Category Archives: Information Security

  • 1

Introverted Leadership and Cyber Security Speaking Schedule Fall 2018

Category:Information Security,Introverted Leadership,Leadership,Lessons Learned,Schedule

Speaking Schedule

I’m very excited about my fall 2018 speaking schedule. I’ll be a first-time attendee and speaker at two conferences, one of which I’m keynoting. (This will be my first time speaking in the United Kingdom!)

I hope to see you there!

Don’t forget to listen to the Hope for the Introvert podcast!


Date Event Topic Format More information
28 August North Texas Lone Star Chapter STC Lessons Learned on an Introvert’s Journey to Leadership Webinar Recording to come
25 September Technical Communication UK Temperament-based Strategies for Excelling in the Workplace Workshop De Vere Staverton Estate, Daventry, England
26 September Technical Communication UK Lessons Learned on an Introvert’s Journey to Leadership Keynote De Vere Staverton Estate, Daventry, England
26 September Technical Communication UK Digital Self Defense – Tips, Tools, and Best Practices to Stay Safe Online Presentation De Vere Staverton Estate, Daventry, England
4 October The NYSERNet Conference 2018 Creating a Culture of Digital Self Defense Presentation Marriott Syracuse Downtown
24 October Society for Technical Communication The Introvert in the Workplace: Becoming an Influencer and Leader Webinar Free members-only webinar
26 October STC-Philadelphia Metro Chapter Introverted Leadership: Harnessing your Innate Strengths Webinar STC-PMC webinar
14 November STC Instructional Design and Learning SIG Saying, “Yes, and…?” to Leadership Opportunities Webinar Registration available to all

  • 3
Joanna Grama headshot

Episode 003: Joanna Grama–Leader and Influencer

Category:EDUCAUSE,Higher Education,Information Security,Introverted Leadership,Leadership,Podcast

Episode 003 Show Notes: Joanna Grama


Joanna Grama headshotJoanna Grama is a senior consultant for Vantage Technology Consulting Group where she specializes in advising clients on information security, privacy, and risk management issues. In our second discussion on the podcast, Joanna Grama and Ben Woelk discuss how meetings can be challenging for introverts, and how she’s become a leader and influencer.

Key concepts

  • Meetings
  • The slow thinker
  • Processing internally
  • Win-win scenarios
  • Connecting and investing
  • The five Cs
  • Don’t be a jerk!


I’m just doing my job. I’m just trying to get through the day, and–and you know–leave as little drama as possible in my wake. But maybe that’s being a quiet leader.

We all have moments in the office or in our professional lives where we’re really not proud of our behavior, whether it’s the language we used, the tone we used, our facial expressions and our body language. I mean, we all have those moments, but it’s just, it’s really important to try not to be a jerk. That goes a long way towards getting along with people.

You have to challenge yourself everyday, and it sounds trite to say that, but if I didn’t have mentors pushing me and saying you’re great and you can be even better, and forcing me to do uncomfortable things, I wouldn’t be where I am today!

Resources or Products Mentioned in this Episode



Ben: Joining us again is Joanna Grama. Today we’re going to finish up our conversation that we started in our last podcast about her experience as an introverted leader and the thoughts that she has to share with us.

Ben: So, one of the things that you and I had talked about in previous conversations is meetings. And I had–I’ve mentioned this in another podcast, but I had an individual in one of my workshops who talked about his meeting performance and, much like you said, somebody told you that you needed to overcome this anxiety about public speaking and do well at it. He had a situation where his manager said he needed to perform better in meetings, and I know what he did to solve it. He talked to his manager and arranged to meet with that manager ahead of time, so he’d have a preview of what was on the agenda and that helped him.

Ben: What has your experience been like with meetings as an introvert and what have you found has been helpful or maybe not helpful?

Joanna: Yeah. Meetings can be a really tough scenario for introverts even when you are 100 percent engaged in the meeting. So I–similar to the other person that you talked to–I had a supervisor once who commented in front of a group of my peers that I was a slow thinker in meetings. And it really sort of–and this sounds strange–but it really hurt my feelings. Not because it was true or it wasn’t true, because it is true, but because of the negative connotation that I associated with the comment. I am a slow thinker. I do like to think about issues and ru(minate) them over in my mind before deciding on a course of action or making plans or something. That’s just being thoughtful, and being that type of thoughtful cautious decider is something that is so ingrained in who I am as an attorney, as an information security professional, as a parent, as a person.

