Navigating Forward

Cybersecurity gets personal with Lynda Grindstaff

Launch Consulting Season 5 Episode 4

On this episode of Navigating Forward, Lisa Thee chats with Lynda Grindstaff, VP of Engineering at McAfee, and Creighton Adams, Senior Director of Cybersecurity at Launch Consulting. In the cybersecurity realm, they discuss personal cybersecurity posture, how to stay aware of what's important for your own situation, and how personal posture can impact enterprise security when working from home. Also, they give great ideas for people looking to break into (or pivot into) a cybersecurity career and they encourage anyone to go ahead and take the risk and try it out. 

Find Lisa at https://www.linkedin.com/in/lisathee/
Find Lynda at https://www.linkedin.com/in/lyndagrindstaff/
Find Creighton at  https://www.linkedin.com/in/creighton-adams/

Learn more about Launch Consulting at https://www.launchconsulting.com/

00:00:03:09 - 00:00:44:26
Narrator
Welcome to Navigating Forward, brought to you by Launch Consulting, where we explore the ever-evolving world of technology, data, and the incredible potential for artificial intelligence. Our experts come together with the brightest minds in AI and technology, discovering the stories behind the latest advancements across industries. Our mission: to guide you through the rapidly changing landscape of tech, demystifying complex concepts and showcasing the opportunities that lie ahead. Join us as we uncover what your business needs to do now to prepare for what's coming next. This is Navigating Forward.

00:00:44:28 - 00:00:56:24
Lisa Thee
Hello everyone, and welcome to the Navigating Forward podcast. My name is Lisa Thee and I'll be your host today. And I also have the pleasure of having a co-host today, Creighton Adams. Creighton, do you mind saying hi to our audience?

00:00:56:27 - 00:01:11:24
Creighton Adams
Well, hello, everyone. This is Creighton Adams, Senior Cybersecurity Director at Launch Consulting Group. Been around the block a couple of years, well, decades actually, but I won't say how old I am. And I'm excited to talk about cybersecurity and culture in the community along with Lynda and Lisa today.

00:01:11:27 - 00:01:35:07
Lisa Thee
Awesome. So, we love to bring luminary movers and shakers to the forefront of conversations, and we have one of my favorite woman engineers I've had a chance to work with over the years. We have Lynda Grindstaff with us today. Lynda is the VP of Engineering at McAfee, which is a leading cybersecurity company that has roots in enterprise, but today is a consumer-focused company.

00:01:35:07 - 00:01:52:08
Lisa Thee
So, we get to hear both sides of the fence. Lynda comes with extensive experience and being a woman leader in technology, and she does so much for the community of mentoring new, up-and-coming engineers. And we are thrilled to have you here today, Lynda, welcome to the podcast.

00:01:52:10 - 00:01:58:28
Lynda Grindstaff
Thank you. Thank you for having me. I'm excited to be here and talk cybersecurity with you, Lisa and Creighton.

00:01:58:28 - 00:02:10:01
Lisa Thee
Thank you. So, for somebody that doesn't understand as much about this space, do you mind sharing a little bit about what an average day looks like for you as the VP of Engineering of a cybersecurity company?

00:02:10:03 - 00:03:00:26
Lynda Grindstaff
Sure. So, McAfee, as you mentioned, is a pure play cyber, consumer cybersecurity company now. And we are all about keeping consumers safe online in your day-to-day digital lives. We want to protect you from all bad things that are happening out there in the world while you go about your online activities. So, things that we're going to protect you from are computer viruses, we're also going to protect you from identity theft by letting you know if there's been a breach and if you have been affected and what you can do to protect yourself. How to keep your transactions hidden using a virtual private network, protect you from spam, clean up your personal data online. And we also have a password manager service. So, we’re much more than just the old antivirus that sits on your computer. We have many more services for consumers today.

00:03:00:29 - 00:03:15:12
Lisa Thee
That does feel like a really nice consumer experience where you have one provider that can help you not only navigate the landscape of threats outside, but even for getting your passwords. It's a pretty cool, frictionless customer experience. I'm impressed.

