About Andrzej Cetnarski
Forbes Contributor on Cyber Defense National Security and Board Strategy, named CEO of the Year 2020 by CEO Monthly Magazine, Mr. Cetnarski is a national & cybersecurity strategist and Founder & CEO of Cyber Nation Central®, a global cyber defense ecosystem bringing:
(1) breach-prevention-focused cultural transformation training from the Board-down,
(2) incident response capabilities to even the most complex cyberbreaches, and
(3) investment capital into cybertechnologies.
Through the ecosystem’s breach prevention training, Mr. Cetnarski has helped strengthen the cybersecurity of hundreds of teams globally from those of UN officials and heads of state to global CEOs, Board Directors, investors, and entrepreneurs.
Mr. Cetnarski brings nearly two decades of experience as cybersecure-nation-building global leader and advisor to industry and government leaders globally; as cybersecurity public-private partnership innovator; Board Director and CEO; turnaround executive and as cybersecurity technology mentor and investor; and speaker and author in the areas of cybersecurity future-tech innovation, defense, regulatory policy, and diplomacy.
Previously an investment banker with UBS technology, defense & real estate groups as well as Chairman and CEO of a global tech & hospitality venture and US Congressional staffer, he holds 3 Ivy League degrees from Harvard, Wharton, and UPenn, and an Honors BA in Economics from the University of Chicago.
His global viewpoint has been forged by living and working nearly a third of his life across each of US, Europe, and Asia, thus bringing a highly global perspective to the challenges of cyberspace defense.
In this episode Steve and Andrzej discuss:
- Resilience and mindset
- Cybersecurity is all about behavior
- Cyberdefense is everyone’s responsibility
- Supporting an increasingly better version of you
Key Takeaways
- The journey towards success is one that is filled with a lot of difficulty. Which is why you’ll need a strong mindset that is built up out of resilience.
- It might surprise you that most conversations about cybersecurity are not about technology, but about behavior. Most security breaches are not caused by cyber insecure technologies, but cyber insecure behaviors.
- Cyber defense isn’t only the tech department’s responsibility, it’s the responsibility of every member in the organization. Every member is a potential breach, so it’s important that everyone is in the same page.
- If you are an entrepreneur, you have to be an optimist. Business is not for the faint of heart. You also have to have a routine that supports an increasingly better version of you everyday.
“The weather outside doesn’t matter, it’s what your weather inside you is and how you look at every single thing.” - Andrzej Cetnarski
Connect with Andrzej Cetnarski
Twitter: https://twitter.com/ACetnarski
Website: https://cybernationcentral.com/
LinkedIn: https://www.linkedin.com/in/andrzejcetnarski/
Email: enquiry@cybernationcentral.com
Connect with Steve and Jason
Website: Rewire, Inc.: Transformed Thinking
Email: grow@rewireinc.com
---
Listen to the podcast here
Andrzej Cetnarski: Resilient Mindsets
If ever there was an interview that I am personally excited for, it’s this one. I hope to maintain my poise and composure as a host because I’m going to be learning a whole lot. If I fade away because I’m taking notes, I might have to pinch myself and come back. I have a great guest on the show. This is going to be a little bit different than what we normally do. Although I don’t even know what we normally do, maybe it’s always different, but Insight Interview world, say hello to Andrzej Cetnarski. He and I are on opposite ends of, at least, the United States. He’s in New York, and I’m in Oregon. It’s cool that we can come together and do this. I am excited to tell people about what you do and how you do it. I’m eager to learn.
You’re helping your audience more than I can.
I spent a few minutes with you at a time, and you helped me already. I think it’s going to be great. It’s becoming a little bit of a tradition. I don’t know where we kicked it off. It’s probably good neurobiology to do this, but the first question we ask of people, and I’m going to ask it of you. We try not to timestamp these things because we don’t even know exactly when it’s going to drop, but we’re at the beginning of 2022 at some point. What are you grateful for?
