Scott Algeier

Executive Director IT-ISAC & Food and Ag-ISAC

Founder, President & CEO of Conrad, Inc.

 

Show Notes:

In this episode of Bites and Bytes Podcast, we're joined by Scott Algeier, an influential figure navigating the crucial intersection of cybersecurity, IT, policy, and operations.  As the founder of Conrad, Inc. and the executive director for IT-ISAC and Food and Ag-ISAC (Information Sharing and Analysis Center), Scott brings unparalleled expertise in building bridges between organizations to help fortify their defenses against cyber threats.

Holding a Master’s degree in International Relations and European Studies from the University of Kent and an honors graduate from Gettysburg College, Scott’s journey into cybersecurity is as unique as it is inspiring.  This episode explores the foundational stories behind the Food and Ag ISAC and IT-ISAC and highlights the pivotal role of cross-industry information sharing in building a resilient cybersecurity infrastructure.

Engage with us in this compelling dialogue that offers a deep dive into the mechanisms of securing our critical agricultural infrastructure through collective effort and strategic partnerships.  Learn about the innovative measures Scott Algeier is spearheading to safeguard our food and agriculture sectors from cyber threats, ensuring a secure future for all.  Join us for an exploration of how thoughtful collaboration and expert leadership are shaping the future of cybersecurity in agriculture, making our world safer, one byte at a time.

Key Episode Highlights:

  • (02:44 - 03:44) Formation of Food and Ag-ISAC

  • (05:48 - 06:53) Memorable Food Experiences and Recommendations

  • (12:13 - 14:02) Sharing Cybersecurity Insights With Smaller Businesses

  • (23:54 - 24:37) Importance of Collaboration With Academia

  • (28:44 - 30:25) Long-Term Success in Cybersecurity Industry

  • (31:22 - 32:35) Community and Security in IT

Learn More:

Water Sector discussion information:

EPA calls off cyber regulations for water sector

Cyberattacks are hitting water systems throughout US, Biden officials warn governors

White House Convenes States to Discuss Water Sector Breaches

🎉🎉Wicked6 Cyber Games | 2024 Women's Global Cyber League 

Learn more:  https://www.wicked6.com/

Register and use promo code W6SPEAKERVIP to save $5

WICKED6 is back for its fourth year, and it's packed with speaker sessions, career networking, cyber challenges, and a tournament that will have you on the edge of your seat. It's not just an event; it's a community, a learning experience, and a lot of fun!


Listen to full episode :


Episode Guide:

(00:22) - Securing Food Supply in Digital Age

(11:59) - Information Sharing and Collaboration in ISACs

(20:05) - Interdependence in Critical Infrastructure Sectors

(32:36) - Navigating a Career in Cybersecurity

  • 00:22 - Kristin (Host)

    Welcome to the Bites and Bytes podcast. I'm your host, Kristin Demoranville. Today, I'm joined by Scott Algeier, the executive director of the IT ISAC and the Food and Ag ISAC. This position places him at the forefront of the efforts to secure critical infrastructure against emerging cyber threats. With an educational background and international relations, Scott has spent the past 20 years at the intersection of cybersecurity policy and operations. Through collaborative efforts, he brings a unique perspective to our discussion on safeguarding our food supply in the digital age. So, let's get started, and I hope you enjoy my conversation with Scott.

    Hi, Scott, thanks for being on the podcast today. I really appreciate your time. I know that you are very busy, and it's really great that you took the time out to talk to everybody about what you've been working on. I will let you introduce yourself and then we'll jump into the fun bits.

    01:14 - Scott Algeier (Guest)

    Hi Kristin, thanks for having me. It's great to be here. I appreciate the invitation. I'm Scott Algeier. I'm the executive director of the Food Agriculture Information Sharing and Analysis Center, the Food Ag ISAC.

    01:27 - Kristin (Host)

    Scott, do you want to give people a little bit of a background of why founded and then how you kind of got mixed up in all that?

    01:34 - Scott Algeier (Guest)

    Yeah, of course, I appreciate the question. The Food Ag ISAC was established in May of 2023 in a spot of a partnership with the Information Technology ISAC. I also am the executive director of the Information Technology ISAC and the IT ISAC had been accepting memberships from Food Agriculture companies since about 2008 or 2009. There's the Food Ag industry didn't have as our sector-specific ISAC, but there was no home for their separate companies. We started getting applications there's Food Ag companies, leverage, clipboard, it and Meaningful Ways, and the board of directors of the IT ISAC and the Tires made some sense right, it was part of the common good to help these companies out. Over the years, we started accumulating more companies as members and around 2013, we established what we call the Special Interest Group within the IT ISAC. So the concept was you provide a forum for Food Ag agriculture companies to talk about some of the unique security challenges that they have and some of the unique threats that they're seeing by 2023,. The decision from our member companies was that it made sense to form an ISAC.

