Share This Article
Sign up to stay
The National Cybersecurity Alliance is pleased to present the 15th edition of our Board Member Spotlight.
Our Board member companies are leaders in cybersecurity education and awareness and are an integral part of making the organization a successful public-private partnership.
Get to know Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 in this Board Member Spotlight.
On the NCA Board of Directors, you serve on the Development Committee. What’s been the most meaningful part about serving on the committee so far?
There are two big things that I feel are really meaningful about serving. The first is that the NCA’s mission is all about raising the bar for cybersecurity, awareness, career opportunities, and more. That’s a great mission to be part of. The second meaningful part of serving on an NCA committee is the cross-industry/organization relationships that are formed and cultivated. There are so many great people and organizations involved in the NCA, and it is an honor to work alongside them towards a shared goal.
How does KnowBe4’s cybersecurity interests align with the National Cybersecurity Alliance mission to educate and empower our global digital society?
KnowBe4’s stated mission is to help employees make smarter security decisions, every day. So, there’s obvious alignment here. The NCA is the originator of Cybersecurity Awareness Month, multiple programs to help small business and enterprises be more secure, and programs to help educate the next generation of security professionals and digital citizens. As I see it, KnowBe4 and the National Cybersecurity Alliance are amazing partners helping each other achieve a more secure planet Earth.
You’ve been in the cybersecurity industry since you finished school. How did you know so early that this was the career path for you?
I actually came into cybersecurity through a bit of a sideways route. My undergraduate degrees were in Philosophy and Biblical Studies… and I completed part of a Law degree before dropping out and going into computer science. I spent my early career years as a computer programmer in an R&D role and then moved on to programming and systems implementation for email, directories, and Identity and Access Management systems. That work with email, directories, and IAM was a gateway into security, and security quickly became an all-consuming passion.
I love that there are so many angles that you can study to help improve an organization’s security. You have the development angle, implementation, policies, processes, people, and the intersections between all of those. And, most importantly, when it comes to security, you can easily feel like you are part of a mission. You are serving something greater than yourself or even the financial interest of your organization.
You’re the author of two books, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors and The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer and now you’re turning your work into audiobooks! What inspired you to become an author?
More than anything, there were lots of thoughts and opinions in my head that I wanted to get out. With Transformational Security Awareness, I spent a lot of time looking for the ‘perfect’ security awareness book for professionals who wanted to make security awareness their life. That book didn’t yet exist, but I knew of so many great resources, lines of research, and people that I thought everyone should be exposed to. So, the idea behind that book was to serve as an aggregation of all that great information, with a bit of my own thoughts, experience, and philosophy sprinkled throughout. I wanted that book to be a great resource for others and also a great jumping-off point for anyone wanting to take the research further.
My co-author (Kai Roer) and I had similar goals with The Security Culture Playbook. There was a ton of research that we wanted to give people access to; but we also wanted to up-level the conversation. So, as you can see in the subtitle of the book, we really wanted to take the conversation to the Executive level and frame ‘security awareness’ in terms of risk, show that culture can be measured/quantified, and that organizations have the power to influence the security-related aspects of their culture (including beliefs, social norms, etc).
What was your process like for writing these books?
Both dreading and looking forward to every morning. 🙂
The process of writing a book can be grueling yet rewarding. I start with a very basic outline of what I believe the critical components of the topic are. Then I try to go down to subtopics, and subtopics of subtopics. At the same time, with each topic/subtopic I also try to make note of anything that might be interesting or inspiring… or maybe a fun rabbit hole or two to point out. These little side trails are often fun to peruse and (I think) can help to give life to the topics.
I also love the process of playing with language… trying to find interesting (and hopefully memorable) ways of conveying ideas. And I think that’s really important when it comes to writing a book about security awareness because the audience for the book is people who need to do the same. So, I get to serve as an example of sorts.
One critical aspect of my process that I encourage everyone to do in their writing is this: I *always* use text-to-speech to listen back to what I’ve written. You’d be surprised how many grammar errors or awkward phrases you pick-up on when you hear a computer or another person read back what you just wrote.
Talk to us about your podcast 8th Layer Insights!
I started 8th Layer Insights just over a year ago because it was a podcast that I wanted to find but couldn’t. I’d been on the lookout for a cybersecurity podcast done in a Freakonomics Radio or Planet Money style for a few years. And, while there are some absolutely fantastic cybersecurity podcasts out there, I couldn’t find any that had the flavor that I wanted and covered the topics I wanted.
I had the idea in my head for a while but kept putting it off because I don’t love my voice and also felt a lot of pressure to only release things that are of a certain quality. Let’s face it, I’m an industry voice who has spoken quite a bit about how best to convey ideas, capture attention, and what good content is. So, I felt like anything I create has to reflect those values. I finally gave myself permission to give it a try and to always let my audience know that I’m using the podcast as a way to experiment with many of the principles that I evangelize.
As part of that ‘experimentation,’ I try to not shy away from taking risks. For example, I often include comedy skits or even entire episodes that are in an experimental format. The goal with these is to help encourage listeners to take similar risks and to always show that I don’t take myself too seriously.
Speaking of 8th Layer Insights, the show was recently included in Podcast Magazine®‘s list of top dads in podcasting – congrats! We know family means a lot to you, so how do you make sure your family is staying safe online?
I doubt that I have advice that is different from any other security professional with a family. But I’ll say that the most important thing for our family is to have open conversations. I talk about the threat landscape and trends that I see. My family members always bring up instances of strange or interesting things they’ve seen or heard. And, between us all, we try to figure out how best to navigate our digital lives without being too closed-off or too open.
You’ve recently become an official Opinion Columnist at CEOWORLD magazine! What should we expect to read on the site soon?
I tend to have articles come out across a wide variety of publications every 2ish weeks. Most of those outlets are security or technology focused. So, as part of the outreach I’m doing for The Security Culture Playbook, I’m trying to up level the conversation; and that’s where publications like CEOWORLD come in. I’ll use that (and similar) publications for articles where I’m pitching security-related content to a broad executive audience.
How are you spending your summer?
There has been a lot of travel coming to me as a result of the world trying to get back to normal. Lots of security conferences, client visits, etc. At the same time, I also recently started 8th Layer Media (https://8thLayerMedia.com) as a side business for my podcasting, writing, and other consulting efforts. We have some really exciting stuff coming in Q4 of this year.
What’s something most people might not know about you?
Many people may not know that I’m autistic. It is something I’ve not spoken much about publicly. In many ways, I think my autism is what drove me to be so interested in the human side of everything. I’ve been spending decades trying to better understand other people, myself, and the human condition in general. I’ve been trying to learn how best to convey ideas, express empathy in meaningful ways, sustain relationships, and give back to the world in ways that are meaningful to other people while also being true to myself.