Putting the AP in hAPpy

Episode 79: A Conversation with Dr. Germaine Walker on Leading a Highly Skilled Workforce, Cybersecurity and the Future of Remote Work

Debra R Richardson Episode 79

Today I am talking with self-proclaimed (but I agree) “Pretty Cool” Dr. Germaine Walker, Freelance Dr. of Cybersecurity, and author of The Book About IT Leadership That Is Not Really About IT - Managing the SMEs.   We discuss leadership, cybersecurity, motivating employees and tips on being safe while working remotely, working in the office or traveling.  

We discuss: 

  • How he found his passion for IT after his parents gave him one of the first computer video games 
  • His book The Book About IT Leadership That Is Not Really About IT - Managing the SMEs.   and why he wanted to make it more fun for the reader
  • His views on the future of working remotely 
  • His secret for leadership to manage a highly intelligent workforce 
  • Why cybersecurity training is important and how to make it fun while improving the comprehension
  • Security tips when working remotely during shelter in place requirements and beyond

Keep listening.

Check out my website www.debrarrichardson.com if you need help cleaning your vendor master file or implementing authentication techniques, internal controls and best practices to prevent fraudulent payments.

Subscribe today to be entered in the subscriber-only monthly drawing to win a free Putting the AP in hAPpy Coffee Mug.  

Links mentioned in the podcast:   

spk_0:   0:08
Hello, everyone. This is several Richardson and today I am putting the AP and happy where accounts payable teams are empowered to protect the vendor master file from fraud. This podcast will give a voice to accounts payable team members by talking about the growing reality of cyber attacks in their world and which vendor set up and vendor management techniques they can apply to protect the vendor master file from fraud. Are you or your team performing all possible vendor validations? Do you know which documents have the key data? You need to confirm that the vendor you are about to create or update Israel. Be sure by downloading the vendor Validation reference list. It also has links toe all the resource is listed download at www dat Deborah d b r A r. Richardson R i c h a R D s o n dot com Today I am talking with Dr Jermaine Walker, freelance doctor of cybersecurity and author of the book about I T Leadership. That is really not about I t. Managing this MEES. We discuss leadership, cyber security, motivating employees and tips on being safe while working remotely working in the office or traveling keep listening. Welcome to Episode 79. A conversation with Dr Jermaine Walker on leading a highly skilled workforce, cybersecurity and the future of remote work. Please enjoy the interview. We had a lot of fun, and it was a great conversation. My guest today is Dr Jermaine Walker of Happenstance L l C and happenstance. LoC is a consulting company that provides leading technology professionals to support your data protection and compliance needs. And I have to tell you we met unlinked in, and I was I just have to connect with him because Hiss description says freelance doctor of cyber security to help clients improved compliance controls by at least 50%. Plus, I'm pretty cool. I like. Okay, I have to meet this guy, so bring him on the back at eso. Can you tell the audience a little about your background? Why you started happen? Sounds LLC. And what clients you serve?

spk_1:   3:15
Sure. Sure. I'd be happy to. I could just say I t has always been my passion. I love. Ah, I'm probably until my age and a little bit. I mean, just tell you how I started. There's this thing called the Calico vision I don't know if you remember that day. Ever. I

spk_0:   3:29
don't remember that. I do not remember that.

spk_1:   3:34
Yeah, it came before the Atari. So

spk_0:   3:37
I have under those I happy until we got that for Christmas? Uh,

spk_1:   3:43
yeah, yeah, yeah. My parents got me this thing called the Calico vision and some some of the guys out there. The people out there gonna when I tell something to your games about it. Oh,

spk_0:   3:53
yeah, I remember

spk_1:   3:53
that. There was this game call like Buck Rogers. I used to watch yourself, so it was like a set tape.

spk_0:   4:03
Hey, that was the top back then. Cassette tape. I remember that.

