January 21, 2026 • 27 mins
Corey Thomas is the Chief Executive Officer of Rapid7, a leading global cybersecurity company based in Boston. His expertise in technology and business have been recognized through his appointments to the National Security Telecommunications Advisory Committee (NSTAC) and the Council on Foreign Relations, as well as the Federal Reserve Bank of Boston.
Corey contributes cross-industry leadership to the boards of directors of LPL Financial and Vanderbilt University, and currently chairs the Blue Cross Blue Shield of Massachusetts board of directors and the Greater Boston Chamber of Commerce.
An active champion of the technology community, Corey is an angel investor, provides guidance to companies navigating technology transformations, and is a frequent speaker and panelist. His extensive background includes successfully guiding numerous technology companies through periods of significant growth and innovation. Corey earned a B.E. in electrical engineering and computer science from Vanderbilt University and a MBA from Harvard Business School.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
M and T Bank presents CEOs. You should know how
ind by iHeart media. Let's be Corey Thomas.
Speaker 2 (00:06):
He is the CEO for Rapid seven, a cybersecurity company
that helps organizations reduce digital risk by providing a platform
for vulnerability management, incident detection and response, and application security.
Before we talk more about Corey's company, I first asked
him to talk a little bit about himself, where he's
from and his origin story.
Speaker 3 (00:25):
So I grew up in the suburbs of Atlanta, Georgia.
Speaker 4 (00:27):
And one of the things is that my daughter now
just is starting her first job. And for me, I
always thought about all the blessings I had growing up
and have I prepare my daughter well for the workforce.
And that's to me, it's the true test in lots
of ways that every parent basis. I think my parents
blessed me in so many ways. The thing I'll say
(00:49):
is that they installved what I now find hard to
see in the world today, this sense of hope and
this belief that if you actually worked hard, she did
the right things, that you could actually be more than
what your circumstances livinged a YouTube. You know, my parents
were working class. My mom started off as a secretary.
(01:11):
She ended up leading a personnel function for one of
the largest school districts in Georgia. My father was a
self taught electrician, but it took many jobs, including janitorial
jobs along the way. I spent my childhood cleaning up
churches as a way to make money in addition to
cutting grass. I worked at Chick fil A in my
(01:31):
early teenage years. But my parents installed the sentence that
what I did and how I acted and how I
behaved and how I worked it made a difference. And
it ultimately didn't make a difference, but it was because
they had still that sense of belief that to make
a difference. After I graduated from high school where by
(01:51):
the way, I got bussed to high school, So I
got bussed from the south side of Atlanta to the
north side of Atlanta, and I had the privilege of
actually going to one of the wealthier public magnet schools
in the state, which really changed my opportunities of outcomes.
Speaker 3 (02:04):
I considered that a blessing in lots of ways.
Speaker 4 (02:07):
I got into Vanderbilt University and that's where I went
to college, and that's why I'm a life long COMMORECE
fan today.
Speaker 2 (02:13):
Yeah, and you and I were talking in the green
before that, both your football teams, so because I know
you did Harvard Business School too, Harvard football is having
a good year. Vanderbilt's having a good year. So things
are good in your football world, sir, Things.
Speaker 4 (02:25):
Are good in the football world. Vanderbilt, Harvard had a
good one. Drake May just had a great outing with her.
Speaker 1 (02:31):
I know, I know.
Speaker 3 (02:33):
Got was buried down just a year ago, and now
I'm just like, you know what things are so bad?
Speaker 1 (02:38):
Yeah, well that's sports.
Speaker 3 (02:39):
You know.
Speaker 2 (02:39):
I'm going to talk to you about this later in leadership, Cory.
But I'm a dad like you, and I've got a
daughter as well, who graduated last year. She's in Brooklyn.
She's a filmmaker now. And one of the things that
our generation for you and I because most of our parents'
generation they were very hard working and they instilled that
in us, and probably you and I were on our
own since we've been fourteen or fifteen, right, right, But
(03:00):
we're worth farguring out, well, we're part of the helicopter generation. Now,
how we wanted everything better for our kids. We spoiled them, roaden.
But I think the one thing we did install to them.
Speaker 1 (03:09):
The leaders do.
Speaker 2 (03:10):
And I want you to talk about this later, and
we talk about leadership is just working your tail off,
you know, showing up early is you know, showing up
on time and working your tail off. You don't have
to be always the gifted one, but if you work
your tail off and show some aptitude, you know, you
can make it in this world. And I think that's
what you and I and everybody else's generation passed down
to our kids.
Speaker 3 (03:30):
I completely agree.
Speaker 4 (03:31):
I think that is a gift that I know that
I passed down to my daughter and she has a
great work ethic. Yeah, mine too, moving out but that's
kind of It's funny how you how you keep score? Yeah,
and you know, and one of the most reason always
have people score is how well that I actually do
preparing my kids for the world that we inhabit.
Speaker 1 (03:50):
Yeah.
Speaker 2 (03:50):
Yeah, two hard jobs running a company and being a dad.
I mean they are top Well. Listen, we're here to
talk about Rapid seven and I know you put in
seventeen years and it's really credible. But I'm also curious
for context for our listeners too, when you were coming
out of school, because you've been with Rapid seven for
seventeen as mentioned, but you did things before that.
Speaker 1 (04:08):
As you were coming out of school. What did you
want to do?
Speaker 4 (04:11):
Oh? Well, it changed over time, it always does. I
graduated from school. I was hardcore and I wanted to
be an innovator of technologist. I wanted to write software,
build programs.
Speaker 3 (04:24):
I grew up idolizing Bill Labs and what happened.
Speaker 4 (04:28):
It also happened to be that I was interning and
working at AT and T, which was a fantastic experience, but
they were also breaking off Bill Labs. They were doing
other things, and so I had to reassess what I
actually wanted.
Speaker 3 (04:41):
To do and what I wanted to be.
Speaker 4 (04:43):
And part of what I saw at that time was research,
because I saw off with a hardware person was shifting
and there was this whole world of software that was
allowing us to do things that we didn't imagine before.
So I shifted from the hardware side of my orientation
to the software side.
Speaker 1 (05:00):
UH, big pivot, A big pivot, by the way.
Speaker 4 (05:03):
Exactly what you can actually build and create? And I
ended up going to Deloitte Consulting, where I looked at software,
redesign and building modern systems, including one of the early
internet banks in Europe. To I went to business school
and then the Microsoft and Microsoft I worked on the
product management team for sql server, their database ecosystem, and
(05:27):
got the experience in learning going that fast owned business
and their serving tools division at that time. And so
those are some of the formative experiences that I had
before coming in too Rapid seven.
Speaker 1 (05:37):
Right.
Speaker 2 (05:37):
And you know, as I take a look at your resume,
you've done a little bit of everything, and you've worked
with some very cool companies. You're not the first person
I've talked to in this series that have gone through
either Deloitte and or Microsoft. There's a lot of people
that have done that.
Speaker 3 (05:48):
Now.
Speaker 2 (05:48):
I always love to ask this question too, before we
get into mission and vision of the company and what
you do. Obviously, you had a cool resume, you had
some experience, and I can see why Rapid ste Evan
was interested in you. But why were you interested in
joining them?