    02:44

    There were a lot of discussions going on prior to 2023 within our membership about forming an ISAC for the Food Agriculture industry, but there were also some challenges and that we wanted to overcome before we launched and by May of 2023, things just kind of came together. We developed a model that we thought would work, which I'd be happy to talk about more. There was some interest within policy makers about the Food Agriculture industry not having a sector specific ISAC. There were more articles written in the media about the lack of an ISAC and the internal planning we had within the Food Ag Agriculture Special Interest Group, the need that we were seeing on the industry, as we're talking to industry, and for policy makers, as we're engaging with them. That made the timing was perfect. We were ready. At the same time, some of these policy discussions were started to take shape.

    03:37 - Kristin (Host)

    Yeah, that couldn't have been more timely, honestly, right, because that all just kind of worked and fell down perfectly. Thanks for that, Scott. I really appreciate it. Let's jump into. My favorite moment with the guests, of course, is can you tell me what your favorite food and your favorite food memory is, and it doesn't have to be the same thing.

    03:53 - Scott Algeier (Guest)

    Okay, well, that's great because they're not the same thing. My favorite food is Lomo Seltalo. It's a Peruvian dish. My wife is from Peru. She makes the second best Lomo Seltalo I've ever had. She's okay with me saying that, but it's a mix of beef, rice fries and some special sauce that they have. It's just delicious. The best one was from a restaurant in DC that actually closed. So now, although my wife said now the second best I've ever had, it's the best I consume on a regular basis now. So it's awesome. It's a really good dish. The former employer is the one who introduced it to me. I hear from my wife Some of us have a little another little coincidence there. And my favorite food memory from seventh grade through college, I would go down and visit my grandfather in Florida and we do spring training games. And my favorite food memory is sitting at the bar park with him in March eating hot dogs and pretzels and drinking a soda.

    04:53 - Kristin (Host)

    Baseball park memories are right up there for me, too. There's nothing that beats Fenway Frank at Fenway Park for me, and you know, a cold beer, or something that affects pretzel, of course. So I could say that, and I also say this, knowing that Scott has all these pictures of baseball behind him, and one of them next to be Babe Ruth. So, and now he knows that I'm a Red Sox fan.

    05:15 - Scott Algeier (Guest)

    Well, I don't know if this is helping the cause, eddie, I'm actually a Mets fan. The main thing is you know the gifts the meaningful gifts that I have in the ROP. There's another person in my office, there's Mets stuff.

    05:27 - Kristin (Host)

    It's alright, I don't have any problems with the Mets. I did data Mets fan in college so and he risked his life by wearing a Mets jersey into the bleachers of Fenway. There was people chanting very bad things at him, rather abusing actually, and I think I warned him but he didn't listen. You know mess with Boston fans, so like alright, but now he has experience to talk about. Yeah, yeah, that's very true, and I'm sure he did. Anyways, that's great. I love that. I actually never experienced spring training, but everybody I've ever known that's gone and said it was just a really awesome time in Florida. So that's growing Glad you had that memory with your grandfather.

    05:58 - Scott Algeier (Guest)

    Who should that think, yeah?

    06:00 - Kristin (Host)

    that's great. Thanks for that too, and I've that's the most interesting dish that anybody said is their favorite food. Most people are, like you know, pizza or tacos, which is totally great. That's great too. You are one. That's the year, the most specific one I've ever had, and that sounds really good, because I was going to ask where that DC restaurant was, but when you said it closed I was like oh, we actually went looking for it a couple weeks ago.

    06:21 - Scott Algeier (Guest)

    We looked it up how to get there and permanently close, and I checked the website. Yeah, so it's unfortunate, but there's still plenty of proving restaurants that serve it. Oh yeah, and I'm happy that my wife is. She makes it better than anywhere I know.

