The VAR Guy Q&A: Tyler Cohen Wood, Cybersecurity Expert

Building cybersecurity awareness is one of the most talked-about issues in IT today. To find out more about channel partner best practices and the power of eLearning when it comes to security, the VAR Guy sat down with Tyler Cohen Wood with Inspired eLearning, a company that specializes in interactive cybersecurity training and awareness solutions.

Cohen has worked in and around the cybersecurity industry for more than 16 years and served in roles ranging from IT security administrator at Network Associates (an Intel Security company) to senior lead computer forensic examiner for NASA. More recently, she served as the cyber branch chief and science and technology directorate subject matter expert for the United States Department of Defense as well as the deputy division chief for Science and Technology at the Defense Intelligence Agency.

TVG: How can resellers and service providers best position themselves to get government contracts for cybersecurity?

Cohen: That’s a really tough question because there are certain rules and regulations that you have to abide by. If you are able to submit contracts for government work, the best way to do it is to make sure that you are answering exactly what they are asking for, and show examples of why you are the best fit. If the government is analyzing a proposal… they can only look at what has been submitted based on the questions they asked. You have to go strictly by what is asked and how the question is answered. It’s actually very fair.

TVG: Based on your knowledge of past high-profile breaches, what are the best ways in which SMBs and large enterprises can protect themselves from data loss?

Cohen: I probably wouldn’t have said this eight years ago, but I will say this now: education of all employees from the bottom all the way to the top, including any third-party contractors. There has been kind of a shift in breaches, and a lot of hackers are … looking for information through social media so they can spear phish and target somebody and get them to download a link. Education is definitely number one.

Another thing that I would highly recommend is that you segregate users. Users should only have access to what they need because oftentimes if a hacker is going to get into a network and they get a user’s credentials, they are going to try to escalate those privileges. But if those privileges cannot be escalated or the user does not have access to anything except for what they are supposed to have access to that will limit the hacker.

I would also highly recommend having all of your sensitive data encrypted and housed where anyone who doesn’t need to have access to it cannot have access to it. Finally, I would also recommend that when you are connecting Internet of Things (IoT) devices such as smart TVs in the conference rooms and HVAC systems… that you keep it updated, you keep it segregated from the rest of the network so that it cannot escalate privileges, and you change the default password. A lot of people don’t think about those sort of things. A lot of people don’t think that a smart TV can be a point of entry into their network. You want to really be very aware of things that are new and kind of outside of the typical IT box.

TVG: DDoS attacks are rising in popularity, as well as DDoS attacks for hire. What are your thoughts on that, and how can companies and individuals protect themselves?

Cohen: It’s really important to think like someone who is [trying to] get your data. If you’re trying to keep something secure, you have to fill all the holes and you have to be aware of all the holes. I can’t tell you how many times I’ve sat on a plane and sat next to someone who is doing their work, and I can see exactly what they are doing and sometimes it can be very sensitive stuff. All it takes is to get one of those screen protectors so no one can see what you’re doing. These are the things companies need to think about and they need to think outside of the box. They need to become a little paranoid. By educating all your users, you’re building a protective shield.

TVG: You currently work for Inspire eLearning, a company that specializes in developing virtual training solutions for cybersecurity and cyber-awareness. What do resellers and service providers need to do to excel in the education/eLearning market?

Cohen: One of the things that we do that is unique is we have multiple security awareness fundamental courses that teach similar topics but in a different way of learning. Everyone has been exposed to some sort of eLearning, but before I came here I was bored to tears by the types of classes available. You just push next, next, next, and it’s the same thing every single year. With these courses, we use the ‘what’s in it for me’ principle so its actually really fun. There are different methods of learning the material because people learn in different ways. And one of the things that we also do is we have very unique courses and we keep them very up-to-date.

We also have iModules – take malware, for example. We have a specific malware module that’s a shorter course. We then have mini courses that are even shorter that just are a kind of refresher. But it’s really done in a fun way. We also have a tool called PhishProof that can be used to send fake phishing emails to employees, and based on how they respond it will recommend courses for them. To excel you really have to find that niche, and you really need to have current, cutting-edge, interesting and fun courses that teach the proper security awareness.

TVG: You are an advocate for teaching cybersecurity to children from a very young age as an essential part of their schooling. Why is the need for cybersecurity awareness so prevalent among post-millennials?

Cohen: Whether you like it or not, this online domain is part of our lives. We live in this domain, we work in this domain; it’s not going anywhere. So teaching these skills to young kids all the way up through college is critical. [Cybersecurity awareness] has to be a part of the curriculum.

It is as important as math, science, and learning how to read because it’s a skill we all use. And if you don’t understand how to protect yourself, if you don’t understand how to protect the company that you are eventually going to go and work for, you’re opening up a huge gap and a huge hole. If you’re not teaching kids these skills, they are going to be at a loss.

And I don’t think that its 100 percent only on the parents to teach these skills to their kids. You don’t expect for parents to teach their kids math. It’s something the school systems do. This is just as critical a skillset as math – maybe even more so. It’s important to get kids involved and to get them to understand why this is so incredibly important. Because it’s not just for their future, it’s also for their present. It’s protection.