Joanna: But, on the other hand, there are times when, as a knowledge worker, you really do have to be able to react and provide feedback on the spot, but you don’t have to do it all the time. So with the supervisor that called me a slow thinker, we eventually came to an agreement that, for those items that we could put off for a day or two, I could come back to the table with comments after having time to think. And then for the items that had to be discussed and where feedback had to be provided right away, we agreed that I would provide those immediate comments and I would just get comfortable with it, but that we both understood that my best thinking always comes after reflection time, and so I could always provide additional feedback the next day, relatively contemporaneous with the urgency of the conversation if needed. And that seemed to be how we dealt with the situation in a way that worked for my supervisor and me, that worked for my peers, that worked for decision-making within the organization. I am really trying to come to terms with being a slow thinker, although I have amended that label to thoughtful and comprehensive thinker in my head.

Ben: I would say that is a little less negative way to address that. Slow thinker, I don’t think there’s a way to spin that positively.

Joanna: No. There’s just not.

Ben: Considered thinker, reflective thinker, well considered–all of that makes sense. And that’s all very positive, which could be spun in a negative way, I’m sure. But slow thinker? No, I don’t think there’s any way to take that positively, And it’s funny because I’ve used this conversation that we’ve had about this in workshops and other things to talk to people about–as an introvert, you may be accused of this, because we are thinking through things before we speak. We process internally. What’s interesting–and I think there have been a number of studies around this–in meetings, what typically happens if you have a mix of introverts and extroverts, is the extroverts will speak first because they will process externally and they will come up with an idea, and because they–it may have been the first idea or they’re very confident about the idea–people will say, “Oh yeah. We’ll do that.”

Ben: However, there doesn’t appear to be any correlation between who speaks first with an idea and positive results from it. So I definitely empathize with you on the slow thinker part in meetings, and I’ve come to the point where I can speak pretty quickly in response to things, but I will also tell whoever’s running the meeting if I’ve got–if it’s a really important subject–I want time to go away and dwell on that, so I can come back with a really superior solution that I can feel good about and that I’m convinced will work. There are too many thoughts that occur to me after the meeting about “Well, that would have been a real show stopper,” or “Have we considered adding this part?” and that could make something so much stronger, or a word I hate to use, robust.

Ben: Let’s change gears a little bit. Recently I did an article for Intercom magazine and it was about becoming an influencer and a leader in the workplace. How do you feel it works for you in the workplace? In terms of when you can be an influencer, when you can be a leader, what works best for you? Do you consider yourself to be an influencer or leader in the workplace? As somebody external, I certainly consider you to be one.

Joanna:  Well, thank you. I’m always sort of surprised when someone says you’re a leader or an influencer. Not because I don’t think I can’t be a leader or an influencer, but sometimes I just think, how can I be a leader or an influencer? I’m just doing my job. I’m just trying to get through the day, and leave as little drama as possible in my wake. But, maybe that’s being a quiet leader. I don’t know. I love the process of building consensus and sort of negotiating, maybe not a win-win scenario, but a, you know, least destructive scenario or a scenario most of us can live with. I’m making sure I hit–I’m going to call it win-win–making sure I hit that win-win scenario’s important, which you probably have to find hilarious given both my training as an attorney and the merciless way I treated you during our last game of Exploding Kittens.

Joanna: I just really think that getting to a place where you and whomever you’re working with can move forward as a team is so important, and that goes back to making a connection and having an investment in your colleagues, having an investment in your organization, and that sort of thing. Some of it is, “Don’t be a jerk!” We all have moments in the office or in our professional lives where we’re really not proud of our behavior, whether it’s the language we used, the tone we used, our facial expressions, and our body language. I mean, we all have those moments, but it’s just, it’s really important to try not to be a jerk. That goes a long way towards getting along with people.

Ben: So, I can see we have our subtitle for this episode. It’s going to be, Don’t be a Jerk.

Joanna: Don’t be a jerk, yeah.

Ben: We’ll play with that a bit. I’m sure.

