top of page

Episode #

21

Grobstein Teeple's Erik Rasmussen on How to Improve Your Security Consulting, Client Relationships, and Leadership



Show Notes

In this week's episode of the Future of Cyber Risk podcast, David speaks to Erik Rasmussen, Global Head of Cybersecurity and Risk Management at Grobstein Teeple LLP, a leading consulting firm offering cybersecurity and business consulting services. They discuss what it means to be a leader in the cybersecurity world, how Erik's secret service and social sciences background contribute to his consulting, and how he works with clients on a daily basis. They also discuss what security practitioners tend to get wrong, what skills are important for security, and advice for new security professionals.


Topics discussed:

  • Erik's background that lead him to security, from majoring in history, to attending law school, to being recruited to the secret service, to finally moving into the private sector as a security consultant.

  • The day-to-day work as a security consultant, which includes working with clients on incident response, strategic management, overflow monitoring, security testing, and more.

  • What security practitioners get wrong about risk, and why solving problems involves putting people before the technology.

  • What skills are necessary to possess in security, and the importance of reading, writing, and ongoing learning.

  • How security professionals can be better writers, and communicate their ideas and findings more clearly to those who may not have security backgrounds.

  • Advice for security professionals on how to improve networking skills, how to collaborate with others, and why it's beneficial to focus on just a few areas of expertise.

Quotes from Episode

#1.)

"There is a dependency on technology to be the problem solver, rather than the human influencing the technology to be the problem solver. ... But until a human helps in that logical chain or that analysis chain, you're never going to be served properly." (20:49)


#2.)

"That risk management conversation is all about right-sizing. It's all about ... advising them on what they have to worry about, versus what they think they should worry about. Because sometimes that's two different conversations." (23:17)


#3.)

"Reading and writing skills are still immensely important in security. ... Because most of your stakeholders are CEOs, COOs, general counsel, external law firms — people that aren't from that world — you still need to articulate what you're working on, and that involves a lot of writing." (25:48)


#4.)

"The demands are unlimited for cybersecurity. However, your time is not. So you need to learn how to be good at a couple of things as opposed to average at everything. (42:45)

#5.)

"When you come to the idea of leadership, you have leaders, you have followers, and you have the context and the common goals. ... If I don't understand and appreciate what the IT professional does, how is he or she going to appreciate what the cyber professional does?" (44:38)

bottom of page