[image-caption title="Josef%20Chesney%2C%20Air%20Force%20veteran%20and%20cybersecurity%20analyst%20at%20PRECorp%2C%20shared%20his%20strategy%20to%20build%20a%20strong%20cyber%20defense%20at%20NRECA%E2%80%99s%20inaugural%20Co-op%20Cyber%20Tech%20in%20Washington%2C%20D.C.%20(Photo%20By%3A%20Denny%20Gainer%2FNRECA)" description="%20%20%20" image="%2Fnews%2FPublishingImages%2F2022%20Co-op%20Cyber%20Tech%20Chesney.jpg" /]
A career Air Force cyberspace operations officer now in charge of cybersecurity at an electric cooperative shared strategies for building a program that works for your co-op at NRECA's 2022 Co-op Cyber Tech conference, held Nov. 8-9 in Washington, D.C.
“There are a lot of different ways to attack this problem," said Josef Chesney, who joined Sundance, Wyoming-based Powder River Energy Corp. in 2019.
Chesney said he began by walking the halls and talking with staff to learn the co-op's culture and current cybersecurity practices. Culture, he said, is key to achieving buy-in for tasks, such as password security. Learning what cyber tools the co-op already has helps, because “a lot of stuff ends up on the shelf."
From there, Chesney said, build a strategic plan for cybersecurity with a budget that squares with the co-op's overall strategic plan—then have executive staff sign off.
Chesney urged co-ops to prioritize training all staff, from the HR staff to line crews. He recommended 15-minute sessions on a key topic every quarter as opposed to one lengthy session.
“Keep it brief," he said. “Staff have other jobs, and you want them to retain what they learned."
Chesney also recommended using any cyber event as a learning opportunity, rather than shaming the employee.
“Trained users are your best asset," he said. “They are your first line of defense. You are not going to see every email. You've got to train them to know what a bad link looks like and help them understand why you don't want them to click on it. You're going to get so much return on investment when you train users, you can't even calculate it."
Chesney, who said he serves as a cybersecurity “department of one," also suggested asking other co-op staff with cybersecurity knowledge to help fill some gaps. NRECA offers members significant resources, such as its RC3 program toolkit and tabletop exercises, he noted.
“Share resources, because this is a big problem," he said. “None of us are resourced 100% and never will be. This is not a stagnant problem. It is constantly changing. Take what we did and mold it to what work for you. There are many ways to get success."
More Co-op Cyber Tech Coverage: