Podcast Summary: Coaching for Leaders – Episode 728: Lower Your Risk of Being Hacked, with Qasim Ijaz

Release Date: April 7, 2025
Host: Dave Stachowiak
Guest: Qasim Ijaz, Director of Cybersecurity at a Leading Healthcare Organization

Introduction: The Rising Threat of Cyberattacks

In Episode 728 of Coaching for Leaders, host Dave Stachowiak delves into the pervasive issue of cybersecurity with expert guest Qasim Ijaz. As data breaches become increasingly common, Dave emphasizes the critical need for leaders to understand and implement robust security measures to protect their organizations and personal information.

"Leaders aren't born, they're made," Dave begins, setting the stage for a conversation that intertwines leadership wisdom with essential cybersecurity practices. (00:00)

Understanding Ethical Hacking

Qasim Ijaz introduces the concept of ethical hacking, also known as offensive security, which involves cybersecurity professionals simulating attacks to identify and rectify vulnerabilities within an organization.

"Ethical hacking... is hiring a cybersecurity professional to attack your organization... to help you prioritize what you need to fix." (02:36)

Using a Star Wars analogy, Qasim explains that ethical hackers wield "blue or green lightsabers" to defend rather than harm, highlighting their role in strengthening defenses against malicious threats.

Personal Cybersecurity Practices

The conversation shifts to practical steps individuals can take to enhance their personal cybersecurity. Qasim underscores the importance of Multi-Factor Authentication (MFA) as the first line of defense against unauthorized access.

"Start with multi factor authentication... you're proving that you are who you are using something you know, and secondly, something you have." (04:26)

He advocates for the use of passphrases over traditional passwords, citing their superior security due to increased length and complexity.

"Instead of an eight-character password... use a long pass phrase... it's going to be an exponentially better credential." (06:58)

Additionally, Qasim recommends password managers to generate and store unique passwords for each service, mitigating the risk of password reuse—a common vulnerability exploited in data breaches.

"Use a password manager that will create a new password for every website you use." (08:40)

Freezing Credit: A Crucial Step

Dave and Qasim discuss the significance of freezing credit reports to prevent identity theft, especially following data breaches that expose sensitive personal information.

"Freezing your credit... is something everyone should be doing these days." (13:03)

Qasim advises conducting credit freezes directly through reputable agencies like Equifax, TransUnion, and Experian to avoid scams.

"Don't fall for any sort of scams online where they will tell you they will do it for you, but they're stealing your information." (14:15)

Organizational Cybersecurity: Beyond the Technical

The dialogue transitions to organizational cybersecurity, where Qasim highlights the often-overlooked non-technical aspects that can be the weakest link in defense strategies.

"It's not the user that is the weakest link. It's our processes, our policies, our bad cybersecurity culture in the organization." (32:18)

He emphasizes the importance of incident response tabletop exercises, which simulate cyberattacks to evaluate and improve an organization's resilience and response strategies.

"Perform periodic... tabletop exercises... involve C Suite, IT, HR, PR, marketing, sales." (22:10)

Moreover, Qasim points out that even organizations with strong technical defenses can falter if leadership does not adhere to basic security practices, such as maintaining strong passwords.

"They never could get their CEO to change their password... the CEO's password was the company's name on all lowercase." (20:44)

The Role of AI in Cybersecurity

Addressing the burgeoning role of Artificial Intelligence (AI), Qasim advises leaders to develop clear policies for AI usage within their organizations. He warns against the unregulated use of AI tools like ChatGPT, which can inadvertently lead to data leaks.

"Train your users to be careful to be good with their AI usage... keep your intellectual property confidential." (26:41)

Qasim underscores that AI is already integrated into many organizational tools and that proactive policies can harness its benefits while mitigating security risks.

Shifting Mindsets: From User Blame to Process Improvement

Towards the episode's conclusion, Qasim reflects on a significant shift in his perspective—from viewing users as the primary vulnerability to recognizing that organizational processes and culture often present greater risks.

"I don't think the user's problem. I don't think the user is to blame. I would like to start seeing the change occur with how we hold security to our organizational culture." (32:18)

He advocates for enhancing cybersecurity culture, refining processes, and making user training more engaging to foster better security practices across the board.

Conclusion: Empowering Leaders with Cybersecurity Knowledge

Dave wraps up the episode by highlighting the actionable insights shared by Qasim, urging leaders to implement both personal and organizational security measures. He also recommends related episodes for further learning and encourages listeners to access additional resources through the Coaching for Leaders platform.

"If this conversation was helpful to you... set up your free membership@coaching4leaders.com... access to the entire leadership and management library." (34:40)

Key Takeaways

• Implement Multi-Factor Authentication (MFA): Essential for securing accounts beyond just passwords.
• Use Passphrases and Password Managers: Enhance password security and manage unique passwords for each service.
• Freeze Credit Reports: Protect against identity theft following data breaches.
• Conduct Regular Tabletop Exercises: Prepare and test organizational responses to cyber incidents.
• Develop Clear AI Policies: Manage the integration of AI tools to prevent data leaks and maintain confidentiality.
• Focus on Organizational Processes: Strengthen cybersecurity culture and improve policies to reduce vulnerabilities.

Notable Quotes

• "Ethical hacking... is hiring a cybersecurity professional to attack your organization... to help you prioritize what you need to fix." – Qasim Ijaz (02:36)

• "Start with multi factor authentication... you're proving that you are who you are using something you know, and secondly, something you have." – Qasim Ijaz (04:26)

• "I don't think the user's problem. I don't think the user is to blame. I would like to start seeing the change occur with how we hold security to our organizational culture." – Qasim Ijaz (32:18)

For more insights on leadership and cybersecurity, explore additional episodes and resources by visiting CoachingforLeaders.com.