Speaker 4 (06:04):
Oh? Yeah, I was looking and I wanted to find
After Microsoft, I wanted to really get back to something
that was small. I had not done a early and
I said, I really do want to be in that
innovation environment. It's all about the people right in fact,
when I quote people today, I say, look, you want
two things. One, you want to be in a market
that's relevant. They're doing important stuff, but like if it's irrelevant,
(06:25):
it also means people willing to buy and pay for
its sustainable.
Speaker 3 (06:28):
You want to be in something that matters and relevant.
Speaker 4 (06:31):
And two the people that you're doing it with it
matters massively and hugely. Rapid seven had some fascinating and
great founders Alan Matthews, John Devine, Toss and Chad the
co founders had this passion and this interest in this
mission about making cybersecurity easy, more consumable. It was a
(06:52):
space that was relevant, especially at that time, because you
had good guys and actual bad guys, like it didn't matter.
The investors at Bank Capital and Ben Holtzman, who are
lifelong friends now, had this passionate and conviction to see
companies successful, but also they cared about security and the
outcome for customers, which you always don't see in investors. Yeah,
(07:14):
so that's the reason that that was attracted to me.
Speaker 1 (07:16):
Well, Cole, well let's do this.
Speaker 2 (07:18):
We're going to talk about so many things programs and
capabilities and really get into the weeds in the company.
But I think mission and vision is always a really
important thing to ask because I know they're important to
CEOs and leaders and companies. When I ask you about
mission and vision when it comes to RAPID seven, what
are they?
Speaker 4 (07:33):
Yeah, So our mission is very straightforward, very simple. We
want to help make sure that every organization. Let me
just say besides that every organization can have a great
security program and great security outcomes without breaking the bank.
It breaks my heart that you have small regional hospitals
that are constant a cyber attacks. So we think about
how do you take complexity out of cybersecurity, how do
(07:55):
you scale cyber operations, but how do you actually make
it where every organization all over the world world can
have security operations that are not just achievable, but actually
are something that they can afford, something that can secure them,
and something that can protect them. Because protection that cybersecurity
should not be limited to the Fortune one thousand. It
should not be limited to mad markets, It should not
(08:17):
be limited to companies that are having a great profit
quarter a great profit year. Our customers span the spectrum
from small community and regional hospitals up to the Fortune
ten But our goal is the same. Everyone should be
able to have great security that protects them in their mission.
Speaker 2 (08:34):
I know a lot of our listeners are very familiar
with Rabid seven. But for the ones that aren't, Corey,
if you were to kind of give them a thirty
thousand foot view and a short version about exactly what
you and your team do, what would you tell them?
Speaker 4 (08:46):
Yeah, our team is a team that actually manages the
security of your technology environment. You can use our technology
to monitor the environment, analyze the environment for threats, prioritize
where you actually need remediation and you need vulnerability fixed,
patched or corrected, and we monitor the environment on ongoe
places or tax What makes us fairly unique is we
don't just offer the technology that manages the security of
(09:09):
your technology and security operations. We also offer the services
where you get the privilege to say, hey, I don't
have the capacity to actually do this because most organizations
can't hire that, people can't say up to people, and
you can actually outsource that to us, and we'll actively
manage the environment and on your behalf, prioritize, organize, monitor
(09:29):
and respond to threats against you.
Speaker 2 (09:31):
Well, Corey, you this is a great segue, I think,
and we're going to talk about programs and capabilities and
some of the offerings that you work with your clients.
But I always like to ask because I know it's
a competitive space. And with that said, I can already
see and hear your passion, and I know that's one
of the things the leaders really bring to the tables,
especially the successful ones. But when it comes to differentiating
yourself from said competition out there, how do you do that?
Speaker 4 (09:53):
Yeah, So the first thing is we actually have one
of the best integration platforms in the world. And the reason
that's key is every organiization has a complex environment. You
don't need to be a system integrator to actually figure
out how to pull all of your security to limitry
together and then what's going on. We connect with every
single existing system you have, and we augment with our
intelligence that we're collecting across your environment, and we can
(10:15):
tell you what your technology footprint is, what the vulnerability
risk in your footprint is, what the compliance risk in
your footprint is, what stuff needs to be remediated at
what pace and what scale, and what's critical to remediate
and what can we actually wait and then we can
actually actively monitor the environment, tell you what you're undertack
what's unique is that we actually bring it all together
(10:36):
and we allow you not to actually operate in silos,
but we are your back in infrastructure that actually synthesizes
all of your security management across all of your security
infrastructure technology.
Speaker 2 (10:48):
All right, well, you're starting to talk about this a
little bitsines This leads me to my next question, and
it's also great segue when it comes to programs and capabilities.
I know you have a lot of different offerings out there,
and whether it's a small, medium or large business, I
know it's Alacar and everybody wants something a little bit different.
But when it comes to some of the offerings that
you're most proud of where people want the most, what
are they?
Speaker 4 (11:07):
Yeah, you know, if you look at our leading and offering,
they really follow into three categories. One is the MDR
Managed Detection Response. Our SIEM technology, which allows people to
in our management experience that allows people to monitor the environment.
Speaker 3 (11:21):
Is probably our largest seller today.
Speaker 4 (11:24):
The second is our vulnerability and exposure management, which is
really how people actually prioritize and look at where they're vulnerable,
where they have risk, where they have misconfigurations across the environment.
And the lastic cloud security. Those are the three big
We have ten different areas we sell in. But when
you think about why people come to us, they come
to us because they actually want the highest efficacy, lowest
(11:44):
cost way to monitor their environment. They want a fast
way to actually prioritize risk across their environment and vulnerabilities
and misconfigurations and compliance gaps, and they come to us
actually solve that problem.
Speaker 2 (11:56):
You know, one of the things that I heard for years,
and I'm gonna layman, but I've been in the news
media with sports and news for thirty years, and I
always read about cybersecurity attacks coming from different countries. And
in the last ten or fifteen, as you know, being
intimately in this business, now we're hearing about domestic ones
pretty regularly right now. So with that said, I imagine
it makes your job that much harder, that much more challenging.
(12:19):
But when it comes to what the client's needs are,
when it comes to those kind of things, are what
are clients talking you about, what are their concerns out there?
And what are you working really hard at so everybody
can sleep at night.
Speaker 4 (12:31):
Yeah, clients are drowning in complexity if you use them out.
Most organizations say I don't have an unlimited budget for cybersecurity,
So how do I get affected cybersecurity? How do I
deal with the fact that I'm having this been more
and more on technology every year to keep up with the.
Speaker 3 (12:48):
AI race or this race. So it's complexity, if.
Speaker 4 (12:51):
You really want to boil it down at the end
of the day, it's complexity in how they scale are
the things that customers are actually looking for and our
if you look through all of our customers, the ones
that are successful are not the ones that spend the most.
Speaker 3 (13:05):
But they have a couple common attributes.
