July 12, 2024 • 73 mins
Welcome to the DiscoPosse Podcast! In this episode, hosts Milou and Brian join Eric for an engaging conversation about their exciting new podcast, Socializing Security. They discuss the challenges and joys of starting a podcast, the intricate world of security and compliance, and the diverse experiences that led them here.
Listen in as Brian and Milou share their backgrounds in IT and compliance, the inspiration behind their podcast, and their passion for making complex topics accessible to everyone. With a focus on learning, networking, and community, their podcast aims to bridge gaps and bring valuable insights to both professionals and everyday listeners.
Whether you're a tech enthusiast, a compliance officer, or just curious about cybersecurity, this episode offers a wealth of knowledge and inspiration. Don't miss it!
This podcast is made possible by GTM Delta
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
So, hi, this is Milou. And this is Brian.
And we're here to talk to Eric about all sorts of interesting stuff,
including our own podcast that's recently come out called Socializing Security.
But right now, you're listening to the Disco Possum Podcast.
Music.
(00:33):
Past. You're listening to the Disco Palsy Podcast. Enter Stinger.
Lasers and kittens. Well, thank you both.
We have been chatting a bunch about kind of podcasting goodness.
And it was really, really great because seeing fantastic folks like yourself
who have such great stories and ideas to share and also knowing how well you
(00:59):
approach a conversation excited me.
There's a lot of people that start podcasts and I started like,
that's awesome. Good stuff.
You know, and you kind of just know you, you'll, you may not see too many of
them cause it's tough. It's a tough thing to do for sure. It's not a.
It's not something that takes a lot of work, but it also does.
(01:19):
It's a strange mix of, you know, what are your goals with it, et cetera.
Anyways, there's a lot of stuff we can do. And for folks that are brand new
to both of you, we'll start all, I'll go to my left and to the right for ease of use.
Brian and Milu, if you want to introduce yourselves to the folks,
and then we'll talk about your upcoming podcast and all sorts of other good
(01:40):
things that brought you here today.
Yeah. Great. Thanks, Eric. I really appreciate you having us. first of
all my name is brian knudsen you know
i've i think we've done this i've been on your podcast a couple
times now you've been on you're an alumni now i thought yeah
your badge or something yeah how much longer till i get the jacket yeah yeah
i also also had you on my podcast so i've i've done a couple other podcasts
(02:03):
besides the one that we'll talk about today you know one one of which is kind
of the chapter has been closed on that one another one that's It's just kind of an ad hoc,
you know, a bunch of friends sitting around a microphone chatting for,
you know, half an hour, 45 minutes.
So have some experience in this space.
Always a fun thing. It definitely is a lot more work than people give it credit for.
(02:24):
And you can tell which ones kind of put the effort into it, both on the front
end and during the recording and on the back end.
So it's definitely a labor of love for most people that do it beyond,
you know, the classic first 10 episodes type of thing. So we've been really
focused on having a well-defined vision of what we want. And of course,
(02:45):
we'll talk about all that.
But background on me besides podcasting, I've been in the IT industry for 19 years at this point.
More than half my life, let's put it that way.
And I've done a lot of things, everything from...
Actually doing programming and code writing all the way through to doing kind
of the marketing side of things.
(03:06):
So a wide range of visions of that. I've been a customer. I've been on the vendor
side. I've been on the service provider vendor or VAR side.
So I have a wide range of experiences there and have a particular focus around
security, cybersecurity that I think we'll talk more about.
But Mila, I'll let you introduce yourself now too.
Yeah. Hey, everyone. My name is Mila Meyer and I am a co-host with Brian on
(03:29):
our new podcast called Socializing Security.
But in my regular day job, I am a compliance practitioner and attorney by background.
Brian and I used to work together in a past life. And then a couple months ago,
we had a mutual colleague of ours basically be like, hey, I think the two of
you should start a podcast.
It kind of turned into, I think within two hours, we had gotten on the phone
(03:52):
together and we were like, wait, shoot, this is actually a really good idea.
But I don't want to do it if If you don't want to do it, what's your schedule look like?
And it's kind of turned into this very fun thing that we're really building
out and exploring. And we're learning as we go.
And so we're excited, Eric, to learn from you as well today.
And we're honored that you had us here.
And honestly, we're just excited to talk about podcasts as well as some of the other stuff.
(04:14):
Brian and I both have other full-time jobs. So we're trying to figure out how
to manage the podcast and the responsibilities alongside our day jobs.
And so, yeah, like I am a founder of a consulting firm called Compliance Council.
I have a law firm as well. And so there's all these things that kind of flow together.
So we're figuring out how to best manage our time for our recordings and also
(04:36):
figuring out like how do we engage our audience on a regular basis and create
like a flow with our recording schedule and everything. thing.
The interesting thing is when you find people that immediately match on mic,
you know that this conversation is worth having and worth listening to.
Then to go beyond there, that's why most people hit the 10-episode mark is probably
(05:01):
one of the biggest ones because people will get there and they've kind of exhausted
their immediate peer group or they've exhausted the quick,
really witty things that they're used to being able to say.
And it's kind of like a standup comedian.
They have five hours of material that they give out five minutes at a time.
And you have to adapt it based on the audience. You have to be reactive.
(05:25):
It's a very complex thing. And people just think, oh, you're just doing five minutes on microphone.
But you don't know what that five minutes is going to be. And if two and a half
minutes into the five minutes, it's not landing, I have to shift gears completely.
The same thing comes with podcasting. So once it gets difficult,
it's very easy to see that friction increase to a level that it's hard to add in.
(05:48):
Like I said, we have full-time jobs, we've got families, we've got all this other stuff going on.
I mean, it's not an insignificant amount of time you want to put to it if you want to do it well.
And that's really what's interesting. even the most seemingly low production
podcasts still it's just because they've hidden the production from you.
(06:10):
And it's, it's kind of like they say like great UX is invisible. Bad UX is obvious.
The same thing comes like sometimes people spend all this effort.
Like I'm thinking about doing a podcast.
Okay. Let's spend six months planning. We'll get a logo design.
We'll do like, we do all this stuff and we get hung up on all the incidentals.
And then we think like, oh, so what's the, what's the purpose of the podcast?
(06:35):
Ooh, well, that's a great question.
So I guess that's probably the first question. What's, what brings your podcast
to the world and what's your goal?
I'll let Brian take this one. Yeah.
No, it's just funny because it seems like you've been listening to a lot of
our conversations. Conversations.
We actually did start with the, what is the purpose?
(06:56):
I think that that came together pretty naturally, pretty easily because we just
kind of said, what are our specialties?
And the context of which that friend of ours mentioned that,
hey, you two should do a podcast.
I'd listened to that all day long, was in the midst of a conversation around
security and compliance.
And we're like, there's a lot of content in there and there's a lot of confusion
(07:18):
and there's a lot of people that just don't want to talk about it,
we should do something that makes it more approachable, a little bit easier
for people to understand, takes on the barriers to having those conversations
so that, you know, us IT people don't shy away when the security and compliance people show up.
There shouldn't be a fear factor there. It shouldn't be considered that necessary
evil because it's necessary.
(07:42):
And anybody in the industry worth a darn knows that. Like, they can see the
importance of it. They may not.
Gut react against it or decide that you know they it's going to get my way but
they understand the importance of it for the most part so let's talk about how
we can all take the next step and move from i get that it's important to i i
accept and i make it a part of my day-to-day business.
(08:05):
Yeah, especially for practitioners, like as a nerd, like I knew what had to be done.
I worked in financial services for 20 years, as you can tell by the frown lines around my face,
because, and so we sort of joked, we had a compliance person and they would
just come by and it was always just like, so we joked and we called them the compliance assist.
(08:27):
And they would just stand at the end of your desk when you're doing your requirements
and saying, the power of compliance compels you, the power of compliance compels
you until you got it right.
And realizing that we were often doing security in absence of compliance and
compliance was operating absence of knowledge of what security could do at a technical layer.
And that was, it was like dev and ops and, you know, diet and exercise.
(08:51):
Each individually is its own entity.
But then when combined together in more than just sitting beside each other,
but actually integrating, hey, why do you do what you do?
You're like, oh, okay. So now the security stuff that I do when I speak with
somebody, you know, Milou, you get to this all the time likely.
Like I would be horrified having to have a real deep, true legal conversation
(09:15):
about, you know, the semantics of that side of it.
But it's terribly important. And then on the same side, you probably,
you hear me talking about, you know, nerd bits and speeds and feeds and you're like, whatever.
Like, no, no, no, no. know like but when we
put the two together we have to have those diverse angles at
(09:35):
which we're coming at it because we're coming at it from the same goal on
the same team for sure and we have different viewpoints
in it and i think this is something that brian and i have talked about on some
episodes that we've been recording where we're unique because we actually have
similar types of work that we're doing but we represent like different hats
so and we came about it differently where like Brian started his path and career
(10:00):
into this very much on the technical side.
I started more on the regulatory side and am now very technical.
And so it's like interesting how the bridge of those two things has like kind
of our backgrounds are very different, right?
Like going to law school is a very specific trajectory and then going a really
non-traditional path, like getting a career in compliance when I was in law
school that was like, don't do it.
(10:21):
And then especially like how do you even get into technology that doesn't exist in that world?
And so then figuring out how to like fall into that and then having this like
duality types of things.
And I used to very much have to like basically prove to technical people why
I was in the room because certain technical team members wouldn't want to work
(10:41):
with like legal or compliance if they couldn't talk the talk.
Like they were like, if you can't keep up at our pace, we're not going to waste
our time because we don't see the value in compliance.
They're like, we're just doing an audit because a customer is requiring us to
do an audit. And it was like, whoa, whoa, whoa.
Like why are we thinking about it that way instead of like, what's the company getting out of it?
Yeah. The ironic thing is the same people that sort of bark about,
(11:03):
like, you don't understand our language, like 90% of them don't even understand
what fiduciary responsibility means.
You have to understand compliance is a very specific thing.
Regulatory requirements are not there to mess with you.
They're there to give us the effective guardrails in which we can operate at
the highest velocity safely.
It's the same with automation. It's all about not not creating gates.
(11:26):
It's about creating constraints and rules in which you can freely move knowing the boundaries.
And it's so hard for people to think of it. They just think of it as like, oh, you're a blocker.
That's absolutely not the case. Red tape. That's my favorite.
I always get like, oh, compliance is red tape.
And I'm like, we are problem solvers. My brand is definitely not that compliance is the way for no,
(11:50):
because ultimately if compliance or security continually say you you can't do
that and not coming with like, Hey, I'm not sure that's the best way,
but like, maybe we could do this way within the requirements.
And it's then especially powerful if you have a team that understands the regulatory
background and understands the consequences of potentially choosing a different risk.
So it's, it's a unique approach, but it means like I wear a lot of hats and
(12:12):
you know, in the same way that Brian, anytime I explain him to like any of my
colleagues or friends, I'm like, he's a unicorn.
He's like every job, like every job, except maybe for compliance,
I think, is the one we've figured out.
Less of a unicorn and more just gets bored easily. But that's the interesting parallels.
(12:33):
While we come from very different backgrounds, the interesting parallels are
we're always interested in what's happening on the other side.
What's that person I'm working with who's in a different discipline? How do they do their job?
How can they do better? How can I help them do better?
How can they help me do better? And that's what's drawn me to so many different
types of jobs is, you know, at one point I said, hey, I'm tired of managing a single environment.
(12:58):
I want to go to a role where I can see a lot of different environments and help
them solve various different problems.
And so I went over and I started doing, you know, VAR level consulting and had
a whole bunch of customers and through that process started doing blogging and
writing and stuff and realized, hey, I can communicate.
I'm doing presentations, I'm communicating complex things to customers,
(13:19):
both pre-sales and post-sales. I'm communicating things through blogs.
I can do this professionally. And that's when I made the jump into tech marketing.
And Milu has a lot of those same concepts where she's like, okay,
well, in order to be an effective compliance officer, I need to understand how
IT does their thing so that I can properly guide them to give them what I need
(13:42):
in order to do my job well.
And so we both have that kind of skill of absorbing from others and learning
from that and improving our own work as well as other people's work.
Security and compliance parallel each other that way in a lot of ways around,
hey, compliance is there to be the guardrails, also a security.
One tends to be hopefully in front of the other because compliance in a lot
(14:05):
of ways is the bare minimum everyone needs to do, whereas security should be
doing that and more without ever being asked to in the first place.
And compliance should just be, let's just prove that we're doing it.
It's just getting the facts down on paper and putting a stamp on it.
So it's an interesting parallel.
And even through the conversations we've been having as we've been recording
(14:27):
episodes and trying to get to that 10 episodes before we even start releasing
anything so that we've got the runway.
