Shameless self-promotion time. If you're interested in learning how to identify, assess, and respond to risks in a straightforward and practical manner, consider the newest PDI fully immersive course, Conducting Practical Risk Analysis for Security Professionals, authored by yours truly.
As with other PDI courses they are free to members and with mine you can earn 4 CPEs.
As a consultant, my phone rings when people need to solve complex multi-dimensional problems; problems that they weren't able or willing to solve themselves. Regardless of where they think these problems stem from, my investigations usually find causes and contributing factors that go well beyond the realm of security. I apply my early background from my military service and my years as a cop, with my last few decades in business and technology as a Lean Six Sigma Black Belt, Public Service Technologist, and Industry Thought Leader.
With that said, I'm a bit dense when it comes to understanding my own problems. After ignoring the warning signs for years I spent a week in a local hospital learning I had a heart attack and walking out with 3 new titanium stents in my coronary arteries as souvenirs. It's been a slow and painful rehab and recovery, but one other message got through. It was time to accept that I have more yesterdays than tomorrows; it was time to share what I know.
When the PDI approached me about creating course material I saw it as an opportunity to do just that and do so in a format whereby you, as the learner, become part of a fictional company's leadership team. You'll join their meetings, read emails, make choices, and learn with them as a consultant guides and gently teaches them how to better protect their people, their customers, and their business.
However, I couldn't do it alone. Maci Devaney and Ty Crawford worked with me every step of the way. (Actually, they held my hand for quite a few steps.). Their professionalism, attention to detail, and incredible skills made this a polished and high caliber production. The actors enabled a sense of realism that a standard course would never emulate.
It was a bit weird during the studio recording sessions as I watched a professional actor, Chris Hurt, portray me as the consultant. I wrote the scripts (a first for me) based on what I've actually said to my clients in countless meetings over the years. However, watching Chris in the studio as he spoke my words and perfectly captured the way I talk with my hands, my facial expressions, and the inflections in my voice, was unlike anything I ever experienced. Now, no one will ever confuse the two of us - I know this because my wife leaned over during the first recording session and whispered to me that she loves me, but Chris is a "younger and better looking version" of me! In all honesty, I have to agree, besides the fact that the consultant's name in the script isn't "Lloyd Diernisse," (it's "Steve Romano").
Kindly check it out and provide feedback, positive or negative. I created the course for you and I just verbally committed to create others (haven't signed the contract yet, but we're going ahead with it as soon as the paperwork is sorted out). Therefore, I need to know what you think - it's the only way I can improve. 🙂
I really enjoyed your course and have nothing but praise to say about it. I definitely learned some new terms and topics, i.e., Black and White Swan events. I really liked the aspect of being entrenched within the team as they work their way through the scenario. I think this set a pretty high bar going forward for the other course content creators.
Any future classes that dive deeper into risk, e.g., third-party risk management? I also see a BCP course as an easy win if you have that as expertise as well.
Thanks for the brief behind the scenes look and acknowledging the people involved to help make this course a success.
@AppDefects Thank you for your recommendation and kind words. As you observed, Chris did a better job of portraying me than I do portraying me - maybe I should hire him to portray me at my next client and see how that goes 🙂
I wrote the script from several years of notes - and in a few cases, recordings - when organizations hired me to do essentially what you saw in the course. The difference, and difficulty, was in deciding what to leave out. Normally I'm with a client for a few weeks, a few months, or in rare cases, for a few years. It depends on what they think their problems are, what their problems really are, and how committed they are to finding fixes that are more than short-term bandages. Trying to condense that down to just a few hours was tough and gave me a few more gray hairs.
The simplicity of creating this fictional company was that I could staff it with intelligent, dedicated employees that truly wanted to learn and take responsibility for the problems in their organization. If I had clients like that in the real world I could just point them to this course and call it a day. Of course, then I'd be unemployed a lot... 🙂
@tmekelburg1, Thank you for your kind words, and letting me know how you enjoyed my course. My objective in sharing my experience in writing the course - and naming Maci and Ty - was two-fold.
First, I believe that they are often the unsung heroes that make these courses not just possible, but very high-caliber and high quality productions. As you saw, there was a page for me as the author to provide my background, but no similar pages for the employees of the PDI who made my script a performance. Nor was there a place to credit the actors. I asked for this and was informed that there is a policy proscribing it. I am not a full time employee of the PDI or (ISC)2, I work under a contract as a Subject Matter Expert (SME) so my input on policies and procedures is not that of an employee, rather it as a member, like you.
Second, I wanted to share that while the character of Steve Romano is a pretty accurate portrayal of me and the type of work I do, I want to emphasize that the setting and characters, like the plot, are fiction. The next time my phone rings I do not want the company that hires me expecting Steve Romano to show up at their door. Although, as I noted in another comment, that might work out better 🙂
As for future courses, I can say I am continuing to work for the PDI but a confidentially agreement prevents me from discussing what’s in the pipeline. If you look at my Linked-In profile, you'll see my experience is broad and deep.
One thing I can announce is my appearance as a panelist in a webinar for (ISC)2 on the topic of Extended Detection and Response (XDR). Doing XDR Right: What It Is and What It Can Do For Your Organization. Like other (ISC)2 Webinars on the BrighTalk platform, you’ll need a BrightTalk account. They are free and easy to create. It’s scheduled for a live broadcast on Thursday, January 28, 2021 at 1:00 PM (ET). If you’re interested and cannot make the live broadcast, it’ll be recorded.