Speaker 4 (13:06):
One, they do the fundamentals well, so One, they understand
their attack surface better than anyone else. And that's kind
of why we actually have a big focus on like
you have to know your sack surface better than your
attackers and better than the people that are trying to
get to you. But that's inally solvable. The second thing
is they're systematic. They don't do everything, but the stuff
that they do they do really well, whether they do
it themselves, whether they outsource it, they're very systematic and
(13:28):
making sure that they actually have highly structured programs that
run well. And the and the third thing that they
do is they are not defensive. They really instill a
culture of a I call it a secure culture, but
it's a culture that says like security is everyone's job.
When companies and organizations do that, they tend to be
(13:50):
wildly successful, and it actually strips away a lot of
the complexity. What I do, I love because technology helps,
services helps. But at the end of the day, people
are trying to tackle the complexity. And we also just say,
like I say, you don't have to do everything. You
just have to do a common set of things incredibly well,
and that tends to reassure people.
Speaker 2 (14:09):
AI has been around for a long time, but it's
really being used by a lot of people. And I
imagine without any assumptions, it's used in your line of business.
What do you like about it? How do you use it?
Speaker 1 (14:18):
And does anything scary about AI?
Speaker 4 (14:21):
So one, I love AI mostly because it's the thing
that is allowing us to accelerate our mission. Our goal,
as I talked about earlier, is everyone has the right
to get cybersecurity. Now we have to make that a reality.
What AI is doing is lowering the cost barriers and
allowing us to actually manage the operations of our customers
environments at high quality and high efficacy. So I love
(14:44):
that aspect of it. We're we are putting more and
more people on AI and deploying more and more AI
technologies every day, and that's part of both the success
we're seeing, but it's also part of what's exciting our
customers now. To get to your other point, what scares
me about AI. What scares me about A is that
it's turning the attacker world upside down to you know,
(15:04):
we no longer get like those mystery emails with all
the misspellings and all the other stuff, and forget like spellings.
It is the micro fishing that people can do, whether
they're selling to you or whether they're targeting you for
an attack. They can go into your leakedin profile, your
social media and they can actually use AI to figure
out what's the best way to target to and by
(15:24):
the way, just like we're using AI across the world
to accelerate software development, that is also true for malicious
actors and malicious states and malicious parties where they can
actually use AI to craft more than farious malware ransomware
campaigns and they can hyper target it to you. That
is the EBB and flow of technology though technology is
(15:45):
technology is how we actually use it, and us defenders
have to actually use it and apply it to get
more benefits than attackers who are using and apply it.
I am optimistic about this, just to be clear, but
it is a neutral thing. We have to both use it,
we have to apply it, and we have to make
it broadly available and accessible.
Speaker 2 (16:03):
Is hacking more sophisticated now or just more people doing
it now? Because and the reason why I ask you that,
I think it's like when you buy a certain car,
you start to see it on the street all the
time because you have that car now. So as I
watch the news all the time as a layman, I'm
seeing that, well, my bank just got hacked, my phone
company got hacked, my health insurance got hacked, and I
know what's in the news a lot. Is it happening
(16:24):
more often or people getting more sophisticated.
Speaker 3 (16:26):
There's three different dynamics.
Speaker 4 (16:28):
One, you actually just have more reporting, more disclosion, which
is actually happened along the way. So that's you know,
when you start measuring stuff and we have compliance regimes
that require you to report something, turns out this is tripolate.
This is also true for crime, like you want to
see a crime spike, you actually say, yeah, you have
to start measuring.
Speaker 3 (16:46):
And standard out of way so we know this rioight,
it's history. The more you actually sort of like structure measurement,
you actually see more.
Speaker 4 (16:52):
The second thing is it's actually easier to actually get
started and hacking. Now, I would say average defenses are
going up, so it's tougher to compromise people that have security.
Speaker 3 (17:03):
But keep in mind, this is a great divide.
Speaker 4 (17:04):
There's a big divide between the haves and haves not
in the security world.
Speaker 3 (17:09):
And because of.
Speaker 4 (17:09):
That divide between the haves and have nots of the
security world, that that creates more exposure to more vulnerable
systems and population. So you have local municipalities that get
hacked or popped or something else like that.
Speaker 3 (17:23):
So those things really really matter.
Speaker 4 (17:26):
So that's the second aspect that I would actually put
in there.
Speaker 3 (17:30):
The third one is.
Speaker 4 (17:32):
Hacking has actually grown its share of tools usage in
the world. Like when you are a criminal, you used
to have to use physical things. Why if you're a
criminal today, why would I go to a physical attack
when I can actually do a virtual one. Criminals don't
want to get hurt either. When you're a government. Why
would I actually put troops on someone else's soil. There's
(17:53):
still something when I can actually stay comfortable in my
country and do it. So it's also just become the
preferred way to actually engage in espionage and VEVD and
all these different things.
Speaker 1 (18:06):
Yeah, it makes a lot of sense.
Speaker 2 (18:07):
Well, listen, I'd love to hear a great story and
imagine over the seventeen years there have been some amazing
stories with clients. You don't have to mention them by name,
but this is one of the fun questions I get
to ask this series about this is why we get
up every day and I work hard with my team.
Is there something special that happened with a client that
really worked out really well? He said, you know what,
we knocked it out of the park. This is why
we get up every day. Can you share something with us?
Speaker 3 (18:28):
Yeah, every day.
Speaker 4 (18:29):
So one of the things we do is we have
a you know, we have a managed detection response and
when we have a security operations setup that monitors the
environment for thousands of customers around the world.
Speaker 3 (18:38):
About two good stories.
Speaker 4 (18:40):
One of them there was a nation state attacker that
was attacking eight not an industrials.
Speaker 3 (18:48):
Will call them in industrials okay, a global.
Speaker 4 (18:51):
Industrials company, and our team identified the attack, they actually
traced it back, they blocked them from getting in.
Speaker 3 (19:00):
What made the story great was it was the start
of a campaign.
Speaker 1 (19:03):
Wow.
Speaker 3 (19:03):
And so we took what was.
Speaker 4 (19:04):
Happening in that attack and we actually communicated across our
entire install base to protect every customer from that attack
going forward. And then we also notified the some of
the threat sharing groups that we were part of about
the tech. The thing about that is that typically when
these campaigns they get going, they build up momentum as
they actually go. And while it was successful, we were
(19:27):
able to protect our customers, but most importantly, we were
able to limit the impacts and the reach of that campaign. Now,
this isn't never any battle, but that's actually you know,
that is one that I love.
Speaker 3 (19:42):
You know. The second piece that.
Speaker 4 (19:44):
I'll actually talk about is we have a large I
would just say technology.
Speaker 3 (19:49):
I'm always careful about how describe it. A large one
of the top technology companies in the world.
Speaker 4 (19:58):
That are constantly under attack and they have to actually
manage their exposure because it is it is really they
do not have days and weeks to actually do it.
They have moments and hours and they leverage our technology
to one track their tax surface on a real time basis.
What's every piece of technology, what's the configuration, what's the
(20:20):
vulnerability gap, what's the configuration gap, what's the compliance gap?
And we've actually demonstrated that we can actually minimize their
time to exposure by orders of magnitude about what Britus
what they were able to previously do. Those are two
examples I give that actually really excite me about the potential.
