It might seem crazy, but as a parent you're more prepared than you think to be a cyber security professional and leader. Check this talk to see what I, with 8yr old twins, can tell you from my experiences. From management, to leadership, to threat analysis and incident response - it's all related.

1. Connect | Protect | Optimize
Irrational, But Effective
(Applying Parenthood Lessons to Cyber Security)
Rafal Los – VP, Chief Security Strategist

2. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
./whoami
Just in case you don’t know me

3. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
strategist, advisor
strategy executive
~25 years in ”the business”
writer
a guy who knows a few things
VP, Chief Security Strategist –
Lightstream Managed Services
professional smartass
Founder
Down the Security Rabbithole Podcast
father of twins

4. DO
NOT
BE
FOOLED

5. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 1:
Worry when everything is quiet
silence is terrifying to security people

6. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
when my kids are loud,
I don’t worry

7. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
when my kids are quiet,
I start to panic

8. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
3 types of baddies

9. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
“those that set off alarms”

10. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
“those that leave a trail”

11. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
“ghosts”

12. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
ghosts leave nothing*

13. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
but can be devastating

14. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
hunt threats in the quiet

15. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 2:
You can’t prevent every possible oops
bad things will happen, contain the disaster

16. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
you can teach them

17. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
you can warn them

18. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
but bad sh** will happen

19. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
sorry, it’s true

20. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
prepare them

21. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
design contingency plans

22. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
practice regularly

23. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
involve everyone

24. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
build containment in

25. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
practice reduces panic

26. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 3:
Creativity beats boundaries every time
always think about human creativity

27. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
kids and hackers

28. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
demonstrate amazing
creativity

29. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
often used phrase:

30. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
“How the hell did they
manage to do that?!”

31. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
both work ‘around’ controls

32. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
I put cookies on the top
shelf in pantry…

33. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
my daughter used my SON as a
ladder

34. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
hack outside the box

35. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 4:
Your reaction matters more than the
ouchie
never let them see you sweat or panic

36. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
the first time your child
falls

37. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
they look at your reaction

38. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
how you react influences
their next move

39. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
if you remain calm, steady

40. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
your customers will too

41. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
resist the urge to PANIC

42. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
appearances matter

43. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 5:
They know better, but will do it
anyway
two words: compensating controls

44. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
“I know I’m not supposed to
do that, but…”

45. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
don’t pretend you haven’t
done it

46. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
recognize this is human
nature

47. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
what’s the impact?

48. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
sometimes,
you get away with it

49. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
sometimes,
you don’t

50. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
we provide “training”…

51. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
training != behavior

52. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
assume they’ll break rules

53. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
implement compensating
controls

54. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
three strikes rule?

55. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
“training” no guarantee

56. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 6:
You, the expert, is never right
the frog won’t believe it’s being boiled

57. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
”dad, my friend said…”

58. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
authority and expertise

59. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
are not absolute

60. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
perception matters

61. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
proximity matters

62. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
relationships matter

63. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be present

64. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be relatable
Complexity Averted.
Possibilities Realized.
© 2019 Lightstream
Communications. All rights reserved.

65. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be “human”

66. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
aka: “don’t be a .. donkey”

67. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
your authority only matters
if they accept it

68. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 7:
They love you until you tell them no
prepare to be the enemy, it’s OK

69. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
my kids love me,
unconditionally

70. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
until it’s time for bed

71. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
or I have to say no

72. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
what happens next is odd-

73. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
they can turn quickly

74. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
animosity is temporary

75. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
trust your policy

76. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
what you want is respect

77. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be fair

78. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
be respected always,
liked usually

79. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 8:
Sometimes you must meet them half-
way, or else
you can’t fight water, but you can direct it

80. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
sometimes policy needs
flexibility

81. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
homework is a priority

82. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
but it’s going to rain later

83. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
play now, promise homework
later

84. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
enforce the promise

85. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
works the same in business

86. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be appropriately flexible

87. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
absolutists always lose

88. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
nobody likes a dictator

89. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
flex, but don’t abandon
principles / policy

90. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
if you don’t strategically
bend

91. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
policy will be subverted

92. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
grant limited exceptions

93. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 9:
Be a friend, and an authority; but
know the difference
people will take advantage if you let them

94. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
children need balance

95. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be their friend

96. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
but know limitations

97. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
and sometimes you’ll have to
be “aww dad!”

98. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
be your customer’s buddy

99. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
but have boundaries

100. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
our job is relationships

101. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
without them, we’re tyrants

102. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
coach, counsel

103. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
enforce limitations

104. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take-away:
master relationships

105. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Lesson 10:
Tomorrow won’t be better, or worse;
just different
maturity brings different types of disaster scenarios

106. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
parents-to-be ask:

107. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
“is year 8 easier than 2?”

108. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
nope, just different

109. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
challenges at 2

110. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
challenges at 8

111. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
challenges at 18

112. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
risk shifts, threats change

113. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
as your org matures, this
applies

114. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
bigger companies,
smaller companies

115. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
different problems

116. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
different threats

117. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
different scope

118. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
security challenges change

119. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
security teams adapt

120. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
threats, challenges change
as org matures

121. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
take—way:
a rock that won’t move, is
worn away slowly

122. Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved.
Thank you!
• Where to find me
- Twitter
• @Wh1t3Rabbit and @DtSR_Podcast
- Down the Security Rabbithole Podcast
• iTunes, RSS (https://ftwr.libsyn.com), and almost literally anywhere else
- Lightstream – Consulting, Professional & Managed Services
• www.Lightstream.tech
- LinkedIn:
• https://www.linkedin.com/in/rmlos/
• https://www.linkedin.com/company/down-the-security-rabbithole-podcast

123. Complexity Averted.
Possibilities Realized.
www.lightstream.tech