WEBVTT

NOTE
This file was generated by Descript 

00:00:07.187 --> 00:00:11.287
Okay, welcome to this, uh,
special edition, live edition

00:00:11.297 --> 00:00:12.807
of the Cybertraps podcast.

00:00:12.817 --> 00:00:18.767
We're here at the Inch360
event, uh, in December of 2023.

00:00:18.817 --> 00:00:20.637
Uh, we've got Najee Sehanle.

00:00:20.637 --> 00:00:21.297
Did I say that right?

00:00:21.377 --> 00:00:22.197
Yeah, you got it just right, Jethro.

00:00:22.197 --> 00:00:22.607
Okay, good.

00:00:22.957 --> 00:00:26.887
Uh, why don't you tell us a little bit
about, you know, 30 seconds introduction,

00:00:27.027 --> 00:00:28.557
who you are, where you work, what you do.

00:00:28.687 --> 00:00:30.157
Sure, my name's Najee Sehanle.

00:00:30.157 --> 00:00:33.517
I'm the IT Security Analyst
at the Spokane Regional Health

00:00:33.517 --> 00:00:35.277
District in Spokane, Washington.

00:00:35.677 --> 00:00:38.917
I've been at the Health District
for, uh, about 15 years.

00:00:39.145 --> 00:00:42.729
and in my current position, a couple
years, I'm not historically an IT person.

00:00:42.729 --> 00:00:45.009
I come from the, uh,
broadcast media background.

00:00:45.009 --> 00:00:50.919
But, uh, yeah, uh, I oversee, um, security
from a cybersecurity standpoint, um,

00:00:50.979 --> 00:00:52.779
at an agency, a public health agency.

00:00:52.779 --> 00:00:53.829
We call it a district.

00:00:53.834 --> 00:00:55.449
It's a, or local health jurisdiction.

00:00:55.809 --> 00:00:55.989
Uh.

00:00:56.349 --> 00:01:01.415
We've got, uh, 250 to 300 employees,
various, uh, programs, efforts at

00:01:01.415 --> 00:01:04.745
the Health District, and so I'm
the, uh, sole person in charge of

00:01:04.745 --> 00:01:08.980
cybersecurity there, along with,
um, my colleagues in the IT program.

00:01:09.190 --> 00:01:12.860
Okay, so tell me a little bit
about what cybersecurity looks like

00:01:12.880 --> 00:01:14.990
at a public health institution.

00:01:15.330 --> 00:01:18.800
Uh, I'm, my background is
school administration, and so

00:01:19.240 --> 00:01:21.750
Probably some pretty similar
things dealing with confidential

00:01:21.750 --> 00:01:24.190
information, keeping that safe.

00:01:24.480 --> 00:01:28.080
What are the things that are, that
you're focusing on as it relates to that?

00:01:28.240 --> 00:01:28.730
I think you,

00:01:28.790 --> 00:01:30.510
I think you used the right word, focus.

00:01:30.580 --> 00:01:34.350
Uh, you know, everyone knows there's
so many, uh, aspects to cybersecurity.

00:01:34.820 --> 00:01:39.676
And in, kind of a smaller entity
with a smaller group of staff, uh,

00:01:39.706 --> 00:01:41.946
with one IT person, focus is key.

00:01:41.976 --> 00:01:46.441
So, you're right, we, we
have some, uh, main focuses.

00:01:46.919 --> 00:01:51.379
I think one of the things that's been good
for me is my lack of knowledge initially,

00:01:51.579 --> 00:01:55.749
you know, just kind of being able to see
what's out there from a fresh perspective

00:01:55.749 --> 00:01:57.539
or an inert perspective, maybe.

00:01:57.879 --> 00:02:00.059
uh, I look at our, our
employees as a vector.

00:02:00.299 --> 00:02:05.811
I know that's, uh, probably a negative
connotation, but, um, phishing, email is a

00:02:05.811 --> 00:02:07.751
vector and, and user accounts is a vector.

00:02:07.751 --> 00:02:10.861
So we focus very heavily with
Microsoft products on securing user

00:02:10.861 --> 00:02:16.606
accounts, uh, and just kind of,
um, Stopping, um, stopping that as

00:02:16.606 --> 00:02:18.136
a vector for bad things to happen.

00:02:18.906 --> 00:02:23.416
Intrusion protection with things like
sims, firewalls, using VPN clients.

00:02:23.726 --> 00:02:28.096
Really just basic, um, the basic
cyber hygiene, um, fundamentals that

00:02:28.096 --> 00:02:29.256
we hear from all over the place.

