Here at Hagerty, we truly believe the advantage is our people. October is Cybersecurity Awareness Month, a time that stands to promote the importance of cyber resilience and provide people with the tools and resources needed to secure their sensitive data and stay safe online. In honor of this, we are highlighting members of our Cyber Sector Team to discuss their professional experiences, personal resilience measures, and perspectives on the top cybersecurity threats facing organizations today.
1. Tell us about yourself and how your career path led you to Hagerty.
Erin Bajema: After studying international relations, I first began my career at Hagerty as an intern in our Austin, Texas, office. By the time my internship ended, I had grown to love the field of emergency management and moved into a full-time position within the Preparedness Division based in our Evanston, Illinois, location. I’ve now been at Hagerty for four years, and in that time, I’ve only grown to appreciate the profession more and more.
Ben Lorenz: I think it would be fair to say that my career path has been circuitous. I began working in education as a physics teacher for four years before moving into school leadership positions and, ultimately, an Assistant Principal position. Over my seven years in school leadership, I was a member of the emergency planning team for multiple schools, eventually spearheading a complete overhaul of their Emergency Action Plans (EAP). Engaging in these projects sparked a passion for emergency management I didn’t know existed and catalyzed a career change.
Julia Arnopp Burns: I am based out of Chicago, Illinois, and have enjoyed exploring since moving here over three years ago. My path into emergency management started when I studied public health at Tulane University in New Orleans, Louisiana, and took an elective class on emergency management. After that, I was hooked and stayed in New Orleans to obtain my Master of Public Health (MPH) in Disaster Management. After graduating, I moved to Chicago to take a job in emergency management for a university. This opportunity allowed me to gain real-world experience in the field, especially once the COVID-19 pandemic hit. After working there for over two years, I was ready for a new challenge and wanted to move to a job with more opportunities to work on a broader breadth of projects, which ultimately led me to Hagerty.
2. What do you find most rewarding about working in the field of emergency management, specifically as a cyber professional?
Erin Bajema: One element of emergency management, and cybersecurity in particular, that I really enjoy is the creative problem-solving it requires. Emergencies are often unpredictable and push the limits of the systems and protocols we have in place. This requires the ability to create novel solutions and think beyond established processes. Helping our clients with this type of problem-solving is one of the most gratifying parts of my job.
Ben Lorenz: Emergency management is such a fulfilling career. While it can be exhausting to think about contingency plans for contingency plans, the emergency planners who understand their mission know that their real job is to plant seeds that will take time to germinate. It takes training, practice, and exercise to embed the concepts written in an abstract plan into the reflexive minds of emergency managers who will respond to a real-world incident.
From the cyber-specific angle, offering substantive contributions in an industry on the cutting edge is exciting and gratifying. Paradigms have never changed as rapidly as they have in the Internet Age, and it’s fair to say that emergency management and many other industries are still playing catch up. I love that it’s my job to think about an angle or a concern that has been unexplored up to that moment. Even when my specific tasks don’t involve innovation at that level, simply knowing I might be helping a government or an organization be five minutes more prepared for a disaster is incredibly rewarding.
Julia Arnopp Burns: I love working in emergency management because I have always been passionate about helping people and communities. What is most rewarding about working in emergency management as a cybersecurity team member is helping educate people on how easy it can be to learn and prepare. Cybersecurity does not have to be intimidating and reserved only for those who know how to code or are Information Technology (IT) geniuses. Simple things that we do every day can contribute to a secure cyber environment.
3. What do you see as the top cybersecurity threats facing organizations now, and what advice do you have on how to prevent or mitigate those threats?
Erin Bajema: As cyber threats continue to spread, diversify, and become more sophisticated, organizations must now consider their cyber assets and how to protect them. My first piece of advice is to start with what you have, even if that’s nothing, and build from there. An organization that has started building its stakeholder relationships, begun the development of a cyber plan or policy, or held a short tabletop exercise (TTX) will always be better prepared than an organization that has not. Don’t be afraid to start with small preparedness measures.