And you know, in one case, it's about how we
scale sort of like identifying a tack group of cross
(20:42):
In the other case, it's about how do we actually
minimize the time of exposure in an organization that is
a primary target of almost every government around the world.
Speaker 1 (20:52):
Well, it's just absolutely fascinating.
Speaker 2 (20:53):
I have one more laming question for you as you
were talking about that, and I've always been curious about that.
Tell me what you can here, But when it comes
to an attacker and you block the attack and you
find out who they are, it's important to follow up
with authorities, whether it's domestic or in another country or
does that not matter at that point that you've just
blocked them and you've done your jobs. How is there
any follow up when somebody attacks?
Speaker 3 (21:15):
You know, it really depends.
Speaker 4 (21:17):
So look, there's so many attacks that lots of time,
it's just not with our thought because.
Speaker 3 (21:21):
They're known attacks.
Speaker 4 (21:22):
Yeah, if we see known unique campaigns against existing major
threat actors, against new threat actors, then yes we should,
we need to.
Speaker 3 (21:30):
We do share that knowledge and that information.
Speaker 4 (21:34):
But again, it really is one of those things that
it depends on is it new, is it known? Is
it novel? Who's actually doing it? So there's lots of
attacks that we just stop.
Speaker 1 (21:46):
Understood, just we clear understood.
Speaker 4 (21:48):
But there are categories of attacks and research groups and
threat groups that are research team tracks and for those
as we're tracking a research group or a threat group,
then absolutely it does make sense.
Speaker 1 (21:58):
Well, as you can tell, I'm absolutely standard by it.
Speaker 2 (22:00):
I want to put a pin in work just for
a second, if we could Corey and ask you about
philanthropic and charity work. I know you are very very busy,
but whether it's with work or with your home and
your family, and it comes to charity and philanthropic, what
do you like to be a part of.
Speaker 4 (22:15):
I like to be so our family and I'll talk
about work. At work, we're all about how do we
actually make it where two missions one as many organizations
can get security as possible. So we always think about, like,
how do we actually secure organizations that don't have the
resource and capabilities, So we have programs around that and
we try to support and work with community hospitals and
other stuff like that.
Speaker 3 (22:35):
That's what a big passion of ours.
Speaker 4 (22:38):
We created this initiative in Massachusetts to work to secure
municipalities so that they were actually secure and that was affordable.
So that's a big passion are The second big passioner
at work is workforce development and how do we make
sure that fields and cybersecurity are available to everyone. The
thing I love about cyber security is that cybersecurity is
(22:59):
one of those fields that, like what you do matters
more than where you went to school, that grew up
that like, you know, the hacker mentality and mindset of
what did you do, what did you create, how did
you attribute to open source? All these different things matters,
and we want people to know about that and be available.
So we support a number of different things that encourage students,
(23:20):
that encourage people that don't have it to actually get
engaged and then turn that into a career.
Speaker 3 (23:25):
So those are the two things that work in my
personal life.
Speaker 4 (23:29):
I am really about, like how do you actually make
the American dream come true?
Speaker 3 (23:32):
So like how do we actually.
Speaker 4 (23:33):
Because you know, I do worry that there's a lack
of belief that it's actually possible for people to actually
work hard and have it.
Speaker 3 (23:40):
I think that's a belief thing that we have to target.
Speaker 4 (23:42):
But then for those of us that have been blessed,
we have to be investing back in our local communities
and help people see that that dream can be realized.
And so that's a big passion economic environment. And then health.
You know, my family has had lots of health issues
across our family, and we have there's wonderful doctors who
(24:02):
work really really hard to do lots of things, but
our medical system doesn't always deliver the best experience to people.
Speaker 3 (24:12):
Amen. Amen, And so.
Speaker 4 (24:15):
So we try to work to actually make that a
better experience for as many people as possible, and we
try to do it in the existing health infrastructure.
Speaker 2 (24:23):
Well, I like that you're paying it forward. Thanks for
sharing all that I did. Tease leadership and you and
I are sports guys, and you know something that My
wife and I have joked about over the last twenty
seven years that we've been together. She's on the sales side,
I'm on the program programming side. So heads budded early.
But then when we started speaking our own languages and
shared them and swap them, we realize there are a
lot of similarities between what we do when it comes
(24:46):
to leadership, whether you know being a sports fan or
when you talking to your team about honor and duty
and leading from above and trusting your people. When I
talk about leadership and how you use it, Corey, what
does it mean to you?
Speaker 3 (25:01):
At the end of the day.
Speaker 4 (25:02):
When I think about leadership, it is about how do
you actually bring a group of people together to be
more than they could be?
Speaker 3 (25:10):
It's just a collection of individuals.
Speaker 4 (25:12):
Yeah, how do they actually and there's a couple attributes. One,
how do they believe in something larger than themselves? How
do they achieve something that is an order magnitude more
impactful than the number of people that are engage? And
then the other aspect of leadership is how do we
actually play it forward. There's many different tools that we
(25:33):
actually use, but at the end of the day is
that can we have the widest set of people from
different backgrounds come together and believe something bigger together and
achieve something bigger together.
Speaker 1 (25:44):
That's really well said.
Speaker 2 (25:45):
And for all the sports fans out there, if Corey
sended like a sports coach, that's exactly how they talk
to folks. And that's where I said there's similarities in
the business world to sports world. It's all the same
message about bringing everybody together, believing the message, executing and
being better than any think you are. And I think
it's wonderful. Thanks for sharing that well, Corey. I wanted
(26:05):
to do this. I really enjoyed the conversation, but I
want to get some final thoughts. I also want you
to give the website and if you're hiring, I know
some people like to work for the best of the
best companies out there, so you can talk about that.
Speaker 1 (26:15):
But did some final thoughts from you? The floor is yours, sir.
Speaker 2 (26:18):
Well.
Speaker 4 (26:19):
I just want to thank you so much for actually
taking the time. The website www. Dot wrap at sevens
and number seven dot com. We would love to hear
from you, and we're both hiring. We're always hiring, and
we want to actually build partnerships. You know, you and
I talked a little bit about this earlier, but like
our etails as a company is that we partner with
our customers and we're always working to do a better job.
(26:41):
We know that there's things that we can help our
customers with, but we also have this never done mentality
that we have to continue to evolve so that we
actually are helping our customers tackle the next set of
challenges as they go forward, because the challenges always change
in cybersecurity.
Speaker 3 (26:58):
And again, I just want to thank you so much
for your time.
Speaker 2 (27:00):
Well it's our pleasure, Corey. Thank you so much, and
we really were very excited to have you on CEOs.
Speaker 1 (27:05):
You should know.
Speaker 2 (27:05):
Continued success and thank you so much for your time.
Speaker 3 (27:07):
Thank you so much.
Speaker 2 (27:08):
Our community partner, M and T Bank supports CEOs you
should know is part of their ongoing commitment to building
strong communities, and that starts by backing the businesses within them.
As a Bank for Communities, M and T believes in
dedicating time, talent, and resources to help local businesses thrive
because when businesses succeed, our communities succeed.
M and T Bank presents CEOs. You should know how
ind by iHeart media. Let's be Corey Thomas.
Speaker 2 (00:06):
He is the CEO for Rapid seven, a cybersecurity company
that helps organizations reduce digital risk by providing a platform
for vulnerability management, incident detection and response, and application security.
Before we talk more about Corey's company, I first asked
him to talk a little bit about himself, where he's
from and his origin story.
Speaker 3 (00:25):
So I grew up in the suburbs of Atlanta, Georgia.
Speaker 4 (00:27):
And one of the things is that my daughter now
just is starting her first job. And for me, I
always thought about all the blessings I had growing up
and have I prepare my daughter well for the workforce.
And that's to me, it's the true test in lots
of ways that every parent basis. I think my parents
blessed me in so many ways. The thing I'll say
(00:49):
is that they installved what I now find hard to
see in the world today, this sense of hope and
this belief that if you actually worked hard, she did
the right things, that you could actually be more than
what your circumstances livinged a YouTube. You know, my parents
were working class. My mom started off as a secretary.
(01:11):
She ended up leading a personnel function for one of
the largest school districts in Georgia. My father was a
self taught electrician, but it took many jobs, including janitorial
jobs along the way. I spent my childhood cleaning up
churches as a way to make money in addition to
cutting grass. I worked at Chick fil A in my
(01:31):
early teenage years. But my parents installed the sentence that
what I did and how I acted and how I
behaved and how I worked it made a difference. And
it ultimately didn't make a difference, but it was because
they had still that sense of belief that to make
a difference. After I graduated from high school where by
(01:51):
the way, I got bussed to high school, So I
got bussed from the south side of Atlanta to the
north side of Atlanta, and I had the privilege of
actually going to one of the wealthier public magnet schools
in the state, which really changed my opportunities of outcomes.
Speaker 3 (02:04):
I considered that a blessing in lots of ways.
Speaker 4 (02:07):
I got into Vanderbilt University and that's where I went
to college, and that's why I'm a life long COMMORECE
fan today.
Speaker 2 (02:13):
Yeah, and you and I were talking in the green
before that, both your football teams, so because I know
you did Harvard Business School too, Harvard football is having
a good year. Vanderbilt's having a good year. So things
are good in your football world, sir, Things.
Speaker 4 (02:25):
Are good in the football world. Vanderbilt, Harvard had a
good one. Drake May just had a great outing with her.
Speaker 1 (02:31):
I know, I know.
Speaker 3 (02:33):
Got was buried down just a year ago, and now
I'm just like, you know what things are so bad?
Speaker 1 (02:38):
Yeah, well that's sports.
Speaker 3 (02:39):
You know.
Speaker 2 (02:39):
I'm going to talk to you about this later in leadership, Cory.
But I'm a dad like you, and I've got a
daughter as well, who graduated last year. She's in Brooklyn.
She's a filmmaker now. And one of the things that
our generation for you and I because most of our parents'
generation they were very hard working and they instilled that
in us, and probably you and I were on our
own since we've been fourteen or fifteen, right, right, But
(03:00):
we're worth farguring out, well, we're part of the helicopter generation. Now,
how we wanted everything better for our kids. We spoiled them, roaden.
But I think the one thing we did install to them.
Speaker 1 (03:09):
The leaders do.
Speaker 2 (03:10):
And I want you to talk about this later, and
we talk about leadership is just working your tail off,
you know, showing up early is you know, showing up
on time and working your tail off. You don't have
to be always the gifted one, but if you work
your tail off and show some aptitude, you know, you
can make it in this world. And I think that's
what you and I and everybody else's generation passed down
to our kids.
Speaker 3 (03:30):
I completely agree.
Speaker 4 (03:31):
I think that is a gift that I know that
I passed down to my daughter and she has a
great work ethic. Yeah, mine too, moving out but that's
kind of It's funny how you how you keep score? Yeah,
and you know, and one of the most reason always
have people score is how well that I actually do
preparing my kids for the world that we inhabit.
Speaker 1 (03:50):
Yeah.
Speaker 2 (03:50):
Yeah, two hard jobs running a company and being a dad.
I mean they are top Well. Listen, we're here to
talk about Rapid seven and I know you put in
seventeen years and it's really credible. But I'm also curious
for context for our listeners too, when you were coming
out of school, because you've been with Rapid seven for
seventeen as mentioned, but you did things before that.
Speaker 1 (04:08):
As you were coming out of school. What did you
want to do?
Speaker 4 (04:11):
Oh? Well, it changed over time, it always does. I
graduated from school. I was hardcore and I wanted to
be an innovator of technologist. I wanted to write software,
build programs.
Speaker 3 (04:24):
I grew up idolizing Bill Labs and what happened.
Speaker 4 (04:28):
It also happened to be that I was interning and
working at AT and T, which was a fantastic experience, but
they were also breaking off Bill Labs. They were doing
other things, and so I had to reassess what I
actually wanted.
Speaker 3 (04:41):
To do and what I wanted to be.
Speaker 4 (04:43):
And part of what I saw at that time was research,
because I saw off with a hardware person was shifting
and there was this whole world of software that was
allowing us to do things that we didn't imagine before.
So I shifted from the hardware side of my orientation
to the software side.
Speaker 1 (05:00):
UH, big pivot, A big pivot, by the way.
Speaker 4 (05:03):
Exactly what you can actually build and create? And I
ended up going to Deloitte Consulting, where I looked at software,
redesign and building modern systems, including one of the early
internet banks in Europe. To I went to business school
and then the Microsoft and Microsoft I worked on the
product management team for sql server, their database ecosystem, and
(05:27):
got the experience in learning going that fast owned business
and their serving tools division at that time. And so
those are some of the formative experiences that I had
before coming in too Rapid seven.
Speaker 1 (05:37):
Right.
Speaker 2 (05:37):
And you know, as I take a look at your resume,
you've done a little bit of everything, and you've worked
with some very cool companies. You're not the first person
I've talked to in this series that have gone through
either Deloitte and or Microsoft. There's a lot of people
that have done that.
Speaker 3 (05:48):
Now.
Speaker 2 (05:48):
I always love to ask this question too, before we
get into mission and vision of the company and what
you do. Obviously, you had a cool resume, you had
some experience, and I can see why Rapid ste Evan
was interested in you. But why were you interested in
joining them?
Speaker 4 (06:04):
Oh? Yeah, I was looking and I wanted to find
After Microsoft, I wanted to really get back to something
that was small. I had not done a early and
I said, I really do want to be in that
innovation environment. It's all about the people right in fact,
when I quote people today, I say, look, you want
two things. One, you want to be in a market
that's relevant. They're doing important stuff, but like if it's irrelevant,
(06:25):
it also means people willing to buy and pay for
its sustainable.
Speaker 3 (06:28):
You want to be in something that matters and relevant.
Speaker 4 (06:31):
And two the people that you're doing it with it
matters massively and hugely. Rapid seven had some fascinating and
great founders Alan Matthews, John Devine, Toss and Chad the
co founders had this passion and this interest in this
mission about making cybersecurity easy, more consumable. It was a
(06:52):
space that was relevant, especially at that time, because you
had good guys and actual bad guys, like it didn't matter.
The investors at Bank Capital and Ben Holtzman, who are
lifelong friends now, had this passionate and conviction to see
companies successful, but also they cared about security and the
outcome for customers, which you always don't see in investors. Yeah,
(07:14):
so that's the reason that that was attracted to me.
Speaker 1 (07:16):
Well, Cole, well let's do this.
Speaker 2 (07:18):
We're going to talk about so many things programs and
capabilities and really get into the weeds in the company.
But I think mission and vision is always a really
important thing to ask because I know they're important to
CEOs and leaders and companies. When I ask you about
mission and vision when it comes to RAPID seven, what
are they?
Speaker 4 (07:33):
Yeah, So our mission is very straightforward, very simple. We
want to help make sure that every organization. Let me
just say besides that every organization can have a great
security program and great security outcomes without breaking the bank.
It breaks my heart that you have small regional hospitals
that are constant a cyber attacks. So we think about
how do you take complexity out of cybersecurity, how do
(07:55):
you scale cyber operations, but how do you actually make
it where every organization all over the world world can
have security operations that are not just achievable, but actually
are something that they can afford, something that can secure them,
and something that can protect them. Because protection that cybersecurity
should not be limited to the Fortune one thousand. It
should not be limited to mad markets, It should not
(08:17):
be limited to companies that are having a great profit
quarter a great profit year. Our customers span the spectrum
from small community and regional hospitals up to the Fortune
ten But our goal is the same. Everyone should be
able to have great security that protects them in their mission.
Speaker 2 (08:34):
I know a lot of our listeners are very familiar
with Rabid seven. But for the ones that aren't, Corey,
if you were to kind of give them a thirty
thousand foot view and a short version about exactly what
you and your team do, what would you tell them?
Speaker 4 (08:46):
Yeah, our team is a team that actually manages the
security of your technology environment. You can use our technology
to monitor the environment, analyze the environment for threats, prioritize
where you actually need remediation and you need vulnerability fixed,
patched or corrected, and we monitor the environment on ongoe
places or tax What makes us fairly unique is we
don't just offer the technology that manages the security of
(09:09):
your technology and security operations. We also offer the services
where you get the privilege to say, hey, I don't
have the capacity to actually do this because most organizations
can't hire that, people can't say up to people, and
you can actually outsource that to us, and we'll actively
manage the environment and on your behalf, prioritize, organize, monitor
(09:29):
and respond to threats against you.
Speaker 2 (09:31):
Well, Corey, you this is a great segue, I think,
and we're going to talk about programs and capabilities and
some of the offerings that you work with your clients.
But I always like to ask because I know it's
a competitive space. And with that said, I can already
see and hear your passion, and I know that's one
of the things the leaders really bring to the tables,
especially the successful ones. But when it comes to differentiating
yourself from said competition out there, how do you do that?
Speaker 4 (09:53):
Yeah, So the first thing is we actually have one
of the best integration platforms in the world. And the reason
that's key is every organiization has a complex environment. You
don't need to be a system integrator to actually figure
out how to pull all of your security to limitry
together and then what's going on. We connect with every
single existing system you have, and we augment with our
intelligence that we're collecting across your environment, and we can
(10:15):
tell you what your technology footprint is, what the vulnerability
risk in your footprint is, what the compliance risk in
your footprint is, what stuff needs to be remediated at
what pace and what scale, and what's critical to remediate
and what can we actually wait and then we can
actually actively monitor the environment, tell you what you're undertack
what's unique is that we actually bring it all together
(10:36):
and we allow you not to actually operate in silos,
but we are your back in infrastructure that actually synthesizes
all of your security management across all of your security
infrastructure technology.
Speaker 2 (10:48):
All right, well, you're starting to talk about this a
little bitsines This leads me to my next question, and
it's also great segue when it comes to programs and capabilities.
I know you have a lot of different offerings out there,
and whether it's a small, medium or large business, I
know it's Alacar and everybody wants something a little bit different.
But when it comes to some of the offerings that
you're most proud of where people want the most, what
are they?
Speaker 4 (11:07):
Yeah, you know, if you look at our leading and offering,
they really follow into three categories. One is the MDR
Managed Detection Response. Our SIEM technology, which allows people to
in our management experience that allows people to monitor the environment.
Speaker 3 (11:21):
Is probably our largest seller today.
Speaker 4 (11:24):
The second is our vulnerability and exposure management, which is
really how people actually prioritize and look at where they're vulnerable,
where they have risk, where they have misconfigurations across the environment.
And the lastic cloud security. Those are the three big
We have ten different areas we sell in. But when
you think about why people come to us, they come
to us because they actually want the highest efficacy, lowest
(11:44):
cost way to monitor their environment. They want a fast
way to actually prioritize risk across their environment and vulnerabilities
and misconfigurations and compliance gaps, and they come to us
actually solve that problem.
Speaker 2 (11:56):
You know, one of the things that I heard for years,
and I'm gonna layman, but I've been in the news
media with sports and news for thirty years, and I
always read about cybersecurity attacks coming from different countries. And
in the last ten or fifteen, as you know, being
intimately in this business, now we're hearing about domestic ones
pretty regularly right now. So with that said, I imagine
it makes your job that much harder, that much more challenging.
(12:19):
But when it comes to what the client's needs are,
when it comes to those kind of things, are what
are clients talking you about, what are their concerns out there?
And what are you working really hard at so everybody
can sleep at night.
Speaker 4 (12:31):
Yeah, clients are drowning in complexity if you use them out.
Most organizations say I don't have an unlimited budget for cybersecurity,
So how do I get affected cybersecurity? How do I
deal with the fact that I'm having this been more
and more on technology every year to keep up with the.
Speaker 3 (12:48):
AI race or this race. So it's complexity, if.
Speaker 4 (12:51):
You really want to boil it down at the end
of the day, it's complexity in how they scale are
the things that customers are actually looking for and our
if you look through all of our customers, the ones
that are successful are not the ones that spend the most.
Speaker 3 (13:05):
But they have a couple common attributes.
Speaker 4 (13:06):
One, they do the fundamentals well, so One, they understand
their attack surface better than anyone else. And that's kind
of why we actually have a big focus on like
you have to know your sack surface better than your
attackers and better than the people that are trying to
get to you. But that's inally solvable. The second thing
is they're systematic. They don't do everything, but the stuff
that they do they do really well, whether they do
it themselves, whether they outsource it, they're very systematic and
(13:28):
making sure that they actually have highly structured programs that
run well. And the and the third thing that they
do is they are not defensive. They really instill a
culture of a I call it a secure culture, but
it's a culture that says like security is everyone's job.
When companies and organizations do that, they tend to be
(13:50):
wildly successful, and it actually strips away a lot of
the complexity. What I do, I love because technology helps,
services helps. But at the end of the day, people
are trying to tackle the complexity. And we also just say,
like I say, you don't have to do everything. You
just have to do a common set of things incredibly well,
and that tends to reassure people.
