Nicholas chats with cyber law attorney Donald R. Geiter, J.D., M.S.L. (Cybersecurity Law & Policy), CIPP/US, CIPM.
Stream the episode above and make sure to subscribe so you don’t miss the next great servant leader’s story!
Episode Transcript
[Nicholas]
All right, welcome to Servant Leadership Library where servant leaders meet the digital frontier. In this episode, we’re diving into the world of servant leadership with a cyber twist.
Picture this, a cyber attorney navigating the complexities of the virtual realm, defending against digital threats and championing a new area of servant leadership. Get ready to unveil the secrets of leadership in the age of technology as we’re joined by cyber attorney, Don Geiter from Barley Snyder Law, the defender of both code and conscience. This is where leadership takes us a bite out of the future.
So I’m Nicholas Paulukow, the host of Servant Leadership Library. I’m an entrepreneur that’s built his business on serving others over the last 22 years and living by core values to execute for good. Today, we’re going to cover balancing leadership and legal responsibilities, especially in cyber law.
Encourage you all to subscribe and share the podcast after listening today. Please go to o-n-e, the number two, o-n-e, inc.com to connect with us on social media and understand more on how we serve others. Okay, let’s get started.
Our guest today is Don Geiter. He’s a partner at Barley Snyder Law Firm in Lancaster, PA. Don is the chair of the firm’s cybersecurity service team and chair of the firm’s finance practice.
He also serves on the firm’s technology committee and is the firm’s chief privacy officer. Don first became involved in cybersecurity initiatives while he was a law clerk with the Office of Naval Research, US Department of Navy in the late 1990s. Currently, Don advises businesses, clients, and a broad range of cyber tech related and privacy matters, including employee and board training, data breach coaching and support, cybersecurity privacy compliance, and auditing, counseling, and transactional support, and contract review.
Don, welcome, and thank you for your time today. We’ll get started by understanding how you became interested in cybersecurity law. Could you tell us a little bit about that today?
[Don]
Yeah, Nick, well, thank you for having me. It’s exciting to be able to talk about topics that I really enjoy, which are cyber and also leadership. So, it’s great that you get to meld those together and we have this conversation.
Yeah, I actually got involved in, as my bio that you read from describes, way back in the 90s. I don’t think we called it cyber then, but it even goes back to sort of the early 90s when I was choosing to go to college and choose a major. Actually, initially, I was a computer science major.
[Nicholas]
Oh, wow. And- From computer science to legal. Yeah.
[Don]
That’s amazing. But I sort of was a computer science dropout. So, when I went into my first couple of classes my freshman year, I discovered that I was at very much a disadvantage to my classmates because I was missing that one thing that they all had in their dormitory that sounds like it would be typical for somebody to have who’s a major, and that would be a desktop computer.
I didn’t have one.
[Nicholas]
Oh, geez, wow.
[Don]
Which was not necessarily a complete barrier to entry, but it made it really difficult because I had had to go to the lab way across the campus and all that good stuff. So needless to say, I switched majors. I stuck into business.
I actually also pulled in a criminal justice degree, but always had an interest in cyber-related things or computer-related things, and then got into it more deeply from a legal perspective in late 90s as I was finishing out my law degree and working for the Office of Naval Research where sort of tech was on the forefront. Yeah.
[Nicholas]
Yeah, that’s amazing. So, all of those that don’t remember the 90s, right? I mean, computers were way different than they are today where we hold one right in our hand.
That’s probably more powerful than what you and I even played on in a computer lab, right?
[Don]
Yeah, exactly. Exactly. I actually heard recently that there’s more computing power in your iPhone that was used to send our astronauts to the moon in 1969.
[Nicholas]
Yeah, absolutely, right. That 486 that they had that was on to go to space is not even a quarter of the power, right, that we have on that phone. That’s amazing.
Yeah, well, thank you for that intro and congratulations kind of on your path. That’s amazing and that’s really neat to learn and which makes it quite unique probably because many of your constituents maybe don’t follow that same path. So, it makes it quite unique that you can come from the IT side or the computer programming side and now introduce kind of the legal.