I think resilience and mindsets.
Talk to me about that. What do you mean? Those are amazing things.
We had this conversation before we jumped on together. Resilience is something that, as an immigrant from Poland at the age of fourteen, not speaking a word of English and coming to the US, it has been with me since I was a kid growing up and the communist era of Poland and post-communism, etc. It trailed me across the globe as I came to New York as a kid and went to Japan at the age of eighteen, learning Japanese, open to investment banking and entrepreneurship.
Mindset is the weather inside you and how you look at everything, either positive or negative.
The second piece is something that underpins all of that, which is the mindset. It’s this idea that the weather outside doesn’t matter. It’s what the weather inside you is and how you look at every single thing because every single thing can be thought of in a positive and a negative way. Whether you choose the former versus the latter determines the trajectory of your life.
You are saying, “The weather outside doesn’t matter.” That’s a courageous thing to tell a guy in Portland, Oregon. Thank you for that. I got resilience and a mindset. You and I could make an entire show about that, even the resilience part. I’ve been studying the grit and resilience that Angela Duckworth wrote about. We might come back to that. You were speaking about being an immigrant, and getting to where you got world is amazing. I don’t usually do this because I like to let my guests do this, but I got to read a little bit here. This might be a little weird for you to hear, or maybe it’s not.
This is from your little bio here. He has helped strengthen the cybersecurity of hundreds of teams globally all around the globe, and you’re the CEO of your own company. You sit on boards. You’ve been working in the cybersecurity world for a long time in both public and private partnerships around the world. Prior to doing even that, you were part of UBS as a technology defense and real estate group, as well as the Chairman and CEO of a global tech and hospitality venture. You were a US congressional staffer. You have three Ivy League degrees from Harvard, Wharton, and Pennsylvania. Amongst all that, you have an honor Bachelor’s degree in Economics from the University of Chicago.
That’s a lot. You have offices all over the world, including the United States, Europe, and Asia. You’ve brought an incredible global perspective to the world of cyberspace defense. I cannot wait to ask you some questions. As you hear that, fill in the blanks. I didn’t mean to say that’s your entire life story but reflect that back. What did I miss? Tell us a little bit about exactly what you’re doing now?
Largely you’ve gotten it right. One correction there is we only have offices in New York, but we do invest and work with organizations all over the globe. Specifically, we focus on technologies in the US and in Israel. We’re investing into those and bringing those into national security impacting companies where we get to meaningfully impact the critical infrastructure of the United States and our allies globally.
I do get to work with quite a lot of amazing people across the globe, which is fun, but you’ve got it right. My career spans three areas. The first is as a congressional staffer to Congresswoman Carolyn Maloney out of New York way back several years ago and followed by a constant stream of public-private partnerships. We focus both as I’ve been chairman and CEO of companies in the private sector, as well as policy gems. The cybersecurity space, through my work at the Harvard Kennedy School, specifically focused on national security and cybersecurity policy.
Cybersecurity: The culture of cybersecurity, for the most part, is more about behavior than technology.
The second area is very much as an advisor to boards and C-suites, first as an investment banker to the technology, aerospace, and defense, and the fledgling cybersecurity space, as well as the real estate world. I was both a tech, an aerospace and defense investment banker for UBS, and a real estate investment banker.
The third area was indeed as an entrepreneur, also close and near and dear to your heart. I was chairman and CEO of a tech and hospitality venture out of Hong Kong across 25 countries. As Chairman and CEO of the cyber defense ecosystem, Cyber Nation Central, which indeed is focused on breach prevention, breach response, investing capital into both growth and private equity ventures, and thought leadership in this area. Boards and C-suites are still and forever will be grappling with the idea of what it means to be a cybersecurity forward board director, investor, entrepreneur, and executive. That’s the background.