    06:34 - Kristin (Host)

    Well, next time I'm in a Peruvian restaurant which is actually fairly frequent for me, I will make sure that I will try that, because I don't know why I never have. Maybe it was the fries. I mean, because I have a British fiance, I do eat a lot of chip fries. I don't tend to order them when I go out because I really like his fries. You can't beat triple cook fries. Sorry, just can't like that's a hard one for me. Thanks, can we talk about what the benefits are for the food and egg chapter? Just in general? And I have a mixed audience, Scott, so I should be really clear. I do have food, I do have cyber security, I have IT lessons and I also have a few other people on the profile that are in, so I chain that lesson as well. Encurb your answer as you need to.

    07:10 - Scott Algeier (Guest)

    The food and the agricultural track, the food and egg ISAC, where it's forming partnership with the IT ISAC, as we discussed, yep and the general concept of information sharing and analysis centers to provide industry a way to share intelligence with each other threat intelligence so that those companies can better secure themselves and also serve as a resource to their peer companies. So it serves as a pretty cost effective force multiplier. Companies don't have enough money to hire all of the analysts they need. Companies aren't taking projects other companies have already accomplished or already failed. That provides a great opportunity for these, the analysts from these companies, to talk to each other about the threats and the challenges that they're saying. So we leverage near real time threat sharing through indicators of compromise, through intelligence management platform.

    07:58

    We have adversary attack playbacks on our work. We are the actors that are targeting various industries. We have a race and we're a tracker and these are our members contribute to this. So I have an analytic team. They develop the initial product. I serve, for example, usually adversary attack playbacks.

    08:15

    They'll develop a playbook based on the writer framework or a specific actor for dinner in our platform, make it available to members and when a member of companies sees that actor on their network.

    08:25

    They can go in and suggest an update to the playbook and my team or team gets notified about it. They'll see the updates that are being made and they have the opportunity to contact the analysts who's making the update and talk to them about it and accept it or reject it, and so it's a really collaborative effort to provide actual threat intelligence to member companies. There's daily reports that go out, there's incident specific reports that go out to the members, and it's the fruit and egg. Isac is really a unique environment because we're establishing a farm to table information sharing and analysis center, and it's global as well. We have well, our member companies operate globally right. So even if you're headquartered in some place in the Midwest, a lot of these companies have operations around the world. So it's a really a global. It's a global sector, it's a global supply chain, and we're building the ISAC to reflect that.

    09:23 - Kristin (Host)

    I love that it's member-driven, so how it goes and what is discussed and what changes are made and editing and whatever comes from the members, it's not just some power on high necessarily that's dictating what's gonna happen.

    09:37

    And that's so essential, and especially in cybersecurity or security incidents in general, because we don't talk enough, we don't share enough information to make better decisions. We need more data, is what we always say, and I love that this is happening, especially for Food and Ag, because they need it, they need the new support and they talk really well amongst themselves. Generally, the food professionals are very chatty I mean you experienced that, Scott, when we were at the consortium this year Very chatty, very like friends. You know neighborly vibes and it's nice to see that this is channeling that, because that's gonna resonate really heavily. And I like it that it's a global audience as well, because the food supply chain is global. Regardless of if you're just serving one country or not, it's still affecting others because of different ingredients coming in from all over the place. We don't inherently grow everything and we don't have everything, so it's good to see that the community is coming together in that regard. That's wonderful.

    10:28 - Scott Algeier (Guest)

    What we produce grows globally as well. Right, so it's really. There's a unique set of challenges within the Food and Agriculture Industry that they're not common in other industries. So how do we remember when we really actually discussed, when we first bought on the map, we started to accept the Food and Agriculture Companies and we're like, yeah, they have the same corporate IT, let's take the line right. And then we started to form a SIG and we're like, wow, these companies are. The supply chain that they're operating is really interconnected. They have there's some really large global companies, but then there were some very small mama pop shop type companies that are connected to these larger suppliers, the countries where they operate in. They don't really you don't get to choose what crop we're aware. Right, I mean this. So it's really a complex environment and our member companies. We were focused a lot on cybersecurity, as you might expect, but there's a lot of issues beyond cybersecurity that our members are talking about.

    11:24 - Kristin (Host)

    That's interesting too, because I've been having a lot of conversations with guests about what are we gonna do about our labor force for agriculture and it's hard to hire, hard to bring them in, and the overarching kind of feeling is that AI is gonna come in and help out. These companies would be provided tools, they won't hire so many people. You just made me think this is a great tool for these companies to use this data sharing so they can make better informed decisions about necessarily hiring an entire security operations center or having to hire various other people. They can get that information, make the determination that they're gonna bring in an MSP or not.

