Interview With Casey Crane – The SSL Store
Casey Crane, Content Manager of The SSL Store, told us that her company takes complex information and helps companies understand what they need to know, how things affect them, and how they can use it to resolve various security challenges.
Private Internet Access: What has your journey to your current job been?
Casey Crane: It has definitely been an unusual track—from marketing in higher education to writing for technology and cyber security clients at a digital marketing firm to working at The SSL Store. I have three degrees, including bachelor’s and master’s degrees in journalism. But my plan is to get some cybersecurity certifications under my belt as well.
My job predominantly within higher education was to research and write on various industries related to the institutions’ academic programs, which included computer science and technology. Then I moved on to a digital marketing agency, where I work for a variety of clients, including some cybersecurity companies—SaaS and MSPs. I learned about cybersecurity and IT security through those experiences, as well as my own research over time.
I started working for The SSL Store as a writer and editor back in 2019. Now, I wear many hats within the company. I’m content manager, but I’ve also been a content marketer and SEO manager. I also manage the content some of our other platforms and serve as the main technical writer for the company.
PIA: What do you love about working in cybersecurity?
CC: One of the things I love most is that it’s changing every day, so you’re never dealing with the same thing. There may be a lot of overlap in terms of the types of attacks that occur, but even the way each of those attacks is carried out typically varies. Cybercriminals have a lot of ingenuity, and they’re trying to find new ways to scam people. So, there’s always something new to learn about that I can teach others.
In my role in cybersecurity, I have the privilege of getting to educate people. I love being able to do research and learn everything I can about as many relevant topics as possible. This includes learning the nitty gritty aspects of how public key infrastructure and encryption, and how different security technologies work and so I can break them down in ways that technical and non-technical readers alike can understand. I get to take complex information and present it to people to help them understand what they need to know, how things affect them, and how they can use it to resolve various security challenges.
Simply put, I love being able to help people make their jobs easier and their lives better by implementing better security.
PIA: Why do you think individuals and companies need a good VPN?
CC: It’s all about privacy. Unfortunately, the internet itself is a public network that is insecure unless you have technologies and processes in place to make it secure. Without using a TLS connection or a VPN, unfortunately, your data may be susceptible to theft, modification, or general cyberattacks.
For example, when we connect to cloud and network resources, we use a VPN to ensure that our connections are as secure as possible. The choice of whether to use a VPN can be the difference between someone intercepting your sensitive data and seeing gibberish or them accessing your plaintext data—the latter can destroy your business or reputation.
PIA: What do you think are the worst cyberthreats out there today?
CC: Probably one of the worst things are cybercriminals who focus on the human aspect of organizations. They target the “soft targets”—people. Threat actors can spend all day attacking your network and IT infrastructure, but if you’ve got the right technologies and processes in place, you’re going be more secure against those attacks. But if they’re targeting your people instead, and those employees aren’t aware of threats—or they’re not prepared to deal with the threats or know how to respond to the threats or recognize them—that leaves you at a significant disadvantage.
One of the biggest threats are social engineering-related attacks and phishing scams. Cybercriminals will socially engineering tactics in various types of phishing—general phishing scams, spear phishing scams, CEO fraud, and whaling. In many cases, they tend to target lower-level individuals within an organization by pretending to be executives, managers or vendors. In other cases, they focus on some of the executives and pretend to be somebody above them, like a board member or the CEO. But the goal is always the same. It’s either to get you to provide some type of information you normally wouldn’t—like employee confidential information or your login credentials—or they want you to do something you normally wouldn’t do like make a wire transfer or another unauthorized payment.
Their goal is to manipulate you into doing something you normally would not do, and they’ll use you or other employees to do that. After all, why should they spend days or weeks trying to break through your secure network if they could just call somebody on the phone and pretend to be their boss?
PIA: How is the pandemic changing the way your company deals with cybersecurity?
CC: Realistically, we’ve always taken a security-first kind of approach in our education and training of employees and content for our readers. However, the biggest change was when we had people mainly working remotely because of the pandemic. But since we have a lot of technologies in place, and we also educate our employees with cyber awareness training, it has helped our organization stay secure throughout this global situation.
We train all employees at every level—whether you’re the CEO or a brand-new customer service representative, it doesn’t matter; you’re still going to receive cyber awareness training. This way, everyone is familiar with the various types of threats, scams, and attack tactics that criminals use and how to report them to our IT admin. This ensures everyone knows what to look out for and the individual roles we play in keeping The SSL Store’s customers and data secure.