Is that all? Can’t you do something with your life? When you’re able to share that with people at a cocktail party. I know you probably don’t walk around with your CV. If you share with people what you do for a living and you get to this idea about breach prevention, response, and how you help C-suites, public and private, specifically in cybersecurity, what are the typical questions that people ask you that aren’t in cybersecurity about what you do?
Most of the conversations I have on the topic of cybersecurity have nothing to do with technology. Let’s start there. Up to 97% of breaches are caused by not cyber insecure technologies but cyber insecure behaviors, and what hackers can do with those cyber insecure behaviors of their attack company. Most of my conversations are about strategy. It’s not the CTO strategy, but the board strategy and the executive team strategy where every employee becomes an agent of cyber defense rather than elected jobs. It is in three parts of every organization now.
Whether you’re an investor, a board director, an entrepreneur, or simply an executive in a venture or in a corporation, you have a fiduciary responsibility now already exists over three organizations, physical, digital, and cybersecurity. Most people I speak with at the board level and at the executive team level have no idea what I said. Yet, the fiduciary responsibility already exists at all three levels.
One of the biggest question marks is this whole idea of it’s not about technology, for the most part. It’s about behavior and, therefore, a culture of cybersecurity. The second piece is, what exactly are my fiduciary responsibilities, and how do I build this culture of cybersecurity in my organization? Does that answer your question, Steve?
Cybersecurity must be a fiduciary responsibility and an active execution component of every company. Otherwise, you are simply asking for a breach.
It answers it well. The physical, the digital, and the secure, you said that surprise some people. I wish you’d tell me a little bit more about that because if I heard correctly and correct me if I’m wrong like people think they’re asking you, and when you talk about cybersecurity, a lot of people think it’s a technology issue. These are my words, not yours. Help me. It’s not as much a technology issue as it is a cultural issue and a behavioral issue. Did I hear that right?
That’s right. Going back to the three avatars of your organization, the physical, the digital, and the cyber secure. It’s not like I’m saying something Earth-shattering. The Elon Musks of the world have for a long time said, “I don’t want people managing my manufacturing floor. I want robots and AI to be doing most of the work.” That’s digitalization. It’s taking the physical company and morphing it into a 100% digital avatar.
The problem is that if you digitize your processes and your company, you’ve got to cyber-secure that digitalization on a one-to-one basis. Else, you, as a CEO or board of director overseeing the digitalization, whoever you are or whatever your role is, now have cybersecurity-focused fiduciary responsibility over making sure that, indeed, your company is cyber securing every piece of that digitalization. If you don’t, you are opening up your hard work and, therefore, your legacy to the threat landscape.
What is the threat landscape? This is another area of surprise for most boards. Cybercrime now is the third largest economy in the world after US and China as of 2021. $6 trillion per year of revenue to hackers. That’s only the third, but that one gets big. Nowadays, cybercrime is nothing compared to where we’re going. Why? It’s because hackers are looking at the digitalization curve. As we digitalize, there is a bigger threat landscape for hackers to attack. That $6 trillion in 2021 is projected to be $10.5 trillion by 2025.
The problem is our central unit solutions market, as of 2021, is only $182 billion. You’ve got a $5.8 trillion gap between the problem and the solution. I don’t care whether you’re a multibillion-dollar investment bank or corporation, and much less a small medium enterprise, or God forbid, a startup, you are playing catch up to the cybercrime market. As a result, cybersecurity has to be a fiduciary responsibility and an active execution component of your company. Otherwise, you are asking for a breach.
It sounds draconian. Should I be a little afraid? Is that how you mean? You’re giving facts and we get to choose our emotions and mindset. When I say that, I say it tongue in cheek. I’m going to sleep fine tonight, but do you walk around the world? Do you think if people would be willing to hear about this $5.8 billion discrepancy between the problem and the solution, whether it’s a huge organization, a government, or a small organization like mine or anybody else, should we be more concerned than we are?
Cybersecurity: Most cybersecurity conversations focus on board and executive team strategies that turn employees into agents of cyber defense.
Concerned is implying worry, and I hate the word worry because it doesn’t do anything other than put you into a state of thinking draconian, a state of non-action, or pick your poison literally and figuratively. Worry is not the word I would use, but you do have to be proactive. Cybersecurity is about deterrence. If you take out of national security, a term that’s widely used, it is precisely not. It’s deterrence. It’s building your defenses up high enough. As unfortunate as it is, hackers move on to an easier target than you unless they’ve put a target on your back specifically. Unless you are top-notch in cybersecurity, whether it’s a Google or somebody like that, the likelihood is that you will get breached.
The other side of cyber security, away from prevention, is you’ve got to be prepared for a breach. That set of practices that a board has to oversee happening. Otherwise, a board can be held in negligence in front of lawmakers for not doing so. You, as a CEO and as a board director, have to look at both breach prevention, whether it’s a training of your board, executive team, and employees, and also at the breach response side of the equation.
I don’t want to go down this rabbit hole too much, and I might even have you help me with the question when you live in our modern world. If you pay attention at all, which you and I are people of mindset, we hope we pay a little attention. You clearly do, but if you read any bit of the news, you hear about governments and Russia. Do you get involved at that level, even with voting and how Russia is doing this? Is that a part of what you’re addressing in your work?
You have to, and it doesn’t matter whether it’s me, an average board director, or a rich CEO. Geopolitical pressure is now a part of the board stratagem and calculus that has to be present within a company-wide board strategy. Why? It’s because if you’re using any technology, that technology is made up of stocks of whatever and different pieces come from different countries, whether it’s from China, Ukraine, Poland, Israel, or pick your country.
This is now going more towards the technical side for a second, but a lot of the time these days, we won’t even look at a company that has a certain technology stock. I have to be careful with how I word this, but you can no longer have technologies of certain countries and be embedded in your technology stack. You, as a board director, or certainly an investor protecting his or her ROI, you’ve got to know whether your company is following a geopolitical strategy that is not exposing you to loss of your investment. At the basic level, much less a breach that goes way beyond a financial breach and into operational costs of shutdown territory, reputational costs, emotional costs associated with it, etc.
Geopolitically, Ukraine and Russia matter a lot because all of a sudden, you’ve got a country that is not an aggressor against Russia but against every country that is aligning itself with Russia. That means every NATO country. The US is part of NATO, and a lot of other countries are. Whether it’s Russia or another perpetrator in the cyber warfare world, be it North Korea or Iran, these are the usual suspects, but this list has grown big that as of 2021, there are 33 countries that are well known to be aggressors in the cyberspace.
Cybersecurity is about deterrence. It’s building your defenses high enough for hackers to move on to an easier target than you.
Unfortunately, every CEO and board director now has to make sure that this Ukraine-Russia geopolitical strategy, that extends to any country from where your technology comes from as well as where your employees are or travel to. Even inclusive of what airspaces your employees travel to. All of that has to be in the company strategy now.
I knew this would happen. I’m intrigued by all of this, and most people I know that aren’t in your world get all of our knowledge from main news sources, and it’s probably not reported nearly at the level that you understand all of this. I’m grateful that you’re able to educate us. I have a question. I hope that it doesn’t take us too far off point, but I’m sitting here listening to you, and you and I have had a couple of conversations in the past. I find you to be fairly thoughtful and optimistic. How do you maintain what you do and still have optimism for humanity?
We all have human moments. If you didn’t, I’d be surprised. At the end of the day, when you’re an entrepreneur, you have to be an optimist. Let’s start there. It’s not for the faint of hearts. Even if you’re not, I’m scratching my head as to how to answer your question because I don’t know of any other way. You have to have a routine that supports an increasingly better version of you every day. What that means is different folks, different strokes, so to speak. Personally, I have had to develop this integration of mind, body, and spirit, which is practical for me on a day-to-day basis. I have a morning routine, evening routine, and throughout-the-day routine of how I manage my emotions and mindset.
