>> Hello and welcome to this special Cube Conversation. I'm Dave Nicholson, and we are recapping the Citrix Launchpad series with a focus on the topic of security. Now, whenever we're going to talk security on The Cube, we have a Cube veteran and smartest person on cybersecurity that we know Shira Rubinoff. She's a cyber security executive author and advisor, specifically author of the excellent book on the subject, 'Cyber Mines'. Shira welcome back to The Cube. >> Thank you. Pleasure to be here. >> How are you today? >> It's been great. Always great to be on The Cube and talk to you folks, and certainly be part of something from Citrix. >> Well, that might be the last pleasant thing that we say, because we are surrounded by security threats. So are you ready to get serious? >> Oh always. With a smile, serious with a smile. >> So, you know, one over kind of overriding question that a lot of people have now. If you're an IT executive you've experienced a complete change in the world from so many different angles, but how has the pandemic changed the way you think of security? What are the dynamics at play things that have, that are different now that we couldn't have anticipated maybe two or three years ago? >> Interesting questions. Certainly if we look at the scope and the ecosystem of the way that organizations operated, it was pretty much, you know, in the high 90% of people being in the office with just the few percentage being working from home. And that had to shift literally overnight to literally the flip side of it, having the multitude of the organization work from home, work remotely, and maybe the few people that had to be in the office were there. So all of a sudden organizations were left with this. How do we secure down our organization? How do we keep our employees safe? How do we keep our organization safe? How do we connect to the outside world? What do we do to maintain the proper cyber let's call it cyber hygiene with an organization. And that's a topic that I talk about quite frequently. When you look at cybersecurity as a whole, we look at the cyber posture of an organization. We also have to break it down and say, what does an organization need to do to be fully cyber secure? So of course the ongoing training and that had to shift as well. We have now training for the organization and employees, but also think about the consumers and who else is interacting with the organizations. We have to switch how that is done. And that has to be ongoing. And the global awareness of cybersecurity, of course, a top of mind. And then that would lead to also zero trust. Zero trust is a massive, massive piece of cybersecurity need for organizations. We think about it as who needs the data is king. Whoever has the data, they rule the world, right? They own the organization, they do what they need to do. Zero trust, limited access, knowledge of who gets in, why they get in, the need to get in and the need for that with an organization. So zero trust is a very key component of Citrix is very focused on as well. We talk about updated security and patching and all that has to happen. Think about remotely. So not only are we thinking about all these topics, we have to think about them going at warp speed with people that might be working remote, who also have other things they have to take care of. Maybe they're taking care of elderly parents. Maybe they're having to watch their kids on Zoom, making sure they're staying on Zoom and all sorts of things with school and other maybe roommates who are working for other organizations, not having important information in the backgrounds of their Zoom while they're having these important conversations with organizations. But also think about the multiple devices people are using. They may have an area that's set up properly in order to do their work, but then again, they have to be in another room at the same time. Oh, let me just grab my device. So the whole area of the multiple devices, the warp speed of working and not, let's call it this pause. And this is one of the key elements that I would tell all organizations to stop and pause to think about what you're doing before you do it. It's never headaches, but that was not interplayed. When the height of the pandemic, the height of the pandemic, we were worried about what's going on need knowledge of information, where we're getting this information, downloading it, clicking on links. Then we're working at the same time, taking care of people. So all these things are happening simultaneously, leaving open these open vectors for the tax surface to be that much more heightened for the bad actors to get in. >> So you advise some of the largest companies in the world on this subject, and obviously you're not going to reveal any names or specifics, but as a general overall view, from your perspective, how are we doing right now? Are, are, is the average large organization now sort of back on cruise control, having figured everything out for this new reality on a scale of one to 10, how well are we executing against all of these changes? >> That's a great question. Let me talk about the global whole. I think organizations are actually doing really well. I think there was a quick ramp up to figure out how to get it done, but because of also the shift of sharing of information that some of these largest companies across the world, they came together to share information with bad actors, to share information about the tax, to share information about what to do if something happens who's out there and buying together almost like a whole. So it wasn't, you know, each finger on its own. It's a hand as a whole looking at it from a stronger perspective. So I think that shift coupled with the fact of the knowledge and understanding of what companies needed to do in terms of locking down the organization, but also allowing and helping their employees, empowering them to get their work done, but get it done in a secure, safe fashion. And I believe now, you know, obviously we all know they obviously, but the ransomware attacks are now prevalent and they're becoming even more intense with the rise of 5G, the way that attacks could happen, the warp speed we're now having to understand that being reactive is not enough. Being proactive is something that is wonderful to see organizations are doing as well. It used to be okay, let's be reactive. If something happens, what do we do? Let's have a plan in place, but that's not good enough. And we've seen that happen because these attacks are coming at warp speed. So the proactivity of these organizations that they've taken is applaudable, you know, in general, you know, I can't talk for all the companies, but the ones that I've been consulting to and have interactions with, I'm pleasantly surprised and not surprised as well, that the way that they've taken their cyber posture so seriously, and where they focus in not only on the organization as a whole, but their employees as individuals, what their needs are and being able to give them what they need to do their jobs well. >> Yeah, that makes sense. When you can, you can almost think of it like, you know, cybersecurity is a team sport. And to the extent that all of that proactive work that an organization can do can be absolutely undermined if we don't do our parts as endpoints, as endpoint people. And you know, when someone reads cyber minds, I think it'd be, I think it's, there's an undercurrent that