00:02:29.266 --> 00:02:34.876
CISA, NIST, um, all the local
authoritative jurisdictions.

00:02:35.661 --> 00:02:39.481
Just focusing on cyber security,
hygiene, you know, multi factor

00:02:39.481 --> 00:02:43.241
authentication, administrative accounts
being secure, that kind of stuff.

00:02:43.361 --> 00:02:46.841
We focus on the hygiene, and we've, I
think, done a really good job with that.

00:02:46.851 --> 00:02:50.746
Now we're starting to move into
education, awareness with our staff.

00:02:50.926 --> 00:02:55.496
communication's been huge, so that our
staff sees, um, themselves as a part

00:02:55.566 --> 00:02:57.156
of the cyber security and IT team.

00:02:57.696 --> 00:03:00.876
And so we've moved, what I like to say
is we've moved past the technological,

00:03:00.876 --> 00:03:02.386
not that we've got that showed up.

00:03:02.916 --> 00:03:05.656
But we really focused heavily on
technology and we've done what we could

00:03:05.656 --> 00:03:07.646
there with our, um, our resources.

00:03:08.126 --> 00:03:11.796
And now we, what I, we've moved on to what
I think is an even bigger, again I'm gonna

00:03:11.796 --> 00:03:16.586
use the word vector, but I'm gonna, we're
moving on to the, the, the person, right?

00:03:16.916 --> 00:03:19.906
And it's kind of, for lack of a
better term, securing them too.

00:03:20.126 --> 00:03:23.546
So put the two together, uh, we've got
the technology, we've got the human

00:03:23.546 --> 00:03:26.991
aspect, and kind of shore up, um,
everything as best as we can with that.

00:03:27.501 --> 00:03:28.211
with what we've got.

00:03:28.521 --> 00:03:28.881
Yeah.

00:03:28.881 --> 00:03:33.521
And so what I think, what I like about
that approach is you, you're taking

00:03:33.671 --> 00:03:37.491
this situation and you're saying,
okay, here's all the technical pieces

00:03:37.491 --> 00:03:39.651
we can put in place to protect us.

00:03:39.651 --> 00:03:44.261
All the, uh, protocols, strategies,
software, things to implement.

00:03:44.631 --> 00:03:49.811
And then it's about education and teaching
people how to be smart about it, how to

00:03:49.811 --> 00:03:55.035
make good choices, how to not, Not get
stuck in something or reveal something.

00:03:55.320 --> 00:04:00.810
What's the challenge with teaching people
those things because to be honest most

00:04:00.810 --> 00:04:04.780
people don't think too much about it
And a lot of people will still reuse

00:04:04.780 --> 00:04:08.450
the same passwords over and over even
though that may not be the best thing

00:04:08.740 --> 00:04:13.570
What what's the challenging part of
teaching people to be cybersecurity

00:04:13.570 --> 00:04:13.910
aware?

00:04:14.750 --> 00:04:18.075
You know I'm not sure there really
is a challenge, um, from the,

00:04:18.335 --> 00:04:22.507
at the, you know, employee kind
of human, element at that level.

00:04:22.817 --> 00:04:27.270
They're actually really willing,
and able to, you know, to

00:04:27.270 --> 00:04:28.340
act on what you tell them.

00:04:28.370 --> 00:04:33.663
The challenge is, it's for me, and I, I
attended a conference at NIST, uh, a few

00:04:33.663 --> 00:04:38.933
years ago, and learned that the, that the
challenge is to impart that information,

00:04:38.984 --> 00:04:43.114
to get those, you know, the, the human
aspect to get them to understand what you

00:04:43.114 --> 00:04:46.254
want from them in a way that they accept.

00:04:46.354 --> 00:04:50.214
So you have to reach, uh, the
old school folks, you know, with

00:04:50.224 --> 00:04:54.414
an email or, you know, a poster,
you've got to have a, uh, a piece of

00:04:54.414 --> 00:04:56.324
electronic media for younger people.

00:04:56.324 --> 00:04:59.215
You've got to meet them in person
when you can, You've got to have a

00:04:59.215 --> 00:05:04.005
rainbow of approaches so that you can
reach those people and listen to them

00:05:04.125 --> 00:05:07.805
and create that dialogue so that if
you're not getting what you want that

00:05:07.865 --> 00:05:11.675
you continue to ask them what it is
that they need from you so that they

00:05:11.675 --> 00:05:13.695
can put into place what you want.

00:05:13.875 --> 00:05:17.020
It's that, uh, it's not really a
challenge but it's a, it's an effort.