Ben: So, in terms of you being a leader and an influencer, some of the ways that I’ve seen that: one, I’ve had an opportunity to observe you over the last couple of years when I’ve been at conferences, and I’ve been part of these EDUCAUSE working groups where you’ve been kind of the program manager for them. What’s been interesting for me, I thought that was really helpful, as I think I’ve seen times where you’ve really kind of gone beyond what I would say is the call to duty. One example of that is a couple of years ago when I was working on putting together survey results about what are the best characteristics or preparation for somebody who’s going to be a security awareness practitioner, somebody who’s going to explain very technical security things to a “normal” audience. So I was struggling to get this research bulletin prepared, and I was about ready to give up on it, and I told you I was going to give up on it, and you didn’t let me do it. You pretty much shepherded me through it, you know, provided feedback. We went back and forth about, “Ah! I caught a typo,” which you were not thrilled with, but in general you helped me actually get that thing done. and I was quite happy with the result. But that being able to reach out and collaborate and help someone get the work done and complete it was really important. So, I’ve seen you as a leader and an influencer in that context as well.

Joanna: Oh, well, I’m really glad that you see me as a leader in that context and not as a nag! I think in that situation in particular, now that I’m looking back at it with hindsight, right? I have the opportunity to be eloquent. That paper was really important. We talk about how important information security training and awareness is to higher education institutions, to our organizations, but there’s not a lot of, or there wasn’t at that time, a lot of thought leadership on why it is important or what skills do the people who are actually doing that training, what do they need to have in order to be successful? Because, if those leaders aren’t successful, then information security awareness and training isn’t successful, which means data is at risk at our institutions, which can lead to all sorts of bad downstream things. So really, I was professionally motivated by the fact that I wanted this literature out there and you had the expertise and the data, so you needed to be the one to get it out there.

Joanna: And then, you know, personally, I knew you! I wanted you to have the success. It’s important to me to help my friends. I don’t know that I would call it going beyond the call of duty, as much as I would say it was getting to that win-win scenario where you got something out of it, I got something out of it. I really thought that the process was fun, once we sort of decided that we were going to regroup and work on it together–and those things are so important! It would have been too easy, Ben, to walk away from that, and I’m so glad we didn’t.

Ben: No, I agree. I think it was important. I’m actually fairly proud of the work and excited that it was published,…

Joanna: You should be!

Ben: and I hope it has provided a foundation for people when they’re looking at what are the qualifications someone needs or, just as importantly, what qualifications do they NOT need to be an information security or cyber security awareness practitioner.

Ben: What recommendations would you have for introverts who want to become influencers or leaders? What thoughts do you have for them?

Joanna: Sure. So I read a long time ago this article that talked about–I think it was called the four Cs or maybe the five Cs, but essentially it is, some big ideas for how to live your life. And so I like to follow the five Cs, which are Curiosity, Compassion, Courage, Conviction, and Conversation. I think that as an introverted leader or an introverted influencer,–just an introvert or a person trying not to be a jerk–those are some really good–those are some good ideas to have. You can’t be a doormat, but you can be compassionate and courageous. And I think that’s important for me. I sometimes add a sixth C, which is Calm, to remind myself when I need to take a break or to recharge and get reinvigorated about things. I have to remember not to let the external environment or the external context, impact my internal context.

Joanna: So that’s why I add Calm. And part of it is being true to yourself. I really struggled with who I was as a person and potentially a leader or a worker in an organization, or just anything, until I acknowledged some fundamental truths about myself. I need to recharge. I am a–what did you call it?–A conscientious thinker. I am shy and reserved almost to the point that people who don’t know me or are meeting me for the first time, might think I’m standoffish, and I have to do things to make sure that that’s not the impression that I leave people with. And just, those are important.

Ben: Do you have any other thoughts you’d like to share?

Joanna: You know what? You have to challenge yourself everyday, and it sounds trite to say that, but if I didn’t have mentors pushing me and saying you’re great and you can be even better, and forcing me to do uncomfortable things, I wouldn’t be where I am today! And I’m so thankful and grateful and happy with where I am today. A little bit of honoring yourself, and a little bit of stepping outside of your comfort zone is important.

Ben: That’s great. Well, I think we’ll wrap up now. Thank you so much for sharing your thoughts today. It’s been a fun conversation!

Joanna: A pleasure!

Ben: And we look forward to maybe having you join us again on another podcast. Assuming we can find a whole new set of things to talk about, which I’m sure we can.

Joanna: I’m sure we can!

Become a Patron!

  • 1
Joanna Grama headshot

Episode 002: Joanna Grama–Networking and Public Speaking

Category:EDUCAUSE,Information Security,Introverted Leadership,Leadership,Podcast

Episode 002 Show Notes: Joanna Grama


Joanna Grama headshotJoanna Grama is a senior consultant for Vantage Technology Consulting Group where she specializes in advising clients on information security, privacy, and risk management issues. Joanna and Ben discuss the challenges of working at home, her introvert strengths, networking, and our progressions as public speakers.