spk_1:   4:08
Yeah. So I started with that and I looked at the calico business. Oh, wow. This is pretty cool. Like, how does this work, Mike? How does this really work? So I started Thio re book said, Just like, find as much as I can about that, You know, of course, I'm a gamer. I definitely became like it's game over the years, but as I went on and said, What? I really want to learn about this. And so I decided to design my career in I T and then I got to know more about cyber security. Like I remember seeing from the news about someone actually breaking into a system and causing this major catastrophes. Like what people can do that. What? Computers. Okay, let me find out more about that. So the way I designed myself iss I said, you know, I want to be like a cyber security professional. I won't understand it. So I had to start with the basics. Learn i t. So I'm one of the things I can always say that who could make me competitive or want to start a hedge? Witches. Agassi joining the Department of Defense. I got to I got to work on the largest network in the world. Um, one of the old the network. I became a military officer working on technology and sometimes, like my colleagues. Or when I'm gonna interview it was like I could tell my Okay, well, I was trained to set up a secure network under simulated terrorist attacks, so that would mean like if, like, machine gun fire someone throwing a grenade, rocket launchers and secure that network. So I have a understanding security on a totally different level than I can say that. A lot of people. So,

spk_0:   5:57
yeah, that's a deep level. Yeah,

spk_1:   5:59
yeah, yeah. So those different tenants asylum Security? Yeah, I lived at

spk_0:   6:05
for that was that was even before the rise of the phishing scams and the BBC scams. All of that. Okay.

spk_1:   6:16
Yeah. So that was one tenant of it. So also designed in inside my career by working in the private sector. So I got to work in various industries coming from anywhere from Kim, from chemical to the financial sector through contracting things like that. So it was, like, awesome. And we know where our workers like. Okay, well, I would do my job, but, like, Wow, can I learn that new technology? What's that? You know, having that passion. Is this something you normally do? So not only that, um, I thought about it, Had the actually I wrote out a chart. Like, What is it that I want to do? How do I want to get there? So I still have it on my wall right now? Um, yeah. It's like it's just a few things on there. I still want to do. Um, and it was always, ever changing. But

spk_0:   7:02
is that like the ultimate five year plan or two year plan? Or

spk_1:   7:07
I made a five year plan

spk_0:   7:10
stick into it.

spk_1:   7:12
Yeah, but that changes. She always updating it. Um, yeah. So I got the coveted See, SSP, But that's funny about there's like to get to that. You know, there's a couple things that got to do before you get to the cause of so many requirements of you actually know you executed. Look at the requirements for I mean, you gotta get your i t background that working a little bit about software that may be. And I got a few starts that I need that network. Plus, um, did the security plus get Francisco training? So eventually, I got thesis SP.

spk_0:   7:48
So for those of us that are Matt in, i t. What does the C. I S S P What type of certification is that? And what does it do for us?

spk_1:   7:59
Okay, let's see. The CSS P is pretty much one of the most. It's the industry. The global industry, known worldwide known I was desirable. Security certification, um, assesses be so having that certification means that you have met a certain standard security where you can go into any operation and go ahead and explain and how, with the domains of cybersecurity anywhere from physical, logical controls. So, yeah, you could help build operations Center for security.

spk_0:   8:31
Is that what you struck out to do with happenstance? LLC?

spk_1:   8:37
What will happen? Stance? Yeah, You know what? I will say This what happened stands I don't want to do is try toe help save the world. Actually, um and I do it in my own way in society. Security professional would knew. For example, they were economic foundation. What they said in 2018 was in no w e f. That's what that is. Is a collaboration collection off economic and political leaders who are thinking about the be changes in the world and how they can improve it and prepare for anything and make me coming up. So what they said in 2018 is that cybersecurity that could be like the next pandemic. Um, it could hit some of them over 40 major infrastructure. That's anywhere from health care to the financial sector in you gotta think about it. We are superheroes in our own on way, because if the major power bread goes down. That's that's it. That's taking on a lot of things that we do from paying our bills, keeping refrigerators cold, fitting our kids anything, you know, driving.

spk_0:   9:43
So I know we hear about cause I share a lot of it with cyber security. We hear about breaches all the time, but I'm assuming if there were less C i S S P s. We hear about it even more because it would happen more often.

spk_1:   10:00
Yes, yes. Um, and actually doing I'm I'm a big research, especially. I got the doctor and computer science a lot of qualitative analysis. All this I just That's just what I do. So one thing, um, today is not if it happens, is when it happens. So being prepared.