Speaker 2 (14:09):
AI has been around for a long time, but it's
really being used by a lot of people. And I
imagine without any assumptions, it's used in your line of business.
What do you like about it? How do you use it?
Speaker 1 (14:18):
And does anything scary about AI?
Speaker 4 (14:21):
So one, I love AI mostly because it's the thing
that is allowing us to accelerate our mission. Our goal,
as I talked about earlier, is everyone has the right
to get cybersecurity. Now we have to make that a reality.
What AI is doing is lowering the cost barriers and
allowing us to actually manage the operations of our customers
environments at high quality and high efficacy. So I love
(14:44):
that aspect of it. We're we are putting more and
more people on AI and deploying more and more AI
technologies every day, and that's part of both the success
we're seeing, but it's also part of what's exciting our
customers now. To get to your other point, what scares
me about AI. What scares me about A is that
it's turning the attacker world upside down to you know,
(15:04):
we no longer get like those mystery emails with all
the misspellings and all the other stuff, and forget like spellings.
It is the micro fishing that people can do, whether
they're selling to you or whether they're targeting you for
an attack. They can go into your leakedin profile, your
social media and they can actually use AI to figure
out what's the best way to target to and by
(15:24):
the way, just like we're using AI across the world
to accelerate software development, that is also true for malicious
actors and malicious states and malicious parties where they can
actually use AI to craft more than farious malware ransomware
campaigns and they can hyper target it to you. That
is the EBB and flow of technology though technology is
(15:45):
technology is how we actually use it, and us defenders
have to actually use it and apply it to get
more benefits than attackers who are using and apply it.
I am optimistic about this, just to be clear, but
it is a neutral thing. We have to both use it,
we have to apply it, and we have to make
it broadly available and accessible.
Speaker 2 (16:03):
Is hacking more sophisticated now or just more people doing
it now? Because and the reason why I ask you that,
I think it's like when you buy a certain car,
you start to see it on the street all the
time because you have that car now. So as I
watch the news all the time as a layman, I'm
seeing that, well, my bank just got hacked, my phone
company got hacked, my health insurance got hacked, and I
know what's in the news a lot. Is it happening
(16:24):
more often or people getting more sophisticated.
Speaker 3 (16:26):
There's three different dynamics.
Speaker 4 (16:28):
One, you actually just have more reporting, more disclosion, which
is actually happened along the way. So that's you know,
when you start measuring stuff and we have compliance regimes
that require you to report something, turns out this is tripolate.
This is also true for crime, like you want to
see a crime spike, you actually say, yeah, you have
to start measuring.
Speaker 3 (16:46):
And standard out of way so we know this rioight,
it's history. The more you actually sort of like structure measurement,
you actually see more.
Speaker 4 (16:52):
The second thing is it's actually easier to actually get
started and hacking. Now, I would say average defenses are
going up, so it's tougher to compromise people that have security.
Speaker 3 (17:03):
But keep in mind, this is a great divide.
Speaker 4 (17:04):
There's a big divide between the haves and haves not
in the security world.
Speaker 3 (17:09):
And because of.
Speaker 4 (17:09):
That divide between the haves and have nots of the
security world, that that creates more exposure to more vulnerable
systems and population. So you have local municipalities that get
hacked or popped or something else like that.
Speaker 3 (17:23):
So those things really really matter.
Speaker 4 (17:26):
So that's the second aspect that I would actually put
in there.
Speaker 3 (17:30):
The third one is.
Speaker 4 (17:32):
Hacking has actually grown its share of tools usage in
the world. Like when you are a criminal, you used
to have to use physical things. Why if you're a
criminal today, why would I go to a physical attack
when I can actually do a virtual one. Criminals don't
want to get hurt either. When you're a government. Why
would I actually put troops on someone else's soil. There's
(17:53):
still something when I can actually stay comfortable in my
country and do it. So it's also just become the
preferred way to actually engage in espionage and VEVD and
all these different things.
Speaker 1 (18:06):
Yeah, it makes a lot of sense.
Speaker 2 (18:07):
Well, listen, I'd love to hear a great story and
imagine over the seventeen years there have been some amazing
stories with clients. You don't have to mention them by name,
but this is one of the fun questions I get
to ask this series about this is why we get
up every day and I work hard with my team.
Is there something special that happened with a client that
really worked out really well? He said, you know what,
we knocked it out of the park. This is why
we get up every day. Can you share something with us?
Speaker 3 (18:28):
Yeah, every day.
Speaker 4 (18:29):
So one of the things we do is we have
a you know, we have a managed detection response and
when we have a security operations setup that monitors the
environment for thousands of customers around the world.
Speaker 3 (18:38):
About two good stories.
Speaker 4 (18:40):
One of them there was a nation state attacker that
was attacking eight not an industrials.
Speaker 3 (18:48):
Will call them in industrials okay, a global.
Speaker 4 (18:51):
Industrials company, and our team identified the attack, they actually
traced it back, they blocked them from getting in.
Speaker 3 (19:00):
What made the story great was it was the start
of a campaign.
Speaker 1 (19:03):
Wow.
Speaker 3 (19:03):
And so we took what was.
Speaker 4 (19:04):
Happening in that attack and we actually communicated across our
entire install base to protect every customer from that attack
going forward. And then we also notified the some of
the threat sharing groups that we were part of about
the tech. The thing about that is that typically when
these campaigns they get going, they build up momentum as
they actually go. And while it was successful, we were
(19:27):
able to protect our customers, but most importantly, we were
able to limit the impacts and the reach of that campaign. Now,
this isn't never any battle, but that's actually you know,
that is one that I love.
Speaker 3 (19:42):
You know. The second piece that.
Speaker 4 (19:44):
I'll actually talk about is we have a large I
would just say technology.
Speaker 3 (19:49):
I'm always careful about how describe it. A large one
of the top technology companies in the world.
Speaker 4 (19:58):
That are constantly under attack and they have to actually
manage their exposure because it is it is really they
do not have days and weeks to actually do it.
They have moments and hours and they leverage our technology
to one track their tax surface on a real time basis.
What's every piece of technology, what's the configuration, what's the
(20:20):
vulnerability gap, what's the configuration gap, what's the compliance gap?
And we've actually demonstrated that we can actually minimize their
time to exposure by orders of magnitude about what Britus
what they were able to previously do. Those are two
examples I give that actually really excite me about the potential.
And you know, in one case, it's about how we
scale sort of like identifying a tack group of cross
(20:42):
In the other case, it's about how do we actually
minimize the time of exposure in an organization that is
a primary target of almost every government around the world.
Speaker 1 (20:52):
Well, it's just absolutely fascinating.
Speaker 2 (20:53):
I have one more laming question for you as you
were talking about that, and I've always been curious about that.
Tell me what you can here, But when it comes
to an attacker and you block the attack and you
find out who they are, it's important to follow up
with authorities, whether it's domestic or in another country or
does that not matter at that point that you've just
blocked them and you've done your jobs. How is there
any follow up when somebody attacks?
Speaker 3 (21:15):
You know, it really depends.
Speaker 4 (21:17):
So look, there's so many attacks that lots of time,
it's just not with our thought because.
