Boss Your Business - The Podcast

Yvonne Heimann [00:00:01]:
Welcome back to another episode of Boss Your Business! Today, we're getting nerdy with a very special guest, Lori Crooks. She is a cybersecurity expert from Cadra. Lori shares her fascinating journey from aspiring medical professional to financial auditor to her unexpected leap to cybersecurity over 20 years ago.

Throughout our conversation, Lori delves into the nitty gritty of cybersecurity assessment, translating complex compliance stantards into plain english for all of us to understand and the importance of proper data management and employee training. We'll explore how different businesses can navigate the ever evolving landscape of cybersecurity threats, the common pitfalls many companies face and practical tips for protecting your organizations valuable data.

Additionally Lori opens up about the challenges of balancing a demanding career in cybersecurity with personal well-being. Sharing her insights on daily routines and hobbies that helped her relax and recharge. Whether you're a small business owner or a part of a larger organization, this episode is packed with actionable advice to help you to strengthen your cybersecurity measures. Don't miss this engaging and informative conversation with Lori Crooks only on Boss Your Business.

Yvonne Heimann [00:01:27]:
And we are getting nerdy again. As you know, it seems to my podcast episode always align with the things I'm doing behind the scenes. And right now, there is a lot behind the scenes nerdiness going on at AskYvi. So it is to no surprise that today, Lori is joining me and girl, special security assessments and nerdiness and all the things going on. I'm not even gonna try with my secondary English and German language to try to explain what you do. I'm gonna let you explain what you do before I ask you my favorite question. So do me a favor. Tell the audience just how nerdy you are.

Lori Crooks [00:02:18]:
Well, a little bit nerdy. Always been nerdy. I don't know if that's a good thing or a bad thing, but it works out in this field.

Yvonne Heimann [00:02:26]:
We love nerds.

Lori Crooks [00:02:28]:
Good, good. I'm in the right place, then. But, yeah, we do cybersecurity assessments. We help organizations write their cybersecurity policies and procedures and help them understand all the nerdy words and the compliance standards that they don't understand and try to translate that to English for them and just help them through the processes. So, yes, that is how nerdy we get here at Cadra.

Yvonne Heimann [00:02:52]:
So you are pretty much a lawyer in a different niche.

Lori Crooks [00:02:56]:
Yeah, pretty much, yeah.

Yvonne Heimann [00:02:58]:
Translating it to. Translating the stuff we all should know and also all pay attention to, into plain English. Yeah. Yes, I know people who have to do that in different areas. Now, tell me, did a little Lori think that's what she's going to do?

Lori Crooks [00:03:18]:
No, never.

Yvonne Heimann [00:03:20]:
Did she. Did she know she's nerdy, though?

Lori Crooks [00:03:25]:
Yeah, probably. I think she was. I was always into reading and, you know, that kind of. I guess you consider that nerdy now, but, yeah, I was always into reading. I was into kind of the maths and the sciences and actually thought I was going to end up in the medical field, wanting to be a doctor or physical therapist or something like that, and got to college and didn't like the courses that I had to take for that. So bounced around a little bit and finally came out with an accounting degree and still did not end up in cybersecurity right away. So it was quite an interesting path. Worked for the state of Georgia for a little bit.

Lori Crooks [00:04:00]:
I know.

Yvonne Heimann [00:04:01]:
Yeah. Like, my brain is working on the. Okay, I see. I see the nerd. Love it. By the way, I was so not a school nerd. I, um. To medical field, to accounting.

Yvonne Heimann [00:04:15]:
Okay. How. How did you make it from there to cybersecurity? I have to hear the story.

Lori Crooks [00:04:24]:
Yes, I was. I started out in accounting and financial auditing, and quickly got tired of crunching numbers. I got bored. So I was working for the state and they were actually hiring literally upstairs to do IT auditing. And I was like, well, that sounds interesting. Let me go give it a try. Just because, you know, it was something different and something new and something I've never done before. So I went and tried it and.

Lori Crooks [00:04:47]:
Yeah, been in IT and security ever since. That was over 20 years ago at this point in time. So very crazy.

Yvonne Heimann [00:04:54]:
So here's. Love it. Love it. Let's just try it. And my brain, my brain is going from, but you know what? It actually makes sense because accounting is looking at data, making sense of it, and fixing stuff.

