Exploring the IT World
An Interview with Rochelle Yoder, Hummel IT Director
What drew you into the IT world?
When I was trying to decide on a major and what to study in college, I had various interests. However, I was concerned that if I pursued any of those interests as a career, they might lose their appeal. For example, I was involved in church and thought that if I became a pastor, it would become a job rather than a passion. Similarly, I loved working with children, but I worried that a career in teaching or childcare might dampen my enjoyment. Since I excelled in math and had a curiosity about computers, I decided to study computer science in college. I figured it would be a way to explore my interest in technology and see if it resonated with me. Eventually, I found my niche in IT hardware, networking, and systems, which led me to pursue a career in the IT world.
How long have you been the IT director at Hummel Group? And what is your IT history?
I’ve held the position of IT director at Hummel Group for about three years. Before that, I started as an IT specialist and gradually progressed to IT manager before assuming the director role. In total, I’ve been with Hummel for a little over six years, not including the two years at an IT firm that supported the company. Prior to that, I spent some time doing some work as an IT specialist and some programming, giving me a total of fourteen years in the IT industry.
What are your favorite and least favorite aspects of your job?
Until recently, my least favorite part of the job was managing people. However, Hummel has been investing in leadership training, which has made managing more enjoyable. It can also be difficult being on call 24/7 if something comes up. As for my favorite part, I appreciate the variety that comes with working in IT. Instead of performing the same task repeatedly, there’s always something different to tackle, which keeps things interesting.
What advice would you give someone entering a leadership position in the IT world?
My advice would be to prioritize continuous education and stay updated on technology and cybersecurity. Whether it’s through daily news podcasts, professional magazines, or other relevant sources, it’s crucial to remain informed. Additionally, focus on making your IT team both efficient and secure. Balancing security and efficiency is key to ensuring the smooth operation of your department while mitigating risks.
What keeps you up at night in terms of IT security?
Security breaches, particularly ransomware attacks, are a major concern. While we have processes in place to recover from such incidents, they still pose significant challenges. Knowing that the potential for breaches exists is something that can keep me up at night.
What’s one thing you’d recommend businesses implement to make the biggest impact on their network security?
The most impactful measure would be to cultivate a security-focused culture within the organization. This is also the most challenging aspect to address. Ensuring that every employee is vigilant about security, from verifying phone calls and not divulging sensitive information to recognizing phishing emails and assessing the authenticity of websites, is crucial. Security awareness training plays a vital role in creating a culture shift so that employees realize they are the last line of defense. A quote I read recently is, “Cybersecurity is a culture not a product.” All the security products in the world cannot protect against all vulnerabilities.
Two-factor authentication can be annoying and cumbersome for companies to implement. Why is it worth it?
While implementing two-factor authentication (2FA) may require some additional effort, it is absolutely worth it for enhancing security. The primary benefit of 2FA is that it adds an extra layer of protection beyond just a password. Let’s consider a scenario where someone falls for a phishing attack or their computer is compromised with a keylogger. Even if the attacker obtains their password, they still can’t gain access to the account without the second factor of authentication. The second factor can be in the form of a text message, a code from an authenticator app, or a similar method. This additional step significantly reduces the chances of unauthorized access because the attacker would need physical possession of the user’s device or access to their phone number.
Implementing 2FA across all systems provides an added layer of security for employees. If someone’s password is compromised, the system will send them a 2FA code without their initiation, alerting them that someone is trying to access their account. This allows us to quickly identify a potential security breach and take appropriate action.
Studies have shown that 2FA is highly effective in preventing breaches, with an estimated 95-99 percent of attacks being thwarted by its implementation. It serves as a powerful deterrent against unauthorized access and significantly reduces the risk of account compromise.
In addition to implementing 2FA, using a password manager can further enhance security. It allows users to have unique and complex passwords for each system without the need to memorize them. Instead, users only need to remember the password for their password manager, which grants them access to all their stored passwords securely.
Overall, while implementing 2FA may introduce some inconvenience, the benefits it brings in terms of security far outweigh the initial effort. Alongside other security measures, such as regular training and fostering a security-conscious culture, implementing 2FA is one of the most effective steps organizations can take to protect their systems and data.
How do you see the advancement of AI affecting the cybersecurity world? Will it make your job harder or easier?
Like any technology, AI can be used for both positive and negative purposes. AI tools can aid in advancing security, but they can also be leveraged by cybercriminals to launch more sophisticated attacks. On the one hand, AI can enhance threat detection by analyzing vast amounts of data and identifying patterns that humans might miss.
It can help automate routine tasks, freeing up time for IT professionals to focus on more complex issues. However, AI-powered attacks could also become more prevalent, with malicious actors using AI algorithms to exploit vulnerabilities and develop new attack vectors. As an IT director, I believe AI will require us to continually adapt and enhance our cybersecurity measures. We’ll need to stay ahead of the curve by leveraging AI ourselves to strengthen our defenses and develop countermeasures against AI-driven threats. It’s a constant cat-and-mouse game, but with the right strategies and a proactive approach, AI can be a valuable asset in our fight against cybercrime.