spk_0:   10:21
Yes. Yeah. And you know, unfortunately, I see that cause I work with accounts payable teams in some cases, procurement teams related to the vendor master file. And I get calls after it's happened, not the proactive steps to put controls in. It's once that, you know, $2 million has been paid to a fraudulent bank account. That's when I get on. And I mean I do these podcasts. I have quite a few. You know, I have the same number of block post, lots of tips. I have a checklist to check vendors and validated, making sure that they're riel and still much more reaction. Mess, pro activity. So hopefully especially as off the taping of this podcast when we're amid, you know, the cove, it 19 and shelter in place. And lots of folks are working remotely. Which increases the cyber security rest. Hopefully, everyone comes out of here with a different attitude and behavior towards cyber security.

spk_1:   11:29
Absolutely, absolutely. Um, that's that's always, you know, it's it's kind of funny story about that. I'm I talked about that in my book, um, about remote. So now currently, um, as I get calls for projects, contracts, things like that in a good majority of them, they want you to move to the location where ever it may be from Texas to why he washed them. Where that me like we want to be on site now with this cove in 19. This this pandemic that is out of the question now is more. Hey, well, you know, we're doing remote. It's 100% remote, but when this is over, you know, we want to come on site. And I honestly have to not have a talk with that manager of the recruiters. And I'd say, Well, you know, this isn't gonna be over tomorrow. This is gonna be open next. This is good. This is going to happen for a while. If you're listening to the health care experts, Um, this isn't there gonna be This is the new reality, or we can't go back to the way things are. Things have changed

spk_0:   12:39
a new normal. And I know you know, some folks that are getting a little, you know, it was that cabin fever because I have to and I'm an introvert, and I always and I've been working from home. So, like the 1st 23 weeks, I was like, What? What's the problem? Now I get it now is like, Okay, but, you know, I do agree with you. I think we are going to a new normal. I don't think it's gonna go back to the way that it was especially and in relation to cyber security. I think it's gonna be interesting what happens, and I know a lot of States. I know my state were shelter in place through April 30th. Was that the federal mandate? So it's that across all the U. S.

spk_1:   13:21
No, no, no. There's, um from my last look at the new side, CNN find incredible. There's a few states there or not is really on the space instead of the governor's.

spk_0:   13:32
Yeah, so this is gonna be interesting. But you brought up your book, which, interestingly, is entitled the book about I t. Leadership. That's is not about I t managing the S and B's. So can you talk a little bit about that?

spk_1:   13:51
Yester is sure. Yeah, yeah. I wanted to throw a little humor in that because, um um, there's a lot of books out there that I've read, and they're they're so serious and that really black and white about what to do and how you should do things. But I wanted to make this book more fun for the reader and say, Hey, I mean, while this is a serious situation about how to manage your people, we take This is but the whole idea that because the have fun with it, And if those humor is something coming, things that we've dealt with one just working doing operations to so on. So the book about I teach leadership that's not about I see mention this means it's, um use it not only in just I t is, you can use it in any kind of aspect, any kind of subject. It's about leadership. Just managing your employees. What was what

spk_0:   14:43
and, you know, I read it and I really related it to cybersecurity. So it is that that could just be me because, you know, back slotbacks my passion. And so how does that relate to your work within cyber security?

spk_1:   14:59
Sure, cyber security is about protecting the IittIe assets. A major portion of it is about I t. So you condemn it. Use it in that aspect. Um, there's if we if you really take time Thio, get to understand your employees get to understand the the unique needs wants dislikes. That's called, you know, being more engaged. And the whole thing about management is is being efficient, getting the most that you can out of here on police. But you can easily do that if you just care. That's one thing I say in the book. Is about. Take these steps, do them gets understand your employees trying all these things. But guess what? The secret is actually enjoyed doing it. Just do it. I want to do it. So

spk_0:   15:47
yeah. And you also talk about how to let your employees grow No micromanaging, which gets a big thumbs up from my side here. They're trained. They have certifications. Let them do their thing, right?

spk_1:   16:02
Exactly. You have a highly intelligent workforce that are doing some amazing things. If they're getting the certifications, they're working with servers. They're doing advanced code. They're pretty much working on the company operations, multi $1,000,000 accounts. I mean, these are highly intelligent people. They know how to do their job. Your job is a manager is too pretty much make sure they have everything and you keep. They'll engage to make sure it's more than just checking the box is more than just ah proving the time sheets. I understand what's going on. Your employees work environment, what's going on with them to help them stay engaged in their work.

spk_0:   16:43
And on that, I'd like to talk about you know, there's two different sides of the coin for cyber security whether or not the front mind employees and I'm speaking of accounts payable whether or not they really need to be trained on cyber security breads or whether it needs to just be handled by technology. But in your book, you quoted the National Highway Institute, which is tthe e educating factor of the federal Highway Administration, in saying that we retain 10% of what we see 30 to 40% of what we hear and 90% of what we see here and do now. You were specifically talking about preparing for the I T certification, but that helps right with training employees on cyber security. If they see it, hear it and do it. Maybe percent of that is going to be retained.

spk_1:   17:38
Absolutely correct, absolutely. Doing that security awareness training is very important. I've worked the organization's I've had discussions with my colleagues and peers. Executives understand, like, what is the return on invested? The value of doing this training? What if this doesn't have to? Well, it goes back to what we were saying earlier. Um, it's no longer about, if it happens, is when it happens, so you should train. Your employees should try and everybody toe act responsibly. I want to do in an instant response pandemic. Like what we're going through right now. Yeah, um, handling You can actually make this fun. You know, it's about experiencing. You can take that training and you can actually do it like a simulation like actress out in the real enactment about what happens in the pandemic. What would you do? Who are the key people? I've been part of a task force to actually create this documentation and actually do the training on an annual basis is very important. Uh, take for example. Now, I know some people wish they have prepared for this. So is very important to do that. So 90% of extra doing experiencing it helps the most. This is the experience that I've had away from the military all the way to the private sector.

spk_0:   19:01
So is that what I think the term is game? If I Is that what they mean by GAM? If I ng training?

spk_1:   19:08
So let's see Gamma Phi. We have something that we had before about, like come like I think about war games. So yeah, it can actually be in trouble. So we always had this training again. You like? You feel like you're You're Let's say running 10 miles. Look like I want to do this. I gotta do this. Oh, guys, no. You can take this and actually make it. How? Said I see, even though it's a very serious is a very serious situation. Ah, subject and making a way to actually improve the comprehension of the people that actually listeners be the employees themselves. So you can take this in, make it fun. You can go ahead and reenact this, Um, even quiz it like you can take for example, say whoever get the most answers, right? Correct. After we've done this, this scenario get surprised me just doing the situation itself. I mean, it should be fun for a while, because, I mean, the average office, you know, we're we're not We're not prepared for this. We're not doing this so that it could be, like, from my accent movie to some people that wow, we're doing This is amazing.

spk_0:   20:18
Yeah. One of the chapters in your book is called Motivating I t. So can you talk about techniques used? And maybe you just touched on that as well, but talk about techniques used and whether they could be used to motivate employees to take cybersecurity training and then also just performing the daily due diligence and taking that seriously.

spk_1:   20:43
Okay. Motivating your employees. It's all about getting to know your louise first, and some employees air. They're gonna be kind of skeptical about you. What do you want? What do you want? Why do you ask me those questions? But, you know, if they fill it generally care. And you're trying to understand more than he needs. By all means, the open up majority of someone still fight. Okay, that's how we wait. I mean, you gotta think about it. Some of things that we do. I mean, these employees, they're they're people. They have. They have needs of the families. They have career goals. Um, taking the time, like motivating them. That could be something simple. This allow for you as what I have found in my experience. Managers don't always used the autonomy that they have. That that authority, you know, I keep going back to just checking the box. Well, let's not check out the boxes. Get outside of the box. So some of things we have. We have the expenses to take our employees out to eat or are do certain things depending on the company. Some more lap if someone not. But let's just start with some of the more fishing cheaper ways, Like just taking your employees out for a simple lunch. When you take taking that lunch, make it not work related. Just trouble. Hey, so how's everything going? No, like anywhere you guys got going on. No, you'd be surprised. I mean, again, we have these highly skilled workers, this intelligent people. So they're doing some amazing things. Um, I know what I want from my employees that I've had. It's like, Oh, I'm training for a marathon. Wow, that's amazing. Um, well, I'm thinking about making a new framework for how software works. No. Okay. Wow, that's pretty cool. Oh, hey, I'm going to the comic. Are Wow. A lot of us do a lot of people. We are geeks. We are definitely

spk_0:   22:41
having fine. Okay,

spk_1:   22:44
Comic con. Ah, I watched this new anime. Hey. Okay, tell me more about you know, and that's how you get them to open up me. And if you're anything like me I love this stuff. So, you know, you get to know this, or and once you get to do that, um, they you get to understand what they like. So, for example, he got to understand it. Let's say a majority. Your employees are into enemy. Okay, Well, guess what. All right. One day you put the hey, guys, you know, thanks for the great work. How about we take some time off, actually, down the street? They're having, like, a little, um, convention, you know? No, what the company's paying for. Let's take some time. Let's go. You know, they will appreciate things like that. Yeah, honestly, I mean, you're either just going to the park. Let's have a meeting outside in the park. Change it up. It will improve efficiencies. And you're like, wonder what? How did this happen? Because you're engaged. Yeah,

spk_0:   23:45
and I actually like in the book you suggested, right to step away from the office environment like you're talking. Now we're going to the park. I need things to do that everyone's interested in. But I want, you know, just figure out. Are you? This seems like a premonition because you also talked about As a matter of fact, you had a chapter dedicated toe working from home. So getting out office environment, working from home, just want to know if you're psychic, because that's what we're all doing now. And, you know, you describe it as a benefit, right that leader should embrace. And we know you know, that a lot of the I t folks that may be listening to this may have already been working from home. But, you know, for most AP teams, that has really not been the case is exactly the opposite. So you know what? Let's do you have for those not working or not used to working from home? What do you have Cyber security or or others?

spk_1:   24:49
Yeah, that's that. That is a true blessing for us. I t Professionals Way had the probably arm or of working from home than a lot of other people. So is great. So what I would say is, for people working for home or who got in this benefit is mean just first mentally prepare this meant to play because there's a lot of things that you get to benefit from and managers you get to benefit from this. A lot of companies in their in their culture and their sayings like this have work. Flexibility. What? There you go. Here goes again. We're going back to the needs of those employees. We have families. They have kids. They have means they have to D'oh! Um, for me, it became like a like, really Ah, break those, Like, you know, I have one project where I had to go do a conference call. So India had to go speak to someone from the U K. I had to go travel. It's like, if you think about these are in different time zones. So if you add it all together is like, if you were sitting in office, this would be your entire time in office. And I don't know about you. Why? Ah, love, Mom. My work. I don't want to spend 24 7 in the office, so Yeah. Yeah, you gotta have that work. Flexibility. So, for people now embracing this, um, no grass, of course. Now, this is really your choice, especially for those states who it is. It's required your hands. You have to stay and you can't go in office. This is the new reality. So for those who are just embracing this or they're getting ready to mentally prepare, so I'll start with this, for example, being get home, set up a actually work environment someplace where he can work quietly. Maybe if you have extra room. Or maybe there's a area in your bedroom set up why Amazon will be there. Stop delivering so you could get you like something that could get, like a laptop stand. Put in your lap. Get your equipment. But you know what? The company, if your company probably provide that stuffed or should just ask, Sometimes it's just about asking, just like in management. Just ask. So that's one. So far, it's the security portion of it. Oh wow, VPN definitely. VP in the company's have a VPN I'm allowed. The major security companies have. It's semantic. There's a lot of vendors out there that are approved that you can get a V P for those who I'm actually doing remote, and you have to travel and I don't know where you are. Sometimes if you can still go into accomplice up, that's still possible. With this pandemic going on, you could buy yourself like a lock. You know when they'll special lap. Yeah,

spk_0:   27:33
I've heard of those. I don't have one. So is that something you recommend?

spk_1:   27:37
Oh, yeah. Oh, yeah. Um because you get the oh, you got to go the different situation. So let's say you're out. You're working. So let's say you weren't a cop itself, and this is Ah ah, no prik over 19. So you're definitely the coughs up. There's a bunch of people around. Um, let's take it to go the bathroom or you're just going up to the counter to get your coffee or food or whatever. It only takes a few seconds for somebody walked past and take your computer and God forbid that you have unlocked. So it's good to have that toe lock that up. Especially your phone companies really should be doing multi factor authentication. So you think about who you like. What? You know, um, what you have what you are So things like that let me see. I mean, there's a lot of those things when it comes to just the just remote work is a lot of somethings to make sure you're always locking, always locking your computer. That's another one you're walking away If you think I'm just gonna go through seconds. No, just like a computer. Because that few seconds maybe you have a conversation with somebody just passed by or you had another task just forgot about. It is open and your you lend Somebody have access to restricted data or customer data. And how? Say one last one. Lastly, let's see here. Well, one of simple ones have, ah, something for your screen that's to prevent from shoulder surfing. There's a screen saver can get. You can simply attacks it to your screen so that passer byes cannot see you in your screen. Only you can see where you're looking directly at that. So those are some of the common things.

spk_0:   29:19
Yeah, And you know, some of those air good for office too. Especially that last one with the screen and also locking your screen as well. I remember it was just prevalent. Some employees, when I was in the office, would not lock their screen. Don't go to the printer than no get into a conversation 15 minutes later. They have. You know, in my case, all this vendor sensitive data that should have been on their screen open for anybody that's passing by the sea. So and that could happen now in your home environments too, because, you know, a lot of people have roommates, and they don't need to see that information like it up.

spk_1:   29:53
Yeah, I gotta get a funny story about that happened to me, but happen to someone I know. I'm not gonna tell where, but but, you know, you always get that one colleague or friend or whatever Who was a practical joker and just imagine you leave that screen open. And I remember getting the e mail and I went out to the entire team is like, I am buying free pizza and then I'm quitting. Like what? What

spk_0:   30:23
is going on

spk_1:   30:24
like, Ah, you live

spk_0:   30:27
like either that or what? If the controls, when you can have someone's monitor everything is showing, like upside down. Okay. So bad has happened it up?

spk_1:   30:40
Yep. And pretty much If if you think about the mind set up like a cyber attack or a hacker, sometimes it's not really a motive for it. Sometimes some people just want to see the world burn. They just want to do stuff. You know. So it's simple things like that as a personal employee. Take those steps so and someone won't go into your information. Take some files and email it to themselves or something, you know?

spk_0:   31:04
Yes, exactly. To have have to be careful, especially if you're dealing with sensitive information, being in accounts payable or any other team or group.

spk_1:   31:14
Yeah, especially now. This is a very sensitive time, and its security is everybody's responsibility. Her they're from, Ah, lot of great wise people agree with that, and I use that now. So we have to protect the consumer we have to protect. Our employees have to protect ourselves. So they're going through a lot of stuff right now. And we want to make sure that the last thing they have to worry about is getting a letter in the mail saying that their information has been breached. We

spk_0:   31:43
don't need that. Okay, so to kind of wind this down, then what's the biggest takeaway that you want people to learn from your book? The book about I t leadership? That is not about I t managing the sneeze. What's the biggest takeaway you want?

spk_1:   32:00
That the world is ever changing technology evolves every 36 months, and we need to change with it like anything's leaders. So as the world is changing, we need to think of new and interesting ways to keep our employees engaged into bringing him into the next decade. So if you're one of those one of those managers who feels that you know, I need to have my people right in front of me Thio do the work or I need to make sure I I check on everybody the every a few minutes you need to do a self stick. You are definitely doing it wrong. Take a person, look inside, read the book. It's a lot of great techniques in there, and there's a lot of things to not only help your employees but help yourself and it's funny. Has illustrations in there. You'll get a good laugh. It's a quick read.

spk_0:   32:57
Yeah, it is a quick read, and it is very funny for anyone that wants to connect with you. Where can they connect with you? And then where can they get your

spk_1:   33:05
book? Okay, they can definitely connect with me on linked in. They can go to my company, went website for happens now. Elsie, It's our fight. Dass Murphy's dash law dot com. They can definitely email me. All the information is in the book. You definitely can reach me late. Then everybody can have you.

spk_0:   33:24
Yeah, and I'll put all of that in the show notes a swell so that they can just quickly lead to everything. So thank you very much. Remain for being on the podcast today. It was a lot of fun.

spk_1:   33:36
Thank you. It was truly a pleasure. And I look forward to talking more with you.

spk_0:   33:39
All right. Thank you. Thank you. Great interview with Dr Jermaine Walker and thanks, everyone. I hope you enjoyed the 79th episode of the Putting the AP and Happy podcast where accounts payable teams are empowered to protect the vendor master file from fraud. Don't forget to check the show Notes for the links mentioned in the podcast. If you enjoyed this episode, consider subscribing and writing the review of my podcast on the platform that you used to listen. Stay happy