October is Cybersecurity Awareness Month and an important time to better understand the cyber risks you, families, businesses, and communities may face. Here, the Hagerty Cyber Team explains what they think are the most pressing cyber risks businesses and communities face today, answer questions about what led them to Hagerty, and discuss what they find rewarding about being in the field of cybersecurity.
How did your career path lead you to Hagerty Consulting?
Austin: I’m driven by two main things: opportunities to build a culture of preparedness and the integration between emergency management and emerging technologies. My passion for helping communities prepare for, respond to, and recover from disasters really cemented itself through my year of service as a Federal Emergency Management Agency’s (FEMA) Corps Team Leader. After my experience with FEMA Corps supporting New Jersey’s response to and recovery from Hurricane Sandy, I supported New York City Emergency Management’s (NYCEM’s) Ready New York program and became interested in education, training, and exercises. My Master of Public Administration (MPA) program at George Washington University (GWU) brought me back in touch with a former mentor from my time with American Red Cross and he introduced me to the world of consulting, where I met some of the wonderful role models and colleagues that would eventually familiarize me with Hagerty! Now I get to support Hagerty’s Preparedness Division by applying my experiences and expertise with planning, training, and exercises.
Erin: I started my career with Hagerty after graduating with a Bachelor’s in Global Studies, with a focus in security and cooperation. I had some experience in the nonprofit sector, but I was brand new to emergency management. Since then, I’ve had the opportunity to work on projects spanning our preparedness services, including plan development, exercise design, and instructional design. Some of my first projects were in cyber disruption planning, which led me to develop a deep interest in the interconnection between cybersecurity and overall community preparedness.
Agnieszka: I joined Hagerty after receiving my Bachelor’s degree in International Politics with a concentration in national security and a minor in Arabic. I have experience working and interning with academic institutions, nonprofit organizations, and think tanks, mostly focused on research. Although I loved researching emerging threats, I wanted to concretely see how I could apply the concepts I was learning in a way that would help people, which is where Hagerty came in. I joined Hagerty as a Preparedness Associate in February 2021, supporting the active threat and cyber sectors. Since then, I have worked on plans, training, and exercises preparing for a range of threats, from a domestic terrorist attack to a nationwide attack on the electricity grid.
What do you find most rewarding about working in the field of emergency management, especially as a cyber professional?
Austin: Our world is shifting and evolving constantly, and it takes a lot of work from the whole community to remain resilient against the emergent threats that are growing with us. With the expanding role of cyberspace in our lives, the pace of technological change can feel staggering. I am grateful to be able to merge my interests and abilities in a way that allows me to support others with building capabilities and staying resilient against cyber incidents.
Erin: I find the ability to empower communities to make incremental changes that lead to long-term resilience as part of my job to be incredibly gratifying. This has been the case across the projects I’ve supported, from pre-disaster recovery planning, to active threat drills, to cybersecurity planning. When the world feels overwhelming, I take comfort in the ability to support those incremental changes that make communities more prepared to withstand disasters. This is no different with cybersecurity; as more and more of our lives move online and into the cloud, cyber incidents have the ability to affect so much more than just data and systems. I’m grateful that my job allows me to support progress toward creating more cyber secure communities.
Agnieszka: One of my favorite aspects of working in emergency management is engaging directly with stakeholders to create plans, trainings, and exercises that address critical threats in a way that best serves their communities. I have really enjoyed educating communities on complex concepts like cyber preparedness in a way that is relevant to their specific roles and their specific community. Beyond just delivering products, my teams at Hagerty have always strived to empower stakeholders with the knowledge and tools to create more resilient communities themselves, and I am grateful to be a part of that effort.
What do you think are the most pressing cyber risks businesses and communities face today?
Austin: Cyber attacks are growing in sophistication and variety, and we need to be prepared for that landscape to continue to evolve, as new threat vectors form and previous points of security become vulnerable or weaponized. Broadly speaking, the most pressing cyber risk that businesses and communities face today is: disruption. It is critical for businesses and communities to incorporate cyber incident considerations into efforts to plan, organize, train, exercise, and improve. Similar to emergency management, cybersecurity cannot succeed in a vacuum, and efforts involving the whole community are needed to maintain continuity in the face of future causes of disruption.
Erin: In our increasingly digital world, both business and communities are facing unprecedented cyber risks; both in the quantity of threats and the attack vectors available to malicious actors. However, I think one important risk to note is the risk that cyber-kinetic threats, or those threats with cascading impacts on both cyber and physical infrastructure, pose. These events have shown time and time again the need for pre-event coordination and communication, and I think those capabilities are something almost any business or community can work to enhance.
Agnieszka: I believe that one of the most pressing cyber risks to communities is the lack of understanding of cyber threats. Although cybersecurity is highly technical, community-level cyber preparedness should not be difficult to understand. We need to teach our communities how to protect themselves from data breaches or getting hacked in the same way that we teach our communities to stop, drop, and roll during a fire.
How can individuals do their part to be more cyber-aware?
Austin: The language of cyber, so to speak, is growing increasingly relevant. With that in mind, this is a question where I want to encourage learning how to fish, rather than simply offering a fish. I’d encourage embracing conversations and news topics that drift into unfamiliar or technical areas, and ask questions or research answers along the way. Next time you see or hear “cyber” mentioned, tune-in!
Erin: As fundamental as it sounds, basic cyber hygiene at home and at work are critical. As the cyber threat landscape becomes more complex and cyber threats become more sophisticated, the basic good habits of personal cybersecurity become all the more important. Being aware of your passwords, your authentication systems, and which of your home devices are connected to the internet is a great place to start!
Agnieszka: I think it is so important to understand how to protect your privacy online. If you have never done a full audit of what information about you is available to the public and what information you have given to companies (e.g., social media or fitness apps), I would highly recommend it. Google yourself (then try different search engines as the results will be different!) and think about what information you don’t want to be easily accessible or breached. Some simple things like deleting old social media posts, using an email address with no personal information in it, and disabling certain app permissions can make a big difference in the long run.
What are you passionate about outside of work?
Austin: I love to cook. I often find myself using food and kitchen related analogies at work. The kitchen is where I find space to be creative with ingredients and processes, and it’s fun being able to taste the outcomes. My other great passion is martial arts – I have been practicing Aikido since my high school years. I find sword-work particularly therapeutic.
Erin: After so much time spent inside in the past few years, I’ve rediscovered my love of nature. I spend as much time as I can hiking and camping in my free time!
Agnieszka: I love to bake! I worked as a baker in a cake pop shop in high school and the habit stuck. I recently baked my first apple pie of the season and am looking forward to more fall treats.
Austin Barlow is a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities.
Erin Bajema is an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.
Agnieszka Krotzer is a preparedness associate at Hagerty. Formerly, she served as a Targeting/Open-Source Intelligence Analyst Intern with D4C Global LLC, responsible for researching intelligence practices in the Middle East related to nuclear proliferation to brief clients engaged in vulnerable industries. Her work in international relations has shaped her approach to preparedness, and she serves Hagerty on a series of projects related to after action reporting (AAR) and COVID-19 response and recovery.