Yvonne Heimann [00:05:14]:
But it's always the same.
It's one, two, three. It's always the same. There is no, in my opinion, I hate accounting to begin with. There is no challenge in it, right? You take then the data management and the data analysis and the structuring and the guidelines around all of this, and you throw that into IT and cybersecurity, now you have the similar process with some fun in it.

Lori Crooks [00:05:50]:
Yeah, yeah. And it's always changing. Not always fun, but it's always changing. It does. It's definitely not static, you know, and that's why I like it. You know, there's always something new coming out. There's always a new standard that we have to look at. I wouldn't say exciting, but definitely more of a challenge than just crunching the numbers day in and day out. So you're absolutely correct.

Yvonne Heimann [00:06:14]:
It's challenges coming up where I'm assuming, when different businesses have different needs. Somebody like me. Yeah, I'm nerdy enough to make sure my little place of my desktop stays safe, but then a small sized business has different needs when you have. Here. Here's my nerdiness going. Because the whole cybersecurity can go in all different kinds of ways, but it's like as simple as giving my team an email address that could be compromised and now suddenly I lose my YouTube account, or you are getting a laptop and I need to make sure you are not opening up that specific email. Is that kind of where you fit into this? Between the education, between the policies for the company, but potentially also implementation?

Lori Crooks [00:07:20]:
Yes. More on the rules and regulations side. So we're the ones that tell you not to send out those emails. So we write it in policy or we look at the type of data that you have and figure out what standard is requiring your company to do certain things, and then we tell you how they should be done. We're not, we don't do a lot of hands on IT, so I'm not that nerdy, but enough to, like, translate it and be like, this is what you have to do. And then we come in after the fact and check to make sure that it's actually being done.

Yvonne Heimann [00:07:47]:
Oh, I would say you are quite nerdy. Because I'm like, when I look at, when I look at a lot of, over the last few years, there's a lot of legislature that has been implemented where end users are. Heck for again, because my brain is going into so many different directions with, with security and all the things where it could be as simple as. Do you actually have an unsubscribe button on the bottom of your newsletter? Where there is regulations, there is end user security regulations, where I see a lot of big companies actually not implementing those.

Lori Crooks [00:08:33]:
Correct? Yeah. And privacy is becoming such a big thing, too, like you said, that unsubscribe also just kind of what data they're collecting from an end user standpoint, making sure that they have supposedly your approval to collect the data that you give them. So that's where you see all these pop ups now. Like, do you accept these cookies? Well, that's because they're collecting your information and you have to acknowledge whether you want to share it or not. So, yes, tons of regulation from the security and privacy side that's come out over the last couple years. And it's just like I said, there's so many changes that it's just hard to stay on top of. But that's, that's why we're here, to help individuals and companies manage their way through it.

Yvonne Heimann [00:09:10]:
What have you seen being common? Oh, my God. I didn't know that issues. So where, where my brain is going right now is like, cool. Either way, it's a startup that might not have dealt with it yet or a company that was bootstrapped and now suddenly we need to pay serious attention to things. I'm assuming they probably have some situations where it's like, I don't know what I don't know. Do you have a couple of things that are commonly missed or commonly done wrong or something like that that you see regularly pop up?

Lori Crooks [00:09:59]:
Yeah, definitely. I say some of the common ones are just around, like, user training, user awareness, as you mentioned earlier, making sure people aren't clicking on links. It's always good to educate your users on bad links. What phishing is, there's so many scams out there now that say, hey, I want you to go buy this gift card for me. Send me your credit card information ASAP, something like that. So educating the users is very key. It's not done a lot, but that should be number one. Also just access control, making sure people have appropriate access to the data that they need.

Lori Crooks [00:10:32]:
A lot of people just create access to everything and say, oh, they'll need it eventually and grant access to it. But you could be giving them too much access to confidential information that they might take and sell or do something bad with that you don't want them to do. And then just protecting the data at a high level, making sure laptops are encrypted, making sure you're not sending sensitive stuff through email that might not be encrypted or protected. So just things like that are always good, even for small organizations to put in place so it can help them, help them protect the data and help them protect their company as well.