    11:57 - Scott Algeier (Guest)

    Yeah, I think that's really a good point. There's a misperception that the only of the largest companies can benefit from participating in an ISAC. Your average company isn't gonna do automated indicator sharing, right, so that's correct For these larger companies. To help inform the smaller companies, who generally want to know what do I need to do?

    12:18

    Right we're not interested in necessarily APT-9, we're interested in how do I defend my network Right against the attacks that are occurring today.

    12:29

    I think most end users or most small businesses understand the complex environments. They may not all know all of the APT actors, all of the intricacies, but they understand that cybersecurity is a threat environment that they need to be aware of it's changing. They don't have the resources or the expertise to understand a threat this week they need to pay attention to to keep up. So these larger enterprises help provide actionable information to these smaller companies by telling them this is what you need to do and in our usually our playbook as an example, you don't need to have to ingest the whole playbook, right. There's a section there that tells you how they get in and how they, how to block them. Or you can go there right and your. This playbook is built by some of the largest companies and you, as a small, medium-sized enterprise, now have access to the same analysis and the same techniques to stop these attacks that the larger but the larger enterprises do.

    13:20 - Kristin (Host)

    I like it how it's practical advice and it's not just like fluffy. You know basic advice, like how strong passwords, which we all know, and I like that you have actionable, practical things that are being shared. That's brilliant. I like that the larger companies are giving back to the smaller companies in a way. That's I think that's how we win in a way, because I think the collaboration between the various different towers and functions is only way we're gonna keep the food supply chain safe. Anyways, can you tell me, with with all this information sharing that you get within the membership and the benefits behind it? Do you also get, do you have, special guests that come in and talk? Do you have any of them, like I don't know, department of home and security or any of the US entities or any beyond that will come in and special highlight?

    14:01 - Scott Algeier (Guest)

    Yes, the answer is yes. So we have guest speakers coming in both for the food and agriculture ISAC but also for the IKEISAC, and this is a kind of an important point to kind of first stop on. The members of the food and agriculture ISAC are also members of the IKEISAC, so it's part of the partnership that we have the companies and the food and ag ISAC. They get two ISACs for the price of one. And, yeah, what's really important about this is that the IKEISAC has some of the world's leading technology and security companies who are members. We're also bringing in outside experts who are guest speakers.

    14:34

    You get food and agriculture ISAC members. They tap into that knowledge from day one where they have access to this adversary tech. They've worked, I mentioned. They're being updated by food and ag ISAC member companies, but also IT ISAC member companies Also. You get this knowledge share from beyond the food and agriculture industry, including the IT industry, which propels modern agriculture right, it underpins so much of modern agriculture.

    14:59

    So the relationship between IT and the food and ag is really important and that's one of the we're gonna talk in the beginning about developing a model. That's that was one of the sticky wicket to be, or try to work through is when you establish a new ISAC who wants to start over right, you start from scratch and have their capabilities. The IT ISAC has been around for over 20 years been built out these capabilities, has a team in place by the food and ag ISAC member companies. Then, as SIG companies, the SIG member companies new trusted. So we didn't want to throw out an ISAC and start from scratch within the state five years to build something. And so that partnership between the IT and the food and agriculture industries has really demonstrated itself in this, in the formation of the Food and Agriculture ISAC.

    15:42 - Kristin (Host)

    That's so great. There's such a benefit to be able to combine those two memberships for the members in general. That's wow. I didn't realize that happened. Maybe I'm just it wasn't paying an engine, but that's a task. How does the information sharing go between the groups? Is it secured forums, is it phone calls, is it? How does that work?

    16:03 - Scott Algeier (Guest)

    Well, they the Food and Ag I-Stake member companies, meet every other week. Our team, when there's no outside speaker nor guest speaker or even our member companies, have the opportunity to say, hey, we're doing something neat. We want to be on the agenda where they'll say we're seeing something interesting that we want to talk about this week. So we have some time. So our Raft was our presentation from a third party. Our team has a list of three or five things that are ongoing that we want to talk to the member companies about. After that, after each item, there's generally the discussion within the member companies about how that's impacting them, and then there's a opportunity at the end of the call for member companies to talk, bring up any topic that they want us to talk about. Sometimes this leads to work streams or run off groups. One example was a race and wear tracker that started with a request from a food and ag company to say, hey, can we track who's being hit in the food and ag sector by race? Or when 2020 started, that said, yes, sure, we can do that. And now we're tracking across each other, all the critical infrastructure sectors, and see where food and ag compares, and this gives us a kind of a baseline for the industry, which is important for them.