If I see myself going negative on a particular issue, let’s observe that. Where’s it coming from? Is it coming for the right reasons or wrong reasons? Should I allow myself to feel that so that I can study that emotion and therefore do something positive with it? Should I nip it in the bud because it’s not an emotion that is even remotely based in truth? It’s simply an energy sucker. Studying yourself and knowing yourself are two of the biggest things that any person can do. That extends into the boardroom, executive suite, and entrepreneurship. You have to study yourself first, so much so that if you don’t, what are you bringing to the world other than a partial you?
There’s a part of me that wants to go, “Ladies and gentlemen, have a great day.” Do yourself a favor. Go back in the last 3 or 4 minutes and start where I asked you that question, and you were gracious enough to say, “You’re not sure.” I love to be an entrepreneur is to be an optimist and developing that integration of mind, body, and spirit. You even said something I couldn’t write it down fast enough, but I’m going to go get it again. Read that again. I think that was brilliant. Part of where I was coming from, Andrzej, was in this world of cybersecurity, and you use the words threat and breach, this is your world, and you’re in it. I find you to be a guy that’s talking about mind, body, and spirit. Who you’re bringing to the world, your best self, and all of this stuff?
Maybe the other readers are going to ask this, but it almost seems inconsistent. I would think someone in your world would be possibly plausible even to think that somebody could walk around tied up, the cybersecurity, this, and the world that. Thirty countries are threats. Yet, here you are, and you know that. You seem to maintain this composure and posture. Maybe that is why it’s a mindset.
Cybersecurity: Whoever you are and whatever your role is, you have a cybersecurity-focused fiduciary responsibility over making sure your company is secure in every piece of digitalization.
You’re you. It doesn’t probably seem unnatural to you, but I would think if I was ever going to meet somebody in your capacity and hang out with them, you were not going to be like that, and yet, you are. You are this composed guy. Is that something that you practice? Do you find yourself slipping into the threat thing and whatever? What do you think about that?
Let’s start with the fire, but I wasn’t always like this.
That’s helpful because even that is implying. We get that all the time. My company is called Rewire. I’ve had people come to me and go, “Why don’t you do that for four-year-olds, and let’s wire to begin with? You don’t have to rewire them later on.” You weren’t always like it.
The first seven years of a human’s life are all about physical development. The emotion picks up at ages 8 through 15. The intellectual picks up 15 through 21. Supposedly, that gets mirrored from the three trimesters in the mother’s womb. There’s a lot to be said about rewiring at that early age that we could have a conversation on that.
I grew up in, for all intents and purposes, communist Poland. There were no industries except for heavy industry and agriculture when I grew up there. It was a fairly humble upbringing, even though my father was an engineer by trade and my mom was always entrepreneurial. There is a mindset of hard work that I took out of that butter. I also took out the Catholic guilt and everything else that comes along with that out of a country Poland.
Everybody has their cross that they work with or not throughout their life. Studying what exactly is it that gets you down sometimes and developing mechanisms around that is the work. I’ll go even further and say, “Mind, body, and spirit.” Body, for me, for the longest time, was not a focus. When I was an investment banker, I was 70 pounds heavier than I am now. Now I’m in shape. That also didn’t come easily.
You need to have a routine supporting an increasingly better version of yourself every day.
I was in investment banking. I had all this weight, and I lost it. I started my first business, and I regained everything. I lost it again, and I said, “Enough is enough.” Only because I then developed patterns of maintaining that weight off and doing so by, first and foremost, managing my mindset. Gaining weight or whatever you were cross is “going back to mindset.” How do we cultivate our mindset?
I went through several iterations. Some start with certain processes by Tony Robbins. Others are simply saying, “What do I want to achieve in my morning before I even start my day? How do I prime my day?” It started getting earlier until I finally landed on a 4:30 AM wake-up, which to most people is like, “What in the world are you doing at 4:30 in the morning?” For me, you wake up, do your bathroom routine, go into meditation, go into your workout, and prepare for the day.
