Ryerson’s Joe Mariscal on Navigating Cyber Risks in the Metals Industry
Show Notes
In our latest episode of the Future of Threat Intelligence podcast, Joe Mariscal, Director of Cybersecurity and Compliance at Ryerson, shares his expertise in building hybrid cybersecurity teams and managing metals-industry-specific cyber risks. Joe shares invaluable insights from his extensive career, offering a unique look at the challenges and strategies within the metals industry.
He discusses the importance of specialized outside services, common oversights in cybersecurity practices, and the critical need for strong partnerships and team collaboration. Joe provides listeners with actionable advice and a fresh perspective on effective risk management and team building in the ever-evolving field of cybersecurity.
Topics discussed:
- Challenges and unique cyber risks in the metals industry and Ryerson's response strategies.
- Building hybrid cybersecurity teams utilizing specialized outside services and in-house skills.
- Common cybersecurity mistakes and oversights observed in the industry.
- Effective risk management strategies and maintaining strong partnerships within the organization.
- The future of cybersecurity at Ryerson and general industry trends, including the integration of new technologies.
Key Takeaways:
- Evaluate skill gaps in your team to determine whether to utilize in-house resources or specialized outside services for cybersecurity needs.
- Build strong partnerships with other business units to ensure a cohesive approach to cybersecurity and compliance.
- Stay informed about unique cyber risks specific to your industry to tailor your defensive strategies effectively.
- Conduct after-action reports regularly to learn from incidents and improve your cybersecurity posture.
- Focus on continuous learning and training to keep your team's skills up-to-date in the ever-evolving field of cybersecurity.
- Engage in open conversations with business leaders you might not frequently interact with to build stronger organizational relationships.
- Avoid being a blame-avoidance leader; instead, focus on understanding what went wrong and how to improve.
- Implement zero trust or constant validation methodologies to strengthen your cybersecurity controls.
- Seek management and company support that aligns with your professional goals and provides ample training opportunities.
- Stay vigilant about the tools and technologies you use, ensuring they are up-to-date and fully utilized for maximum security.
Quotes from Episode
#1.) “It's focusing on leading that digital expansion for Ryerson. And so what can we do to add to that ability to do that safely for the organization? And that's where we spend a lot of our time, is understanding what's coming down the pipe, what can we do to better serve customers, to better serve both internal and external customers, but to do that safely and securely.”15:58-16:21
#2.) “So we have an MSP. We partner with them for a lot of our log aggregation and certain types of alerting that come from them, obviously after hours and alerting and escalation trees. But a lot of the work is done from our own SOC, from internal threat hunting, from BECs that may be coming from partners or vendors in the typical day to day security issues that an MSP will not normally do.” 4:04-4:28