    17:12

    So I talked about these playbooks that we have. Now there's something that was member driven right the resource allocation issue. We can all be monitoring the same actors all the time, so can we kind of divide and conquer, right. So let's share the knowledge that we have build out these playbooks. And then these actors are hitting me, I will update my playbook. Or the actors are hitting you, you will update that playbook. So a lot of these decisions about how we operate are built off of these member discussions. That first, the sharing of the actionable intelligence, the sharing of the indicators that they're seeing, but also understanding their needs, where the gaps are and how we as a community can help those gaps and build their teams. That's fantastic.

    17:54 - Kristin (Host)

    I really like that a lot, the fact that they are sharing across and actively contributing to whatever they decide to do.

    Break: I wanna express my heartfelt thanks to you, the listeners. The Bites and Bites podcast is now heard in 53 countries and consistently ranks in the top five technology podcasts. In two countries, which is Chad and Fiji. In the United States, the podcast is ranked within the top 500 technology podcasts, which is incredible, with over 2,400 downloads since our launch in October 2023, it's clear that this adventure is only possible because of the unwavering support of the listeners.

    18:33

    Some additional exciting news the new website has officially launched BitesandBitesPodcastcom. It will be your go-to for show notes and more. Also, the new website features a donation tip jar for those asking how to support the show. Your generosity in any amount helps ensure the continuation of this podcast. Thank you for being the best part of the BitesandBites podcast.

    Now back to the episode. I was thinking why you were talking to Scott, and I know that you can't get into any of the details because they are closed forums. However, I'm just curious from. This is just me being curious. Has one of the topics come up recently that they're becoming more concerned about the water that is being hacked and or ransomware?

    19:18 - Scott Algeier (Guest)

    I'll say that we've monitoring what's going on with the water sector. Yes, it does not go unnerdiced.

    19:25 - Kristin (Host)

    Yeah, it's very concerning. I'm sure a lot of us in the industry have just done the whole whoa wait what? And it's just interesting because they recently just retracted the cybersecurity guidelines for the creation of them government-wise for water recently and this is happening. So it's sort of like this is a no-brainer. We all know that it needs to get done and I'm glad to hear that they're concerned about it enough that maybe they'll put some more pressure so we can get this move in, because we need to do something about it. Either it's speculations or I don't know, just a set of guidelines, something, anything. We just need to get it done, yeah well, I'll say this we do work.

    20:01 - Scott Algeier (Guest)

    Mostly we're birthed from the fruit and egg isac side and the IT isac side. We work closely with our partners and other isacs and this includes water. There's a information sharing, analysis that are for water. We know the team over there very well, we talk with them often and we do share information with each other. So when you see attacks like this, I think it peaks the interest of just about every critical infrastructure sector, not just because of the interdependency on water, but because it's water, water but also it's a lot of these tax may or start confined to an industry, but then they expand out right, and if you're seeing some actors attacking a specific industry, hey, you could be next right. So there's a lot of interest for various reasons around which go on with water, with the water sector. But I'll say in fairness, every critical infrastructure sector is getting hit. It's not just for the NAAG, it's not just water, every critical. If you're a critical infrastructure industry, you're getting hit. Even if you're not critical infrastructure, chances are getting hit. So it's a problem that across this critical infrastructure, which is why our collaboration with the National Council of RISEx is important, our collaboration with CISA, usda, fda we just spent a couple of days with them last week. There was meetings with them, which is which is important. We're building relationships with them, which is awesome.

    21:25

    And then I don't really got the academia through the community. There's a lot of great research going on in public colleges and universities. Our vision is to build a partnership among those three communities. Those are the industry side and we're working with trade associations. We're engaged with industry. There's the government side, which they are for obvious reasons the intelligence they have and the policymaking they have.

    21:48

    But then there was the academia, which we were to help and receive some of the research and development that they do, but also inform it. I get the perspective in industry into some of the research and maybe it'll talk through with them where our priorities are. One of the understudied aspects that I think academic institutions are well positioned to do is interdependencies. Are birth within the fruit and agri or dependencies within the fruit and agriculture industry and interdependencies across race. How does a failure in fruit and agriculture that causes a disruption have cascaded impacts around others? And likewise, how does it feel you're in a GPS system, hyperbillary speaking, or what could have impact with that have on fruit and agriculture and then kind of downstream consequences does that cause?

