After a successful first week of Curriculaville, we wanted to shine a light on one of our speakers, Chris Painter, a globally recognized expert and thought-leader in the cyber security industry.
As the current President of the Global Forum on Cyber Expertise, Chris’s experience spans from prosecuting some of the country’s most high-profile cybercriminals, becoming the world’s first top cyber diplomat, and driving initiatives for organizations’ cyber policies to protect themselves against threats.
Learn more about the unparalleled experience Chris has in the world of cyber security training, and why we’re honored to have him as part of our annual security awareness training series that’s free to attend during National Cyber Security Awareness Month.
30 Years of Cyber-Trailblazing
We’d first like to highlight all of the good work Chris has done for the cyber industry. To give you an overview of what Chris’s cyber career has looked like, here’s a timeline:
1990-2000: Worked as an Assistant United States Attorney. During this time he worked on a number of illustrious cyber crimes. One of which included the prosecution of Kevin Mitnick, a cybercriminal and hacker, who was imprisoned for 5 years.
2001-2008: Led the case and policy efforts as the Principal Deputy Chief of the Computer Crime and Intellectual Property Section for the U.S. Department of Justice.
2008-2012: During this time he also became the Chair of the G8 High-Tech Crime Subgroup, which is an international summit between countries to discuss cybercrime and terrorism.
2008-2009: Served as the Deputy Assistant Director of the F.B.I.’s Cyber Division.
2009-2011: Worked in the White House under the Obama administration as the Senior Director for Cyber Policy and Acting Cyber Coordinator in the National Security Council. He was the first person to hold this title.
2011-2017: Held the first State Department’s lead cyber diplomat title as the Coordinator for Cyber Issues.
2020-Present: President of The Global Forum on Cyber Expertise Foundation.
Needless to say, Chris has had an extensive history with cybercrime and policies. Due to his trailblazing mentality for cyber awareness, he’s helped to clear the path on what we know today about cyber threats in the public and private sector.
Penny for Your Security Thoughts
Based on Chris’s years of experience he’s unquestionably an expert in cyber security. We were lucky enough to sit down with Chris to gain a few bonus insights on two cyber ‘hot topics’: education and ethics.
Cyber security as a whole is now publicly acknowledged, but also rapidly advancing. Therefore, it’s important to build a culture of security to continue to train employees and communicate the potential threats. Chris’s opinion on the matter was “We’ve made progress, and some industries are doing quite well.”
But across the board, there is still lots more that needs to be done… You need basic cyber hygiene. If you follow basic controls or procedures, and you do things correctly, the vast majority of intrusions, disruptions, and vulnerabilities will be cut out.
The ‘basic cyber hygiene’ Chris mentioned can only be solved one way which is education and training. Preparedness for a cyber incident through training is critical for any modern organization.
Chris said it best, “you should not be dealing with a cyber event after the event happens.” Far too many organizations are hit with ransomware or phishing attacks, that could have easily been prevented through security awareness training. These can also be known as trigger events and shouldn’t be the only reason for beginning a security awareness program.
In terms of ethics, Chris’s years of government work, prosecuting criminals, and ‘fighting the good fight’ has meant he’s seen it all. He states “I think ethics are really important. I think that one issue with cyberspace that has always been true is that people have a different view of it than they do the physical world.
There are things that people would never do in the physical world that they would do in the cyber world. I don’t think we have been very good at changing this, where something people think ‘oh that cool,’ to ‘oh that’s theft.’ Damage is damage and you are causing someone harm.”
It’s sometimes easy to decontextualized cybercrime and physical crime (which we are far more familiar with), but really they should be treated the same. This has posed a challenge when searching for cyber thought leaders. Many look to ex-hackers thinking they’re more knowledgeable but the reality can unknowingly cross ethical borders.
As someone who’s been around a lot of real-life cyber heroes and villains, Chris’s opinion states “You shouldn’t lionize someone because they were prosecuted or were a hacker. That doesn’t make them better skill-wise than others… felons and convicted hackers are not role models.”
Want to learn more?
If you found that interesting rewatch our Curriculaville webinar where Chris spoke with Curricula’s CEO and cyber security expert, Nick Santora (CISA, CISSP) about ‘How Do We Get Everyone to Be Cyber Smart?’.