00:03:15:14 - 00:03:25:28
Lynda Grindstaff
Not a lot of people realize that there's a lot of extra services in our software products today. They still think of us as the old antivirus product that was created back in the nineties.

00:03:26:01 - 00:03:31:20
Lisa Thee
So, Lynda, what emerging trends are you seeing in the cybersecurity field today that you think we should be paying more attention to?

00:03:31:24 - 00:04:18:27
Lynda Grindstaff
There's a lot of activity happening. The bad actors are never sleeping, you know, they're never taking a break. The attackers are after money. Bottom line, how can they get rich? And so, as that barrier to entry goes down with using things like AI, ChatGPT, they're able to create sophisticated attacks pretty quickly. And, you know, from a consumer standpoint, you're not seeing broken English emails asking you to click on a link. They're looking pretty legit; they’re looking like it's coming from your bank. And spam is definitely still present and on the rise. Phishing attacks, identity theft again. So those attackers can figure out how to get more money from you or really from anyone, that's really the primary motivation that we're seeing.

00:04:18:29 - 00:04:48:16
Lisa Thee
It is really interesting as we've democratized artificial intelligence beyond just a couple of big companies and made a consumer available solution by taking down that barrier of having to have the technology experience or even be a great writer is really interesting in terms of how much it increases the volume and how fast criminals can abuse that. Creighton, I would love to hear some of your thoughts on the emerging trends in this space as well. Where are you seeing the ball moving down the field?

00:04:48:22 - 00:05:21:28
Creighton Adams
One of the ideas that I ran into during pandemic times, especially during the winter when there was a snowstorm, some of my favorite coffee shops, the internet went down. I mean, I had cash in my pocket, but I couldn't conduct a transaction because their point-of-sale unit was down. I had money and I couldn't get coffee. That's telling me that with cyber there's material damages that can take place day in and day out that affect multiple people, the community itself. So, everyone's involved. And that would lead into another question I would have, don't need to answer right now, but ponder is what role does culture have in cybersecurity as well?

00:05:21:29 - 00:05:30:27
Lisa Thee
Whew. That's a good one. I actually, if you don't need the time to dwell, Lynda would love to hear your thoughts on what role culture has in cyber.

00:05:30:29 - 00:06:29:20
Lynda Grindstaff
I think that culture plays an interesting role because as not just culture, but also the demographics where you come from and the age that you might be because you know somebody that's in their eighties or nineties, they might have a smartphone, but they didn't grow up with that technology. And so, they don't look at cybersecurity and protecting things the same way that those of us in the industry might, you know where we're going to have two-factor authentication and we're going to have all of these extra protections in place.

And subsequently, if it's new to you and a different, you know, culture that you're from and it's just not ingrained in you, like think of all the 20-somethings or the teenagers or children out there. They're not used to that either. And so again, they don't have that belief system that like, I need to protect this.

They're like, who wants my data? Who cares? And who cares what they see of me on Instagram or whatever, you know? And I think that over time and maturity, that's going to change.

00:06:29:23 - 00:06:47:25
Lisa Thee
Yeah. That attention economy, right? So, this whole concept of privacy has really evolved in the U.S., at least from an ethnocentric lens by age. What do you see internationally as culture, like different perspectives globally with some of your consumer brands?

00:06:47:27 - 00:07:20:01
Lynda Grindstaff
Well, so your comment on privacy, you know, the European Union was a big leader, right, for GDPR and really taking that leadership role in protecting consumer data and other countries are following suit. And I think, you know, internationally, we continue to see some countries put more protections in place, more precautions, more rules and regulations. Some companies don't like that. But, you know, they're looking at it with that consumer lens or really that protection and how do you protect my data?

00:07:20:03 - 00:08:02:03
Lisa Thee
Yeah, I like to see some of the benefits that we get when people take a stronger stance from a governance perspective, because I think it does protect everyone holistically because these companies that are operating globally will usually rise to the standard that has the most regulatory bite, right? So, I think GDPR is a great example of how we've moved people off of nice-to-have to a need-to-have model in that perspective.