Key concepts

  • Working remotely and maintaining connectivity
  • Being in helping professions
  • Business development
  • Conferences and meeting new people
  • Biggest strengths
    • Listening to understand
    • Building relationships
    • Making the connection
    • Rebuilding processes
  • Progressing as a speaker
  • Mentoring
  • Classroom Teaching
  • The Princess Bride


The odds of making a connection are really stacked against you as a remote worker and as a shy introvert.

And so for me, making sure that I honor the fact that being visible and under the spotlight requires a tremendous amount of energy. Energy expenditure is super important. If I find that if I don’t make sure that I have time to recharge and recover from the day, that I suffer, and when I suffer, the people around me suffer.

We do have a few very treasured and very, very deep relationships, and I just feel that that connection and that shared understanding is–is something that is so, so profound and valuable. And when you have it, you really can accomplish a ton both personally or professionally.

Resources or Products Mentioned in this Episode



Ben: Joining us today is Joanna Grama. Joanna is a senior consultant for Vantage Technology Consulting Group where she specializes in advising clients on information security, privacy, and risk management issues. A reformed lawyer. Joanna has more than 15 years of experience in higher education with a strong focus in law, information technology, security policy, compliance, governance, and data privacy. Joanna is a credential hoarder and committee joiner, prolific author, frequent public speaker, and shy introvert, trying to cope with an extroverted world. She also plays a ruthless game of Exploding Kittens. You can contact Joanna at or on Twitter @runforserenity.

Ben: Joanna and I have been friends for several years and first met each other at the EDUCAUSE Security Professionals Conference in San Antonio where we both provided training seminars on cyber security topics. I often see her as a shining star and role model for women in Cyber Security. I can also attest to her ruthlessness and competitiveness when playing Exploding Kittens. I was the victim. To be fair. I’m also very competitive when playing games. The point is to win. Correct?

Joanna: Hi Ben. Thank you so much for having me here today.

Ben:  Well, I’m excited. I think we’re going to have a great conversation. Joanna–many introverts face challenges in their workplace. I know you’ve worked out of a home office for awhile, so your experience may be a bit different. Would you describe your current role and maybe chat a little about your previous experience?

Joanna:  Sure, I’d be happy to! I currently work as a strategic consultant. That means that I advise clients on the strategy, implementing information security, privacy risk programs, and then addressing issues within those programs.

Joanna: In my current role and in former roles, I’ve worked at home. I’ve been a remote worker for almost seven years now. At first I thought working from home would be fabulous, especially for someone who is highly introverted and it really really was. However, after the novelty of working from home wore off, I found that one of the things that I really struggled with was loneliness that–you know–it’s pretty funny, but the making a connection odds are really stacked against you as a remote worker and as a shy introvert. And that meant that I really, really have to push myself so that I reach out to my colleagues regularly, both just to keep track of work tasks, but also to establish meaningful relationships with them. Having those meaningful relationships with my work colleagues is really, really important to me. Being happy at work–we spend so much of our time at work that that connection is really important.

Ben: It’s interesting, because working at home seems like the dream job in some ways for me also, but I suspect I would be climbing the walls after a few weeks of not seeing anybody outside of the area and especially in the winter up here–where it’s–am I going to go outside and at least clear the walk and get the dog outside for awhile? But otherwise, it’s cold. It’s miserable. So working at home is, kind of a mixed blessing I guess in many ways?

Joanna: It’s a mixed bag to be sure. When I first started, I went two whole weeks without leaving my home, not even to go to the mailbox, because my spouse is wonderful and would bring in the mail or ask if we needed anything from the store before he came home. And so I didn’t go out of our home for two weeks, and that was too much. I have learned that even this introvert has limits to being alone and two weeks is perhaps a week too much.

Ben: Yeah. Though it does give you an opportunity to save on doing laundry and things, I’m sure!

Joanna: Absolutely!

Ben: So you’re working as a consultant from the home. I got to know you through EDUCAUSE where you were the program manager for the cybersecurity program, and I know the roles have changed a little bit. What did you find to be most challenging as an introvert in your EDUCAUSE role and in your new role now as a consultant–what are the big introvert challenges?

