THE CYBER SEA: Lessons in Leadership, Identity, and Hard Work
As chief information security officer at PrismHR, Dwayne Smith leads the company’s cybersecurity efforts. He works to strengthen cyber defenses, and guard vital information from internal and external threats. A vast and evolving field, cybersecurity requires constant vigilance, training, and adaptation.
Smith may be a relative newcomer to the PEO industry, but his background boasts impressive cyber credentials from service in the United States Navy, consulting with government agencies, and leading cybersecurity efforts for Cummins, Inc., a large multinational company.
Underpinning his professional life, is a personal journey of hardship, hope, service, grit, and success. He spoke with PEO Insider ® to share his story.
In his prior role as global director of cybersecurity engineering at Cummins, Smith says that he began to notice that many suppliers experienced cyberattacks. In many cases, large companies suffered hacks because of small companies they had a relationship with.
This trend motivated Smith to think about how small companies could strengthen their cyber defenses. He realized that a cyber attack on a small company may seem like an isolated event, but it can be the stream that turns into a tributary that turns into a river.
“Like many people, I reflected a lot during COVID,” Smith recalls. “I was looking for something different, and when I learned about the PEO industry, I realized it supported small businesses.”
Smith found himself wanting to help small businesses bolster their cyber defenses and improve cyber hygiene. Joining the PEO industry offered him a way to put his skills and experience to use in this way. He notes that many PEO leaders have learned cybersecurity the hard way. He hopes to use his background to influence the industry for the better.
He’s encouraged by the fact that more people than ever are undertaking cyber training, and that businesses are bringing people on board with cyber backgrounds to spearhead this effort. There will always be some level of risk, but appropriate safeguards and strong training can make a business a less than ideal target for hackers.
Smith never intended to become a cyber expert. It’s just the way life worked out. Born and raised in a small Appalachian town, Smith knew he wanted to set out on his own course beyond the confines of his hometown.
“I grew up in a very poor area of the country. A lot of my high school friends made the decision to stay there, but I knew I wanted to leave, I just didn’t know how,” Smith says.
He attended Berea College in Kentucky, an experience that had a profound impact. College exposed him to many new ideas, perspectives, and cultures. His horizons broadened. He also began to develop what would become a lifelong commitment to diversity and inclusion. Smith recounts unfortunate incidents during which friends of his were mistreated due their backgrounds, and that’s part of the reason why focusing on diversity & inclusion is so important to him.
After his time at Berea, though, he was still unsure what sort of career he wanted to pursue. So, he joined the United States Navy which is what first led him to the world of cyber.
“I graduated from the Navy’s nuclear power program, and then found my way into cryptology,” Smith says.
“I worked with some 3-letter agencies studying networks and digital communication patterns. We didn’t even call it cybersecurity back then, it was called COMSEC, INFOSEC, and DATASEC.”
In the 1990s, unauthorized intrusions into government networks became a real threat. As the guy who knew about systems, Smith often found himself in the right place at the right time. He admits that he didn’t recognize cybersecurity as a career path at the time, but he pursued opportunities as they were presented and that’s what led him to where he is today.
His military training and experience taught him several lessons beyond his cyber skills that are still important. First, he says, if you’re the smartest person in a room, find a different room. Challenging yourself and taking risks is uncomfortable and hard, but it’s rewarding. You grow by pushing past boundaries and being willing to do the hard work.
The second lesson he learned can be captured by Isak Dinesen’s quote: The cure for anything is saltwater: sweat, tears, or the sea. At sea you’re isolated; for Smith, that was a calming influence. Being on a ship also forces you to be in constant contact with other people, you must learn to get along and work well with others.
The sea is also a good metaphor for the cybersecurity field. Some days are calm and peaceful, others are dark and stormy. Some days the course is clear, other days it’s uncharted. Smith sees his role as helping companies get where they need to go on the cyber sea.
THE STRUGGLE FOR IDENTITY
You may be familiar with the National Institute of Standards and Technology’s (NIST) 5-part cybersecurity framework: Identify, protect, detect, respond, and recover. While all five components are important, Smith says a business should consider putting the bulk of its cyber investments behind identify, respond, and recover.
Protecting your systems from and detecting cyber-attacks are good, but cyber is an ever-evolving field and bad actors will never stop trying to penetrate systems. By focusing on identify, respond, and recover, a business can make it easier to limit the fallout from a cyberattack and get operations back to normal quickly.
Identity is the new boundary for cybersecurity, Smith says. It’s a hard concept for many to fully grasp. How do you ensure the person accessing the data is who they say they are?
“In the old school days, you were in an office on a network and the firewall basically kept you safe,” Smith explains.
“Now, with everything internet based, the password is the primary thing protecting you,” he adds.
And speaking of passwords, Smith’s not a big fan.
“They’ve outlived their time, but it is still important to have a strong password and not reuse that password,” he says.
Also, a good password manager is important to help eliminate password reuse.
He makes the point that within the confines of the English language there are a finite number of password combinations. To be sure, it’s a very large number, but he notes that computers are only learning to processing large amounts of data faster. Hackers just keep trying possible passwords until one works, he explains.
Even with multi-factor authentication enabled, if your password has been compromised, then you really only have one-factor authentication. Smith suggests that authenticator apps, certificates, or single use passwords should be considered.
This struggle with identity is deeply personal for Smith, too.
Growing up, many people took pity on him, he recalls. Expectations were not set very high, but he did not let that define him. He learned how to succeed. Tragedy struck early when his father was killed by a drunk driver over a Fourth of July weekend when Smith was just five years old. It was a pain and hardship that still resonates today.
Smith says he sadly watched too many of his friends fall victim to the pill mill epidemic that has swept much of the country, but especially Appalachia.
These struggles and the plight that so many in the region deal with are chronicled in a book his uncle wrote, An Appalachian Boy’s Life: A Walk In Three Centuries. One day, Smith hopes to write the sequel.
He’s achieved a lot of success in his life, but it’s come at a personal cost.
“I had to struggle with my background,” he says. “I lost my accent and like many people, I had to re-invent myself. The saddest day of my life was my grandfather’s funeral because a gentleman who I had known my whole life did not recognize me because of how much I had changed.”
“To be successful and grow, I had to leave some things behind.”
Smith’s upbringing has instilled in him a desire to help other people realize opportunities. He’s tried to do this whenever he’s had the chance. Whether in the military or in business, Smith has focused on bringing people in who others may have dismissed or overlooked. Diverse perspectives and backgrounds strengthen teams and help everyone grow, he believes. In one instance he describes how a team of diverse cultures was able to detect a widespread phishing scam in 30 languages. Bringing more women into the cyber field is a passion for him, too, since he is the father of two young daughters who are already learning to code.
He encourages people to set goals, but to think of them as way points, not end points. Goal setting requires introspection and reflection on where you want to go. He cautions not to stay hyper-focused on one goal or you may miss an opportunity on a different path.
As an industry, PEOs have made great progress in strengthening cyber defenses and improving cyber hygiene. Yet, hackers and bad actors learn and grow, too.
“Cyber needs to be a community and industry wide effort, we need the power of everyone working together,” Smith says.