00:05:17.290 --> 00:05:18.600
You know, that communication effort.

00:05:18.600 --> 00:05:20.370
I know we always say
communication is key, right?

00:05:20.390 --> 00:05:22.500
No matter what the
industry, but it's true.

00:05:22.500 --> 00:05:26.090
If you can reach them and use the
method that works best for them, they'll

00:05:26.090 --> 00:05:27.830
actually follow through and work with you.

00:05:27.960 --> 00:05:29.430
Um, they'll report phishing to you.

00:05:29.840 --> 00:05:32.360
They'll even come to you and tell
you, Hey, I reported this, but I want

00:05:32.360 --> 00:05:36.180
you to know, or they'll say, Hey, I
see something weird with my password

00:05:36.180 --> 00:05:39.650
here, or should I be getting this
authentication method on my phone?

00:05:39.760 --> 00:05:42.220
Um, they'll, they'll start to come to you.

00:05:42.743 --> 00:05:44.513
you know, and the old
term champion, right?

00:05:44.513 --> 00:05:46.933
Then they're your champion and
they champion their colleagues.

00:05:46.933 --> 00:05:49.623
They champion their, their,
whatever their work structure is.

00:05:49.623 --> 00:05:53.023
And they become that person
who kind of pushes your, your

00:05:53.023 --> 00:05:54.423
efforts on down the road.

00:05:54.493 --> 00:05:55.383
Yeah, sure.

00:05:55.423 --> 00:05:56.333
That makes a lot of sense.

00:05:56.711 --> 00:05:59.871
so what is it that you're hoping
to get out of the inch 360

00:05:59.871 --> 00:06:00.821
event that we're at right now?

00:06:01.672 --> 00:06:06.086
I'm kind of old school, and I like face to
face and I know COVID's come and gone to a

00:06:06.086 --> 00:06:09.146
large extent, but it's a good opportunity
to see people and face to face.

00:06:09.146 --> 00:06:11.376
I saw some of the people
I work with here online.

00:06:12.016 --> 00:06:13.406
I saw them in person for the first time.

00:06:13.801 --> 00:06:15.211
so I'm hoping to see that again.

00:06:15.331 --> 00:06:19.681
Um, and really just hear where other
people are going and kind of stack

00:06:19.681 --> 00:06:23.731
myself up, you know, to what I, what
I'm, I try to listen to as broad

00:06:23.731 --> 00:06:25.801
a range of, Voices as possible.

00:06:25.801 --> 00:06:29.844
And this is just another venue to hear
voices and, get an idea of whether I'm

00:06:29.844 --> 00:06:33.124
not, whether or not I'm doing the right
thing if we're on the right track.

00:06:33.124 --> 00:06:37.077
If there's something new that I can
implement, you know, We all hear sometimes

00:06:37.077 --> 00:06:38.827
I've gone to a conference or a class.

00:06:39.177 --> 00:06:41.077
You're not going to take
everything home and use it.

00:06:41.077 --> 00:06:45.047
But if you can hear just one thing and
take it home and put that into practice,

00:06:45.077 --> 00:06:47.487
then that's, I think for me, that's a win.

00:06:47.487 --> 00:06:49.747
So yeah, I'm looking
for that one thing that.

00:06:51.042 --> 00:06:51.812
That I can put into

00:06:51.812 --> 00:06:52.142
play.

00:06:52.442 --> 00:06:53.502
Yeah, very good.

00:06:53.552 --> 00:06:57.762
Well, I hope, uh, I hope you find it,
and, uh, that, that is the question that

00:06:57.762 --> 00:07:01.822
I'll be asking everybody else, but you're
the first one that I interviewed before

00:07:01.822 --> 00:07:05.757
the conference started, and so, wanted
to hear your hopes and dreams of what

00:07:05.757 --> 00:07:08.817
you're going to get out of it, but that
is, that is the question I'll be asking.

00:07:08.817 --> 00:07:10.207
What's your one takeaway from people?

00:07:10.247 --> 00:07:11.767
Okay, I'm going to go in
there and tip everybody off.

00:07:11.827 --> 00:07:12.867
Okay, sounds good.

00:07:12.917 --> 00:07:13.687
Appreciate it, man.

00:07:13.687 --> 00:07:14.567
Thanks so much for being here.

00:07:14.567 --> 00:07:15.337
Yeah, I appreciate it.

00:07:15.337 --> 00:07:15.997
Thanks for having me.

00:07:16.097 --> 00:07:16.637
Have a good one.