Joanna:  I have always gravitated towards jobs or to professions–to helping professions in some way or another. And I think for me, I really like to be able to see that my professional efforts, or even my volunteer personal efforts, have helped an individual, an organization, or a community. And so, there is a certain amount of networking and coalition building, and now, even business development that goes along with being in these sorts of helping professions. I found that it means that you have to be available and out there in the limelight sometimes. And so for me, making sure that I honor the fact that being visible and under the spotlight requires a tremendous amount of energy expenditure is super important. If I find that if I don’t make sure that I have time to recharge and recover from the day, that I suffer, and when I suffer, the people around me suffer. It took me a really long time to sort of acknowledge and accept that I needed this recharge time.

Ben: Yeah, that’s really interesting because I know for me, many people see me at a conference, (like they see you) and we’re very public. We’re very appearing extroverted because we’re talking to people, we’re chatting with people a lot, and afterwards I just feel totally exhausted, and I don’t really want to do anything for the next several days. Now it’s always a bit of a challenge, because I’m married to an extrovert, and she would really prefer to see my conference-type behavior be my home behavior. But, while at a conference I may say, “Oh yes, let’s get together with these people for dinner.” We’ll stay up til midnight. We’ll go here, we’ll stay up PAST midnight, most likely actually. I’m not so much that way at home. I’d just as soon stay home and kick back, watch a series on Netflix or something, read a book–pretty much just get that time to recharge. So I find that challenging also. Now you’re in a business development role right now in terms of building your consulting business as part of this consultancy. How is that working? The introvert in the–really, it’s an entrepreneurial-type role so it’s a little bit different.

Joanna: It is a little bit different, but the thing that I have working in my favor is, the early part of my professional career was in the–in the practice of law, and when you work at a small firm or when you’re a sole practitioner, you have those same requirements about business development, and just business development and that sort of thing. And so I’ve got some tips and techniques from the good old days rattling around in my head that I can work for I think.

Joanna: I feel like an introvert’s coping in the world or how you engage with the world are very–mine are very situational dependent, and so there is the Joanna who has to show up for the job and get something done. And I know that hiding behind a column or a plant isn’t going to work for getting that job done, right? And you need to make sure that you’re talking, that you’re making connections. With my family and my close friends, they probably think I’m the world’s biggest goofball, because–and they would never imagine that I was an introvert–because sometimes you can’t get me to shut up. But that’s because I’m with people whom I feel very, very comfortable with. But I can tell you if I’m going to a conference and I don’t have a role to fulfill at that conference, and I don’t have a networking obligation or a business development obligation, I’ll be there, but I am going to sit back and observe, and I’m not going to put on the professional face, or do the professional things sometimes a job or other circumstances might require. Maybe that’s an energy conservation mechanism. I don’t know, but to some extent I feel like I can compartmentalize: I’m in this situation. When I’m in this situation, I have to do this thing, and I just–sometimes you have to get over yourself no matter how hard it is. But much like you, I will have to crash the week I get done with any sort of event like this just to rest and recover.

Ben: You know, it’s interesting, because you talked about if you go to a conference where you don’t have specific responsibilities to be a host or to engage people, or to–in a sense–be directed to network with specific people. I tend to hang back and not chat with people also, and one of the things I think as introverts is that we don’t tend to have a lot of deep friendships. We have very deep friendships with a few people, and for me, even with the EDUCAUSE conference a couple of years ago, when I found out that the two people I normally hang out with weren’t going to be there, it’s like, “What am I going to do?” Because now, I’ve got to potentially meet somebody new. I have to not be myself or feel like I have to not be myself. So I found that to be a challenge–even attending a conference I normally go to. If that core group actually isn’t there, it really changes things up for me.

Ben: So it’s interesting that we’ve got a lot of the same feel towards conferences. I also have the situation where if I go to a conference, and I have that specific role to play, I can play that role no problem and I can maintain it usually for the course of the conference. But again, like we’re talking about, there’s a crash period afterwards.

Ben: Let’s talk about introverted strengths a little bit and we haven’t really talked about what you’ve identified as your biggest strengths. What would you say those are? How do you leverage them?

Joanna:  Well, I like to think that I am an excellent listener, and I listen because I really like to understand how people and processes work. Although my caveat to that is, I really REALLY like to understand how processes work so that I can break them and rebuild them–not with people, just with processes! I think listening to understand and ultimately to make some sort of connection with or investment in the person that I’m talking to has always been really important to me. And I think a lot of introverts might feel this way.