Before we get into the kind of the cyber items, tell us a little bit, you had said earlier when we got started, like the servant leadership aspect to you is really important. So, can you tell us what servant leadership means to you per se?
[Don]
Yeah, absolutely. I mean, for me, it means leadership by example and leadership by doing and demonstrating things. My son who is now 20 was a Boy Scout and part of being a Boy Scout, he went through some training that gave him some opportunities on leadership.
And I was sort of looking over his shoulder at some points during this and they discussed this thing called the EDGE method, which really delves deeply into servant leadership. And EDGE is an acronym which stands for educate, demonstrate, guide, and encourage. And it’s interesting, I mean, this came about probably six, seven years ago and I was like, wow, that really just boils it down simply into great leadership style that sort of matches my style.
I like demonstrating, I like encouraging people, I like doing things, I don’t ask people to do things that I’m not willing to do myself or which I haven’t done. So that’s an important part, especially as I, and I wear different sort of hats here at my firm, you mentioned a couple of them, I’m a practicing attorney, so I’m counseling clients, but I also have various administrative roles and responsibilities here within the firm. I actually just wrapped up a couple of terms on our management committee, which is essentially five individuals here at Barley who manage the firm of over 300 people.
And that requires a different set of skills and so forth outside of practicing law. And I supervise a staff of folks here, I’m a head of a group of department. So, there’s various elements there, but yeah, just having the ability to sort of step into the shoes that you’ve been blessed to be able to be a leader of.
[Nicholas]
Right, absolutely.
[Don]
Is so critical. Having been an empathetic leader, I think is important in understanding, we all come to work every day with things outside of work, obviously, with families and other responsibilities and sort of understanding that we all go through periods of struggle or adversity or also joyful things as well. So, understanding that and helping and adapting as I encourage my coworkers and so forth is so important.
So, I think that’s, are things that servant leaders really strive for and need to have as part of their skillset.
[Nicholas]
Yeah, and you mentioned skillsets, how did you work through continuing to be a good leader? Was there certain people that you follow, that you admire, books that you read that kind of continually help you understand how to be a good leader?
[Don]
Sure, it’s sort of all the above. I mean, I am a very active reader. I always have been.
I was blessed as a youngster who, my father would, especially in the summertime, would drop me off at my aunt’s house here in Lancaster. And we would make a pilgrimage to the library, and I would come home with five, six books and then devour at least one or two of them before my dad even came to pick me up at the end of the day. That happened pretty much all summer long.
And to this day, I mean, I still read 25 to 50 books a year on various topics. Many of them are on leadership and I’ve gone through periods and spells of more of that. I enjoy business biographies, stories about various people who’ve built their businesses and sort of help understand their techniques and so forth.
I’ve read the Simon Simic books as well. Those types are on leadership that are very intentional about leadership. And those have great value.
And my takeaway from all of them is that they all have nuggets in them. Unless you write the book yourself, no book essentially is written for you. So, I think, and we’re all unique individuals who’ve been crafted with unique personalities and skills and so forth.
So, it is a matter of sort of exposing yourself to as much of other people’s influence or books and lectures and so forth and podcasts to sort of get a feel of what works for others and sort of meld that into your own style and methodology.
[Nicholas]
Yeah, absolutely. So, it sounds like we’re all life learners, right? If we want to continue to progress, we always want to learn or understand from others.
Yeah, that’s great. So like kind of now as we kind of take your servant leadership that you’re learning and kind of go into your field a little bit more, how do you think, how do you see like a servant leader’s principles aligned with kind of cybersecurity, right? How do you connect those two?
[Don]
Yeah, well, I mean, most of my work in cybersecurity is on sort of the front end, or I would say like the policy or contract side, so risk mitigation. So, it’s essentially getting with clients and sort of understanding their business enough. And I’m always curious about those.
I’m always willing to learn about a client’s business, especially in industries that I’m not as familiar, so that I can understand where their most vulnerabilities or where their potential vectors of risk are. Obviously for some businesses that are very data rich, protecting and fortifying their sense of information is going to be critical. In others, it’s just a matter of communication or access to communication.