    22:33 - Kristin (Host)

    There's so much interdependency. In general, I think a lot of us automatically just think water, you know, and. But then there's soil, and then there's wildlife, and then there's weather, and then you know there's all these things that we don't even think about because we just expect food to show up on our plate. You know, because we're consumers as well the grade that you're thinking that far ahead, that there's there's research that needs to be done here.

    22:53 - Scott Algeier (Guest)

    And then if you were, as an example, right, you need to get. You need water, important in the IT industry for cooling, right, oh, yeah, for sure. So then you know the dependencies within the fruit and ag on IT, right, and then use the lower water available right for on the IT side that causes problems. So yeah, there's. We've mapped out 2008 or 2007 in the IT industry. We did a risk assessment at the IT sector. Based on risk assessment, I think we started in 2007,. We ended up in publishing in 2009,. I think we spend a lot of time trying to understand interdependencies on IT back in that day, and now we're more than 10 years, 10 years later, those interdependencies have become more complex across the each of the critical infrastructure side, especially since you've introduced IoT and different OT systems and connecting those to the internet.

    23:41 - Kristin (Host)

    And then there's all these other tools, like I don't know AI. I've been introduced. Right, automation is great, but it's very complex and how it interconnects and sometimes we don't even know how deep that goes necessarily. So that's that's great. I actually really think it's important as a cybersecurity and technology IT in general, that we actually collaborate with academia.

    24:01

    I, every time I have a professor reach out and want to comment about some help with the research, I always take it. If it's a PhD candidate who needs help, I always take it that call because we are only going to be as strong as this research is coming out. Because that's what they're doing. They're dedicating that time in their life to that task, whereas the rest of us are just kind of doing the chicken with their head cut off, running around trying to put fires out.

    Commerical:

    Welcome to your invitation to Wicked Six, the 24 hour virtual cybersecurity conference that's breaking barriers and making the cyber world a tad less cyber-y and a lot more fun. Wicked Six isn't just an event. It's a 24 hour marathon happening on March 29th to 30th 2024. It's where cybersecurity community comes together to share knowledge and empower each other across all time zones, languages and, most importantly, cyber challenges. For those knowledge seekers, a virtual conference is open to all attendees of all genders.

    24:59

    This isn't your typical conference where talking about a follow a sun agenda featuring top female cybersecurity talent from across the globe. These remarkable women will share their insights and experiences in multiple languages, ensuring a rich and diverse learning environment for all. You might even get this chance to see your Bites and Bites podcast host giving a presentation. Gamers, it's on for you. Our open capture, the flag style cyber game play, is where you'll spend 24 hours in this thrilling world of cyberspace, hopping across six different gaming platforms. It's like the Olympics of cyber games and you're in it to win it, with prizes to boot. And for fiercely competitive people, we've got the international woman only cyber skills team tournament Pitcher, the grand finale of all finales, where the top six teams go head to head live. It's like the Super Bowl, with less football and more hacking.

    25:52

    What's new this year? A career center designed to demystify the cyber security career landscape. It's part career fair and part networking event. It's a fantastic opportunity to learn about the different career paths and network with inspiring women who've made their mark in the field. And if you're wondering how to be part of this incredible event, it's simple Swing by wicked sixcom backslash register, slash 2024 to join the fun. The entry fee is $35. But do not worry, you can always use my promo code to knock $5 off your registration. All registration information and the promo code can be found in the show notes.

    26:29

    Wicked six is back for its fourth year and it's packed with speaker sessions, cyber challenges and a tournament that will have you on your edge of your seat. It's not just an event, it's a community, it's a learning experience and it's a whole lot of fun. So circle March 29th through 30th 2024 onto your calendars and join us for a 24 hour empowerment, education and cyber gaming fun. Let's make this year's wicked six the best one yet.

    Kristin – (Host)

    Going back to you, Scott, just a little bit. Obviously was stalking you before I got you on the podcast, but I wanted to know. You have a degree in history and then you have international relations and European studies degree. How did you get to technology? That's a huge leap, so I would like you to make that leap here.

    27:15 - Scott Algeier (Guest)

    Yeah, no, that's. That's a thanks for that question. I like to tell people that I'm a. I'm a perfect example that you don't have. You don't have to be smart to be in cybersecurity, right? Even a history major like me can. Can do it. I got a. I got a master's degree in in European studies and international relations. I had a great year crowded around Europe, probably got that master's degree moved down to DC, wanted to be wanted to work for the Center for Foreign Relations Community, right, and I didn't know anybody. You know I quickly learned that people like me, when they're contacts and or were a diameter dozen down here, right, and they're contacts their experience. So I started typing and I ended up.