Joanna: You mentioned, we don’t have a lot of shallow acquaintance-type relationships, but we do have a few very treasured and very very deep relationships, and I just feel that that connection and that shared understanding is–is something that is so, so profound and valuable. And when you have it, you really can accomplish a ton both personally or professionally. So, I think that listening, the building the relationship, the making the connection, breaking the processes and rebuilding them–those are probably my biggest strengths as an introvert.

Ben: I can definitely see that in you as well! One of the things that you mentioned or that I read in that little brief bio at the beginning was that you’re a frequent public speaker. How often are you speaking and do you find that to be a challenge and, or did you ever find that to be a challenge and what do you do in terms of preparing to speak, as an introvert?

Joanna: So, it’s changed a lot over the years. I suspect that if you talked with friends and colleagues who knew me professionally about 10 to 12 years ago, they would remember that Joanna who needed to be sick to her stomach before talking to a group of about 30 people. I really was a wreck. And so it’s almost –my evolution in public speaking is almost–a really good indictment on career counseling in high school and college. No one ever should have said to me, wow, being a lawyer and working in a courtroom is a great job for you, because if they had understood early–early in my development–how traumatic public speaking was for me, no matter the size of the audience, they would have said no, you need to be a–insert isolationist profession here–because the public speaking was just so hard. I had a mentor when I was working at Purdue University who essentially said, this thing is going to hold you back. If you can’t get a handle on public speaking, it will–you have tremendous potential–but this will hold you back. So, I am going to make you speak at every single thing we do in our department until you’re no longer sick to your stomach before a public speaking gig, until you no longer make me listen to your practice session seven or eight times before a speaking gig, until you go into a speaking gig, completely unprepared and do a spectacular job.

Joanna: So I still haven’t gotten into–gotten to that–go into a speaking gig spectacularly unprepared and do a spectacular job. I haven’t reached that yet. But being asked to speak no longer gives me the anxiety that it used to. I probably speak between six and 10 times a year in various contexts, whether it’s at conferences or to small groups personally and professionally, webinars, and that sort of thing. And I–I really can say that with practice comes a certain amount of familiarity and it lessens the anxiety for me. That’s not to say that if I had to speak in front of a group of 500 people tomorrow, that I–I wouldn’t spend every blessed minute before that presentation, cramming and practicing and making sure I can say my name correctly. But, even seven years ago, that type of context would have, would have stymied me and crippled me and it doesn’t anymore. And it’s just a mentor who said, you’re going to do this until you can do this well.

Ben: It’s really interesting, because I look back–my public speaking journey, so to speak, which I haven’t looked at it in that way. I think I did my first conference presentation somewhere around 2012, 2011. So, we’ve been speaking really, for about the same period of time.

Ben: I was really unsure of myself. What was funny, was the first opportunity I had at a conference was actually to do a lightning talk (and for our listeners a lightning talk is 20 slides that move on their own every 15 seconds, whether you’re prepared for them to move or not. So there’s always a possibility of a real train wreck happening with the speaker.) But that was the opportunity I was given and the chance to volunteer to do that at a conference–I think–helped me get past some of that fear of speaking.

Ben: The other thing that was interesting, was that I was video recorded, and I had so many mannerisms that I wasn’t aware of, and like, oh wow, I stand exactly like my mom used to with her hand. Or, just different things that are not necessarily bad things, but just things that I wasn’t aware of. So it’s really interesting. But my progression on speaking, I never had anyone come say, “You have to do this or it’s going to hold you back,” probably because I was not in a role where that would be the case. But my progression I think happened for a couple of reasons. One, I do classroom teaching every year, usually one or two classes per year, so I’ve always got that “in front of the students thing” which can still be terrifying on the first day, because at least for the first few years, I was sure they all knew more than I did about the subject.

Ben: Now, I’ve since learned differently about that–or maybe I’ve learned more about the subject–so I didn’t have quite that fear, but I still always have a concern about, “How are they reacting? Are they engaged with what I’m talking about? Will they understand the references that I use?” I was talking with somebody today–talking–when I talked to my Intro to Computing Security class last fall. We have a section where we talk about Remote Access Trojans (RATS), and MEECES, and MICE. They’re all these acronyms they’ve come up with, so I thought it would be really clever to slip in ROUSs, and only one person in the entire room understood the reference–even though I had a picture of the ROUS from The Princess Bride. So I’ve pretty much given up about references to films and things because there’s too much, “Oh yeah. Didn’t that come out when I was three?” sort of thing. And so that’s kind of been a little–I won’t talk about that part of it. But what was interesting in the public speaking at conferences, I kind of worked my way up because I did the five minute crash lightning talk–which actually went pretty well–but the following year, I co-presented with somebody, and I co-presented with somebody the next time, and that made it so much easier for me just to have someone up there with me.