Maybe it’s a business that relies on a networked system of people communicating, employees communicating with each other. So, it’s really trying to understand the business and getting in their shoes a bit to understand where their risks are, so that I can then advise them on the legal components of where they can see the most risk and opportunities to mitigate those risks. But yeah, I think it really comes down to being, many of the same characteristics when you’re leading your own, whether it’s your family or your workforce, is leading your clients and being empathetic, having, being a good listener and sort of understanding, which is tough for any sort of profession like the practice of law where our inventory, and I say that with air quotes, is our billable hour. There’s a tendency to sort of rush through things because everyone’s sensitive that they’re on the clock or being billed.
So sometimes clients don’t want to give you everything that you really perhaps need from an information perspective because there’s a fear that they’re getting billed for it. So, I try to be very upfront with clients about those types of situations. So, when I’m coming out to visit them, that’s all my dime.
It’s my responsibility to learn and understand about your business. I don’t need them paying me for that time. That’s my responsibility.
And so, yeah, just sort of being sensitive to those types of things, which I think, again, are characteristics of someone who is a servant leader who’s in tuned from an emotional capacity of those around them and what’s sort of bothering them or what could be a sensitive topic.
[Nicholas]
Yeah, very good. That’s excellent. And I think that’s a great way to explain kind of how your industry works, right?
Like you’re really trying to create a partnership with that client by trying to understand them, kind of breaking the barrier down from this is just a transaction at an hourly rate to try to create an understanding of business. That’s excellent. You know, what are the significant things that you see from a business standpoint that would concern you, that you see that is constant with businesses?
You know, what could you help educate some of the people listening on some maybe tips and tricks that they should consider from a cyber perspective?
[Don]
Yeah, I mean, it really, it still is, you know, largely a, I would say a staff or employee issue that I see. You know, we know as being professionals in the industry that from a technology perspective, especially those businesses out there hiring, you know, the capable hands of ONE 2 ONE to help them manage their IT, it’s less of a tech issue. That’s covered.
You know, ONE 2 ONE is doing, you know, they’re going to keep you protected from a technology perspective. But the reality is that the entry into most networks from a risk perspective is, you know, the vulnerability that’s there with the staff and the employees and so forth. So here we are, you know, two or three years into, you know, a push out there to guard our businesses from social engineering and, you know, phishing attacks and so forth that really prey on the employees and staff who have access to these networks.
I’m still seeing businesses that, you know, who largely think that for whatever reason they will not be victimized.
[Nicholas]
Maybe it’s because they’re not- right, they’re too small or they’re just not. Right, yes, absolutely.
[Don]
Yeah, so I see that as still being the prominent issue for most organizations that their businesses, you know, that they really don’t value the training and other things in the policy and procedure that goes into developing a, you know, that human firewall that businesses really do need to maintain.
[Nicholas]
Yeah, absolutely. So, I think what I’m hearing from you is, is that still today, business and the protection of their assets and data really comes down to people, right? So uneducated people generally become our biggest risk, whereas we can protect everything from a technology component, but, you know, people’s actions seem to be a big risk.
So empowering and educating them sounds like a lot of what you’re doing all the time and then putting it down on paper from a policy perspective to kind of get everybody on the same page. Is that kind of what I’m hearing?
[Don]
And really encouraging businesses with different, you know, types of techniques that, you know, to implement it is, but, you know, those policies are great, but the, and having one is important, but I think something worse than having a policy, well, having no policy is having a policy that you just put on the shelf and don’t even follow.
[Nicholas]
Right.
[Don]
We see that happening a lot. So like right now, you know, the hot button issue is developing AI policies, artificial intelligence policies, like use policies, because, you know, what, you know, there’s ethical considerations and confidentiality issues that all sort of come into play. And as employees maybe are tempted to use ChatGPT or sort of other plugins that are now available to, you know, some of their typical software programs that they’re using, there’s not a good amount of sort of education on the ramifications of what that could be and what those uses are and what that means.