Yvonne Heimann [00:11:06]:
And you brought up some data management and access management. I'm assuming part of that is also protecting the company's asset if an employee is leaving. Where it's like you don't suddenly want them to delete everything, it's still your ip, it's still your business.

Lori Crooks [00:11:32]:
Yep, exactly. Yeah. So having those onboarding and offboarding procedures, making sure that you have a copy of everything, backups are key, making sure everything is backed up so the employee can't delete information. They might be able to delete it locally, but again, you should have a backup of all of that so they don't take that, seal it, block their access for putting things on USB drives. You know, those types of things. For data management to really help, it's important you know the weakest link are usually your employees. That's what statistics say. So that's why you have to educate them.

Lori Crooks [00:12:09]:
That's why you have to have the proper processes in place to protect your data from, unfortunately, the internal people.

Yvonne Heimann [00:12:16]:
And I'm like, I'm sitting over here smirking for everybody that can't see me on camera. Did you hear that? Standard operating procedures, onboarding, offboarding, human being the weakest of link, implementing processes. Sounds familiar. Guys, we've, we've heard that maybe a couple of times in different areas, haven't we? Haven't we? Now, there's a lot going on. I'm like, you are. You are writing, you're working with compliance, you do assessments. There is so much going on, and I'm assuming there might even be moments where it's like, oh, my God, something just went up in flames in a client.

Yvonne Heimann [00:12:58]:
What, what, what's our policy on here? What's happening? What am I allowed to do? What am I not allowed to do? How do you manage your everyday? Because it's like you have quite the livelihood in your hands with this.

Lori Crooks [00:13:15]:
Yes. Yeah, it's, it's tough some days, to be honest. I have a couple employees that work with me, so I try to delegate as much as I can. But from the tooling side, we use management tools to make sure that everything is being tracked. At least I try to get everything out of my own head and into the tools so I can have my VA track things for me. She can help follow up on stuff. And then, you know, we use a lot of internal communications too, because again, I'm always having to communicate with my team, especially if something blows up like that, you know, I could follow up with them because we're all remote, so we use slack on a regular basis just to keep touch and make sure that we can help the client to their ability. But it is a lot to balance and manage, for sure.

Yvonne Heimann [00:14:00]:
So how do you take care of yourself in all of this? I'm like, as I told you, I love nerds and I can, I can see the passion in you for this. I'm curious about you because it's like I can get lost in this and I have to proactively make sure I take care of me, too. And other things I'm passionate about. How is it with you in that? How do you take care of yourself? Do you have daily routines? Do you? Where, where is Lori in this whole process? Where's personal Lori in this whole process?

Lori Crooks [00:14:40]:
Trying to find that balance is a struggle, I'll be honest. But I do try to, we have a dog, so we try to take the dog for long walks. Just getting that fresh air is refreshing. Trying to, you know, workout on a regular basis as well. And then the evenings, I try to spend some downtime, whether it's, you know, reading, again, a nerdy thing, doing a puzzle. I love puzzles. So work on a puzzle for a while, you know, just to kind of take my brain away from work for a little bit and then put it somewhere else where I don't have to think about work for a little bit. So I have to force myself sometimes to do all that just like you said, just to kind of get out of the day to day work Lori, into like, who is this little personal Lori?

Yvonne Heimann [00:15:18]:
Have you ever, you say puzzle nerd. Have you ever done one of these 3d puzzles?

Lori Crooks [00:15:28]:
I haven't.

Yvonne Heimann [00:15:30]:
I was recently visiting my family in Germany, and my cousin had gifted my grandpa a globe that also lights up on the inside all a 3d puzzle. Now, the thing wasn't moving like it was supposed to, was a little bit more stuck. But I knew grandpa wasn't going to move it much either way. But, yeah, I'm like, this thing looked good. It had little stripes of printed plastic for the globe piece of thing, and then you literally, with little pieces of wood, build this whole globe thing with the base on top and the longitude and latitude thingies all the way around and everything.

Lori Crooks [00:16:18]:
Okay, I'm gonna. You know, I'm gonna google that as soon as this is over.

Yvonne Heimann [00:16:20]:
Oh, those. Those are fun. They are some really good ones. I'm like, again, I was. I was a little bit sad that it didn't. It was supposed to turn in on two axles so that you can also turn that globe. Didn't work quite as planned. Something was stuck somewhere. So it was like, if it would have been mine, I probably would have really duck into it because I wanted. Wanted it to turn. But grandpa is going to use it as kind of like a nightlight sitting somewhere in the evening. But, yeah, I'm like, that one was fun. That one was fun.