It's been really fascinating to just find all those parallels and how easily
two people coming from those two different disciplines can talk without really any issues.
We feel like it's like Spanish and French, you know, they, they're different
(14:49):
languages, but they're so similar that it's pretty easy to communicate between the two. Yeah.
Now, when it came to the decision to put it into the world, right?
So not only being able to just have the conversation in general,
but taking this out to the world, it's an always interesting thing.
Did you, are you excited by the idea of podcasting as its own standalone type
(15:13):
of business, or do you more see it as a supporting mechanism to other things
that you're doing on a day-to-day basis?
I mean, I see it, having done several podcasts, I've done it both directions.
I have one that is totally disassociated from other than the career field I'm
in, whereas another one was specifically for the company I worked for.
(15:36):
This one sits a little bit more in between. It's not specifically for any one
company, but we're building it to be its own thing, first and foremost.
It's going to be its own thing.
And that's introducing a lot of interesting challenges that we'll eventually
have podcast episodes about, the challenges of creating a podcast business and stuff like that.
(15:57):
But at the same time, it's going to support Milu and her business.
It's free advertising for her to some extent. For me, just like you,
Eric, I've been very focused on building my own brand and having my own thing
that transcends any employer I'll ever work for.
I may never go off and do my own thing and actually profit off of that,
(16:20):
but it's made a real difference to my career to get me to where I am today because
the opportunities I've had wouldn't exist if I wasn't a part of a broader community
of people that are more than happy to help each other.
You know we're you've had many of those guests on we'll have many of those guests on too.
You know just the reason why we're here in the first place is because
(16:41):
you know we were community members and we knew each other through
just going to events the same events and we've
never formally worked together at best we've had a reciprocation between our
two podcasts and you know so for me i guess to really succinctly answer your
question it is its own thing it's meant to be self-sustaining We're hoping to
(17:01):
do things to pay the cost of doing it.
So it's not just a black hole of money that we throw things into for the love of it.
Because we do love it. Our time is coming from that. We're not looking to profit
off it. We just want to pay the bills.
But it's also in support of things that are personal to us that become a place
where we can show what we're about.
(17:22):
Yeah, I would echo off of that of just being like in the intention, of course, with...
I'm starting a consulting firm, compliance counsel, and I'm building out a law
firm that supports those activities because I have that dual role.
Of course, as Brian has said, it's only beneficial for me to get my voice and my brand out there.
And because I've apparently been told that I'm a unique compliance officer and
(17:44):
I'm not like I'm I'll go with modern. I think I like that word.
But it's also for me is like an opportunity for networking. I really as a woman
in technology, I don't feel like I have that many different types of professionals
across IT, information security.
And so I'm actively trying to build those spaces that aren't just necessarily
like women in tech type of spaces,
but also just like more generic of just trying to be like, I want to communicate
(18:07):
with anybody that is a professional and is thinking about security and compliance in their world view,
because compliance applies in every single regulation, or sorry, industry.
But we are industry agnostic in that regard. And I don't want it to just only
be for technology people.
I want to have the opportunity to network with professionals across industry,
(18:29):
also self-serving. It does potentially create relationships for me, of course.
But I also have goals. I mean, I have a goal for socializing security that Brian
and I get to go speak at DEF CON one year.
And I really hope that that might be next year.
And so I'm hoping that the podcast itself, it absolutely is its own thing.
It's not related to my other businesses.
(18:50):
It's completely separate, which does create a lot of headaches.
From an entity startup's perspective, but it's meant to be its own thing.
I call it a passion project, but I do think it could be a job.
Yeah, I think you've got the right approach that.
Coming at it from a point of passion, because you have to be passionate.
It's kind of like every startup. You have to fall in love with the problem, as they say.
(19:12):
Once you fall in love with a problem, then the solution itself becomes a natural
next step. And then you can sell that thing.
One thing I always enjoy, I've been lucky. I haven't had to chase sponsorships
other than like I had sponsorships just to kind of float the infrastructure
spend for, you know, what it takes to run.
It's not even a significant amount, but it's more than zero.
(19:34):
And especially if you want to do more, you know, I mean, I've got more.
I was about to say that. Mike looks expensive. I've got some odd.
It's a very different style of room that I got set up for this thing.
But you can start literally with an iPhone.
You can all, the most important thing is the idea on which you start.
(19:56):
The infrastructure around it will get better. It will change.
It will adapt. at, but the core story of why you're doing it has to be what it's born from.
Not because I got an awesome camera, so I should do a podcast.
Which unfortunately, people often get stuck too. They realize like,
oh, I'm in media or I'm in whatever, thus.
Starting a podcast is easy, but that's actually not the core of the podcast.
(20:19):
It's the story. It's the heart. It's the thing that matters.
It's marketing, right? It's every word we say has purpose and it should.
And I actually, sorry, I'm droning on here on my own bloody podcast,
but there's, I wrote an article. It's your podcast.
Can't wait to have you on ours. Yeah. I wrote an article on our blog at GTM
(20:43):
Delta and it was specifically around how to create Michelin star content.
And it was born of the, uh, so I've been lucky enough. I went to 11 Madison
park, which is a really cool restaurant in New York.
And I went there a couple of times with my partner and she's like,
we got to love this. We're going to try this place out. I'm like,
this is cool. And it was an experience.
I'd seen a documentary on Netflix called seven days out about this.
(21:08):
And it was really amazing. Like I'm here, I've seen this place,
but then to then go through and watch again, the documentary.
And it sort of hit me this point where Daniel Hum, who's the head chef,
he says, everything is very specific
he says it's the four fundamentals of every dish
that they create number one it has to be
delicious number two it has to be
(21:29):
beautiful so it has to stand out in a way both visually and textually and taste
wise he says then the third ones is has to add to the dialogue of food it has
to have a reason a creative reason that this dish exists and then the fourth one is intent,
you know, what is the goal of what I want somebody who tastes this to experience
(21:53):
and share as a result of it.
And it's so wild that I thought it's exactly the same as content in that any
type of content we do that that's, we can't just go out and say,
yeah, let's turn the mics on and start talking for an hour.
It's like, what is the, is it, does it matter more at the end of this hour than
it did at the start? And it's a tough thing to ask yourself sometimes because
(22:17):
there can be podcasts where it's just like, yeah, those are neat.
They're just relaxed, conversational, and they're great to listen to.
But it's even more fun when then you bring on and you think what's,
what do I want someone to walk away with at the end?
And then sometimes what's even more fun is by the time you get to the end,
you're like, whew, that one even surprised me. And, and those are our fun moments.
(22:37):
So immediately being your early two podcasting, why in God's name would you
want to get into this game with me?
And Brian and all the crazies that are in this world. So coming from your side,
I'm curious, was there, is there a lot of sort of marketing and,
and podcasting and like community stuff on the legal and compliance side?
(23:00):
Honestly, I think there is. I haven't found a lot of it.
And so as part of it, I'd said like socializing security for us is also a way
for us to like expand our professional and personal networks to also just like
learn from additional, honestly, from companies, from speakers,
from subject matter experts.
We're hoping to just learn along with our audience.
So it's not intended that Brian and I are just the subject matter experts and we're just talking.
(23:26):
That is so not. I learn something new every single day in my job,
and I plan to do the same thing with the podcast.
With thinking about a culture around it, I think for lawyers and attorneys,
there's some pretty significant risks about potentially giving out legal advice.
And so there's been some really interesting like regulate. it's not even regulated.
(23:47):
It's been some really interesting conversations I've been having with like insurance
brokers and reading law firm blog posts to figuring out, you know,
what are the risks actually as somebody who is a lawyer who has a license has
to actually be a little bit more mindful than somebody who doesn't have that
because I'm regulated differently because of those fiduciary duties that you
(24:09):
mentioned earlier, right?
As a lawyer, I do have other responsibilities that, you know,
a professional without such a degree might not have.
So I think that's why we haven't seen as many in the legal space,
because I think a lot of people are nervous that they might get slammed with
a lawsuit for potentially saying something that somebody takes as legal advice.
Even, you know, I will say this is not legal advice.
(24:30):
I am not your lawyer. This is not legal advice. This is not financial advice.
This is not election fortification advice. we have to give all the disclaimers
up front but it's like I can say this jokingly but I also do know,
It is very real. Even for me, I'm very relaxed about it, but I do know the impact
(24:51):
of the words that I say and I even sometimes ingest.
You have to be careful because it can come out.
I was on a call with an analyst one time and I realized I've never been media trained.
Media training is not about making you good on microphone, it's about making
sure you don't say stuff that gets you in legal trouble. That's what media training is about. out.
And so I've never been media trained, but I was the voice of the company.
(25:15):
And so they would put me in front of every analyst.
And I had this great conversation. The guy was fantastic.
And we were just chatting sort of before the call about nerd things.
And we're like, ah, going back over history. And we do this whole call.
And then as the call is sort of finishing up, he's like, hey,
so what do you think about Tesla, electric cars? I'm like, wild.
(25:36):
This was early on. I'm like, this is going to be incredible to watch,
but this is before they'd ever shipped one.
And as he says, like, what do you think about the operational model?
I'm like, it's going to be tough.
It's basically a glorified Ponzi scheme right now, because they're basically
selling you cars that don't exist with the hope that they're going to be able to produce one.
And I realized I watched my PR person sitting across from the desk at me and her eyes opened so wide.
(25:58):
And I realized I'm like, oh, wow. Every single thing I say is on the record here.
And I And I just said that Tesla is a Ponzi scheme, like, right,
don't say stuff like that again.
So that was my one thing I learned, like, it is a real deep responsibility,
especially when you're representing your own brands.
(26:19):
So yeah, kudos on the challenge, but also the willingness to take on that challenge.
There's like finesse in it. Honestly, I'm learning as well, because like,
as I'm going from somebody who used to work like in-house full time and transitioning
into like having clients and what that's like,
even the relationship with clients as I'm their consultant, not their employee.
(26:43):
And so even the finesse, right? Like there's significantly less job security
in that relationship. And also certain things like not my problem.
It's just like very different, right? Like, like as an employee,
sometimes you might be like, oh, actually that is a really big concern and a
risk to the entire company.
And I am, you know, responsible of making sure that's raised properly.
And there's other things as like a, like a consultant where I'm working with
(27:04):
a client and I'm like, you know,
I might recommend you spend some more
time to do some more research on that one happy to help but like you
know when you ask i'm here to help yeah well
and this one's interesting to me too is the the soul
say the rise of law tube which became a big thing particularly i think the the
depth herd trial highlighted how many opinions are out there that lay they say
(27:30):
i am a lawyer and now i'm going to talk for three hours about something those
are not necessarily connected to things.
They say it up the front, like as a warning, by the way, I'm a lawyer,
but it's also a credibility builder.
But then from that point forward, you're like, these are opinions and should be taken carefully.
But it's it also then taints a lot of what we do when we talk about security
(27:54):
and compliance that like you want to give prescriptive advice,
but you then also have to be careful about how prescriptive you are because there's a lot of.
Dependencies that you don't know. And you're just talking into a one-sided microphone,
assuming the listener has a set of baked in inferences on the other side.
And I think Brian will find this funny, but I actually, normally most of the
(28:17):
people that I work with, either as clients or like in past relationships with colleagues,
most of them actually don't know that I'm a lawyer and that's intentional because
yeah, sometimes the second that people are like, wait, you went to law school,
you're a lawyer. Why are you a compliance person.
They're like, shouldn't you be doing contracts? Like, why don't you?
Like, I actually get my credibility is actually questioned because I chose to
(28:39):
go into a career in compliance and didn't go traditional route,
ended up being a general counsel and doing commercial transactions and have my own law firm.
But like, compliance is my thing. And so I don't know, even when Brian and I
were first working together in a past life, I don't even know if Brian would
have necessarily known that I was a lawyer until eventually I took over legal.
But I think for a lot of people, they were like, why did she take over legal?
(29:01):
She's a compliance person. And it was like, well, she's also a lawyer. And they were like, oh.
So for me, the legal stuff actually felt like it took away from my credibility
for some of the technical people that I used to work with.
Yeah. And I'll be honest, it was still very much Black Arts at that point to me.
So I didn't have expectations that are compliance people lawyers.
(29:23):
Well, do they know the law? because ultimately it comes down to what is the
legal ramifications of the things that we're doing,
i just i feel like they're natural like you would flow in and
out of those but i've now come to know that it's it's
far from that you know i i get a little bit
of that too like i had at one point i started i i
had the hat of being a product manager i won't
(29:44):
say i necessarily had the title but i had the hat to wear and so that meant
i had to work with the dev team you know there's a whole team of developers
and they're mostly front-ended by kind of a elite architect type of a type of
a role slash project manager type of role and when i took that role on.
I knew that there was, that was generally a sandpaper relationship between that
(30:07):
person and the product managers.
