Ventas Inc.’s Brian Palmer on Managing Cybersecurity Challenges in Real Estate
Welcome to Team Cymru 's newsletter, The Future of Threat Intelligence.
Twice a month, we take deep dives from our podcast interviews with leading cybersecurity professionals and distill their insights right here for you.?
In our latest edition, we speak with Brian Palmer, Director of IT Security and Infrastructure at Ventas, Inc., who shares his unique insights on balancing technical oversight with broader business objectives and the evolving challenges in cybersecurity, especially within the real estate sector. He also offers valuable perspectives on the impact of AI on phishing attacks and the essential role of continuous learning and networking for those aspiring to advance in the cybersecurity field.?
Here are the top takeaways from the interview.?
#1: Balance Risk and Business Priorities?
“You know, that's a great question. And to me, one of the things I found is it's about having balance and it's about being able to understand what's key to the business. I've been at companies that were in the startup phase where our level of risk assessment was a lot more because growth was the most important thing and say security was less important. And I've been at places where my current company operates a little more like a bank, we're more of a real estate company, we're more risk averse and want to be a little bit more cautious with decisions we make.?
“I think the important thing is to articulate the risk in terms the business can understand so that our leaders, you know, can make informed decisions of what's right for our business or any given business.”?
Actionable Takeaway: Articulate risks in business terms to help leaders make informed decisions. Try to avoid getting too far into the weeds of security terms and details, aiming instead to give the key points and actions. Understand the company’s risk tolerance based on its growth phase and industry. Adjust your risk assessment approach accordingly to align with business priorities and ensure a balanced strategy.?
#2: Look For and Develop Problem-Solving Skills?
“I would say the number one skill that I look for is problem solving. And I say that in part because, you know, even if I hire someone straight out of a wonderful university that's just learned all the latest and greatest, five years from now, it's going to be completely different. The technology is the tool.?
“So for me, one of the really key things is someone who understands conceptually and can think and can learn on their feet and can adapt. Because, again, the things I learned in college and my computer science degree are woefully inadequate for what we are today. And I've had to adapt and keep up. And I think that's true, you know, and the pace of change has only gotten quicker since then. So I very much look for people who are curious, who want to understand, who have good problem solving, good adaptability skills.”
领英推荐
Actionable Takeaway: Prioritize problem-solving and adaptability when hiring. Technology evolves rapidly, making current knowledge quickly outdated. Seek candidates who are curious, can learn on their feet, and adapt to new challenges. This ensures long-term success in a fast-changing tech environment.?
#3: Incorporate Effective Cybersecurity Education
“I think when you help people understand and you can put it in context of, you know, well, like one of the statistics we shared, was five years ago, a hacker could crack an eight-character password in 20 minutes. And nowadays you can do it in 20 seconds, if even that. And I think when you share those kinds of statistics to help people understand we're not just trying to make your life more difficult, we don't want to make it harder for you to remember your password.?
“I think if you can tie it to real-world stories of things like, hey, here's how so and so company got hacked and it happened because an administrator was using the same password for their home Gmail. And I think when you can tie it into real world examples, it just helps people. And so we spend a lot of time in education. We do a lot of lunch and learns. We try to do a lot of communications. And again, we try to mix it up to make it interesting so people don't tune us out. It certainly does help.”?
Actionable Takeaway: Use real-world examples and clear, relatable statistics to educate employees about cybersecurity risks. Explain the importance of security measures in context, making the information engaging and relevant. Regular education sessions, such as lunch and learns, can help maintain awareness and compliance.?
Listen to our latest episodes: