Faces of HR

Tips from an HR Expert at a Cybersecurity Company

Hackers and scammers evolve every day to find new ways to compromise your security. There are many dedicated individuals out there fighting against these efforts, and today’s “Faces of HR” guest works at one. She was kind enough to share with us her tips for other HR professionals to get in the right mind-set about cybersecurity.

Meet Teri Keller, Vice President of Human Resources at Automox.

How did you find yourself working in HR?

Probably just like anybody, I stumbled into it. I started working at The Gap as a junior in high school as a seasonal worker and found myself there for 7 years. I went through its management internship program while I was in college and became an assistant manager to a store. It was really there that I started to learn about employee relations. That’s actually where I learned that I don’t fire employees, employees fire themselves because of their own behaviors.

I didn’t enjoy firing people, but I found that I enjoyed working with people and helping them develop in their careers. When I left The Gap, I realized I needed to get into HR. Like many people in my profession, I started as a recruiter and got into talent acquisition. Things just kind of grew from there and I never turned back. I enjoy it, I find that I’m good at what I do, and my career and my role have definitely progressed throughout this time. I’m very happy that I landed in this career.

What was your takeaway from all of that?

I felt The Gap was really good because everybody had a defined role. I actually was able to find where people did well within the store and where they were even better. For example, you can’t have the person who does not like to talk to someone be the greeter and first-person customers see in the store. Then there are people who are very methodical in the way they fold a denim wall or their table.

That’s where I found that I really enjoyed working with employees and coaching them. At the moment, I didn’t really understand that, but in hindsight, I see that’s where it began. It was just knowing that that person wasn’t good at greeting, so he or she had to be somewhere else.

I also worked in a college town and knew this wasn’t people’s lifelong careers, and it’s OK if they didn’t like what they were doing and wanted to move on. But for the people who really wanted to come into work and had this passion, you had to build a team. It’s the same thing about building a company culture and engagement. You had to do the same thing there. You had to make it fun while people were there at work.

So now you work at a cybersecurity company. Is that the first cybersecurity company you’ve worked at?

Yes.

Would you say that you had any kind of eye-opening experiences about the nature of cybersecurity when you started working there that maybe you weren’t aware of before?

No, and I only say that because I worked at Lockheed Martin for 12 years. When you work for a defense contractor, everything is on heightened alert: what you do on the computer, walking around, going into the buildings, and getting on campus. It wasn’t until I left that defense contractor and started working in start-ups that I had the eye-opening of cybersecurity and how unsecure start-ups are.

Before coming into Automox, I’d worked at a couple of other companies. Coming here actually put me at ease again. I was thinking that we know what we’re doing, and we’re walking the talk. I love to see us leaning in. We educate our employees on cybersecurity and what it means for our customers, what it means for us as employees, and how important it is for us to take more concerted efforts around that.

That’s nice to hear, and that is rare, especially at start-ups. You’re looking for the quickest tool you can use and the cheapest you can use, cheap-as-free, if possible, and that doesn’t necessarily come with a high level of security.

I agree.

Then these hacker types have gotten fairly sophisticated. As part of my job in a media department, I get an unbelievable number of e-mails. It’s my job to find content and interviews and tender articles from those e-mails. I’ve read them all. One of my favorite attacks, if one can have a favorite, is the auto-generated e-mails. Someone somewhere in like eastern Russia loads 5 million e-mail addresses into a tool, and it just generates text that is designed to get people to click and respond.

That’s right. It’s so important to educate your employees about these types of phishing scams, so they know what to do, or not to do when seeing such emails and prevent hacks in the first place. 

What would you recommend to an HR professional who is just getting started, maybe at a start-up or a small organization, that he or she really needs to know about cybersecurity from a perspective like yours?

It may be obvious, but being diligent is crucial. I get e-mails every day from so many different salespeople, vendors, and HR sites saying “Have you thought about this?” and “Click here.” It’s the ones that, when they are actually personally addressed to me, make me go, “Wait a minute. Do I know this person? Do I not?” If you have LinkedIn or other social media accounts, people will pull from your profile and be very specific with their ask and what they want you to do.

You have to be very diligent in knowing who’s sending it to you; if I don’t know who they are, chances are I’ll actually delete it. If they come back again, then I may take a closer look. But you have to learn what your security measures are within your company. Whenever I get a suspicious e-mail, I always send it to our security group and just say, “Hey, take a look at this. Is it legit? Should I open it?” It’s just like our personal lives. I wouldn’t just open up an e-mail from someone who sends, “Hey, Terry, you and I met a year ago. Check this link out.” If I don’t know the person, then I’m not going to do it. You have to take what you do in your personal life in regards to cybersecurity and bring it into your work life as well.

When I’m vetting e-mails, guests, and even PR people, I use LinkedIn to verify them, but even there, the scammers have a little bit of sophistication. You have to look for the signs, like a low-res profile picture. Or they only have one job history at some company you’ve never heard of. Still, they can be pretty convincing.

We actually just had something similar happen internally. Our team was doing some testing, and they created a fake profile for an employee. I actually had another employee who sent it to me saying, “Does this person work for us?” We’re hiring so much right now that you just don’t know. We had to go to our IT team and learn about who this person was and why the person was using it as a test case. You always have to be on heightened alert; you just can’t trust everything that comes through.

No, you can’t. I’ve talked to some security experts, and they talk about deepfakes now being a thing, especially deepfake audio. A lot of people know about the videos, but you can use software to generate someone’s voice based on previous recordings. For example, the “CEO: calls up the financial manager and says, ‘We got this big account, it’s not working out, we got to get the $6 million in there,” and people fall for it a lot.

That’s where we are as a growing and scaling company. We’re putting measures in place early on. We’re not as widely known as some of the bigger cybersecurity companies, but we’re starting to get more noticed. What we’re trying to do is build that behavior and build that muscle right now so it becomes baked into our culture.

One thing we do with our onboard training is that we actually have a hackers course people take. What do hackers do? What do they look for? How do they do it? We have a whole day in the life of a systems administrator, a day on hackers, and so on. The work is done through education and awareness. We have people who are in accounts or in HR who aren’t dealing with our customers or our products on a day-to-day basis, and we want to make sure they’re educated.

What’s something you’re looking forward to this year?

The vaccine. I’m looking forward to not repeating what happened last year. Outside of everything external that happened and that we all experienced within our company as well, it’s a super exciting time. We’re growing as a company and are on a great path. I’m looking forward to helping employees get motivated again and focusing on our exciting journey and common vision.

Last year was hard because I felt like every corner we turned, there was bad news; everything from COVID to politics to social injustice to the number of COVID cases. I’m excited to get back into celebrating the wins of our business while balancing employees’ professional growth, wellbeing, and mental health. I look forward to continuing to grow the team and drive HR initiatives that bring everyone closer together, improve employee engagement and satisfaction, and overall empower the team to perform at their best.