And so I sat down with them and said, hey, we're going to be working together.
I just want to start building a relationship so that when it comes time to butt
heads, which inevitably we will at some point, at least we've got a mutual respect to go with.
And explain the fact that, hey, I understand what your team's going through
(30:28):
because I have been a developer in the past. I have that experience.
I have been a customer in the past. i have been this in the past like
that variety that i have in the past when i
explain it to people and show how i
utilize that it it pulls down a
lot of barriers it makes it very easy to connect with people because like yes
i can't speak your language you don't have to you know baby it for me you don't
(30:50):
have to explain it like i'm five you can you can explain it like you would to
developers and if i don't understand i'll ask for clarification my job is to
learn that level and then to baby it to somebody else. So don't baby it with me.
Recently started into a new company and I'm just amazed at how readily accessible
the engineering docs are.
(31:11):
And every time I go looking for something, I stumble across them.
I'm like, oh yeah, now it's going to get fun.
And I go disappear for an hour and read through it, grok what I need to grok,
create some PowerPoint slides about it, maybe write up a little bit of narrative around it.
And I feel like I've done really good work because I've
taken something that's complex that was written for
a very specific audience of very nerdy nerds that
(31:35):
you know 90 of the industry doesn't understand
at that level and translate it to somebody else so
that again I'm going down this rabbit hole
of the variety of experiences we have I
think is our superpower and our ability to to
use those to communicate things and to bring people together to better understand
those things and hopefully bring in three different communities that we've all
(31:59):
been a part of at some level and draw them together to do something better together
is kind of that North Star that we've been finding.
Sorry, I went way off the script on that one. No, no, believe me.
Luckily, I have no script, so every script is exactly as As it always comes
out exactly as expected.
(32:19):
Yeah. When we, if you hear in, in, I know this from Grey's anatomy,
so I'll say it's from the medical field.
There there's a process they call see, say, do teach.
And that is, you know, the effective way to learn that number one, you observe it.
So you watch somebody else do it. Then you describe the process back so that
you, I acknowledge that what I saw was this.
(32:40):
And so they can kind of like, yep, you're heading the right direction.
And now you do the thing with somebody watching you and then you teach.
So that at that point, by having to show somebody else how to do it,
forces you to change your brain flow to, I have the curse of knowledge now.
How do I go back two steps to bring somebody back through these,
(33:03):
this first little ladder that I got to here?
And what I find and what you've already both shown is that you can do that.
And that's, what's fun about doing a podcast is that you can continuously, every
episode contributes to the the next one
and what you end up finding is like that's why
getting past 10 is amazing because what happens is on the
(33:25):
11th episode you can say yeah i've i've talked to
somebody else and next thing you know what you'll find is you find people that
read a book and they go oh i've heard of that book have you heard of this one
and we start to see this network occur and when i read a book my favorite thing
was when i read a book and in the book they refer to another book and i've read
that I'm like, this is it. This is my book.
(33:45):
I've, I belong here and seeing you two with distinct, but a shared voice,
I think is already like, it's going to be a hit just because it's hard to find
people that can give each other space.
Bass and even like doing this, I always do one-on-one.
It's so much easier because then, you know, every question I ask,
(34:07):
I know who's going to answer it.
But when you're DJing multiple voices, it's, you're a producer as well as an
interviewer, which is such an interesting combination.
And you both have done fantastically with each other already.
So I already know I'm on, I'm on, on, on your team on this one.
So it's now, now here's the fun part.
(34:29):
What's your desired audience? Are you looking at the practitioner?
Are you looking at, you know, you've got a lot of potential.
So who do you aim to be as an ideal listener?
I will answer this one. I want anyone to listen.
The whole point of socializing security in our podcast and why we wanted to
(34:49):
do this is we could have set up a super technical podcast.
Brian and I both can really talk on a level that like from a regulatory or like
infosec, we could really just dive in.
I personally, as somebody who didn't like get my training in And security found
the word security had a significant barrier to entry.
(35:09):
It's not really an industry that every like we all make decisions every day
that impact our personal security.
And most of us have no idea what it means to be secure or really like how to do that.
And so it's one of those things I truly I talk about information security and
compliance to anybody that will listen.
(35:30):
Whether that's truly the recently the
customer service representative at the IRS that was so gracious
that helped me and we started talking about password managers and
which ones I recommended or my in-laws
or my parents when we're talking about like generational differences about how
we're managing security or really really cool super smart people you know we
(35:50):
are trying to get some advisors to government agencies that do security to come
speak with us and also founders of large technology companies to come talk to us.
And also just like friends and colleagues.
And so it's really meant for anybody that wants to learn about security.
We both can speak about our particular skill sets and our experiences,
(36:11):
but we're trying to really mean that we could have anybody from a grandparent
to a cybersecurity advisor for the White House on the podcast.
Yeah. And, you know, given our diverse backgrounds, being able to.
Take that persona of somebody, hey, I grew up in the IT space,
(36:32):
and I know I have to deal with security because nobody can avoid it anymore.
Help me understand it. And at the same time, kind of help them understand compliance.
Come for the security, stay for the compliance. Come for the compliance,
stay for the security. Come for the security, stay for the IT.
None of them exist in a vacuum. And we
(36:54):
could go really narrow and deep and just talk straight security
and you know I listen to podcasts about that and I enjoy
those because they go deep and get nerdy but at
the same time I can listen to a politics podcast
and they'll talk about security and it's for me personally it's more fun to
apply it rather than to know how to do it if you will so being able to say yeah
(37:18):
so the cyberterrorism thing is becoming a global problem okay I like politics
and I also like security like that's an area that really engages me
because it's, and it's a puzzle, which is another, another thing that my brain
really likes to do. It's like, this is a tough puzzle to solve.
I constantly am thinking like, should I, should I go look at CISA postings and
go, go work for the government in that space?
(37:39):
I heard the other day that, you know, there's talk about creating another branch
of the U.S. military to just do cyber.
Like that could be fascinating because I enjoy those things.
Did you? I've already got my space force out. Did you?
No, I did not apply. At this stage, I don't claim to be a practitioner of security.
I'm more of a communicator and a...
(38:01):
Help people understand it. Because honestly, to help somebody understand something
to your point earlier, Eric, about teaching being the last step of the process,
you just got to be a few steps ahead of somebody and you could teach them something
because you just need to pull them to the level you're at while you're making
the next step to that level.
It's no different than pulling a child while you're going for a walk or helping
(38:24):
somebody climb up a mountain or whatever.
You just have to make sure that you're steady where you're at and
pull them up when you take the next step you know we do that in
our careers as well with mentoring it's it's not about i
have all the answers it's about i've been in that
seat let me help you get to this seat and i'll
probably learn something from you to help me get to the next seat too and so
(38:45):
it's it's by by having such a wide audience i think we view it as not hey we're
going to go scatter shot and we're going to lose lose our voice it's more of
hey there's no lack of things for us to talk about there's.
Every time we get on, when we have a conversation, whether it be recording an
episode or just planning for the whole podcast as a whole, we end up with two or three more topics.
(39:09):
Like we're exponentially growing the number of topics to the point where we
may never get to all of them.
And of course, everyone could have three or four different variations depending
on who the guest would be or which part of the topic.
The next episode that we're going to record, I threw out some ideas and Mila
was like, this is way too broad.
Let's narrow it to this. And now all of a sudden we've got three different episodes out of that one.
(39:29):
So it's a lot of give and take that I guess the main audience maybe we're looking
for are people that are just interested in learning about the broad scope of
how to protect yourself and your business.
The one thing that's always tricky when we get started, especially when we have
like, is a very broad scoped topic area.
(39:52):
And like you said, anything can apply, like the subject matter can be security
related or compliance related.
And yet it doesn't sound like it was born out of security and compliance.
Like I remember going to B-Sides, one of my favorite little groups to go to,
like a great technical community and they do in-person stuff.
And one of the things they do is human security. They teach martial arts and
(40:14):
like physical response and physical safety.
And you're like, oh, wow, that's funny. That is literally a security thing.
And there's lock picking at the next table.
So you can get a real diverse set of activities.
The risk that we have when we start trying to plan how it will go is that you
end up like the writers of Lost.
(40:36):
So that what ends up happening is three seasons later, you've got somebody going,
whatever happened to Jacob?
What happened to the guy on the island? What happened to the fire stick that exploded?
Like you've got like 200 things that got left off.
So my advice, even in hearing how fantastic the opportunities are, just let them occur.
Like you've got so much you can bring. And the worst thing you ever want to
(40:59):
do is be like, oh, let's do a series on this.
And because then that's usually where people get trapped, where they go like,
well, let's make sure we've got a total story being
told across these 10 podcasts before we release them and you're
like yeah you're never going
to get one out because you're worried about all 10 matching up
and as somebody who i was somebody
(41:21):
asked me this morning actually before i did another podcast and they said you
know are you all is it all technical do we have to be very deep technical i
said i've literally had sex and relationship therapists i've spoken to john
mcafee i've had a soap opera star on it doesn't matter what you do what matters is that
(41:41):
one hour later, people are at least one hour richer.
And hopefully more. Yeah. I'll say, Eric, I would love to ask you,
I actually have two questions for you if that's okay.
All right. First is I'm a really big coffee snob. So where is diabolical coffee and should I try it?
This is, yeah, one of my many, many side hustles.
(42:04):
I did have a coffee brand. I still do have it. It's just, it's quiesced at the
moment as I'll go back to my old nerd terms on that one.
So I wound it down just because I was building GTM Delta and I'm like,
I can't do eight things really well.
So between podcast and having four kids and all, I got a lot of stuff going on.
So I, but Diabolical Coffee is my own coffee brand.
(42:28):
We do, and it was primarily aimed at podcast listeners, which was funny.
I found my weird niche that I'd said, I want to to run this brand.
I literally just came off, I was going through GoDaddy looking for domain names
because I'm a domain squatter because that's the kind of weirdo nerd that I am.
I need to introduce you to another speaker for you.
I have somebody you have to meet, so we'll talk about that in a little bit.
(42:51):
I always look for ones that are about to expire and find ones with domain authority
and then try and just hang on the domain authority and build a site from it and then sell it.
So what I did was I found this one that said Diabolic Coffee.
And I'm like, oh, that's such a cool name.
It's not right. It's not an English word. It's not diabolic.
It's diabolical. But I bought it anyways.
(43:11):
And then like five minutes later, I bought Diabolical Coffee.
And I literally just had my friends do the logo. And I was like, that's all I was doing.
I would do coffee. Sorry, this is the longest answer ever.
I used to go to conferences all the time. And we would do a coffee exchange.
Our common friend, Cody Bunch is an amazing human, somebody who has helped me
(43:32):
greatly along with Brian over the years of my life, both in tech and out at home.
You know, what was really cool was that he wanted, he was very community and outward focused.
Cody, the only thing Cody's not good at is looking inside and helping himself.
So that's why we all try and rally around and be Cody to Cody.
(43:54):
But we would do, he would say like, we all love coffee. We've got a bunch of
coffee nerds. Why don't we swap coffee beans?" And so we started this idea,
and we did it a couple of times, and then- And we added to the list.
Yeah, it was so cool. So I started doing this, and Cody wasn't going to events all of a sudden.
And so I was going, and my team, I was working at a company called Turbonomic.
(44:16):
And I would say, hey, I'm doing this coffee exchange thing. So if it's okay,
people are going to come by the booth, and they're going to be bringing coffee bags.
It's going to look weird, but this is what it's for. And we would just take,
everybody brings a pound or two of coffee, and then you come back two days later
and you reach into the old bin of coffee and you pull out whatever you took.
So if you brought two, you take two.
(44:37):
And what we ended up having, at the last time I did this, I had 75 pounds of
coffee in the back of my booth.
And it was from around the world. And it was such a wild thing.
And what was really cool was I ended up meeting friends, work colleagues that,
you know, we've done collaborative work together since then that were just,
(44:58):
I met because I was a coffee nerd.
And that was, so the Diabolical Coffee as an ethos is that.
It's community connected by a shared love of coffee and each other.
I would like to opt in. I have the dream of, I always joke with my husband,
I'm like, eventually I'm going to make it and then I'm going to start a coffee
shop. I was like, I'm going to have a cafe.
(45:19):
It's going to have plants, gluten-free. I have a whole vision for it.
And he's like, sure, whatever. Go build your empire and then eventually you can retire.
And I don't actually want to operate it. I want to be the one responsible for sourcing.
And then the vision. Like I want to be the visionary and the financier,
but I don't actually want to do the day-to-day. I just want to sit on the patio then and enjoy.
(45:40):
Be a consumer. That's it. Exactly.
I want to get paid to be a consumer. Yeah. And then Eric, I do have one more question for you.