You know, an example of sorts, you know, in my profession is, and in my, the Bar Association, the American Bar Association and the Pennsylvania Bar Association are very good about getting out in front of this from an ethical perspective is, you know, so if I’m a lawyer and I want to craft a letter to a client and, you know, and I decide to, you know, hammer something out on Word and then copy and paste and put it in the ChatGPT, now I just potentially put confidential information into ChatGPT, you know, and, you know, there’s issues with that. Right. So that’s a simplified version of a potentially common issue throughout, you know, various types of organizations who are handling sensitive information.
Think about it if you had a contract with a customer where you have a promise relative to confidentiality, you’re working on something for that customer and you just did the same thing I just said, which is you draft some sort of communication for that customer using that customer’s information and you put it in, you know, the ChatGPT. Now you just perhaps breached your contract where it says you can’t disclose that information to third parties because ChatGPT is a third party. So, there are great uses to AI, but there’s also a potential there.
And I’m not even delving into the other sort of the generative aspects of what that could mean too with that information down the road, but, you know, just from the simple breach of contract or even, you know, promises you make to clients relative to confidentiality. So, yeah, so developing policy, so working with clients on that, that’s been something over the last couple of months I’ve worked with several clients on and then helping them develop, you know, how to implement it in a way so that people understand it and how they can monitor it and keep tabs on it.
[Nicholas]
Yeah, it’s interesting you talk about the AI because in our industry now, they’re talking about AI engineers, meaning someone that understands it and understands how to operate it, meaning adopting the use of it. So that’s interesting. Help kind of expand on what you mentioned earlier from like discussing from an ethical standpoint, like, you know, kind of marrying what you’re trying to do to empower and educate your clients, but then there’s like an ethical standpoint to it.
Like, do you ever find that your clients or others are kind of bridging that gap, you know, of an unethical situation or, you know, explain that a little bit to us. Do you mean in the concept of AI or just- Yeah, like AI or, you know, in essence in protection of their business because it’s very people-driven, right? Like the protection of the business is very driven by our people.
It seems like if you, you know, I can imagine that everybody is ethical, you know. You know, are they trying to find loopholes on how to manage the cybersecurity guidelines or, you know, storing of people’s confidential data? Do you see that often or is most people pretty compliant?
[Don]
Yeah, I mean, there is a lot of sort of openness without naming names of products or services out there. You know, there’s lots of talk out there on products. One in particular is launching essentially a wearable that uses AI very significantly in a way, you know, to provide you with a real-time perhaps alternative to your device, your iPhone.
And, you know, because it’s able to sort of condense a lot of information, it has to use AI to give, essentially to give you on-demand information because you have very limited capabilities. It’s literally broadcasting on your hand. I don’t know if you’ve seen this product out there, but there’s, if you read some of these products, their privacy policies, for instance, there’s not really clarity in those policies relative to what kind of information they’re collecting or how they’re using it, who they’re sharing it with.
And, you know, from an ethical perspective, outside of the legal components, because there’s plenty of legal requirements relative to what goes into privacy policies. But much of it comes down to, you know, from an ethical consideration, what it is that, what are we collecting and why are we collecting it? So, there’s that ethical component.
[Nicholas]
Okay.
[Don]
I think, you know, the other ethical components out there, and I also speak of ethics from a lawyer’s perspective, because that is sort of what regulates us. We are bound by canon of ethics in our practice. But, you know, in other, you know, in marketing and so forth, there’s issues relative potentially to using AI because are you now creating something that’s original enough that then belongs to the client?
So, if you’re a marketing firm and you’re developing copy or trademark, you know, service mark type stuff, and you’re using AI, there is issues out there relative to who owns that. You know, normally under the typical marketing arrangement, you go and hire somebody like that who provides you a deliverable, and it’s called a work for hire, and you come out of that with a product because you paid for it as a customer. But if AI is being used to develop it, there’s more questions about, you know, whether or not that’s, you know, that’s an original thing of sorts.
So, there’s that issue as well.