Ben Lorenz: Within the cybersecurity realm, we need to focus on creating adaptable organizations. It is incredibly challenging for large organizations to develop plans for cybersecurity threats, considering how rapidly the threat landscape is changing. This is fundamentally different from other significant threats. Hurricanes are a great example. In the future, we can expect hurricanes to behave similarly to how they have in the past, with some adjustment for climate change, and implement efforts to mitigate these threats accordingly. Cyber threats are evolving so much more rapidly. Organizations must adopt a new way of thinking by asking, “How can we be more nimble, and how can we create an organization that is more adaptable to threats and resilient to attacks?” This is why exploring the Zero Trust Model, or comparable architectures, is so essential. These are fundamental reconsiderations of the approach to cybersecurity that seek to establish higher prevention and response capability to the next threat rather than the current threat.
Julia Arnopp Burns: I think that simple things, such as phishing emails or compromised passwords, can be a massive threat to organizations, but those are threats that can be mitigated through training and education.
4. How do you personally build cyber resilience and security?
Erin Bajema: Individually, working to better my own cyber hygiene practices has been important for me. We are so interconnected through the internet, Internet of Things (IoT) devices, and other systems to the point where each of our actions has the power to impact others and collective cybersecurity. Being aware of common threats like phishing and being diligent about my own password maintenance has become part of my practice the more I’ve learned about cybersecurity.
Ben Lorenz: You probably hear it everywhere, but I urge everyone to utilize Two Factor Authentication (2FA). It can be a nuisance, but it is incredibly valuable. I would also submit that skepticism, especially cyber skepticism, is a virtue we should teach our children both at home and at school. The earlier we teach our youth how to avoid being targets on their personal devices, the more prepared our society will be as those children age into adulthood. I am regularly having conversations with my children about specific threats like phishing emails and data security and broader security philosophy, like how they can think like active defenders. When some new technology comes along, our first thoughts should be, “How could this have made me less secure?” This is the pathway to better protection, detection, and mitigation.
Julia Arnopp Burns: To avoid cyber threats and phishing scams, I never make assumptions. If I get an unexpected email that looks even slightly off, I will double-check with the sender to make sure it came from them.
5. What are you passionate about outside of work?
Erin Bajema: Outside of work, I love to read, play board games, and spend time outdoors. I also love spending time by Lake Michigan and traveling whenever I get the chance.
Ben Lorenz: I love being active! I’m an avid cyclist, but I also coach my kids’ baseball, softball, and flag football teams. We do a lot of hiking and exploring. We are also a big theater family and finally got to revisit Broadway just a few weeks ago!
Julia Arnopp Burns: I love getting outdoors, whether it’s walking around the city in the summer or skiing in the winter. Having only lived in Chicago for a few years, there is still so much to explore.
To learn more about Hagerty’s work elevating clients’ operations relative to cyber incident preparedness, response, and recovery, view our cybersecurity publication here.
Erin Bajema is Hagerty’s Cyber Sector Lead with experience supporting a range of emergency planning efforts in her capacity as a planner and analyst for several preparedness projects. Ms. Bajema has worked on projects related to pre-disaster recovery and redevelopment planning, hazard mitigation, and cyber security, producing written deliverables and other materials that contribute to strong planning products.
Ben Lorenz is an emergency management professional and Senior Cyber Preparedness Specialist with a diversified background and a unique ability to synthesize varying perspectives. At Hagerty, Mr. Lorenz has envisioned multiple innovative solutions in the emergency management field, including database-driven projects to streamline Continuity of Operations (COOP) procedures and the development of active threat protocols.
Julia Arnopp Burns is a public health professional with a demonstrated history of working in the emergency management field. Ms. Arnopp Burns has directly supported planning efforts across various sectors, from healthcare to cybersecurity. As a member of Hagerty’s Cyber Sector Team, Ms. Arnopp Burns assists in the development of educational materials and helps the team navigate funding streams within the cybersecurity landscape.