I would love to learn a little bit more about what your why is for working in this area. What motivates you on days to bring your best self to work because the criminals are never sleeping, as you mentioned, but we are all human. So, what mission inspires you to bring your best self?

00:08:02:06 - 00:08:55:11
Lynda Grindstaff
Yeah, absolutely. So just as you said, or like I said, the criminals never sleep. So, knowing that I'm doing something every single day that's going to protect my friends, my family, my loved ones and myself and personally being able to be involved in that is one area. And then the other area that is also very important to me is empowering other women and promoting more women in technology because they're, for those you in the industry, you know that there is not large amounts of women in cybersecurity or in STEM.

I have said that we will know we've reached parity when there's a line at the women's bathroom at a cybersecurity or technical conference because there's a line at the men's bathroom, but there's never a line at the women's bathroom. And so, I definitely want to get more women involved. It's an exciting area. It's always changing and there's no reason we shouldn't have more women in it.

00:08:55:14 - 00:09:27:22
Lisa Thee
And I have a follow up question to that specifically, because I know a lot of people that have taken some kind of break in their careers. Maybe that was a pause for raising children. Maybe that was going back to school, other different things that may have caused that. For people that are interested in stepping into cybersecurity maybe from a different field, what are some of the best courses you can take to up-level your game or intro type of jobs that you can apply for that may give you that opportunity to demonstrate your skill set?

00:09:27:25 - 00:10:39:04
Lynda Grindstaff
Sure. So, a few things that come to mind if you've done nothing is start online. There's LinkedIn Learning. You know, Google and Microsoft, they all have cybersecurity, basic training classes and certification programs. So, depending on what your background is and your technical depth that you enter lots of courses that are out there, you know that you can start to dabble in and get involved with.

And then you could even take it further, you know, going to a university and taking some additional classes in person. And you can also attend conferences and you know, there's RSA and there's Black Hat and other conferences where they will have hands-on sessions that you can build those skills, you can learn more, you can dive in deeper, you can learn like, you know how to do ethical hacking, for example, at Black Hat, if that's something of interest to you. Really the sky's the limit and you're never too old to start learning.

And we still do have a cybersecurity skills shortage in the industry. So, more people are always welcome. And those adversaries, like I said, they're going to keep on going. They are not stopping. And so, we're going to need to have as many people in the field as well.

00:10:39:06 - 00:10:46:16
Lisa Thee
Creighton, do you have any ideas on how people can get some mentorship and sponsorship into getting that first opportunity into cybersecurity?

00:10:46:19 - 00:11:47:09
Creighton Adams
Absolutely. So similar to cybersecurity itself, it's culture-driven a lot. So be in the community, be involved, join your local engineering, go to meet-ups and be curious. So just to share on my journey set and what I'm getting my nieces into, both of them, it's pretty entertaining how they approach it, is the world is put together in a certain way. And with cyber, there's rules, policies, operations on how that world operates. Information technology is to inform people to take action. Operational technology, like a power plant, if you will, is for systems to get controlled by a computer. So, being curious, knowing how that world's put together, how it interacts, start with that imagination. And then similar to what Lynda was saying, the sky's the limit.

It'll keep feeding itself. And I agree wholeheartedly with the online. The only extra that I would add is there's a lot of really cool hack the box or capture the flag games, go out there and play and then, you know, it'll be the same shape when you're at the keyboard for an organization or for grandma.

00:11:47:09 - 00:12:10:28
Lynda Grindstaff
And I would say if I can add to that is take a risk. Don't be afraid to take a risk. Don't be afraid to try. And if you fail, especially as you're learning it's a safe space. Your company's not going to get breached. If you fail when you are the CISO of a company, that might be a different issue. But you're not there on day one or even day two. So, take a risk and try.

00:12:11:01 - 00:12:14:26
Creighton Adams
What do they say about fail? First attempt in learning. F-A-I-L.

00:12:14:29 - 00:12:42:17
Lisa Thee
Yeah, I like that. And I think that that is the world that we're all entering in versus maybe ten years ago when we started our careers. I think we all are going to have to be lifelong learners. I think we're all going to have to be comfortable being uncomfortable because that's the only way that we're going to continue to stay ahead because there is no exact recipe for how to get there. And so, I think those are wonderful themes. So, Creighton, what questions do you have for Lynda?