[Nicholas]
You know, interestingly- That’s interesting that you say that, right? Because like even from a standpoint of like trademarking something, and now you’re asking AI to generate a logo or generate something, that’s going to be crazy to understand how that in essence is going to be policed from even like a trademark standpoint. Hey, it generated a logo that looked like mine or use the name.
That’s kind of crazy. You’re bringing a lot of valid points that seems like it’s only going to get fuzzier till it kind of levels out again.
[Don]
Yeah, it’s sort of the wild, wild west, I think, for a while. And then the other ethical component is, you know, what do you want to do? What’s your business focus here?
And are you trying to eliminate, are you trying to use AI to enhance your capabilities or to eliminate, you know, human aspects of your business? So, there’s that component as well. And, you know, there’s, you know, lots of debate over that.
Certainly, you know, as people, we want to be gainfully employed and work and be industrious. And if we’re eliminating opportunities because we’re relying on AI, you know, it definitely allows, I think businesses, it levels the playing field to a certain extent, maybe breaks down, throwing out a lot of cliches here, but breaks down a lot of barriers of entry into businesses. I mean, that was sort of, you know, we think about the advent of websites back in the day where a small, you know, one person shop could create a website and give the illusion that there are some big firm.
And there’s a lot of that still happening. And then AI power, you know, use AI power, you could, you know, become very industrious with very few people very quickly, depending upon the type of business. So, I think there’s an ethical component to that as well.
And, you know, encouraging sort of the thought leaders in this space to think about, you know, emphasizing, and I think there is a good amount of this, emphasizing the enhancement, how AI enhances use of people, not replacing people.
[Nicholas]
And do you see kind of from a governmental level, where do you see kind of any, do you see any policing from a legal standpoint? Do you see any current guidelines being developed or put into place that are gonna kind of create some leveling fields here or create some clarity?
[Don]
Well, actually the White House just issued one a couple of weeks ago, some guidance on use of artificial intelligence. So, I think sort of everybody’s sort of starting to dissect that it’s, you know, like most things produced by any government, you know, it’s not gonna have enough substance. It just tells you enough that the government, people at sort of important political positions are thinking about these issues.
You know, of course, like with anything, I think the decision makers and the policy makers are always gonna be a couple steps behind, you know, where the technology is, and then it becomes a matter of playing catch up or sort of undoing or, you know, trying to limit activities that, you know, businesses are already out there running with. So that is always gonna be, I think, the issue and the concern.
[Nicholas]
I gotcha, yeah, thank you. And kind of changing subjects a little bit, you know, many times we get a lot of questions about cyber insurance, right? And kind of that same mentality that you brought up a minute ago.
Well, if I have insurance, if there’s a problem, they’ll just pay for it, right? And so, there’s a mentality of like, you know, I have something that’s just gonna protect me from it and I’m small enough that nobody’s really gonna target me. Can you speak on that briefly?
Like how you feel about that, where you think the industry is going and what business owners should really be considering when they’re thinking it kind of with that mentality?
[Don]
Yeah, I mean, there’s definitely a place and for cyber liability insurance and it’s certainly important. You know, I think it’s been like five, six years ago that the OCC, which is one of the regulators, federal regulators of our financial institutions issued a memorandum to the banks that it regulates saying in short term, I mean, it was a relatively short memo itself, but it said along the lines of, well, cyber liability insurance is not a cyber risk solution. And I think what they were responding to was that when we ask you as a regular, ask you bank, what are you doing to reduce your cyber liability?
The answer can’t be cyber liability insurance. Like that, it has to be more than that. Like you can’t rely on that.
And then, so that was five, six, seven years ago. I mean, that still holds true and then some. You know, the issue now as many businesses who have cyber liability insurance are facing is that even without an incident, a covered incident, so you have essentially a claims-free business who is looking to renew their insurance policy, is looking to pay perhaps double from a premium perspective to get the same amount of coverage or less.
That’s what’s happening because the amount of claims over the last five years are just going out the roof. I mean, it’s just crazy. And at some point, and the other issue out there is that there’s much standardization in insurance, generally speaking.