And it's something that Brian and I are planning on doing on our podcast is
as we wrap up the conversation and start thinking about what we're going to
talk about next and everything,
I do want always to ask individuals that we speak with of, I'm going to pose
(46:02):
a theory or a conversation and just get your response.
And this isn't, obviously you have no clue what I'm about to ask.
So you can take a second if you want to just start talking.
Basically, I recently, so we've been talking a lot about security and compliance.
Privacy is a huge part of that. And it's a really big part of our podcast as well.
(46:22):
I recently had a CTO tell me that he believes that the fight for privacy is dead.
And now we are moving on to the fight for security.
Given that concept, I would love to just get your feedback on that.
Do you think that the fight for privacy is dead?
Do you think it's alive? Do you think it's instead of privacy is a security?
(46:43):
I think that privacy and security are different but aligned.
You know, privacy is an inherent part of security, but security does not require privacy.
You know, security creates privacy, but it doesn't require it necessarily.
So you can be, but personal privacy especially is one of the most challenging things.
(47:06):
Content privacy, intellectual property technically will fall in a way under
privacy in that it's like I've created a work and it should be protected.
I think of that in the sense of personal privacy in that it's an art or a work
that I've created, so it's part of me.
In the same way that I put my name on it, you know, well, the funny thing is
(47:28):
like I create content every day that doesn't have my name on it.
And in fact, what's even funnier is when someone says, hey, you know,
if you are good at writing, can you write like this person?
That was my favorite thing. someone said, like, I don't know that you can do
what you say you can do, but if you can write like this CTO,
fantastic writer, then we can do business.
(47:50):
And I said, I can full-throatedly guarantee that I can do that.
And it was because I'd written that blog for that CTO. So-
But on the personal privacy side, we're seeing it with generative AI, right?
This is probably the biggest Gutenberg revolution of how we do things,
which then erodes privacy at a great scale that's never been seen before.
(48:18):
And Pandora's box is already open and wedged open.
We cannot undo it. We cannot untrain the models. They're already done.
Just technologically, it's very difficult to do. So now, how do we reshape the face of privacy?
That's where it's going to be. How do we bring security in encryption?
(48:41):
And so post-hoc encryption is probably going to be a strong area.
If you're going into a startup area right now, if you can develop successful
post-hoc encryption for vector databases,
you are a billionaire there because that's what we're about to face is that
we're moving data and information around and putting it in places where it can be found.
(49:06):
We say it's obscured, but it's
not. It's only obscured enough that if you do this, it's not the data.
But what if you stop doing this? Okay, right on. I can actually see it clearly.
So I believe that the fight for privacy is fundamentally different than it was five years ago.
I do not believe it's over, but I believe we gave a lot of yards.
(49:32):
See, I'm almost American. I'm a green card. I said it instead of taking it to the blue line.
So we've given up a lot of yards. Hopefully that covers it. So that's an exhaustive answer.
No, that's exactly what I was hoping for. I think Brandon, I probably think
very similarly to you do on that one. So thank you for entertaining me on that one.
(49:54):
When this becomes the fun one, when you look at these discussions,
sometimes I'm actually debating on going like planned contention.
One of the things I'm looking to start is more like actually debate style discussions.
And this is interesting. When you get into security and compliance,
how often do you find people are like, all right, I actually disagree.
(50:18):
Like sometimes the worst to be is like violently in agreement,
which is what we often end up Not bad.
It's like there is a kind of neat thing where someone tests the waters a bit.
I'm like, uh, I don't think you're right on that one. Or it's an interesting area.
What do you think? I mean, having done podcasts in the past,
(50:40):
I, one of them, I did more of a panel style.
So I would invite three different guests on and I actively encourage them to disagree.
Like it's, it's great if we all agree, that's cool. It shows consensus.
It helps listeners to really understand that, Hey, there's consensus here.
And this is the direction everybody theoretically should go.
Again, not trying to give direct advice, but, but when we disagree,
(51:03):
we start to dig into to the nuances.
We start to say, the right answer is actually, it depends.
And in that area, you've got to understand the nuance.
You've got to understand that, well, in this situation, maybe it's better to go down route A.
But if you're trying to get to this other destination, route B is the right way to go.
And if you happen to have the specific skill set, route C to get you to that
(51:27):
second destination might actually be the best one.
And having been an architect in IT all these years, and having been a developer,
and having to figure out the right course of action, that's second nature to me to some extent.
Me, we'll speak to this, but when I'm comfortable with the team of people I'm
working with, I don't hesitate to disagree with people.
(51:49):
I will call it out and say, no, let's pull back and think about this a different way.
And sometimes it gets me a bad reputation. Sometimes people leave me out because
they don't want that pushback.
But I would rather work with people that appreciate the fact that,
hey, we can debate and at the end have a better product, even if it's just everybody
trusts it more than when we first got there, because we have,
(52:13):
you know, poked around in some of the places and found out that,
you know, no, in fact, this is a pretty solid, solid plan. man,
we can move forward with it.
So yeah, I really enjoy the fact when people are willing to disagree,
they've got to do it respectfully.
I don't want to, let's all shout at each other for five minutes and you can't
understand a single thing anybody says. Add homes at each other. Yeah.
(52:34):
I don't need that. I mean, I listen to political podcasts, so I get plenty of that.
But if you can get, you know, one of my favorite podcasts is one that is specifically,
I'm in the middle and I'm going to host this podcast and here's somebody from
the left and And here's somebody from the right.
And sometimes they agree. Sometimes they disagree.
Usually they're respectful about it. And, you know, it only rarely devolves
(52:58):
into a shouting match, which, you know, at that point you start tuning out.
Yeah, I have an interesting perspective on this one because I'm very often brought
into rooms when I'm supposed to say no.
Like generally, like when people call compliance, it's usually in my ideal world, right?
They bring compliance in as early as possible. and compliance
security are like right you know if you're thinking about like with the
(53:20):
product team right they're like in the design phase like what are
like the potential privacy security compliance concerns legal concerns
like that those are all happening proactively generally the way this plays out
it's usually something has gone wrong or something maybe did something and then
someone complains and is like i don't think we should be doing it this way but
we already are doing it this way so then it's very like retroactive and it starts
(53:42):
to feel like kind of defensive, which isn't great.
It's not good for the culture, for the compliance program, or the organization itself.
It's really not fun to be the person that has to say no all the time.
And so again, there's some finesse with that. So.
I unfortunately, in my role, even as legal or compliance or information security,
very often have to say no.
I will say I'm one of those people that's in the business of being like,
(54:05):
I am trying to agree to disagree with somebody, but also need to make sure that
I have the backing and the authority of the executive team to ultimately be
like, hey, if compliance says no, then that actually needs to be honored.
And then let's come up with a solution that we all can agree on as one team.
So I think I have a different perspective because Brian, normally I do come
(54:28):
in and people are like, they'll bring me in because they're waiting for me to be like, Nina says no.
And I'm like, no, no, no. No isn't my brand, right?
Brian and I on a recent episode that we were recording, Brian was like,
hey, I think compliance is black and white.
And I was like, wow, I fundamentally disagree with you. I think compliance is gray.
And then we were going into that. And I think there's room for that.
And I think as long as you're open to learning from one another.
(54:52):
And again, as long as it doesn't start to feel like it's like a fighting match,
because like, especially my work life, like I'm not trying to like fight with
coworkers. It's like not the goal.
It's a job. It's a job. Even the way you described the remediation is the right way.
Like it's like, well, what's the way, what's the most effective way that we
can get us A, back into compliance and B, make it easier for future so we don't
(55:13):
have this problem again.
Like I'm not, I'm not trying to, I'm not here to mess with you people.
I'm here to make sure that we are doing the right thing.
And it was funny before we talked about this idea of like legal compliance and
it sort of hit me of these like columns.
And I would say like the farthest left is legal.
Then there's compliance, then there's secure.
So you're legal, you're compliant, then you're secure.
(55:35):
And then there's two columns beside them, which I would say right,
because you raised that before Brian, and just right.
And they're, they're very different things because there's nuance between them.
And we often say like, I'm not here to seek being right. We all love being right,
but I am here to seek the right answer.
And the right answer often means, hmm, I was thinking about this incorrectly
(56:00):
before, or I didn't understand the nuance of this, or more data's come to me
that I've since been able to reformulate an opinion based on the totality of data.
And it's really hard sometimes for us to think of like you're being forced to
do a thing because compliance says so or security says so or whatever.
But when we look at it across the spectrum of columns of measurement and where
(56:26):
we move ourselves all the way over.
And sometimes, like you said, Mila, you get into a tough spot where you're like,
I hate to do this because I know this is, it feels like I'm killing your job,
but we just can't do this and we need to make sure we know how to do it.
And that is right.
And then just is moving a little further saying like, seriously,
(56:50):
how do we do this for you as like have empathy for that person that like they
themselves are not trying to be non-compliant or an insecure.
It's just they maybe don't know better. And it's just trying to get shit done. Yeah.
And I and I love the way that you frame that, Eric.
(57:11):
Be happy to debate it. I can think of variations and you and I can spend hours
discussing this one topic, I'm sure.
But I like that concept of, you know, it's a spectrum of things.
And, you know, we can hit some, we maybe should always aim further,
because what it kind of comes down to ends up being that, yeah,
(57:34):
it's great to have a debate, but a debate requires some level of,
one mutual respect and in a team oriented manner where you're trying to achieve a goal together.
A common goal, something that you both can, can agree on in the distance as, as the goal.
And it's almost like the, yeah, I'm going to aim for the stars,
(57:54):
but if I hit the moon, that's okay. Type of a thing. Yeah.
Like let's all aim on being just because hopefully we can all agree on what
being just is and whatever we're trying to do.
Yeah. And if we can, if we can get through not breaking the law and get past,
you know, being compliant and being able to get those check check boxes that
we want to get and be able to get to the point where we're secure.
(58:16):
And even if we don't get to that, you know, that fourth and fifth step.
Our mutual goal to aim for something further away helped us to get to the same
place that, that is truly the most important place because we can all agree
on some level that we have a mutual goal and we need to get there.
And I've worked with people who didn't like, they were all about them.
(58:37):
And if you weren't aiming for making it right for them,
them you were going to run into conflict with them over and over
and over again and that annoyed
the piss out of me like i couldn't stand working with people like that
because it's like it's not about you man it's there there's a bigger picture
here that if you can't fit yourself into that bigger picture like one i can't
(59:00):
understand how you operate the world without putting yourself into the bigger
picture because what's the point of life at that point and two you know you we're We're a team here.
Like, we should be aiming for the same thing, but you're constantly pulling
us aside or pushing back on us. And we as a team can't get there.
And people like that tend not to last long unless they've got dirt on somebody.
(59:21):
But, you know, having to deal with those types of people do.
That's one of the things that will drive me nuts with people.
Very few things will annoy me to the point where I won't want to work with a
person. But that's one of them. When the...
The one thing that you talked before, we've sort of danced on this one,
is the idea of like the nuance of a lot of the stuff we talk about.
One that I would ask, and I hope that, and I say that, I know you're going to
(59:44):
do this, but the one thing I want everyone to always produce at the end,
like I said, that you are one hour older, but more than one hour better having
experienced a discussion.
And the one thing that drives me nuts when I do a lot of stuff with AI lately,
of course, because AI everything.
Thing and every single conference has an ethics like five ethics of ai you know talks and i can.
(01:00:10):
Guarantee you i know as much at the start and at the end
zero information has changed at the end of it god bless the fine folks that
are doing what they're doing out there but it's the same talk over and over
again we just say we've got to be careful we've got to look out for doing these
things we got to like that's fantastic but what prescriptive outcome like steps
have you generated for me that I can take and put into practice.
(01:00:32):
So by golly, when we talk about compliance, whatever, the best thing you can
always ask for are like, what are specific prescriptive steps that somebody
could take as a listener to move closer to that goal?
And when we put that lens on it, then even sometimes when you tell your guests
that, it's like they know at the end, And, oh, you know, we can talk all we want about this stuff,
(01:00:57):
but that's just people talking, you know, it's great.
It's a bus conversation, but it's like, I want to make this actually educational,
which that's not that that isn't educational.
Sometimes just hearing the conversation opens the door for people's own internal thought process.
But, you know, and I know, again, Milou, to your background,
(01:01:17):
it's tough because nuance is tricky because it's, it's also,
it's nuanced for a reason.
It's gray for a reason because it can go either way.
And when you approach everything from a point of moral neutrality,
then it's like, okay, scrub it all away.
Okay, let's start with the fundamentals. And that's what's cool.
(01:01:37):
But it's very hard to bring people to that point where they don't have prior experience.
You know, Brian, you talked about that with like, you know, this person's been
here for so long and they do it this way. So they're going to be a curmudgeon.