Ben: And, we were both introverts. I think we were both nervous about it, but it just helped knowing that you are partnering with somebody. I didn’t actually do my first solo big presentation at a conference until two or three years ago. And that was the first time I spoke about introverted leadership, and discovered, hey, there are a lot of introverts in this group and this is important information for them. And that’s part of what has become the trigger for actually doing this podcast as well. But, I don’t want to monopolize the time with me by far here, but the public speaking thing is really, really interesting. Now…

Joanna: Well, I think, Ben, one of the things that you need to consider for your class is making The Princess Bride required viewing. I mean–I just think that is a base level of knowledge that any person today should have.

Ben:  That’s very true, and if I can find some way to work information security references into it, there may be a way to get by with it. I have to think about that for awhile. But I agree, that’s kind of fundamental to our culture. How can you not know, “My name is Inigo Montoya. You killed my father, Prepare to die.” It’s just such a base part of our culture.

Joanna:   “You killed my father, Prepare to die.”

Ben: Looking forward to the second part of our conversation.


Imploding Kittens Collar of Shame

How I felt after playing Exploding Kittens with Joanna.

Become a Patron!

  • 0

Ben Woelk–Spring 2018 Speaking and Conference Schedule

Category:EDUCAUSE,Information Security,Introverted Leadership,Leadership,Presentations,STC,Summit

Updated 18 February 2018

It’s going to be a busy few months for speaking engagements for the first half of the year! I hope to see many of you.

Speaking Engagements through June 2018

Topic Date Venue Registration Link Notes
Slack for Technical Writers and Editors 23 Jan STC San Diego and STC Rochester Virtual Workshop NA With Sara Feldman; Recording available.
Slack for Communities 16 Feb STC CAC Leadership Virtual Workshop NA With Sara Feldman
Lessons Learned on an Introvert’s Journey to Leadership 22 Feb STC Atlanta Webinar Sign up on Meetup to receive registration instructions
Lessons Learned on an Introvert’s Journey to Leadership 27 Feb Webinar for Quebec City Private
Digital Self Defense 28 Feb meRIT webinar Register Open Registration
Digital Self Defense 20 March American Society for Quality, Rochester Section 0204 Register
Spectrum 2018 25-27 March Rochester Institute of Technology Register on Eventbrite Co-chair, no formal presentation, 40+ presentations and workshops over 3 days
Digital Self Defense 3 April Rochester, NY Private
It Doesn’t Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program 10 Apr Preconference seminar, Baltimore, MD Register at EDUCAUSE With Tara Schaufler, Princeton University. EDUCAUSE Security Professionals Conference, Separate registration required
Different Boats for Different Folks: Tales of Security Awareness Follies and Successes 11 Apr Panel Discussion, Baltimore, MD Register at EDUCAUSE With Sandy Silk, Harvard University; Christine Bonds, Elon University; Emily Harris, Vassar College, EDUCAUSE Security Professionals Conference
Slack Workshop TBD STC PMC Virtual Workshop TBD With Sara Feldman
Summit Leadership Program 20 May STC Summit Register
Temperament-Based Strategies for Excelling in the Workplace 20 May STC Summit Preconference Workshop Register Additional registration required
The Introvert in the Workplace: Becoming an Influencer and Leader 21 May STC Summit Presentation Register
Yes and…: Improv’ing Your Corporate Communication Skills 21 May STC Summit Workshop Register With Jack Molisani; Additional fee ($20) required; limited to 20 participants per session.
Yes and…: Improv’ing Your Corporate Communication Skills 22 May STC Summit Workshop Register With Jack Molisani; Additional fee ($20) required; limited to 20 participants per session.

  • 1

Building a Culture of Digital Self-Defense

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Lessons Learned,Social Networking Tags : 

Note: This article was previously published on September 20, 2016 in the EDUCAUSE Review Security Matters Blog

One of the biggest challenges in information security is raising the awareness of our communities so that they recognize threats and understand how to defend themselves. The difficulty of that challenge is exacerbated with up to 30 percent turnover of students, faculty, and staff yearly. It’s a multiyear process, but the key is to stick with it and not be afraid to try new ways of raising awareness and enrolling your communities so that they become part of your security team. I’ve provided a list of key components to building that security culture below. I’ve also provided some examples of our work at the Rochester Institute of Technology (RIT).

dsdmagnetnoqrcodeThink Strategically

You can’t change or create a culture overnight, and gains may seem almost imperceptible at times. Recognize that you need to think of security awareness as a key component of your information security strategy. (Yes, you need a security awareness strategic plan.) A strategy enables you to identify long-term goals. Security is often reactive. For example, we might respond to phishing attempts by warning our communities as the attempts occur, rather than employing a phishing simulation program1 so that they’ll recognize phishes on their own. To create (and harden) a security-aware culture, you must be proactive. It’s not always possible to get ahead of specific threats, but we can train our communities to recognize many of them.