So, when you as a consumer shop for hazard insurance or property insurance, life insurance, like think about the insurance products, you’re really comparing apples to apples because you could shop from this issuer to that insurer. There is no such thing yet with cyber liability insurance. So, if it’s cheap, it probably doesn’t sort of match up to your rates and your needs.
So, it’s hard to compare apples to apples. And again, it’s very important. And it’s good to have a broker who’s helping you, who really knows your business.
And that’s just somebody that sort of understands it. So, they’re helping you complete the applications because there’s also a lot of denial of coverage. I mean, insurance generally, I mean, you always have a risk of denial of coverage.
And that typically occurs for a number of different reasons. One is because you didn’t complete essentially the application appropriately. So maybe you didn’t fully represent or you mischaracterized elements of that maybe would increase your risk if you would have disclosed them.
And insurers can use that part of the policy as an opportunity to deny you coverage. There’s other ways that coverage can be denied as well, but the application process. So, what happens a lot of times is businesses sign up for something and they’re not filling out the forms, the applications correctly or something.
So, I scan, if anyone follows me on LinkedIn, you’ll see I’m very active in looking at active cases that are out there in the country that are relative to cyber liability. Many of them have to do with denial of cyber liability insurance. And now you’ve got the actual business left holding the bag of that liability.
So, one of the other benefits though of cyber liability insurance is that in order to get a really good policy that actually covers the risk that you need to have covered on your business, it probably will require you as a business owner to really examine and assess the processes and procedures and the technology you have in place. So, it does provide you that sort of like, people that maybe apply for life insurance for the first time, hopefully it’s not the first time you’re getting a physical, but you will probably get a physical at that point because they want to know before they insure you that there’s no underlying risk. And there’s a similar process now with cyber liability insurance.
That wasn’t always the case. It used to be a lot of self-assessments now or self-check the box or checklist. Now there’s even employed third parties.
And I don’t know if we get into the safeguards rule, but that was a big thing that came out this year too, which sort of dovetails with cyber liability insurance, which now essentially requires many more businesses within certain categories of businesses to get things like annual penetration tests and have annual assessments done, which are things that businesses should be doing anyway. So, I think that’s why the application for cyber liability insurance in and of itself is a good exercise, but it should not be to go back, perhaps the answer to your question, it should not be the only thing you do, but you’re really not going to get away with that anymore. It could have been five, six years ago, it could have been the only thing you do.
You’re not going to get away with just signing up and getting cyber liability insurance and doing nothing else.
[Nicholas]
Well, that kind of segues into the next spot. Thank you for that. You talk about kind of threats and protecting from them.
Is there any frameworks? Is there any strategies? Is there anything that you would recommend for anyone in business to pay attention to, to learn more about, that would help them in regards to these areas?
All these business owners, right? They’re trying to run their business. They’re trying to develop in their business, and this is maybe a very small component.
So, is there something that’s pretty basic that you can kind of educate them with?
[Don]
Well, yeah, and I mentioned it earlier, the safeguards rules. So that, without a huge background on that one, safeguards rule has been around for a while, but it applied really only to banks up until recently. So earlier this year, the Federal Trade Commission, the FTC, adopted a version, or essentially adopted the safeguards rule under its purview to apply to businesses that are beyond sort of just traditional banks, and expanded it to businesses that they still call financial institutions, but would include any sort of business that handles essentially large volumes of money on a daily basis.
So that includes even things like car dealerships, mortgage brokers, and things that wouldn’t necessarily otherwise apply. So, safeguards rule now applies to those types of businesses, but even if it doesn’t, you’re not in that category, there’s essentially nine or 10 different sort of requirements that form a really good framework within the safeguards rule, which as I mentioned earlier, includes having actual annual assessments and penetration tests. It includes having board updates on where you stand from a cyber perspective.
It includes, in some instances, having a written incident response plan as well. So, if you don’t do anything else, look at the safeguards rule, because I think as a business, it’s ultimately going to be something that’s perhaps adopted at the state level. We are seeing some states already.