And then on the other side too, Marilou, where you get brought in and they're
like, oh God, here's Marilou again.
Oh, what's she gonna tell me I can't do now? Oh man, Eric, you should see some of the stuff I pull.
(01:02:00):
I have a walkout song when I come, because sometimes I'm like the bearer of bad news.
And then I'll go to clients and be like, yo, we gotta like make this a little
bit more fun. So I have a compliance.
Intro like a walkout song like you would have at
like a kickoff like a sales kickoff i have that for compliance it's wonderful
you're gonna walk like wwe wrestling
(01:02:21):
that's exactly it's literally exactly
what i do and it's remote and it's amazing and it's
like a 30 or 45 second clip and it's just me dancing around with like all of
my virtual people just being like yep you're gonna listen to 45 seconds of this
song and then we're gonna talk about something less fun but i I need to like
(01:02:41):
make it more fun because I'm sick of being like, hey, we've had an incident.
Like something has gone wrong. Like that's not my brand.
Yeah. So and I guess here is me. So I'll say that is my bunch of advice.
And so that I hopefully it is actually meaningful and useful advice.
The one prescriptive step I'm going to tell people they should do is they should
(01:03:03):
go and they should go to their favorite podcast app and they're going to find
Socialize and Security and they're going to subscribe.
And that's what we should do. I am looking forward like crazy to this.
This is going to be awesome because I know, you know, you've both got such great
stuff to give to the world and I'm excited to see how it becomes something that
you may not even know what it is yet.
(01:03:24):
And I think that's actually the kind of the best part of starting a new venture
is that the thing you start with once you're like three in, you're like,
huh, there's a new thing that I didn't realize we were doing that's working well.
And, you know, you just, it will morph, morph over time, your advice.
Now, here you go. I'm already going to turn it back on you. What's your advice
(01:03:45):
to the new podcaster or someone who is thinking of like having an active voice,
whether it's in a community or something,
because you've chosen to now have an active voice in the world,
what would you tell to the next person that maybe is not quite sure they're ready to make the jump?
(01:04:05):
I would be bold. I get a lot of feedback as a personality that I'm quite brazen
and bold, which especially as a woman is something that people aren't maybe
necessarily used to that I just absolutely will say just like run and go for it.
And then sometimes I'm like, oh, wow, is that not something that most people would do?
I would say if you're thinking about it and you have an idea, just try it out.
(01:04:27):
Like worst case, it doesn't work out and you hopefully had some fun and you
learned something and maybe something else came out of it. I would say if you're thinking about it.
I've had a lot of conversations recently when I'm telling people that I'm starting
a podcast and we're doing something.
They're like, Oh my God, I have an idea for a podcast. Or they're like,
Oh, I'm thinking about this. And I'm like, do it. Go try it and see.
(01:04:48):
And I'll say, Brian and I are both perfectionists. So we hold ourselves back
sometimes because we really want it to be perfect. And it's just not going to.
And so I'm leading into that.
Go for it. And then And also, you're going to mess up, and that's okay.
I think it's how you handle the failure and mistakes with grace will only empower
your listeners to be like, oh, these people are human, worth getting to know.
(01:05:13):
Yeah. And from my perspective, the history of the people I know is littered
with blogs with a year's worth of content and podcasts with nine episodes.
And that's cool. Like I don't look down on anybody because they started something,
even if they abandoned it.
(01:05:34):
You know, we've, we all have experience in the startup space and not every startup works.
We know people that are well known for their success at startups that have a
history of failed startups before that one success.
So don't, you know, do it like you'll learn something from And I'm a huge fan.
(01:05:54):
My biggest mantra in life really is any mistake, any bad situation that you
could turn into at least a good story, if not a learning lesson,
and ideally a learning lesson you could share with others so that they can learn from it as well.
Is not a wasted time. It is not a wasted situation.
And I'll talk your ear off if you want to hear those stories,
(01:06:16):
because Milo's heard a lot of them lately.
There are all sorts of bad situations I've been in that, you know,
I clearly am still healthy and alive. So it wasn't the worst case scenario.
And I now have a fun story that I can use to break the ice or to try to communicate something to somebody.
And as everybody has learned from this podcast, I don't mind sharing stories
(01:06:40):
once you get me loosened up and ready to talk.
Yeah. And that's why I think I know for sure that the content that's going to
come is going to be very meaningful because these are complex topics that need
to be approached in a way that people think through it as they're saying it.
(01:07:00):
And I like that even everything that we've talked about today,
there was no stock answer, there was no built-in reply.
And the fact that I know what you've done here and what you've done in the past,
that you're going to do it again and it's going to be great.
So yeah, I'm looking forward to it. And definitely people need to check this
out and I'm with you, press publish.
(01:07:22):
And like you said, I often forget sometimes I say people like,
oh yeah, everybody gets to 10 podcasts.
I'm like, but they got to 10, right? The same as when you see somebody,
you know, I remember there's a, somebody has a picture at a race.
It was a meme at one point. It was
a guy that had a shirt that said like overweight over 60 in front of you.
And I'm like, that's it. Like nobody will ever trash talk you from above.
(01:07:47):
They'll only do it from below. And when you can give back to the, to the community,
like you've done already, ready and as you will now continue to
do socialize and security then then when
you do it so i i hope that i get my hat do i get do
i get some swag i will order whatever swag you
put up i'm gonna order so we are doing some
interesting things with swag we're learning some legality about
(01:08:09):
liquor laws as well so we are with some alcoholic and non-alcoholic options
that we can potentially gift and then hopefully having some really cool merchandise
and stuff like that because i don't want boring swag if it's not like a cool
t-shirt that i want to wear like in my regular life,
Then I don't want it. Somebody who this is, this is the kind of weirdness that I do.
(01:08:32):
So, yeah, I brand every, every single thing in my house is branded with GTM,
Delta, Diabolical Coffee.
I'm, I'm an absolute. This is also very creative from a legal and regulatory
perspective. So I see you and that's awesome.
For those only listening, Eric
is randomly picking stuff up in his office and showing it on the video.
(01:08:57):
There was a guitar. Exactly. Yeah, I need to have like a little thing that says,
you know, for people that are only watching the viewing version or the listening version.
Yeah, so this is awesome. So congratulations on what's ahead because it's ahead
of what we're talking about, but it's already going to be alive by the time
(01:09:19):
we go live here, which is great.
And anything I can do to help you folks amplify your message,
I do definitely look forward to.
And yeah, let's talk again in
a bit once you've got a few more episodes published and under your belt.
And hopefully we can share some of the neat stories of the fun stuff behind the scenes.
(01:09:39):
And for people that want to reach out to you, what's the best way that they
can find each of you and the podcast?
Yeah, so I'm Brian Knudsen. and usually searching for that will find me most often.
LinkedIn's probably the best place to reach out for me, though I do show up
on Mastodon on occasion, not nearly as much as I used to.
(01:10:01):
You can reach us at info at socializingsecurity.com if you want to hit us up
from a podcast perspective, or we will be building some community stuff for people that listen.
So more to come on that, I would say.
Yeah. And in the same vein, I'm also on LinkedIn pretty actively, Milu Meyer.
And then you can also visit my consulting company, Compliance Council.
(01:10:23):
That's compliancecouncil.com. And you can reach me there as well.
So looking forward to hearing from you all. And I really hope you invite us
back. I would love to come back to discover. Definitely, definitely.
So now I hope you've got a disclaimer when you say socializingsecurity.com that
this has nothing to do with social security.
We actually had originally looked into it and then we were like, wait,
(01:10:44):
wait, wait we can't go that available domain
and then we were like socialsecurity.com we were like wait wait that
no we don't want that well and
sometimes you even get it you have to worry about what it means in
other languages too like especially when you're coming up with acronyms
because we've been busted by that before even like
i came up with server names at my at one company and
(01:11:07):
we're like let's we got an office in the
philippines let's make sure their alphabet alphabet
lines up with what ours was and every once in
a while you get letter combinations that look a little bit funky or yeah
trade names that yeah well trust me i actually
went to the process of trying to get diabolical coffee
like trademarked i hate
(01:11:28):
lawyers the current company notwithstanding of
course but it was brutal it's the process is brutal not and are stuck with it
well when it's diabolical coffee because it went all the way through it's like
six months of waiting time they're like everything's good good good like no
big hand goes up at the end and says.
(01:11:49):
The you can't include the word coffee i'm like well i can't diabolical i'm out
of things to trademark at that point and they're like it's fine no one's going
to fight you over it and so i but it was it was a funny adventure to go through
and again a reminder that
when we talk about security compliance,
(01:12:11):
random advice that people say like, yeah, don't we have some kind of blanket
license agreement for that?
Or under 30 seconds is fine. It's fair use.
No, no, no, no, no, no, no, no. None of that is true.
So I look forward to the fact that you'll be giving real prescriptive and helpful
ideas and advice to folks.
(01:12:32):
So it's awesome. All right, both of you, thank you very much.
And for that, folks, check it out, socializing security, not related to social
security, but socializingsecurity.com. That's a great domain name too.
Like that's super easy to find. So I like it. I like it. And we'll look forward
to seeing it rocketing to number one on the podcast app near you.
Thank you so much for having us.
(01:12:54):
Music.
So, hi, this is Milou. And this is Brian.
And we're here to talk to Eric about all sorts of interesting stuff,
including our own podcast that's recently come out called Socializing Security.
But right now, you're listening to the Disco Possum Podcast.
Music.
(00:33):
Past. You're listening to the Disco Palsy Podcast. Enter Stinger.
Lasers and kittens. Well, thank you both.
We have been chatting a bunch about kind of podcasting goodness.
And it was really, really great because seeing fantastic folks like yourself
who have such great stories and ideas to share and also knowing how well you
(00:59):
approach a conversation excited me.
There's a lot of people that start podcasts and I started like,
that's awesome. Good stuff.
You know, and you kind of just know you, you'll, you may not see too many of
them cause it's tough. It's a tough thing to do for sure. It's not a.
It's not something that takes a lot of work, but it also does.
(01:19):
It's a strange mix of, you know, what are your goals with it, et cetera.
Anyways, there's a lot of stuff we can do. And for folks that are brand new
to both of you, we'll start all, I'll go to my left and to the right for ease of use.
Brian and Milu, if you want to introduce yourselves to the folks,
and then we'll talk about your upcoming podcast and all sorts of other good
(01:40):
things that brought you here today.
Yeah. Great. Thanks, Eric. I really appreciate you having us. first of
all my name is brian knudsen you know
i've i think we've done this i've been on your podcast a couple
times now you've been on you're an alumni now i thought yeah
your badge or something yeah how much longer till i get the jacket yeah yeah
i also also had you on my podcast so i've i've done a couple other podcasts
(02:03):
besides the one that we'll talk about today you know one one of which is kind
of the chapter has been closed on that one another one that's It's just kind of an ad hoc,
you know, a bunch of friends sitting around a microphone chatting for,
you know, half an hour, 45 minutes.
So have some experience in this space.
Always a fun thing. It definitely is a lot more work than people give it credit for.
(02:24):
And you can tell which ones kind of put the effort into it, both on the front
end and during the recording and on the back end.
So it's definitely a labor of love for most people that do it beyond,
you know, the classic first 10 episodes type of thing. So we've been really
focused on having a well-defined vision of what we want. And of course,
(02:45):
we'll talk about all that.
But background on me besides podcasting, I've been in the IT industry for 19 years at this point.
More than half my life, let's put it that way.
And I've done a lot of things, everything from...
Actually doing programming and code writing all the way through to doing kind
of the marketing side of things.
(03:06):
So a wide range of visions of that. I've been a customer. I've been on the vendor
side. I've been on the service provider vendor or VAR side.
So I have a wide range of experiences there and have a particular focus around
security, cybersecurity that I think we'll talk more about.
But Mila, I'll let you introduce yourself now too.
Yeah. Hey, everyone. My name is Mila Meyer and I am a co-host with Brian on
(03:29):
our new podcast called Socializing Security.
But in my regular day job, I am a compliance practitioner and attorney by background.
Brian and I used to work together in a past life. And then a couple months ago,
we had a mutual colleague of ours basically be like, hey, I think the two of
you should start a podcast.
It kind of turned into, I think within two hours, we had gotten on the phone
(03:52):
together and we were like, wait, shoot, this is actually a really good idea.
But I don't want to do it if If you don't want to do it, what's your schedule look like?
And it's kind of turned into this very fun thing that we're really building
out and exploring. And we're learning as we go.
And so we're excited, Eric, to learn from you as well today.
And we're honored that you had us here.
And honestly, we're just excited to talk about podcasts as well as some of the other stuff.
(04:14):
Brian and I both have other full-time jobs. So we're trying to figure out how
to manage the podcast and the responsibilities alongside our day jobs.