I definitely sensed. And then when I looked more closely into your background, I realized that, yes, in fact, you do have a background in psychology. I want to shift to kind of a question along along that line, if you don't mind. Think about the psychology of people who have lived through the pandemic, this concept of our personal hygiene and our personal security has been in the forefront of our mind. You leave the house and there's hand sanitizer and masks and maybe gloves. We're very, very aware of this. How has that affected us from a cybersecurity team sport perspective has that, has that made us better players on the field? What are your thoughts in that regard? >> I actually love that question. You know, as we saw the pandemic heightened, everyone became hyper aware of their own personal, well cleanliness. And in terms of where they are, what they're doing, if they're masking, if they're putting on gloves, the sanitizers are everywhere, six feet apart. Everybody's thinking about that. It's a forefront. It became a way of life. And if you, then you shift that and you're saying, okay, let's look at the technology, the cybersecurity part of it, your own personal safety, your own personal cybersecurity. I think we failed a lot in that area. I think because of the fact you think about the human psychology and the pieces that people need to know information, everybody was hungry for the latest and greatest information. What's going on? What are the stats? How many people? Just terrible, terrible pandemic with so many people getting sick. So many people dying and wanting to know what is going on? What are the latest rule sets? What are, what can I do? What else can I do to protect myself? What is my business doing? So we also have bad actors sending out the phishing attacks, heightened tremendously. There is information being sent out. Click here for the latest here. This is Dr. Fauci's latest report, everything going out there was not necessarily to help us, but to hurt us. And because of people's human psychology of thinking, I need to protect myself. So I need the information. The stop and pause is, is this the right information? Is this a safe place to go? But then there's also the other flip side of, if I'm not interacting, I'm not there. Think about the different generational people we have going on. Gen Z, millennials, all sorts of it. Everybody's all over social media. And everybody needs to and wants to have a presence there certainly in this world. So putting out lots of information and being, being present was very critical because people weren't in person anymore. So people were interacting online, whether it being on social, whether it be telling people where they're going, what they're doing, what they're eating, what their favorite animal is, all sorts of things that they were doing. But they were giving over personal information that made of be utilized as passwords or ways to get to know somebody, to either do a spear phishing attack or any types of attacks to gather information to hurt. Not just a personal to steal money or to steal someone's identity or to come in and hurt the company. But information was everywhere. So we were taking care of our personal cleanliness, but our cyber hygiene with our psychology's aspect of cybersecurity itself, I think took a big dive. And I think that people started becoming aware as these attack surfaces grew. There were also different types of attacks that were happening, where phone calls were coming in saying, somebody's breaking into your bank account. Just verify yourself, give me the last four digits. I need to know who you are. So playing on the human psyche of fear. Somebody is trying to get you nervous. So what are you going to do? You're going to act quickly without thinking or all sorts of, I think we were talking earlier about extended warranties for different things. You know, that has, that also grew extensively, but how did they do that? They were gathering information, personal information to give you something you want. So if you're playing again on the human psychology of people, when people get what they want, they're more likely to give over something they may not give to somebody else anyway. And one of my biggest example of a strong example is back in the day with Candy Crush. If you think about that game before you sign up for that game, you literally have to give over your kidney. You're giving over access to your camera, to your contacts. If you look back at the permissions you're giving, it's really unbelievable that everybody was clicking yes because they wanted to play a game. So take that example and transfer that into real life. We were doing the same thing. So the importance of brushing up on that personal cyber hygiene and really understanding what people needed to do to heighten their own security themselves. Less sharing on social, not giving over information that they shouldn't. Not allowing a trusted source, who isn't really a trusted source into it. Having strong zero trust, not just for organizations, but for yourself was very important. >> Yeah. Now did we Chuck, Chuck, Chuck's my producer. Did we get Shira's social security number and her date of birth? Shira, can you give us that? >> Sure, it's 5, 5, 5, 5, 5, 5, 5, 5. >> Excellent, ha! Phishing attack. >> There you go. Go for it. (both laughing) >> So, so you think there could be a little bit of security fatigue that might come into play. When, you know, when we're thinking of living up to our responsibilities as those end points. >> I think there was just fatigue in general. >> Yeah. >> People were tired of being locked in the house. People were tired of having everybody under the same roof all the time, 24/7, trying to get work done, trying to get school done, taking care of people, what they needed to do. Having groceries delivered, going into groceries, all the thoughts that they had to do, that was just a way of life before, that we all took for granted during the pandemic. It was just a whole shift. People were just antsy, jumpy. We needed to connect and we need to connect in any way we could. So all these open vectors became a problem that ended up hurting us rather than helping us. So this has been something that was a big mind shift. As the pandemic continued, people started realizing what was going on and organizations took a good stand on educating the population and telling them, look, these are the things that are happening. This is what we need to do. Certainly a lot of the companies I'm working with did such a great job with that, giving their employees the wherewithal of wanting to connect, but doing in a secure manner, giving them the tools of what they needed to do personal only, also in their personal lives, not just for their work lives. So that was helpful too. And as we're coming out of it, hopefully continue to come completely out of it, we'll see the shift back into let's take that stop and pause. Let's think what we're doing. >> Yeah, well, we are all looking back to whatever semblance of normal we can get to. Shira I could spend hours picking your brain on a variety of subjects. Unfortunately, we are coming to the end of our time together. Do you promise to come back? >> Certainly a big fan of The Cube. >> Well, fantastic. Shira Rubinoff thank you so much for your time. This is Dave Nicholson with a very special Cube Conversation signing out. Thanks for watching. >> (Shira) Thank you, Dave. (lively music)