Actually, if you do business in the Commonwealth of Massachusetts, they have something already in place that would require you to do those things, even if you’re a regulated business, like I mentioned, banks, healthcare organizations, because of HIPAA and educational institutions, you already have frameworks that you have to follow.
[Nicholas]
I understand, okay.
[Don]
Yeah, yeah. I mean, the other one that people talk about, and there’s versions of it sort of for small business, is the National Institute of Standards and Technology, NIST, their framework, which can be overwhelming if you look at it, but it can be done in phases. And I find that businesses that start the process of looking at NIST, find that they already have done many of the things.
They include simple things like inventorying your assets. Their assets, yeah. Make sure you know what can be recorded.
Documenting things. Yeah, and most businesses hopefully have already done that, but it essentially allows you to, it sorts out a macro level and really you can get as detailed as possible. So yeah, I mean, I’m a big proponent of, regardless of the size of your business, something can be, from a framework perspective, can be scaled.
And I really do think, and unless you’re an anomaly type of business, if you don’t have some sort of framework in place, you’re going to find yourself on that sideline, not being able to do businesses, do business with certain types of businesses that are going to require you to do this stuff. So, vendor management. So, if you have customers out there who are any sort of institution of any sort, any size, they’re going to be requiring you to follow these frameworks.
[Nicholas]
Yeah, excellent. That’s great advice. I really appreciate that.
You know, kind of as we kind of move into advice, you started earlier that you were kind of a computer science guy and then you kind of moved in different career. What advice would you give for individuals aspiring to get into the career that you’re in from the legal perspective, but the cyber, right? Quite unique.
Like what advice would you give them?
[Don]
Yeah, well, really make sure you have a passion for it. And that’s advice for anything. I mean, it’s amazing.
You can make anything into a career if you have a passion for it. But the contrary is true. I mean, you could have what seemingly looks like a career, but it will be a drudge on you every day if you don’t have a passion for it.
So that’s foremost. Enjoy sort of the ever-changing landscape of what technology brings. You know, some areas, I kid with some of my partners who are in more static type of practices where nothing changes, the law doesn’t change.
And that’s pretty rare, but there’s very few. But like real estate, at the end of the day, there’s not a whole lot of changes that happen in real estate law on an annual basis. So, you have to be, if you want to get into cyber and law in particular, you’re going to know and have to be willing to be a life learner.
Like we talked about earlier and constantly be reading and keeping up on things and so forth. I mean, my regrets is that I haven’t been as deep on the tech side. So, I think the toolbox that the most successful, however you define that, cyber lawyer would be one who does have a really deep technology bench of sorts or experience, who maybe has that degree in technology management of some sort and then goes to law school.
Sort of like what we see with patent lawyers. So most, if you’re not aware, but to be a patent lawyer, you actually have to have an undergraduate degree in a hard science, like an engineering or biology or something like that in order to sit for the patent bar, which is a little bit different. But I could see that being something that those that want to get into this should develop because frankly, that’s the more complicated part of it.
The law part of it is ever changing, but that’s perhaps easier to pick up. So yeah, no, there’s definitely a lot of opportunities. We don’t see, especially, and I pride myself because in the idea that I service, I provide services that maybe are otherwise only available by really big metro city law firms.
I mean, we’re 130 lawyers here at Barley Snyder. We’re not small, but many of our clients are middle market, smaller businesses. So, to providing access to this type of practice area, I enjoy helping those smaller businesses that wouldn’t otherwise be able to secure that type of advice from another resource.
[Nicholas]
That’s wonderful. And you mentioned earlier that you post a lot of content, and you give a lot of content out there. Could you tell everyone how to access that information and maybe understand a little bit more what you’re providing every day?
[Don]
Yeah, I mean, so if you follow me on LinkedIn, if you want to connect with me, I’m there as Don Guider, my name. And what I typically try to post three or four or five times a week are cases that I see out there. And I’m the one who, so you don’t have to, I actually read the filings, the court filings.
And I often will post those court filings in case you really want to read them. And it’s interesting that you can grab some interesting facts from these. I don’t try to comment too much on them from a what was done wrong, more of a takeaway.