Speaker 3 (21:21):
They're known attacks.
Speaker 4 (21:22):
Yeah, if we see known unique campaigns against existing major
threat actors, against new threat actors, then yes we should,
we need to.
Speaker 3 (21:30):
We do share that knowledge and that information.
Speaker 4 (21:34):
But again, it really is one of those things that
it depends on is it new, is it known? Is
it novel? Who's actually doing it? So there's lots of
attacks that we just stop.
Speaker 1 (21:46):
Understood, just we clear understood.
Speaker 4 (21:48):
But there are categories of attacks and research groups and
threat groups that are research team tracks and for those
as we're tracking a research group or a threat group,
then absolutely it does make sense.
Speaker 1 (21:58):
Well, as you can tell, I'm absolutely standard by it.
Speaker 2 (22:00):
I want to put a pin in work just for
a second, if we could Corey and ask you about
philanthropic and charity work. I know you are very very busy,
but whether it's with work or with your home and
your family, and it comes to charity and philanthropic, what
do you like to be a part of.
Speaker 4 (22:15):
I like to be so our family and I'll talk
about work. At work, we're all about how do we
actually make it where two missions one as many organizations
can get security as possible. So we always think about, like,
how do we actually secure organizations that don't have the
resource and capabilities, So we have programs around that and
we try to support and work with community hospitals and
other stuff like that.
Speaker 3 (22:35):
That's what a big passion of ours.
Speaker 4 (22:38):
We created this initiative in Massachusetts to work to secure
municipalities so that they were actually secure and that was affordable.
So that's a big passion are The second big passioner
at work is workforce development and how do we make
sure that fields and cybersecurity are available to everyone. The
thing I love about cyber security is that cybersecurity is
(22:59):
one of those fields that, like what you do matters
more than where you went to school, that grew up
that like, you know, the hacker mentality and mindset of
what did you do, what did you create, how did
you attribute to open source? All these different things matters,
and we want people to know about that and be available.
So we support a number of different things that encourage students,
(23:20):
that encourage people that don't have it to actually get
engaged and then turn that into a career.
Speaker 3 (23:25):
So those are the two things that work in my
personal life.
Speaker 4 (23:29):
I am really about, like how do you actually make
the American dream come true?
Speaker 3 (23:32):
So like how do we actually.
Speaker 4 (23:33):
Because you know, I do worry that there's a lack
of belief that it's actually possible for people to actually
work hard and have it.
Speaker 3 (23:40):
I think that's a belief thing that we have to target.
Speaker 4 (23:42):
But then for those of us that have been blessed,
we have to be investing back in our local communities
and help people see that that dream can be realized.
And so that's a big passion economic environment. And then health.
You know, my family has had lots of health issues
across our family, and we have there's wonderful doctors who
(24:02):
work really really hard to do lots of things, but
our medical system doesn't always deliver the best experience to people.
Speaker 3 (24:12):
Amen. Amen, And so.
Speaker 4 (24:15):
So we try to work to actually make that a
better experience for as many people as possible, and we
try to do it in the existing health infrastructure.
Speaker 2 (24:23):
Well, I like that you're paying it forward. Thanks for
sharing all that I did. Tease leadership and you and
I are sports guys, and you know something that My
wife and I have joked about over the last twenty
seven years that we've been together. She's on the sales side,
I'm on the program programming side. So heads budded early.
But then when we started speaking our own languages and
shared them and swap them, we realize there are a
lot of similarities between what we do when it comes
(24:46):
to leadership, whether you know being a sports fan or
when you talking to your team about honor and duty
and leading from above and trusting your people. When I
talk about leadership and how you use it, Corey, what
does it mean to you?
Speaker 3 (25:01):
At the end of the day.
Speaker 4 (25:02):
When I think about leadership, it is about how do
you actually bring a group of people together to be
more than they could be?
Speaker 3 (25:10):
It's just a collection of individuals.
Speaker 4 (25:12):
Yeah, how do they actually and there's a couple attributes. One,
how do they believe in something larger than themselves? How
do they achieve something that is an order magnitude more
impactful than the number of people that are engage? And
then the other aspect of leadership is how do we
actually play it forward. There's many different tools that we
(25:33):
actually use, but at the end of the day is
that can we have the widest set of people from
different backgrounds come together and believe something bigger together and
achieve something bigger together.
Speaker 1 (25:44):
That's really well said.
Speaker 2 (25:45):
And for all the sports fans out there, if Corey
sended like a sports coach, that's exactly how they talk
to folks. And that's where I said there's similarities in
the business world to sports world. It's all the same
message about bringing everybody together, believing the message, executing and
being better than any think you are. And I think
it's wonderful. Thanks for sharing that well, Corey. I wanted
(26:05):
to do this. I really enjoyed the conversation, but I
want to get some final thoughts. I also want you
to give the website and if you're hiring, I know
some people like to work for the best of the
best companies out there, so you can talk about that.
Speaker 1 (26:15):
But did some final thoughts from you? The floor is yours, sir.
Speaker 2 (26:18):
Well.
Speaker 4 (26:19):
I just want to thank you so much for actually
taking the time. The website www. Dot wrap at sevens
and number seven dot com. We would love to hear
from you, and we're both hiring. We're always hiring, and
we want to actually build partnerships. You know, you and
I talked a little bit about this earlier, but like
our etails as a company is that we partner with
our customers and we're always working to do a better job.
(26:41):
We know that there's things that we can help our
customers with, but we also have this never done mentality
that we have to continue to evolve so that we
actually are helping our customers tackle the next set of
challenges as they go forward, because the challenges always change
in cybersecurity.
Speaker 3 (26:58):
And again, I just want to thank you so much
for your time.
Speaker 2 (27:00):
Well it's our pleasure, Corey. Thank you so much, and
we really were very excited to have you on CEOs.
Speaker 1 (27:05):
You should know.
Speaker 2 (27:05):
Continued success and thank you so much for your time.
Speaker 3 (27:07):
Thank you so much.
Speaker 2 (27:08):
Our community partner, M and T Bank supports CEOs you
should know is part of their ongoing commitment to building
strong communities, and that starts by backing the businesses within them.
As a Bank for Communities, M and T believes in
dedicating time, talent, and resources to help local businesses thrive
because when businesses succeed, our communities succeed.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Betrayal Season 5
Saskia Inwood woke up one morning, knowing her life would never be the same. The night before, she learned the unimaginable – that the husband she knew in the light of day was a different person after dark. This season unpacks Saskia’s discovery of her husband’s secret life and her fight to bring him to justice. Along the way, we expose a crime that is just coming to light. This is also a story about the myth of the “perfect victim:” who gets believed, who gets doubted, and why. We follow Saskia as she works to reclaim her body, her voice, and her life. If you would like to reach out to the Betrayal Team, email us at betrayalpod@gmail.com. Follow us on Instagram @betrayalpod and @glasspodcasts. Please join our Substack for additional exclusive content, curated book recommendations, and community discussions. Sign up FREE by clicking this link Beyond Betrayal Substack. Join our community dedicated to truth, resilience, and healing. Your voice matters! Be a part of our Betrayal journey on Substack.