And so, yeah, like I am a founder of a consulting firm called Compliance Council.
I have a law firm as well. And so there's all these things that kind of flow together.
So we're figuring out how to best manage our time for our recordings and also
(04:36):
figuring out like how do we engage our audience on a regular basis and create
like a flow with our recording schedule and everything. thing.
The interesting thing is when you find people that immediately match on mic,
you know that this conversation is worth having and worth listening to.
Then to go beyond there, that's why most people hit the 10-episode mark is probably
(05:01):
one of the biggest ones because people will get there and they've kind of exhausted
their immediate peer group or they've exhausted the quick,
really witty things that they're used to being able to say.
And it's kind of like a standup comedian.
They have five hours of material that they give out five minutes at a time.
And you have to adapt it based on the audience. You have to be reactive.
(05:25):
It's a very complex thing. And people just think, oh, you're just doing five minutes on microphone.
But you don't know what that five minutes is going to be. And if two and a half
minutes into the five minutes, it's not landing, I have to shift gears completely.
The same thing comes with podcasting. So once it gets difficult,
it's very easy to see that friction increase to a level that it's hard to add in.
(05:48):
Like I said, we have full-time jobs, we've got families, we've got all this other stuff going on.
I mean, it's not an insignificant amount of time you want to put to it if you want to do it well.
And that's really what's interesting. even the most seemingly low production
podcasts still it's just because they've hidden the production from you.
(06:10):
And it's, it's kind of like they say like great UX is invisible. Bad UX is obvious.
The same thing comes like sometimes people spend all this effort.
Like I'm thinking about doing a podcast.
Okay. Let's spend six months planning. We'll get a logo design.
We'll do like, we do all this stuff and we get hung up on all the incidentals.
And then we think like, oh, so what's the, what's the purpose of the podcast?
(06:35):
Ooh, well, that's a great question.
So I guess that's probably the first question. What's, what brings your podcast
to the world and what's your goal?
I'll let Brian take this one. Yeah.
No, it's just funny because it seems like you've been listening to a lot of
our conversations. Conversations.
We actually did start with the, what is the purpose?
(06:56):
I think that that came together pretty naturally, pretty easily because we just
kind of said, what are our specialties?
And the context of which that friend of ours mentioned that,
hey, you two should do a podcast.
I'd listened to that all day long, was in the midst of a conversation around
security and compliance.
And we're like, there's a lot of content in there and there's a lot of confusion
(07:18):
and there's a lot of people that just don't want to talk about it,
we should do something that makes it more approachable, a little bit easier
for people to understand, takes on the barriers to having those conversations
so that, you know, us IT people don't shy away when the security and compliance people show up.
There shouldn't be a fear factor there. It shouldn't be considered that necessary
evil because it's necessary.
(07:42):
And anybody in the industry worth a darn knows that. Like, they can see the
importance of it. They may not.
Gut react against it or decide that you know they it's going to get my way but
they understand the importance of it for the most part so let's talk about how
we can all take the next step and move from i get that it's important to i i
accept and i make it a part of my day-to-day business.
(08:05):
Yeah, especially for practitioners, like as a nerd, like I knew what had to be done.
I worked in financial services for 20 years, as you can tell by the frown lines around my face,
because, and so we sort of joked, we had a compliance person and they would
just come by and it was always just like, so we joked and we called them the compliance assist.
(08:27):
And they would just stand at the end of your desk when you're doing your requirements
and saying, the power of compliance compels you, the power of compliance compels
you until you got it right.
And realizing that we were often doing security in absence of compliance and
compliance was operating absence of knowledge of what security could do at a technical layer.
And that was, it was like dev and ops and, you know, diet and exercise.
(08:51):
Each individually is its own entity.
But then when combined together in more than just sitting beside each other,
but actually integrating, hey, why do you do what you do?
You're like, oh, okay. So now the security stuff that I do when I speak with
somebody, you know, Milou, you get to this all the time likely.
Like I would be horrified having to have a real deep, true legal conversation
(09:15):
about, you know, the semantics of that side of it.
But it's terribly important. And then on the same side, you probably,
you hear me talking about, you know, nerd bits and speeds and feeds and you're like, whatever.
Like, no, no, no, no. know like but when we
put the two together we have to have those diverse angles at
(09:35):
which we're coming at it because we're coming at it from the same goal on
the same team for sure and we have different viewpoints
in it and i think this is something that brian and i have talked about on some
episodes that we've been recording where we're unique because we actually have
similar types of work that we're doing but we represent like different hats
so and we came about it differently where like Brian started his path and career
(10:00):
into this very much on the technical side.
I started more on the regulatory side and am now very technical.
And so it's like interesting how the bridge of those two things has like kind
of our backgrounds are very different, right?
Like going to law school is a very specific trajectory and then going a really
non-traditional path, like getting a career in compliance when I was in law
school that was like, don't do it.
(10:21):
And then especially like how do you even get into technology that doesn't exist in that world?
And so then figuring out how to like fall into that and then having this like
duality types of things.
And I used to very much have to like basically prove to technical people why
I was in the room because certain technical team members wouldn't want to work
(10:41):
with like legal or compliance if they couldn't talk the talk.
Like they were like, if you can't keep up at our pace, we're not going to waste
our time because we don't see the value in compliance.
They're like, we're just doing an audit because a customer is requiring us to
do an audit. And it was like, whoa, whoa, whoa.
Like why are we thinking about it that way instead of like, what's the company getting out of it?
Yeah. The ironic thing is the same people that sort of bark about,
(11:03):
like, you don't understand our language, like 90% of them don't even understand
what fiduciary responsibility means.
You have to understand compliance is a very specific thing.
Regulatory requirements are not there to mess with you.
They're there to give us the effective guardrails in which we can operate at
the highest velocity safely.
It's the same with automation. It's all about not not creating gates.
(11:26):
It's about creating constraints and rules in which you can freely move knowing the boundaries.
And it's so hard for people to think of it. They just think of it as like, oh, you're a blocker.
That's absolutely not the case. Red tape. That's my favorite.
I always get like, oh, compliance is red tape.
And I'm like, we are problem solvers. My brand is definitely not that compliance is the way for no,
(11:50):
because ultimately if compliance or security continually say you you can't do
that and not coming with like, Hey, I'm not sure that's the best way,
but like, maybe we could do this way within the requirements.
And it's then especially powerful if you have a team that understands the regulatory
background and understands the consequences of potentially choosing a different risk.
So it's, it's a unique approach, but it means like I wear a lot of hats and
(12:12):
you know, in the same way that Brian, anytime I explain him to like any of my
colleagues or friends, I'm like, he's a unicorn.
He's like every job, like every job, except maybe for compliance,
I think, is the one we've figured out.
Less of a unicorn and more just gets bored easily. But that's the interesting parallels.
(12:33):
While we come from very different backgrounds, the interesting parallels are
we're always interested in what's happening on the other side.
What's that person I'm working with who's in a different discipline? How do they do their job?
How can they do better? How can I help them do better?
How can they help me do better? And that's what's drawn me to so many different
types of jobs is, you know, at one point I said, hey, I'm tired of managing a single environment.
(12:58):
I want to go to a role where I can see a lot of different environments and help
them solve various different problems.
And so I went over and I started doing, you know, VAR level consulting and had
a whole bunch of customers and through that process started doing blogging and
writing and stuff and realized, hey, I can communicate.
I'm doing presentations, I'm communicating complex things to customers,
(13:19):
both pre-sales and post-sales. I'm communicating things through blogs.
I can do this professionally. And that's when I made the jump into tech marketing.
And Milu has a lot of those same concepts where she's like, okay,
well, in order to be an effective compliance officer, I need to understand how
IT does their thing so that I can properly guide them to give them what I need
(13:42):
in order to do my job well.
And so we both have that kind of skill of absorbing from others and learning
from that and improving our own work as well as other people's work.
Security and compliance parallel each other that way in a lot of ways around,
hey, compliance is there to be the guardrails, also a security.
One tends to be hopefully in front of the other because compliance in a lot
(14:05):
of ways is the bare minimum everyone needs to do, whereas security should be
doing that and more without ever being asked to in the first place.
And compliance should just be, let's just prove that we're doing it.
It's just getting the facts down on paper and putting a stamp on it.
So it's an interesting parallel.
And even through the conversations we've been having as we've been recording
(14:27):
episodes and trying to get to that 10 episodes before we even start releasing
anything so that we've got the runway.
It's been really fascinating to just find all those parallels and how easily
two people coming from those two different disciplines can talk without really any issues.
We feel like it's like Spanish and French, you know, they, they're different
(14:49):
languages, but they're so similar that it's pretty easy to communicate between the two. Yeah.
Now, when it came to the decision to put it into the world, right?
So not only being able to just have the conversation in general,
but taking this out to the world, it's an always interesting thing.
Did you, are you excited by the idea of podcasting as its own standalone type
(15:13):
of business, or do you more see it as a supporting mechanism to other things
that you're doing on a day-to-day basis?
I mean, I see it, having done several podcasts, I've done it both directions.
I have one that is totally disassociated from other than the career field I'm
in, whereas another one was specifically for the company I worked for.
(15:36):
This one sits a little bit more in between. It's not specifically for any one
company, but we're building it to be its own thing, first and foremost.
It's going to be its own thing.
And that's introducing a lot of interesting challenges that we'll eventually
have podcast episodes about, the challenges of creating a podcast business and stuff like that.
(15:57):
But at the same time, it's going to support Milu and her business.
It's free advertising for her to some extent. For me, just like you,
Eric, I've been very focused on building my own brand and having my own thing
that transcends any employer I'll ever work for.
I may never go off and do my own thing and actually profit off of that,
(16:20):
but it's made a real difference to my career to get me to where I am today because
the opportunities I've had wouldn't exist if I wasn't a part of a broader community
of people that are more than happy to help each other.
You know we're you've had many of those guests on we'll have many of those guests on too.
You know just the reason why we're here in the first place is because
(16:41):
you know we were community members and we knew each other through
just going to events the same events and we've
never formally worked together at best we've had a reciprocation between our
two podcasts and you know so for me i guess to really succinctly answer your
question it is its own thing it's meant to be self-sustaining We're hoping to
(17:01):
do things to pay the cost of doing it.
So it's not just a black hole of money that we throw things into for the love of it.
Because we do love it. Our time is coming from that. We're not looking to profit
off it. We just want to pay the bills.
But it's also in support of things that are personal to us that become a place
where we can show what we're about.
(17:22):
Yeah, I would echo off of that of just being like in the intention, of course, with...
I'm starting a consulting firm, compliance counsel, and I'm building out a law
firm that supports those activities because I have that dual role.
Of course, as Brian has said, it's only beneficial for me to get my voice and my brand out there.
And because I've apparently been told that I'm a unique compliance officer and
(17:44):
I'm not like I'm I'll go with modern. I think I like that word.
But it's also for me is like an opportunity for networking. I really as a woman
in technology, I don't feel like I have that many different types of professionals
across IT, information security.
And so I'm actively trying to build those spaces that aren't just necessarily
like women in tech type of spaces,
but also just like more generic of just trying to be like, I want to communicate
(18:07):
with anybody that is a professional and is thinking about security and compliance in their world view,
because compliance applies in every single regulation, or sorry, industry.
But we are industry agnostic in that regard. And I don't want it to just only
be for technology people.
I want to have the opportunity to network with professionals across industry,
(18:29):
also self-serving. It does potentially create relationships for me, of course.
But I also have goals. I mean, I have a goal for socializing security that Brian
and I get to go speak at DEF CON one year.
And I really hope that that might be next year.
And so I'm hoping that the podcast itself, it absolutely is its own thing.
It's not related to my other businesses.
(18:50):
It's completely separate, which does create a lot of headaches.
From an entity startup's perspective, but it's meant to be its own thing.
I call it a passion project, but I do think it could be a job.
Yeah, I think you've got the right approach that.
Coming at it from a point of passion, because you have to be passionate.
It's kind of like every startup. You have to fall in love with the problem, as they say.
(19:12):
Once you fall in love with a problem, then the solution itself becomes a natural
next step. And then you can sell that thing.
One thing I always enjoy, I've been lucky. I haven't had to chase sponsorships
other than like I had sponsorships just to kind of float the infrastructure
spend for, you know, what it takes to run.
It's not even a significant amount, but it's more than zero.
(19:34):
And especially if you want to do more, you know, I mean, I've got more.
I was about to say that. Mike looks expensive. I've got some odd.
It's a very different style of room that I got set up for this thing.
But you can start literally with an iPhone.
You can all, the most important thing is the idea on which you start.
(19:56):
The infrastructure around it will get better. It will change.
It will adapt. at, but the core story of why you're doing it has to be what it's born from.