    27:52

    The short version of it is I ended up typing at the US Chamber of Commerce in 1999, 2000, running that time frame, and they were just starting to build a program to bring industry and government together to secure the critical infrastructure Our PDD 63, where I think was just issued the Marsh Commission report. Anyway, the concept was there's a national security concern in to secure the critical infrastructure, but these are owned and operated by industry. For how do we get industry and government to work together? And I did a type of siren for that for the person at the chamber, stephen Jordan. He was leading that program. Stephen kept me on and he made me a full-time employee.

    28:33

    And then, five years later, 2005, I was after stating up some of these organizations and they're working to build Brooklyn standing, except the coordinating councils and ISACs and stuff. In 2005, I was asked if I wanted to join the ITISAC as to be its first executive director and I've been there ever since. So I was kind of lucky right. I got good timing right. My timing was good, but I also worked hard and improved my worst to team at the chamber there.

    29:01 - Kristin (Host)

    That put me on. And then you still sort of fulfilled a dream of being able to work in DC. I mean, that's yes yes, it was actually.

    29:09 - Scott Algeier (Guest)

    Yeah, the chamber was right across the street from the right house. I remember my apartment was on Capitol Hill, so I was able to turn it into a good, good couple of years, but it was, yeah, you got to get to start right and I was lucky where I got my start. The chamber was a great organization. It does a lot of interesting work and there's a lot of smart people there. It was a great place for me to get started and it got me in the field, too, where I'm not doing what I did.

    29:33

    I did it half-three technically proficient, but over the last 23 years, I really call myself, you know, technically proficient, right? I mean, my mom thinks I'm a cyber guy, but yeah, there's the people who I work with that I can't. I can't hold a candle to them, but I know enough, right, and rather, the technology works. I know I know enough about the threat actors and how they expert the technology that I make great decisions. And the final part of it is I have a great team. Right, my team is awesome and I've had a couple of them who've been with me for a number of years now. They've gotten to trust each other and they're rich, how they think they know what I want, what information I need to make great decisions, and I know what I need, what type of guidance I need to give them to build, to build the program that we're looking for. So it's just, it's been great. I mean it's it's a long time to be doing the same thing, but it's been really challenging and really rewarding. It's meaningful work.

    30:26 - Kristin (Host)

    And I could see that for you and I and I, even your voice structure changed while you were talking about something you're passionate about. So don't think I didn't notice that. I'm sure that you know listeners caught it too. But what I like about it is it doesn't mean you don't have to be.

    30:37

    I think being technical is kind of a trap in terms of like what your technical level is, because just because you understand terminology could make you technical, it doesn't mean you have to be able to open up a PC and fix it. Now what fixing the PC qualify you as technical? Or knowing all the components as you fix it make you technical? Or is that a different type of technical? Because, to be honest, I probably can tell you everything is under PC these days because things have changed. It's the general concept is still there, but I'm still going to call it a doobie key. Is that a US technical, you know? So I think that you have this ability to have. You are more of a technology leader, and a good one, and that is rare and sometimes, and sadly enough, and the fact that you have good people surrounding you is really good. So I wouldn't call you any less technical than anybody else.

    31:22

    I think people want to put people on different levels, like that, or kind of not. We don't have time for that. We're supposed to be securing things. We're supposed to be, you know, focusing on the things that matter, like I don't know, good food, healthy air and water and all the other things. And also I wanted to go back to the point about probably some people were like wait, what? There's water involved with PCs or data centers have water cooling in their floors. Essentially, it's in between layers of the of the floors to keep the air conditioning running at a different temperature.

    31:48

    It's really complicated in some places and a lot of people forget about that. I can't forget about it, though, because I'm surrounded by data centers here where I live, so I know Scott echoes that as well. It is definitely a big hub, but the nice thing about all these data centers is we have fantastic internet. It's screaming at all times, which is great. God, I, just as we're finishing up and wrapping up here, I wanted to have you give some advice to people who are struggling with finding community within cybersecurity and IT, and obviously this is a ploy to get them to join. But I want to talk about, because you found community where you are and you came from a non traditional background for security and technology in general and I kind of wanted you to share that with the audience and how you feel about that.