00:12:42:21 - 00:13:41:09
Creighton Adams
Yeah, I’d like to get her perspective. Being a nineties kid myself, I'm trying to figure out the economics of the equation for cybersecurity and go on a journey for the consumer side. And my mind took me to the grocery store. When's the last time we’ve seen somebody pull out a checkbook and pay for groceries. Like, that just doesn't happen. And the last time it did happen, how did you feel? Probably frustrated. Maybe made a noise. So, in the end user space, the importance of knowing your digital health and the economics of that equation. Like if I'm paying money, I'm receiving a service, and are you taking advantage of it? A lot of people take things for granted is kind of my point there. They just put the credit card down and they go. So, with that consumer side service easing and making it better, where do you see the consumer taking advantage of it and what are they leaving on the table?

00:13:41:12 - 00:15:37:17
Lynda Grindstaff
Sure. So, first on the checkbook thing, the grocery store that I shop at does not take credit cards. So, I see checks frequently. That's how they keep their prices low. But I do grumble, I’m like, oh, it's taking an extra 2 minutes. And so yes, I've seen that. But what are they leaving on the table? So, one example is with respect to our product, McAfee's product, many people don't realize that we are more than a AV company. And as you open any of your software products, not just McAfee's, are you using all the bells and whistles that are available to you? You know, a lot of times people have no idea that there's these extra features that are included in the price or extra things that they can get in a subscription service or things like that.

So, one thing that I see specific back to cybersecurity, is that they're leaving on the table is that they're not protecting their identities or they're not using two-factor authentication. They don't know that their identity or not necessarily their whole identity, but their information was involved in a breach because there's so many that are happening all the time. I think people become immune to it and we're not necessarily getting letters, or we get an email and you're like, Is this spam? I don't really know. And so, we tend to ignore it when in reality we might need to have paid attention to it. But I think that those other areas like our digital life across everything we need to pay attention to and not just how do I keep myself safe from ransomware.

It's really all these other things that are going to affect us more than a consumer getting ransomware. You don't hear about that. Like they don't usually come to my house and want to hit me with ransomware. I'll just restore the backup or blast the hard drive. They're not going to get much. But if they can get my identity and they can get other things from me, that's going to be more lucrative, back to their motivations of wanting to get some cash at the end of the day.

00:15:37:20 - 00:16:10:08
Creighton Adams
That makes sense. I think on one of the CryptoLocker events that we're doing some deep six work for, they had a call center. I was like, hold on, you call into a call center with your event ID? And then they walk you through PowerShell? Yes. Okay. That's called sophistication. For the consumer that's trying to carry forward with their day-to-day needs, with cyber being so large, does the McAfee platform or any other consumer product platform give a digest for people? And should they be concerned, should they not be concerned? Kind of like a weather report?

00:16:10:10 - 00:17:01:01
Lynda Grindstaff
So, I haven't seen anything that exist currently, but that's a great idea. You know, right now in my newsfeed, I get things because I am interested in cyber, and I'm interested in these areas. So, a lot of things pop up in my newsfeed. But I think to the average consumer, you know, like you said a few minutes ago, being aware of what's happening in the industry, being aware of what's going on, paying attention to the news and not just being on TikTok, but actually looking at the news would be a great source of information.

But I would say the other thing is try not to become immune to it because there are a lot of breaches that will happen and the and the adversaries are not sleeping, still pay attention. How does this affect me? Every time you see something, you should ask that question, how does this affect me? And don't just ignore it because you never know which one may affect you.

00:17:01:03 - 00:17:25:19
Lisa Thee
It is so relatable, though. You start to get this alert fatigue, right? We all have a list of worries as we're getting through the day, and that list seems to be getting longer. With more technology infused in our lives. Are there ways that you help to combat that alert fatigue for yourself that helps you to make sure that you stay aware of the moments that matter?

