Welcome to the Getting to Know You series from Genzeon and CompliancePro Solutions. We will be interviewing members from across these organizations so that our clients, partners, and the general audience can better know what makes our people shine.
Our first spotlight will be on Christopher Lyons, Director of Cybersecurity for CompliancePro Solutions and Genzeon. Chris has over 25 years of experience in the security industry conducting security assessments and strategic road mapping. His extensive experience in HIPAA, HITRUST, NIST, and PCI has been a vital resource for his clients in the retail, commercial, banking, and healthcare industries.
Here were some highlights from our conversation.
What is an interesting fact about yourself someone might not know?
I think probably the most interesting fact about me is that I live in northeastern Tennessee, out in the middle of nowhere on a big farm. It’s not a working farm, but we do have horses.
Caption: Photo from the farm of Christopher Lyons
What did you want to be when you grew up?
Originally, I wanted to be a lawyer and I went to college pre-law, but I changed that immediately, ending up with a business degree from Bethel University. However, I'd always been interested in computers and so I changed fields after I graduated.
It really started when I was little. Back when I was around nine or ten years old, I had purchased a computer. Pretty much nobody had home computers at that point. And I just kind of taught myself how to build them and run them. After I went to school for business and tried that field for a little while, I finally said, "Why don't I do what I love?" Since then, I’ve held just about every position I could aside from a developer. It was just a natural progression then getting into the security stuff.
Tell me about an experience that taught you a memorable, valuable lesson?
So growing up, my mom was an elementary school teacher. Later, I wanted to dip my foot into the teaching side of it at the college level. I left the everyday IT field to become a director of an engineering program at a couple of colleges (American National University and Virginia College) and later becoming a dean.
Seeing it from both angles — from doing the work and learning it on my own, to being able to teach it — I think that experience was very helpful, especially in being able to pass that on to students. After a little while, I needed to get back into the field. So instead of going back to being the one providing that security, I began doing the assessment or auditing to ensure that your security was what it should be and would meet regulations.
“The key to cybersecurity is you better never feel like, ‘I'm in a good position now.’ You've always got to be looking at what's the next step, what else can we do?”
Who has greatly influenced your life?
I think the person that most influenced me in my life was an old baseball coach of mine. I grew up in a single-parent household, and I played little league baseball. And I was I was kind of a little bit of a lost kid at that point at nine or ten years old. One of my friends’ dad took me in and treated me like his own son. He was a laborer who owned a heating and air company.
The thing that made an impression on me was his work ethic and that has formed some of my thought patterns about working. Someone at a company might say, “We need someone to do this.” Me: “Okay, I'll do it.” For that reason, I would say that's probably the person that has influenced me the most throughout my career.
The biggest thing for me on being a leader is leading by example. It's easy as a leader to say, "Hey, you need to do this, do this, do that." I've had leaders that when you get in a bind, and it gets busy, instead of them jumping in and helping, it gets piled more on you. I think a good leader is one that says, “you know what, let me help you with that.” That's how I've always done things.
What trends in cybersecurity keep you up at night?
There are several areas. A lot of the issues we are seeing nowadays is through ransomware and phishing exercises. Those are some of the most damaging and prevalent.
One of the things that I see is that one of our biggest threats is our people, the employees.
So employers need to be making sure that workforce understands how these bad actors work. They're looking to try to get you to click on links and emails. They're trying to get you to respond to emails. Having employees understand how those things look and how to head them off is half the battle.
The things we are seeing today is that bad actors have looked backwards. Instead of continuing to advance all of these strains of ransomware, which they do continue to do, they're looking at exploiting old vulnerabilities. This would be things like companies that haven't updated their operating systems or haven't patched them properly. There are strains of ransomware still being used that are several years old, because there are companies and individuals that haven't patched known issues.
Those are a few of the biggest issues at this point. The external threats get all the press, but one of our biggest issues, whether on purpose or not, are our internal employees. We don't do something right. Our people aren't educated and trained to not do specific things.
The key to cybersecurity is you better never feel like, “I'm in a good position now.” You've always got to be looking at what's the next step? What else can we do?