I prepare my meals for the day because I don’t want to think about what I’m going to eat. I want to eat what I want to eat, and I want to eat it when I want to eat it. I don’t want to eat the sodium in restaurants. We could have a conversation about how do you eat healthily when you travel? I used to spend months on an airplane where I didn’t even have an apartment because it didn’t make sense. I was on airplanes for 6 to 7 months across thirteen countries. That self-management or self-care, especially if you’re a CEO or an executive running a company, is critical. It has to start with you.
I’m sitting here looking at the watch. We should probably go, “Goodbye, people.” I don’t know how to end this or whatever. Give us, if you could, what hope with back to your work in cybersecurity because I got 1,000 about mind, body, and spirit, how you did what you did. I love the integration of how you bring yourself. I’m going to examine that in my own life and invite everybody else reading to do that as well. There’s this big gap between the problem and the challenge. You sound to me like you’re a fairly hopeful guy. What’s the hope that you have for the world going forward?
I’m an innovator at heart. I love this idea of building, hence the namesake of my company, Cyber Nations, nations that are sovereign in cyberspace where every nation, building, institution, and indeed every citizen is a sovereign of their own entity. We are mimicking borders in the digital space, meaning cyber secure borders around yourself as a human being and your company as an institution who has a P&L statement, cashflow statement, and balance sheet. They are now in the digital space.
You’ve got digital products, and all your payments are digital. Everything else is digital. All of that is sovereign in cyberspace, impenetrable to hackers. That is what I am striving for and why I’m building the ecosystem of Cyber Nation Central. That’s a never-ending battle. It’s like somebody asking Steve Jobs on day one when he started Apple, what do you hope Apple to become in 30 to 40 years? There is no end in sight to something like Cyber Nation.
Cybersecurity: Cybernations are sovereign in cyberspace. Each one has its own identity, citizen, institution, and border
This idea of brain resources around boards, companies, and governments to help with developing those more cyber-secure replicas of themselves as individuals, institutions, buildings, and countries are the work. A lot of what I do is work with small and medium enterprises, especially because that’s where it hurts the most.
Sixty percent of small and medium enterprises go out of business within six months of a breach. It takes them six and a half months to even discover they’ve been breached. That’s a problem. It’s a problem that I’ve lived through myself as chairman and CEO of a company. I had to end the rest of my board. I had to shut down because of a cyber breach and the resulting actions out of that.
Taking that and transmuting it into something positive where we’ve built this ecosystem around chairman, CEOs, and governments like ours, or chairman and CEOs like we were, that has been the hope that I wanted to leave this world with that legacy of getting us closer to that sovereignty as individuals all the way up to countries.
I am grateful that there are people like you that have the heart and the mind to be able to conduct yourself in a way because I can tell you right now, you have most likely, and I don’t know, you as certainly as well as many of your friends and all of that. You have already left the world in a better place, and your desire to make the world better, even in this arena, on behalf of all the readers and everyone I know. Thank you for what you do. Keep doing it.
It’s my pleasure. Thank you for reading. If I can leave you with one piece of resource, that’s completely free to you. Log on to ExecutiveCybersecurityBlueprint.com, and you’ll get the entire strategy for what it means to build a culture of cybersecurity.
You have done a great service even with our little group. I am personally grateful for all you do. I leave with far more questions than answers. Hopefully, we’ll be able to have you back, but we’re grateful for your time. We want to thank you.
I love it. Thank you, Steve.
Thank you. As we say every time here at the end of the episode, Andrzej was certainly able to share some remarkable things. Please read that again. I can’t wait to go read again, but it doesn’t matter what his insights are. It doesn’t matter what mine are. What matters is what yours were. What did you take away? What struck something in you, and how do you go make the world a better place where you are? Thank you very much. We’ll see you next time.