00:17:25:21 - 00:18:08:04
Lynda Grindstaff
Sure. So, one thing that I do personally is the only alerts that I get on my phone are from my bank, from my cybersecurity software, my McAfee that I have on my phone and the like really important things that matter. Like Facebook, TikTok, Instagram, like, I don't need an alert for all of those so that it can really channel to me and same on my computer. It can really channel to me, and I can pay attention to what matters to me the most. Trying to convince my children that you don't need every TikTok alert to respond to is a different story, but I would recommend just focusing on what matters the most for you so that way you can not be fatigued.

00:18:08:07 - 00:18:19:29
Lisa Thee
Lynda, that's a great point. I think a lot of us are in those parenting years. How do you explain to the people in your life that aren't in the industry the importance of having a cybersecurity posture?

00:18:20:06 - 00:19:36:23
Lynda Grindstaff
So, one analogy that I use is it's like locking your front door. You know, do you lock your front door, or do you leave it wide open? And do you leave the windows and the doors open, you know, and invite anybody and everyone into your home and let them take whatever they want. Probably not. You probably do at least close your door. Maybe you don't always lock your door, but that's kind of to that level. Additional levels of security and two-factor authentication and, you know, various degrees of protection. You might go as far as having a house alarm and lock the doors and lock the windows and you might have bars on your window, and you might have a camera out front watching.

Depends on the needs for you and what factor those alerts and what you're paying attention to. What do you need to do to feel safe? It depends on the environment that you're in. Depends on the area of town that you might live in, or even if you're just traveling, you're going to look at different, protection differently. And so, you have to do what's right for you.
And same with security, locking the door might be enough on a certain application, but if it's your banking software, you probably want the house alarm and the security camera out front and, you know, 17 bolts on the doors and the windows because you don't want them to get into your bank account. And that's okay. It might take you an extra 10 seconds to get in, but it's worth it.

00:19:36:25 - 00:19:46:01
Lisa Thee
So today, a lot of us have gotten accustomed to working from home. What challenges do you face now trying to protect all of those users?

00:19:46:03 - 00:20:48:07
Lynda Grindstaff
Yeah. So, one of the things when the pandemic started that we saw when people, you know, started working from home is you have these, you know, employees who used to be in a protected network at their office, are now at home with their kids who may be doing questionable things online, may not have security precautions in place.

They may have IoT devices that aren't patched and things like that. And then you could see that adversaries could get in through those unpatched devices or through the kids who might accidentally go to a malicious website, download a payload, and then through lateral movement that's going to transfer over to your enterprise device that's on your home network. And then now your enterprise starts to become infected with that.

We saw that. We also saw spear phishing and some phishing attacks were increased because now that people were at home, you know, if you could target the kids, you could target the family, you might be able to get into a business indirectly that way.

00:20:48:10 - 00:21:25:01
Creighton Adams
I have to agree, Lynda, think of it as like catching a cold. If you're sitting next to somebody and they're sneezing, sniffling, you might catch it directly as well. And in the devices at home, such as smart TV, a printer, a game console that's open source, it's only one stop to get there because most networks at home are flat. And going back to our conversation of alert fatigue earlier, people will just keep hitting enter on their authenticator thinking that's their email booting up for the morning. But it could be somebody else from the same IP address. So, look both ways cross the street before you cross the street and keep everything happy and healthy.

00:21:25:03 - 00:21:38:10
Lynda Grindstaff
Exactly. Otherwise, like back to the house that we're talking about the house analogy, if your doors are unlocked and people can walk right in, if you if you don't have every device patched and up to date, it's going to affect your enterprise, too.

00:21:38:12 - 00:22:02:05
Lisa Thee
Gotcha. Gotcha. And I think just like computers, people learn so much more from their failures than their successes. And we talked about failure earlier as that way that we all learn. What are, what's one of your bigger failures that you've had across your career that you learned from, that you want to share with others, to educate them about maybe something that you had to learn the hard way, save them a little bit of time.