Not because I got an awesome camera, so I should do a podcast.
Which unfortunately, people often get stuck too. They realize like,
oh, I'm in media or I'm in whatever, thus.
Starting a podcast is easy, but that's actually not the core of the podcast.
(20:19):
It's the story. It's the heart. It's the thing that matters.
It's marketing, right? It's every word we say has purpose and it should.
And I actually, sorry, I'm droning on here on my own bloody podcast,
but there's, I wrote an article. It's your podcast.
Can't wait to have you on ours. Yeah. I wrote an article on our blog at GTM
(20:43):
Delta and it was specifically around how to create Michelin star content.
And it was born of the, uh, so I've been lucky enough. I went to 11 Madison
park, which is a really cool restaurant in New York.
And I went there a couple of times with my partner and she's like,
we got to love this. We're going to try this place out. I'm like,
this is cool. And it was an experience.
I'd seen a documentary on Netflix called seven days out about this.
(21:08):
And it was really amazing. Like I'm here, I've seen this place,
but then to then go through and watch again, the documentary.
And it sort of hit me this point where Daniel Hum, who's the head chef,
he says, everything is very specific
he says it's the four fundamentals of every dish
that they create number one it has to be
delicious number two it has to be
(21:29):
beautiful so it has to stand out in a way both visually and textually and taste
wise he says then the third ones is has to add to the dialogue of food it has
to have a reason a creative reason that this dish exists and then the fourth one is intent,
you know, what is the goal of what I want somebody who tastes this to experience
(21:53):
and share as a result of it.
And it's so wild that I thought it's exactly the same as content in that any
type of content we do that that's, we can't just go out and say,
yeah, let's turn the mics on and start talking for an hour.
It's like, what is the, is it, does it matter more at the end of this hour than
it did at the start? And it's a tough thing to ask yourself sometimes because
(22:17):
there can be podcasts where it's just like, yeah, those are neat.
They're just relaxed, conversational, and they're great to listen to.
But it's even more fun when then you bring on and you think what's,
what do I want someone to walk away with at the end?
And then sometimes what's even more fun is by the time you get to the end,
you're like, whew, that one even surprised me. And, and those are our fun moments.
(22:37):
So immediately being your early two podcasting, why in God's name would you
want to get into this game with me?
And Brian and all the crazies that are in this world. So coming from your side,
I'm curious, was there, is there a lot of sort of marketing and,
and podcasting and like community stuff on the legal and compliance side?
(23:00):
Honestly, I think there is. I haven't found a lot of it.
And so as part of it, I'd said like socializing security for us is also a way
for us to like expand our professional and personal networks to also just like
learn from additional, honestly, from companies, from speakers,
from subject matter experts.
We're hoping to just learn along with our audience.
So it's not intended that Brian and I are just the subject matter experts and we're just talking.
(23:26):
That is so not. I learn something new every single day in my job,
and I plan to do the same thing with the podcast.
With thinking about a culture around it, I think for lawyers and attorneys,
there's some pretty significant risks about potentially giving out legal advice.
And so there's been some really interesting like regulate. it's not even regulated.
(23:47):
It's been some really interesting conversations I've been having with like insurance
brokers and reading law firm blog posts to figuring out, you know,
what are the risks actually as somebody who is a lawyer who has a license has
to actually be a little bit more mindful than somebody who doesn't have that
because I'm regulated differently because of those fiduciary duties that you
(24:09):
mentioned earlier, right?
As a lawyer, I do have other responsibilities that, you know,
a professional without such a degree might not have.
So I think that's why we haven't seen as many in the legal space,
because I think a lot of people are nervous that they might get slammed with
a lawsuit for potentially saying something that somebody takes as legal advice.
Even, you know, I will say this is not legal advice.
(24:30):
I am not your lawyer. This is not legal advice. This is not financial advice.
This is not election fortification advice. we have to give all the disclaimers
up front but it's like I can say this jokingly but I also do know,
It is very real. Even for me, I'm very relaxed about it, but I do know the impact
(24:51):
of the words that I say and I even sometimes ingest.
You have to be careful because it can come out.
I was on a call with an analyst one time and I realized I've never been media trained.
Media training is not about making you good on microphone, it's about making
sure you don't say stuff that gets you in legal trouble. That's what media training is about. out.
And so I've never been media trained, but I was the voice of the company.
(25:15):
And so they would put me in front of every analyst.
And I had this great conversation. The guy was fantastic.
And we were just chatting sort of before the call about nerd things.
And we're like, ah, going back over history. And we do this whole call.
And then as the call is sort of finishing up, he's like, hey,
so what do you think about Tesla, electric cars? I'm like, wild.
(25:36):
This was early on. I'm like, this is going to be incredible to watch,
but this is before they'd ever shipped one.
And as he says, like, what do you think about the operational model?
I'm like, it's going to be tough.
It's basically a glorified Ponzi scheme right now, because they're basically
selling you cars that don't exist with the hope that they're going to be able to produce one.
And I realized I watched my PR person sitting across from the desk at me and her eyes opened so wide.
(25:58):
And I realized I'm like, oh, wow. Every single thing I say is on the record here.
And I And I just said that Tesla is a Ponzi scheme, like, right,
don't say stuff like that again.
So that was my one thing I learned, like, it is a real deep responsibility,
especially when you're representing your own brands.
(26:19):
So yeah, kudos on the challenge, but also the willingness to take on that challenge.
There's like finesse in it. Honestly, I'm learning as well, because like,
as I'm going from somebody who used to work like in-house full time and transitioning
into like having clients and what that's like,
even the relationship with clients as I'm their consultant, not their employee.
(26:43):
And so even the finesse, right? Like there's significantly less job security
in that relationship. And also certain things like not my problem.
It's just like very different, right? Like, like as an employee,
sometimes you might be like, oh, actually that is a really big concern and a
risk to the entire company.
And I am, you know, responsible of making sure that's raised properly.
And there's other things as like a, like a consultant where I'm working with
(27:04):
a client and I'm like, you know,
I might recommend you spend some more
time to do some more research on that one happy to help but like you
know when you ask i'm here to help yeah well
and this one's interesting to me too is the the soul
say the rise of law tube which became a big thing particularly i think the the
depth herd trial highlighted how many opinions are out there that lay they say
(27:30):
i am a lawyer and now i'm going to talk for three hours about something those
are not necessarily connected to things.
They say it up the front, like as a warning, by the way, I'm a lawyer,
but it's also a credibility builder.
But then from that point forward, you're like, these are opinions and should be taken carefully.
But it's it also then taints a lot of what we do when we talk about security
(27:54):
and compliance that like you want to give prescriptive advice,
but you then also have to be careful about how prescriptive you are because there's a lot of.
Dependencies that you don't know. And you're just talking into a one-sided microphone,
assuming the listener has a set of baked in inferences on the other side.
And I think Brian will find this funny, but I actually, normally most of the
(28:17):
people that I work with, either as clients or like in past relationships with colleagues,
most of them actually don't know that I'm a lawyer and that's intentional because
yeah, sometimes the second that people are like, wait, you went to law school,
you're a lawyer. Why are you a compliance person.
They're like, shouldn't you be doing contracts? Like, why don't you?
Like, I actually get my credibility is actually questioned because I chose to
(28:39):
go into a career in compliance and didn't go traditional route,
ended up being a general counsel and doing commercial transactions and have my own law firm.
But like, compliance is my thing. And so I don't know, even when Brian and I
were first working together in a past life, I don't even know if Brian would
have necessarily known that I was a lawyer until eventually I took over legal.
But I think for a lot of people, they were like, why did she take over legal?
(29:01):
She's a compliance person. And it was like, well, she's also a lawyer. And they were like, oh.
So for me, the legal stuff actually felt like it took away from my credibility
for some of the technical people that I used to work with.
Yeah. And I'll be honest, it was still very much Black Arts at that point to me.
So I didn't have expectations that are compliance people lawyers.
(29:23):
Well, do they know the law? because ultimately it comes down to what is the
legal ramifications of the things that we're doing,
i just i feel like they're natural like you would flow in and
out of those but i've now come to know that it's it's
far from that you know i i get a little bit
of that too like i had at one point i started i i
had the hat of being a product manager i won't
(29:44):
say i necessarily had the title but i had the hat to wear and so that meant
i had to work with the dev team you know there's a whole team of developers
and they're mostly front-ended by kind of a elite architect type of a type of
a role slash project manager type of role and when i took that role on.
I knew that there was, that was generally a sandpaper relationship between that
(30:07):
person and the product managers.
And so I sat down with them and said, hey, we're going to be working together.
I just want to start building a relationship so that when it comes time to butt
heads, which inevitably we will at some point, at least we've got a mutual respect to go with.
And explain the fact that, hey, I understand what your team's going through
(30:28):
because I have been a developer in the past. I have that experience.
I have been a customer in the past. i have been this in the past like
that variety that i have in the past when i
explain it to people and show how i
utilize that it it pulls down a
lot of barriers it makes it very easy to connect with people because like yes
i can't speak your language you don't have to you know baby it for me you don't
(30:50):
have to explain it like i'm five you can you can explain it like you would to
developers and if i don't understand i'll ask for clarification my job is to
learn that level and then to baby it to somebody else. So don't baby it with me.
Recently started into a new company and I'm just amazed at how readily accessible
the engineering docs are.
(31:11):
And every time I go looking for something, I stumble across them.
I'm like, oh yeah, now it's going to get fun.
And I go disappear for an hour and read through it, grok what I need to grok,
create some PowerPoint slides about it, maybe write up a little bit of narrative around it.
And I feel like I've done really good work because I've
taken something that's complex that was written for
a very specific audience of very nerdy nerds that
(31:35):
you know 90 of the industry doesn't understand
at that level and translate it to somebody else so
that again I'm going down this rabbit hole
of the variety of experiences we have I
think is our superpower and our ability to to
use those to communicate things and to bring people together to better understand
those things and hopefully bring in three different communities that we've all
(31:59):
been a part of at some level and draw them together to do something better together
is kind of that North Star that we've been finding.
Sorry, I went way off the script on that one. No, no, believe me.
Luckily, I have no script, so every script is exactly as As it always comes
out exactly as expected.
(32:19):
Yeah. When we, if you hear in, in, I know this from Grey's anatomy,
so I'll say it's from the medical field.
There there's a process they call see, say, do teach.
And that is, you know, the effective way to learn that number one, you observe it.
So you watch somebody else do it. Then you describe the process back so that
you, I acknowledge that what I saw was this.
(32:40):
And so they can kind of like, yep, you're heading the right direction.
And now you do the thing with somebody watching you and then you teach.
So that at that point, by having to show somebody else how to do it,
forces you to change your brain flow to, I have the curse of knowledge now.
How do I go back two steps to bring somebody back through these,
(33:03):
this first little ladder that I got to here?
And what I find and what you've already both shown is that you can do that.
And that's, what's fun about doing a podcast is that you can continuously, every
episode contributes to the the next one
and what you end up finding is like that's why
getting past 10 is amazing because what happens is on the
(33:25):
11th episode you can say yeah i've i've talked to
somebody else and next thing you know what you'll find is you find people that
read a book and they go oh i've heard of that book have you heard of this one
and we start to see this network occur and when i read a book my favorite thing
was when i read a book and in the book they refer to another book and i've read
that I'm like, this is it. This is my book.
(33:45):
I've, I belong here and seeing you two with distinct, but a shared voice,
I think is already like, it's going to be a hit just because it's hard to find
people that can give each other space.
Bass and even like doing this, I always do one-on-one.
It's so much easier because then, you know, every question I ask,
(34:07):
I know who's going to answer it.
But when you're DJing multiple voices, it's, you're a producer as well as an
interviewer, which is such an interesting combination.
And you both have done fantastically with each other already.
So I already know I'm on, I'm on, on, on your team on this one.
So it's now, now here's the fun part.
(34:29):
What's your desired audience? Are you looking at the practitioner?
Are you looking at, you know, you've got a lot of potential.
So who do you aim to be as an ideal listener?
I will answer this one. I want anyone to listen.
The whole point of socializing security in our podcast and why we wanted to
(34:49):
do this is we could have set up a super technical podcast.
Brian and I both can really talk on a level that like from a regulatory or like
infosec, we could really just dive in.
I personally, as somebody who didn't like get my training in And security found
the word security had a significant barrier to entry.
(35:09):
It's not really an industry that every like we all make decisions every day
that impact our personal security.
And most of us have no idea what it means to be secure or really like how to do that.
And so it's one of those things I truly I talk about information security and
compliance to anybody that will listen.
(35:30):
Whether that's truly the recently the
customer service representative at the IRS that was so gracious
that helped me and we started talking about password managers and
which ones I recommended or my in-laws
or my parents when we're talking about like generational differences about how
we're managing security or really really cool super smart people you know we
(35:50):
are trying to get some advisors to government agencies that do security to come
speak with us and also founders of large technology companies to come talk to us.
