed, or on your side getting ready to start, that’s what we need to do. And that’s what the book is about, all you need to do. Like I tell people by the book, this tells you everything you need to know about doing it yourself. The next book will be probably about Iraq and the Iraqi elections and something to do with jumping out the back of air helicopters.

Cole Cornford
Yeah, I know that… I guess I do have a lot of people who live on farms and otherwise have pretty non-tech roles. I live near the Hunter Valley, so I’ve dealt with a few people who are winemakers. I’ve dealt with a few folk who just happen to be in abattoirs or slaughtering or agriculture, even just standard panel beating or paint manufacturing and stuff. And they always say, “Oh, that’s cool. What do I need to do?”

And ultimately, I usually end up going back and being like, “Well, what’s the purpose of your business, and how does it make money? And are there any particular aspects that are really, really important that for something doesn’t go wrong with?” And just teaching them how to do that little bit of critical thinking is enough to give them some reasonable amount of advice. And I never charged these kind of businesses because, yeah, it’s an abattoir, but also, I get the majority of my money from large technology firms that have really, really challenging issues because they just have so much tech in place. So, I don’t need to go out to someone who’s just killing chickens and turning them into chicken breasts.

Elizabeth Stephens
Well, I mean, and that’s part of the business because you do the same, people are like, “You’re giving it away for free.” And I’m like, “But that’s the whole point.” The whole point is we can’t win unless we give it away for free. But also, from my perspective, this is the part where I’m going to be the American. We need militia, people. We need everybody to know how to fight the cyber war. So, I got you, but what if you’re the one household in the whole neighborhood that allows for the bad guys to infiltrate? No. I mean, yes and no. At the same time, I say that I think this technology is for everyone, whether it’s cyber technology or not, inside, outside, not the show, Inside, but if we talk…

Cole Cornford
The kid show?

Elizabeth Stephens
Yeah, the kid show. Oh, Bluey, that’s one, too. We talk about what is it that makes us… What is it that brings things into our home, things that are of value? Here, the things that need to be in our homes have to be the things that bring us services that are connected to our well-being in our life, so phone, water, whatever. Same as there, but in the U.S., the things that support that are not protected.

And so, without the knowledge of what to do, how do you know not to stick your card in the machine that has the little sticky on it? How do you know not to scan every QR code? People like you and me start telling people. People, whether you’re small business or not, but people that are in these communities start picking up a pamphlet or starting a support group and we start tinkering. And that’s where the use cases come from. That’s where the protection starts, at home.

Cole Cornford
I think my favorite thing is when you go and do these presentations to the community groups, and then they have the guy, the one guy, who’s… it’s the person that you go to a conference, you do a presentation about entry-level cyber or IT or whatever, and then there’s this one person who’s an expert in the audience who says, “Oh, this is more of a statement than a question. What do you think about blah, blah, blah, blah?” And it’s like, “Cool. That’s not relevant to this audience. Go away.” So, I love those ones in particular. Anyway, Elizabeth, look, it’s been absolute pleasure to have you on. Is there any notes you’d love to share with the audience before we wrap up?

Elizabeth Stephens
So, if you’re looking for the book, it is on Amazon. It’s Building A Resilient Digital Future. We did not focus group that enough. That title is really long, but it is available. If you’d like to come out and chat, I’ll be in Australia from the 25th to the 30th this year for the ISA Conference, for PMI, actually, Women in Cyber Securities, Melbourne, as well as a PMI hit, and potentially up in Sydney depending on how that works out. So, look for me. Find us at www.dbscyber.com or look us up on LinkedIn. Feel free to join us on the Watchtower. Help everybody. That’s what we do. Help everybody.

Cole Cornford
And that was the 25th of November, right?

Elizabeth Stephens
25th of November. Yes. That’s…

Cole Cornford
November, because we don’t know when this is going live.

Elizabeth Stephens
25, November.

Cole Cornford
All right. Thank you so much for coming on, Elizabeth.

Elizabeth Stephens
Thank you.

Cole Cornford
Thanks a lot for listening to this episode of Secured. If you’ve got any feedback at all, feel free to hit us up and let us know. If you’d like to learn more about how Galah Cyber can help keep your business secured, go to galahcyber.com.au.