00:22:02:07 - 00:23:14:11
Lynda Grindstaff
Sure. Mine's not related to cyber though directly. It's about believing in myself and believing that I could do that. You know, I've only been in the cybersecurity industry almost ten years now, so I did not grow up in the cybersecurity industry. It wasn't even a major when I went to college. And now, you know, having to pivot ten years ago was well underway. You know, ten years ago was very different than it was today, but it's still different than it was back in the nineties and having to learn that. So, believing in myself, believing that I could learn new things and not having an imposter syndrome as well, I did suffer from that many years ago. And overcoming that has been a challenge.

You know, there's not a lot of women in cyber, there's not a lot of women in technology as we touched on, and looking for those role models, looking for the mentors and the sponsors that are out there and just having a shoulder, you know, to lean on and somebody to vent to and again, back to believing in yourself when that that other voice says, gey, you can do this, you've got this. And you're like, really? I can. Okay, let me try. And not being afraid to take those risks.

00:23:14:14 - 00:23:49:06
Lisa Thee
Lynda, that surprises me so much because we've known each other through our careers, especially early in our careers. And I always thought of you as somebody that sponsored a lot of women, including myself. I remember you nominated me for my first award I got outside of the company. And you've been such a great advocate for other women. I'm just really surprised to hear that you dealt with any of those things because from the outside looking in, you look like that duck kind of cruising over the top of the lake. How do you know that it was something that you needed to focus on? Like what about that imposter syndrome, how did that show up for you and how did you overcome it?

00:23:49:08 - 00:25:29:02
Lynda Grindstaff
Well, so a couple of things. So, first is, it's easier to advocate for others than yourself. It's easier to be a cheerleader for somebody like you, Lisa, who's amazing, who's very well accomplished. And to see those things. It's harder to look in the mirror and to see that in yourself. And that's very common with men and women, by the way. I've had many men tell me over the years that they've suffered from imposter syndrome as well. But how I overcame it is I did win an award outside from Society of Women Engineers, actually. And it was like, wow, maybe other people think I'm pretty amazing. And how I applied for that was a dear friend of mine had encouraged me to apply and I was like, I'm not going win. I literally just threw the application together. I grabbed some photo that I already had. I didn't even take a nice headshot. And then when they told me I won, my first thing was, can I change that picture because it's really bad, because I didn't think I'd win. And then I was like, God, I won. This is crazy.

And then so many people were telling me that they could relate to my story. And then I actually did a TEDx talk on imposter syndrome. And then even more people were telling me that they could relate. And I think, you know, there's no cookbook, unfortunately, of why this happens or how you overcome it. But it's really telling those little voices in your head that you can do this, that they want you for this job, for a reason. They want you to do, you know, this interview. They want you to do whatever it might be, give hat keynote talk, whatever for a reason, and believe in yourself.

00:25:29:04 - 00:25:52:10
Lisa Thee
I sometimes have to channel the inner wisdom my daughter, when I hit that moment where I have to step on stage and I get nervous every time she goes, Mommy, just remember the floor is not going to eat you. And it's like, okay, I need to get out there and get in the flow, right? So, Lynda, for people that want to stay in touch with you, maybe access your TED talk and continue the conversation, where are the best places to find you?

00:25:52:12 - 00:26:19:06
Lynda Grindstaff
LinkedIn is the best way. Lynda Grindstaff is my LinkedIn URL, just LinkedIn.com/in/LyndaGrindstaff. And unfortunately, the TED talk, it was a TEDx talk, they only published one and they had some technical difficulties. This is back in 2016 and so it never got published. But you can see a photo of it on my LinkedIn page from the TED talk.

00:26:19:08 - 00:26:44:07
Lisa Thee
So that will be the thing we focus on next is going to find all the old footage for you. I'm sure somebody has that recorded somewhere. Thank you so much for your time today, Lynda and Creighton. I think it was a really interesting conversation. There's so many, cybersecurity is so broad, I don't think, we could talk for days and never cover all of it. So, I really appreciate you helping us to surface some of the interesting things that consumers should be thinking about.

00:26:44:10 - 00:26:46:02
Lynda Grindstaff
Thank you for having me. It's been fun.

00:26:46:04 - 00:26:46:28
Creighton Adams
That's right. Thank you.

00:26:47:00 - 00:26:51:04
Lisa Thee
Thank you for being here.