Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Courtney Hans, a seasoned cyber professional with a unique background. Courtney shares that her path into cybersecurity was nontraditional, having started as a literature major and then spending about a decade as an adventure travel guide. She reflects on how the skills she developed during that time—understanding people’s motivations and goals—have been invaluable in her cybersecurity career, particularly in tailoring security strategies to individual organizational contexts.

Courtney emphasizes that cybersecurity is not a one-size-fits-all problem. She explains how, during her time at a SaaS startup, she prioritized cybersecurity investments based on the company’s specific risks and environment, such as focusing on application security over endpoint detection due to budget constraints and business needs. She stresses the importance of context in determining where organizations should focus their people, processes, and technology investments to have the greatest impact.

The chat then shifts to practical advice on how organizations can begin improving their cybersecurity posture, particularly through tabletop exercises. Courtney encourages organizations to leverage resources from their cyber insurance providers, many of which offer free or low-cost training and virtual tabletop exercises. She advises starting simple—having conversations about incident response plans and ensuring everyone knows their role if a cyber incident occurs.

Courtney also discusses the importance of engaging leadership in cybersecurity exercises. She suggests setting clear expectations, respecting executives’ time, and framing tabletop exercises as safe spaces to practice responses without pressure. She highlights that cyber incidents affect the entire organization, not just IT, and that practice builds muscle memory and helps identify gaps before a real crisis occurs.

Finally, Courtney outlines best practices for following up after tabletop exercises, including documenting observations, assigning responsibilities, and setting deadlines to ensure improvements are made. She acknowledges the discomfort some may feel participating in these exercises but stresses that creating a supportive environment where it’s okay to say “I don’t know” is crucial for identifying and addressing security gaps effectively.

Key Points

1. Nontraditional Path to Cybersecurity: Courtney’s background in literature and adventure travel shaped her people skills, which are critical in cybersecurity for understanding motivations and tailoring solutions.

2. Context is King: Cybersecurity solutions must be customized to an organization’s specific risks, environment, and priorities rather than applying generic controls.

3. Value of Tabletop Exercises: These exercises are essential for preparing organizations to respond to cyber incidents, helping build muscle memory and identify gaps in a safe environment.

4. Leveraging Cyber Insurance Resources: Many cyber insurance providers offer free or low-cost resources, including virtual tabletop exercises, which organizations should utilize.

5. Leadership Engagement and Follow-Up:Successful cybersecurity preparedness requires executive buy-in, clear expectations, and diligent follow-up with assigned responsibilities to ensure continuous improvement.

Key Quotes

1. “Context is king… each of our clients, in the insurance space, are different. What their risks are, what their environment looks like, dictates where their investments will have outsized impact.”

2. “Practice builds muscle memory, practice builds an awareness of where the gaps are, and always better to identify the gaps in a safe environment versus a real environment.”

3. “Plans are useless, but planning is indispensable.” — Dwight Eisenhower, quoted by Courtney.

4. “If you see something, say something… make sure people feel comfortable bringing those concerns to light.”

5. “It’s absolutely okay, maybe desirable, to say ‘I don’t know that yet’ because that’s what we’re here to figure out—where our gaps are.”

About Our Guest

Currently the Vice President of Cyber Services for AmTrustCyber, Courtney Hans brings a variety of experience into her work. In her early career, Courtney was an adventure travel guide with a short window to make a strong impression. Curiosity became her superpower as she learned how to uncover the inner motivations of diverse groups of guests. Guiding, just like cybersecurity, requires agility and a cool head during a crisis. Formerly the Head of Security and IT for a growing SaaS startup, Courtney joined AmTrust to help to reduce risk and deepen the relationship between carrier and insured.

Follow Our Guest

Website | LinkedIn

About Our Host

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host

Website | LinkedIn