Like, here’s something to think about. So like, even this one I posted today, earlier today, was one of those rare instances where the fraudster actually got caught. So, this was essentially a 19-year-old hacker, if you will, from Wisconsin, who did some credential stuffing and essentially obtained credentials to various online gaming websites.
And I think it was, at its heyday, was running their own credential stuffing site on the dark web and earning, you know, 15, $20,000 a day through that. So, they were actually caught, he was caught. So, I, you know, I actually posted the criminal complaint and it’s interesting because it was brought by the federal government, a United States attorney.
It actually, it’s kind of scary that they put this information out there, but they almost give you a play by play in this, complete with diagrams on essentially how the fraudster did what they did. Wow. So hopefully people don’t take these things and actually get ideas, but it does show you how these things go down.
And so that’s what I like to do and glean from these, because frankly, a lot of these cases don’t get litigated. So, you know, a lot of things I talk about in Warren, we learn about breaches, and we see those in the news and so forth and, you know, but you don’t always get the information of how it happened necessarily from that. But when that entity that had the breach gets sued, you can read the complaint and it gives you a lot of information of what happened.
So, it reinforces a lot of the things that we’re trying to teach and educate people on. Like I have an event that I’m speaking at in a couple of weeks, which will include chief technology officers from all school districts in Pennsylvania. And, you know, so in preparation for that, I’ve been more mindful of situations and cases that are impacting the school districts and so forth.
And found a situation, a case for earlier this week, actually, where a school district in Connecticut was suffered a loss by virtue of a business email compromise to the tune of $6 million.
[Nicholas]
Wow, wow. You know, it’s interesting you say that we had a local school district in the state of Pennsylvania that had the same thing. An IT manager completed a cyber application, noting that they had multi-factor when they did not.
That IT manager left, and then in turn, they were compromised in their entire payroll system through the entire district. And the carrier decided that they were not gonna cover the claim because they lied in their application. But in turn, the broker assisted them.
However, that, you know, more and more is happening, which is amazing. Yeah, wow. Well, did you have any parting thoughts or comments for anybody that’s with us today?
[Don]
Well, no, I just encourage folks to reach out to us, me or you, if they have any questions. I’m always delighted to have conversations with people. And I really connect with those that I think are like us here, who are just always curious and looking to educate themselves and be life learners.
I definitely subscribe to that idea that we shouldn’t be static beings and consuming the right type of information. Obviously, our culture, our society is filled with information overload. And too much information can be overwhelming.
But sort of find and encourage people just to sort of find their channel of sorts and make their way through it and learn as much as you can about, you know, whatever topic interests you, whether it’s this or something else. You know, I love hearing and talking with people who are passionate about what it is that they do. And it’s contagious, frankly.
So, I just encourage folks that are listening to continue to consume those things that inspire you and know that you can make a difference with that information to help your clients and customers and others that are in your influence sphere.
[Nicholas]
Well, thank you, Don. I appreciate it. You’re a wealth of knowledge and you’re kind at sharing your information.
You know, everybody check out Don Guider’s LinkedIn, absolutely a great resource. I’m always empowered through education through that format when I read what he posts. And thank you all for joining us on this enlightening journey through the realms of cybersecurity and servant leadership.
As we conclude today’s episode, I want to leave you with this. In the ever-evolving digital landscape, leadership isn’t just about authority. It’s about service, empowerment, and collaboration.
Take these principles with you into your week, whether you’re leading a team, navigating legal landscapes, or simply seeking inspiration for your personal growth. Remember, the power to make a positive impact is within each of us. If you enjoyed today’s episode, don’t forget to subscribe, share, and leave us a review.
Your feedback is like fuel. Connect with us on our social media at ONE 2 ONE INC.com to continue the conversation. And it’s always, you know, good to stay inspired, stay secure, and lead with purpose.
Until next time, this is Nicholas Paulukow signing off with Servant Leadership Library, wishing you a cyber safe and servant led journey ahead. Take care.
Want to Be the Next Guest?
Complete the sign-up form and share your servant leadership story!