    32:32 - Scott Algeier (Guest)

    Yeah, thank you, christian. I appreciate the opportunity. Thank you for the remarks. So I think one of the one of the things about this field is that there are so many people who want to help. There's so many. There are so many nice people in this field who are out for the common good and everywhere in this field. Almost everyone in this field has really gotten a boost up from somebody else and there are people are really interested in returning.

    32:54

    If you're never yeah, if you're looking to make your start in cybersecurity, looking for a place to go home, you're starting in a good field. The other advantage you have is that there's just a lot of technical talent in every half. So it's there. It's still a lot of vacancies, a lot of people, so a lot of. It's an in-demand area filled with people who have gotten a start from the nice cities of other people. So I guess my advice would be kind of be persistent, right, if you don't have experience, you should get a certification. There are several certification organizations out there where you can do this in a pretty cross, effective matter. And if you have a contact people, that's some for advice, even informational interviews.

    33:36

    I'm not looking for work, right, I'm not looking for the other, me. I want to pick the brain on the topic. How can I grow or do this? As you mentioned, when PhD students call you you're worried. They're willing to give you time. I know me and others who are always willing to get orchestra interested young people who are trying to make a break in the field. Put together a little email, tell you what's unique about you, what you're looking to do. I want to pick your brain. Most people will accept that. Most people will pick up the phone and talk.

    34:04 - Kristin (Host)

    Definitely, and I also talk to a lot of people who are transitioning out of their previous career into cybersecurity, so you know mid-life first who are moving in. I think that's great because we need more diversity of thought. They are coming from industries that in every and probably thought about cybersecurity and have that extra knowledge set and legacy information on the back of it is huge. I really like talking to the college students anyways, because they always are so excited and excitable about cybersecurity and some of us who have been here for a long time just kind of go. I remember what that felt like. Thank you for reminding me, because usually we're just all very disgruntled, yeah it is that triumph of youthful enthusiasm.

    34:42 - Scott Algeier (Guest)

    Right, rich is great, but anybody you're talking about the people who are changing careers I think that's another. You're necessarily need to be technical or to be in a technology job. Right, there's thinking. Right, if you can. There's a lot of what we do. A lot of it's in the technologies, problem solving, critical thinking, logic, and if you can be a critical thinker, you can come into this field. You may not be reverse engineering malware on your first day, but there are enough policy or enough business issues related to the use of technology, to business issues related to cybersecurity that you're going to be If you can think and demonstrate that you can look at complex situations and break them down and find solutions to them. And this is that's what Skrull said you need in this path.

    35:30 - Kristin (Host)

    Being able to be a strategist and understand the industry that you're serving not just the cybersecurity industry, but in this case food or ag is huge to have that ability to be able to find solutions that sit properly, because not every solution is going to work for everybody and it's a vis-varys. Every environment is a little bit different, even though it's still the same. Even factories within companies are different per region, per state, per country. It gets really convoluted, so having the ability to be adaptive to that change is really helpful too.

    35:58

    I would say a lot of people always ask me, like what's your top thing? You need to have to get into cybersecurity? And I say be curious and open your mouth and say something. And I know that a lot of people are nervous about that because they don't want to be wrong, but the truth is we need people to try, like that's the most important part. Thanks so much for being here, Scott. Thank you for teaching us about this new group and I say new but it is newer and I'm glad it's so successful and you had such great success stories within it already of collaboration and hopefully, you know, making the world just a little bit more secure within our food system and our agriculture side.

    36:30 - Scott Algeier (Guest)

    Yeah, Chris, thank you for the opportunity and also thank you for everything you do. You're one of the behind the scenes people who really make a real difference. Don't always people don't always see the work that you do. So I want to say thank you for what you do and thanks for your contributions to the field, and it's been great Walk with you today. It's been great, great getting to know you and I look forward to collaborating with you more. So thank you.

    37:05 - Kristin (Host)

    And that wraps up another episode of Bites and Bytes. A huge thank you to Scott for sharing his insight and experience with us today. Please check out the show notes for those interested in further information about it, ISAC, food and ag ISAC, or those wishing to connect with Scott directly. All the links and details, including Scott's upcoming moderation role at this year's RSA conference 2024, are available there. Until next time, stay safe, stay curious and we'll see you on the next one. Bye for now.

Previous
Previous

Ep. 012 - Securing the Food Chain with Systems Thinking with Carl "CJ" Unis

Next
Next

Ep. 010 - AI on the Menu: Cybersecurity Innovations with Dr. Ryan Heartfield in the Food Industry