Lori Crooks [00:16:53]:
Okay. Yeah, I'm gonna look into those. Thank you for the heads up.

Yvonne Heimann [00:16:57]:
And, yeah, so we were talking about nerding out with cybersecurity, all the things that my audience can do, and it's like, I love having nerds like you on here because it's. It's just so diverse. I'm like, when I. When I look around and we are finally coming out of this, thinking of, oh, women just belong behind the stove. Yes, I'm completely overdoing it. It's not that bad anymore. But I love that diversity of my guests, especially having somebody come in with something like this, like you do with the cybersecurity and really being in the midst of everything. I don't know.

Yvonne Heimann [00:17:50]:
I'm like, you are in this area. You are in this niche, whatever you want to call it. Do you see a lot of women that are working in cybersecurity that are working in those compliance and assessment areas? Have I just not seen it, or is that something that is really still up and coming?

Lori Crooks [00:18:11]:
It's changing a lot in recent years, I'm seeing more women in the compliance and security field, but definitely over the years, it's been lacking. There are still many times I'm the only woman at the table, on the phone call, very few. Sometimes I'll see at conferences. I was at a conference recently, and I looked down the run list of who was speaking. I think there were, like, 30 men and no women. I'm like, come on, you know, we're in a 2024. You can have a female, you know, do a speaking topic on cybersecurity.

Lori Crooks [00:18:40]:
So it's. It's changing. Not probably as rapidly as I would like it to, but it's definitely getting there. It's definitely better than when I started 20 years ago.

Yvonne Heimann [00:18:50]:
Yeah. And I think with. With speaking, and that's an issue in. In many different areas on many different stages. I think it's kind of also the human side of things, where we stay in the circles we know where it's like, oh, yeah, I've seen him. I've seen him, I've seen him. Cool. Saved.
And it would be nice to see with those conferences to really just go do that extra step. It's really not that difficult. The moment you tapped into one female in your area, I guarantee you she's gonna know others, even if it's just one or two more. And I'm hope I'm seeing some in my area with the marketing side of things and video and social media. There were quite a couple of conferences that we ended up calling out publicly because the change happened earlier where. Where there were more women that got active in those areas. So we had a little bit more of a timeframe to. To speak up in that.

Yvonne Heimann [00:20:03]:
But it's like, yeah, we literally had to kick some of these event organizers in the booty and be like, don't tell me you can't find female speakers. There's more than enough out there. Just step out of your cycle, a circle, just. Just for a second.

Lori Crooks [00:20:18]:
Yes, yes, agree.

Yvonne Heimann [00:20:20]:
It's really not that difficult.

Lori Crooks [00:20:24]:
No, definitely not.

Yvonne Heimann [00:20:28]:
For everybody that is struggling with cybersecurity, potentially growing their business, growing their team, needing to do all of these things, where can they find you? How can they connect with you? Where are you active?

Lori Crooks [00:20:45]:
Sure. So we're active on LinkedIn. So you can find my personal page, or you can find our personal, or, I'm sorry, the business page, Cadra on LinkedIn as well. Or we have a website, cadra.com. so cadra.com. and so we have a lot of useful information on there as well. Or you can, you know, find our link on there. And feel free to email me or message me as well through either LinkedIn or personal email.

Yvonne Heimann [00:21:12]:
And as you know, everybody listening and watching we are making it really easy for you. Lori already gave me all of those links. It's going to be in the show descriptions for you to easily click on it wherever you prefer connecting with them. And guys, you know the shoutout is coming. If you haven't subscribed to the podcast yet, what are we doing? We are nearly a hundred episodes in and you are not yet subscribed. Hit that subscribe button so you don't miss out all the amazing guests and nerds I am bringing you. And Lori, thank you so much for joining me today and allowing me to nerd out with you a little bit. I love it.

Lori Crooks [00:21:51]:
Well, thank you for having me on. I enjoyed talking with you. This was great.

Yvonne Heimann [00:21:55]:
Thank you. Bye, everybody.

Lori Crooks [00:21:58]:
Thanks. Bye.