Your single source for new lessons on legal technology, e-discovery, and the people innovating behind the scenes.

Security Sandbox: Where We've Been and Where We're Going

Amanda Fennell

2021 brought cybersecurity to the mainstage in many ways. Evermore sophisticated ransomware threats, law firm data breach exposures, ProxyLogon vulnerabilities, and keeping best practices top of mind during an ongoing wave of remote work were more than enough to keep us all busy.

Still, bad actors are getting smarter and more creative—which means we need to keep evolving, too. In season one of our Security Sandbox podcast, we took a creative look at security by discussing how the personal passions people bring to work can help inspire better cybersecurity practices.

As host, I loved sitting down with colleagues and old friends to discuss security in new ways throughout the season, and I hope you also gleaned some new insights. Here are my biggest takeaways from 2021.

#1: Enjoy the “aha” moments.

Sometimes the best path to an answer is the unexpected path. Peek around corners, seek the unknown, and enjoy the unexpected rewards. This is the real benefit from welcoming creativity and personal passions into our professional lives.

“There's a danger to just looking in the places where you know sites have been found in the past. You’re never going to expand your horizons. You have to be able to think in an agile way and take advantage of chances as they come up, and you'll find, quite often, surprises—new kinds of sites that you’d never heard of or places that you wouldn't have expected.” – Dr. Alison Sheridan, 2020 Archeologist of the Year

#2: Imposter syndrome is real—but temporary.

In episode 5, we discussed how hands-on experience is crucial to gaining expertise, but remember: everyone has to start somewhere. Don’t let a fear of failing keep you out of the game entirely. Imagine how our friend Atem Kuol, Justice League visual effects coordinator, felt when he stepped onto his first movie set! With time, you’ll trust yourself more.

“You step onto this massive film set and have to pretend that you know what you're doing. When they're rolling, I’m hidden in a corner somewhere trying to not look at the actors and put them off. It's taken me years to realize what to do, and I still don't know what to do. Every job you do, you gain confidence, you gain experience, you meet people.” – Atem Kuol, Visual Effects Coordinator and Founder of Humble Beginnings Films

#3: Be the calm in someone’s worst day.

In episode 1, we talked about regularly doing research—and pushing yourself to go deeper in your learning—to stay confident about your craft, whether it’s neurosurgery or data security. As we learned in episode 4, the more confident and prepared you are, the less panicked everyone else will be when you have to deliver less-than-ideal news.

“You have to be confident in your messaging. If I go to an executive and say, ‘We may have an issue or something that we need you to think about...’ How well is my presentation? How well have I organized my notes? How concise am I going to be so that I don’t lose them as I’m trying to make the point?” – Stephen Powell, Relativity’s Director of Enterprise Risk Management

#4: “Festina lente” (go slow to go fast).

Taking the time to train people on procedures—and ensuring uniformity across a team—lets your organization respond to and minimize incidents faster. No one knows this better than Gabriel Diaz de Leon and Zachary Languell, two military veterans who now work on Relativity’s security team.

“[The military] implements training until you keep doing it over and over until it becomes muscle memory. They also teach you to think outside the box, but at the same time, they want you to realize that what they're training you for is one day going to come in handy. When the situation arises, you don't have to think about that training. It just kicks in, and you just do it.” -- Gabriel Diaz de Leon, Relativity Advanced Cybersecurity Analyst

#5: Building something great starts with great relationships.

In episode 6, we learned about all the different steps to getting a great cup of coffee in your hands. Similarly, it takes a lot of different people managing different processes to secure data. Building a team with the right mix of people, made up of individuals who’ll complement each other’s talents, is key.

Not everybody can be Michael Jordan. There has to be a Jordan, but there also has to be a supporting cast. You need everybody else understanding their roles and responsibilities and their capabilities. Build a team where each weakness is offset by another person's strengths, and have communication and camaraderie permeate across a team.” Kirk Arthur, Microsoft's Leader of Worldwide Public Safety and Justice

You might’ve noticed a common thread in all our discussions: humans! People are an organization’s #1 security risk, but we also believe they’re the strongest link in the security chain. With good training, a sense of camaraderie, plenty of curiosity, and the right tools in hand, people from across your organization can help defend the front lines of your organization from cyber threats. We believe it’s time to start treating them as our biggest assets, rather than liabilities.

In the interest of that pursuit, we’re spending season two of Security Sandbox exploring how to maximize people’s potential through meaningful use of technology and process, creative and compassionate education, and the conviction that there is room for taking risks in security. 

Season two drops Thursday, February 10! Be sure to subscribe right here on The Relativity Blog, or wherever you get your podcasts, so you don’t miss new episodes. We’ve got a few new tricks up our sleeve you will not want to miss.

In the first episode, I’m joined by Perry Carpenter, host of the 8th Layer Insights podcast and author, security researcher, and behavioral science enthusiast. Together with Marcin Święty, Relativity’s director of global security and IT, we’ll chat about how effective training, technology, and support can get everyone more invested in protecting your organization.

Thanks for spending time with us in the sandbox, where curiosity and excitement take center stage. I’m really excited to have you join again this year. In the meantime, I’d love to hear from you! Give us a rating on Apple Podcasts, comment below, or tag us in a post on LinkedIn or Twitter to share your biggest takeaway from season one.

Not quite caught up on everything we covered last year? Don’t worry—you can listen to every episode via The Relativity Blog or your favorite podcast app while you tackle your to-do list over the next week. There’s plenty of time to hear it all!

Amanda Fennell is chief security officer and chief information officer at Relativity. In her role, Amanda is responsible for championing and directing our tech and security strategy, including risk management and compliance practices. She has a masters degree in forensic science, and has 15+ years of experience in forensics and cybersecurity.