Have a Plan

Thinking strategically requires a plan. A plan enables you to define how you’ll reach the goals defined in your strategic plan. What communication vehicles are already available? What needs to be developed? Where do your audiences (you have at least three: faculty, staff, and students) get their information? Are there community or departmental leaders they follow? What topics should you cover and when? (EDUCAUSE provides a calendar of topics and member-created content that you can leverage.)

Brand Your Security Awareness Efforts

RIT’s security awareness efforts are branded under Digital Self-Defense. A brand helps make your security awareness efforts visible and memorable. Almost every communication or event around security awareness at RIT bears our “DSD guy” (seen above). After more than a decade, most constituents recognize him. (Your university or college might have requirements around branding that may or may not make security awareness branding possible. However, you can still use a common layout and design in your communications.)

Leverage Existing Opportunities

What existing opportunities are available for improving security awareness? Are there orientation events for students, faculty, or staff? Are there benefits or wellness fairs in which you can participate? Have you contacted departments to schedule security awareness discussions? Have you created an ongoing security awareness class, either in person or online? Have you put posters on your buses? Given away swag with security awareness messaging at orientations? Look around and see what existing opportunities you can leverage.


Be All Over Social Media

Where do your constituents get their information? Your university or college may have official news outlets or communication mechanisms. Does everyone follow them? Do students even read e-mail anymore? Who’s using Facebook? Twitter? Instagram? Pinterest? Snapchat? The rapidly evolving social media landscape offers opportunities, as well as challenges. Go where your audiences are. They’re unlikely to come to you. (As I write this blog post, we’re in the midst of our annual social media “like” campaign and expect to surpass 10,000 followers in our social media outlets.)

Identify and Leverage New Opportunities

Has your campus become a hotbed for Pokémon™ GO!? Have you thought of how you might leverage Poke Stops where students congregate? Maybe set up a security awareness table. Hang posters at Poke Stops inside buildings. What about Snapchat? Snapchat filters are really popular. Did you know that Snapchat allows you to create custom geofilters? Why not create some security awareness-oriented filters and offer them at high-traffic times and locations?

Hire Students with the Right Skill Sets and Mindsets

One of the strengths of our security awareness program at RIT is that we hire technology-savvy students with strong communication skills. After a while, you’ll probably find that well of inspiration you draw from has started to run dry. Student employees are a great source of innovative ideas and more importantly, they’re students. They understand how students communicate and how best to get their attention. Give them the freedom to be creative.

Enroll Your Community

It’s not really a secret, but we know as security professionals and IT organizations that we cannot secure our campuses without partnering with our user base. Have you thought about how you might enroll your users in your efforts? In fall 2015, we began our Digital Self-Defense Team program. The purpose of the program was twofold: we wanted to develop a sense of shared responsibility around information security, and we also wanted to begin measuring our successes with a survey. With small incentives for taking the survey, we had over 600 survey participants from a faculty/staff population of about 3,000. Almost half of the survey participants signed on to the Digital Self-Defense Team. That’s a growing population of security advocates on campus.

Volunteer and Network

I’ve been a member of the Higher Education Information Security Council (HEISC) Awareness and Training Working Group for almost 10 years. The innovative ideas and helpfulness of the group to new members are without parallel. Participation in the working group ensures a steady flow of new ideas and solutions to problems faced by all of us. Each of us has ideas to share, and the working group has developed a number of security awareness resources available today.2 I invite you to join us.


  1. Learn more about phishing simulation programs and read these 10 key points about implementing a campaign.
  2. The HEISC Information Security Guide: Effective Practices and Solutions for Higher Education includes several resources developed by the Awareness and Training Working Group: a quick start guide, detailed instruction manual, cybersecurity awareness resource library, and National Cyber Security Awareness Month resource kit.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,234 other subscribers


Support Introverted Leadership on Patreon

Blubrry affiliate banner