And also just like friends and colleagues.
And so it's really meant for anybody that wants to learn about security.
We both can speak about our particular skill sets and our experiences,
(36:11):
but we're trying to really mean that we could have anybody from a grandparent
to a cybersecurity advisor for the White House on the podcast.
Yeah. And, you know, given our diverse backgrounds, being able to.
Take that persona of somebody, hey, I grew up in the IT space,
(36:32):
and I know I have to deal with security because nobody can avoid it anymore.
Help me understand it. And at the same time, kind of help them understand compliance.
Come for the security, stay for the compliance. Come for the compliance,
stay for the security. Come for the security, stay for the IT.
None of them exist in a vacuum. And we
(36:54):
could go really narrow and deep and just talk straight security
and you know I listen to podcasts about that and I enjoy
those because they go deep and get nerdy but at
the same time I can listen to a politics podcast
and they'll talk about security and it's for me personally it's more fun to
apply it rather than to know how to do it if you will so being able to say yeah
(37:18):
so the cyberterrorism thing is becoming a global problem okay I like politics
and I also like security like that's an area that really engages me
because it's, and it's a puzzle, which is another, another thing that my brain
really likes to do. It's like, this is a tough puzzle to solve.
I constantly am thinking like, should I, should I go look at CISA postings and
go, go work for the government in that space?
(37:39):
I heard the other day that, you know, there's talk about creating another branch
of the U.S. military to just do cyber.
Like that could be fascinating because I enjoy those things.
Did you? I've already got my space force out. Did you?
No, I did not apply. At this stage, I don't claim to be a practitioner of security.
I'm more of a communicator and a...
(38:01):
Help people understand it. Because honestly, to help somebody understand something
to your point earlier, Eric, about teaching being the last step of the process,
you just got to be a few steps ahead of somebody and you could teach them something
because you just need to pull them to the level you're at while you're making
the next step to that level.
It's no different than pulling a child while you're going for a walk or helping
(38:24):
somebody climb up a mountain or whatever.
You just have to make sure that you're steady where you're at and
pull them up when you take the next step you know we do that in
our careers as well with mentoring it's it's not about i
have all the answers it's about i've been in that
seat let me help you get to this seat and i'll
probably learn something from you to help me get to the next seat too and so
(38:45):
it's it's by by having such a wide audience i think we view it as not hey we're
going to go scatter shot and we're going to lose lose our voice it's more of
hey there's no lack of things for us to talk about there's.
Every time we get on, when we have a conversation, whether it be recording an
episode or just planning for the whole podcast as a whole, we end up with two or three more topics.
(39:09):
Like we're exponentially growing the number of topics to the point where we
may never get to all of them.
And of course, everyone could have three or four different variations depending
on who the guest would be or which part of the topic.
The next episode that we're going to record, I threw out some ideas and Mila
was like, this is way too broad.
Let's narrow it to this. And now all of a sudden we've got three different episodes out of that one.
(39:29):
So it's a lot of give and take that I guess the main audience maybe we're looking
for are people that are just interested in learning about the broad scope of
how to protect yourself and your business.
The one thing that's always tricky when we get started, especially when we have
like, is a very broad scoped topic area.
(39:52):
And like you said, anything can apply, like the subject matter can be security
related or compliance related.
And yet it doesn't sound like it was born out of security and compliance.
Like I remember going to B-Sides, one of my favorite little groups to go to,
like a great technical community and they do in-person stuff.
And one of the things they do is human security. They teach martial arts and
(40:14):
like physical response and physical safety.
And you're like, oh, wow, that's funny. That is literally a security thing.
And there's lock picking at the next table.
So you can get a real diverse set of activities.
The risk that we have when we start trying to plan how it will go is that you
end up like the writers of Lost.
(40:36):
So that what ends up happening is three seasons later, you've got somebody going,
whatever happened to Jacob?
What happened to the guy on the island? What happened to the fire stick that exploded?
Like you've got like 200 things that got left off.
So my advice, even in hearing how fantastic the opportunities are, just let them occur.
Like you've got so much you can bring. And the worst thing you ever want to
(40:59):
do is be like, oh, let's do a series on this.
And because then that's usually where people get trapped, where they go like,
well, let's make sure we've got a total story being
told across these 10 podcasts before we release them and you're
like yeah you're never going
to get one out because you're worried about all 10 matching up
and as somebody who i was somebody
(41:21):
asked me this morning actually before i did another podcast and they said you
know are you all is it all technical do we have to be very deep technical i
said i've literally had sex and relationship therapists i've spoken to john
mcafee i've had a soap opera star on it doesn't matter what you do what matters is that
(41:41):
one hour later, people are at least one hour richer.
And hopefully more. Yeah. I'll say, Eric, I would love to ask you,
I actually have two questions for you if that's okay.
All right. First is I'm a really big coffee snob. So where is diabolical coffee and should I try it?
This is, yeah, one of my many, many side hustles.
(42:04):
I did have a coffee brand. I still do have it. It's just, it's quiesced at the
moment as I'll go back to my old nerd terms on that one.
So I wound it down just because I was building GTM Delta and I'm like,
I can't do eight things really well.
So between podcast and having four kids and all, I got a lot of stuff going on.
So I, but Diabolical Coffee is my own coffee brand.
(42:28):
We do, and it was primarily aimed at podcast listeners, which was funny.
I found my weird niche that I'd said, I want to to run this brand.
I literally just came off, I was going through GoDaddy looking for domain names
because I'm a domain squatter because that's the kind of weirdo nerd that I am.
I need to introduce you to another speaker for you.
I have somebody you have to meet, so we'll talk about that in a little bit.
(42:51):
I always look for ones that are about to expire and find ones with domain authority
and then try and just hang on the domain authority and build a site from it and then sell it.
So what I did was I found this one that said Diabolic Coffee.
And I'm like, oh, that's such a cool name.
It's not right. It's not an English word. It's not diabolic.
It's diabolical. But I bought it anyways.
(43:11):
And then like five minutes later, I bought Diabolical Coffee.
And I literally just had my friends do the logo. And I was like, that's all I was doing.
I would do coffee. Sorry, this is the longest answer ever.
I used to go to conferences all the time. And we would do a coffee exchange.
Our common friend, Cody Bunch is an amazing human, somebody who has helped me
(43:32):
greatly along with Brian over the years of my life, both in tech and out at home.
You know, what was really cool was that he wanted, he was very community and outward focused.
Cody, the only thing Cody's not good at is looking inside and helping himself.
So that's why we all try and rally around and be Cody to Cody.
(43:54):
But we would do, he would say like, we all love coffee. We've got a bunch of
coffee nerds. Why don't we swap coffee beans?" And so we started this idea,
and we did it a couple of times, and then- And we added to the list.
Yeah, it was so cool. So I started doing this, and Cody wasn't going to events all of a sudden.
And so I was going, and my team, I was working at a company called Turbonomic.
(44:16):
And I would say, hey, I'm doing this coffee exchange thing. So if it's okay,
people are going to come by the booth, and they're going to be bringing coffee bags.
It's going to look weird, but this is what it's for. And we would just take,
everybody brings a pound or two of coffee, and then you come back two days later
and you reach into the old bin of coffee and you pull out whatever you took.
So if you brought two, you take two.
(44:37):
And what we ended up having, at the last time I did this, I had 75 pounds of
coffee in the back of my booth.
And it was from around the world. And it was such a wild thing.
And what was really cool was I ended up meeting friends, work colleagues that,
you know, we've done collaborative work together since then that were just,
(44:58):
I met because I was a coffee nerd.
And that was, so the Diabolical Coffee as an ethos is that.
It's community connected by a shared love of coffee and each other.
I would like to opt in. I have the dream of, I always joke with my husband,
I'm like, eventually I'm going to make it and then I'm going to start a coffee
shop. I was like, I'm going to have a cafe.
(45:19):
It's going to have plants, gluten-free. I have a whole vision for it.
And he's like, sure, whatever. Go build your empire and then eventually you can retire.
And I don't actually want to operate it. I want to be the one responsible for sourcing.
And then the vision. Like I want to be the visionary and the financier,
but I don't actually want to do the day-to-day. I just want to sit on the patio then and enjoy.
(45:40):
Be a consumer. That's it. Exactly.
I want to get paid to be a consumer. Yeah. And then Eric, I do have one more question for you.
And it's something that Brian and I are planning on doing on our podcast is
as we wrap up the conversation and start thinking about what we're going to
talk about next and everything,
I do want always to ask individuals that we speak with of, I'm going to pose
(46:02):
a theory or a conversation and just get your response.
And this isn't, obviously you have no clue what I'm about to ask.
So you can take a second if you want to just start talking.
Basically, I recently, so we've been talking a lot about security and compliance.
Privacy is a huge part of that. And it's a really big part of our podcast as well.
(46:22):
I recently had a CTO tell me that he believes that the fight for privacy is dead.
And now we are moving on to the fight for security.
Given that concept, I would love to just get your feedback on that.
Do you think that the fight for privacy is dead?
Do you think it's alive? Do you think it's instead of privacy is a security?
(46:43):
I think that privacy and security are different but aligned.
You know, privacy is an inherent part of security, but security does not require privacy.
You know, security creates privacy, but it doesn't require it necessarily.
So you can be, but personal privacy especially is one of the most challenging things.
(47:06):
Content privacy, intellectual property technically will fall in a way under
privacy in that it's like I've created a work and it should be protected.
I think of that in the sense of personal privacy in that it's an art or a work
that I've created, so it's part of me.
In the same way that I put my name on it, you know, well, the funny thing is
(47:28):
like I create content every day that doesn't have my name on it.
And in fact, what's even funnier is when someone says, hey, you know,
if you are good at writing, can you write like this person?
That was my favorite thing. someone said, like, I don't know that you can do
what you say you can do, but if you can write like this CTO,
fantastic writer, then we can do business.
(47:50):
And I said, I can full-throatedly guarantee that I can do that.
And it was because I'd written that blog for that CTO. So-
But on the personal privacy side, we're seeing it with generative AI, right?
This is probably the biggest Gutenberg revolution of how we do things,
which then erodes privacy at a great scale that's never been seen before.
(48:18):
And Pandora's box is already open and wedged open.
We cannot undo it. We cannot untrain the models. They're already done.
Just technologically, it's very difficult to do. So now, how do we reshape the face of privacy?
That's where it's going to be. How do we bring security in encryption?
(48:41):
And so post-hoc encryption is probably going to be a strong area.
If you're going into a startup area right now, if you can develop successful
post-hoc encryption for vector databases,
you are a billionaire there because that's what we're about to face is that
we're moving data and information around and putting it in places where it can be found.
(49:06):
We say it's obscured, but it's
not. It's only obscured enough that if you do this, it's not the data.
But what if you stop doing this? Okay, right on. I can actually see it clearly.
So I believe that the fight for privacy is fundamentally different than it was five years ago.
I do not believe it's over, but I believe we gave a lot of yards.
(49:32):
See, I'm almost American. I'm a green card. I said it instead of taking it to the blue line.
So we've given up a lot of yards. Hopefully that covers it. So that's an exhaustive answer.
No, that's exactly what I was hoping for. I think Brandon, I probably think
very similarly to you do on that one. So thank you for entertaining me on that one.
(49:54):
When this becomes the fun one, when you look at these discussions,
sometimes I'm actually debating on going like planned contention.
One of the things I'm looking to start is more like actually debate style discussions.
And this is interesting. When you get into security and compliance,
how often do you find people are like, all right, I actually disagree.
(50:18):
Like sometimes the worst to be is like violently in agreement,
which is what we often end up Not bad.
It's like there is a kind of neat thing where someone tests the waters a bit.
I'm like, uh, I don't think you're right on that one. Or it's an interesting area.
What do you think? I mean, having done podcasts in the past,
(50:40):
I, one of them, I did more of a panel style.
So I would invite three different guests on and I actively encourage them to disagree.
Like it's, it's great if we all agree, that's cool. It shows consensus.
It helps listeners to really understand that, Hey, there's consensus here.
And this is the direction everybody theoretically should go.
Again, not trying to give direct advice, but, but when we disagree,
(51:03):
we start to dig into to the nuances.
We start to say, the right answer is actually, it depends.
And in that area, you've got to understand the nuance.
You've got to understand that, well, in this situation, maybe it's better to go down route A.
But if you're trying to get to this other destination, route B is the right way to go.
And if you happen to have the specific skill set, route C to get you to that
(51:27):
second destination might actually be the best one.
And having been an architect in IT all these years, and having been a developer,
and having to figure out the right course of action, that's second nature to me to some extent.
Me, we'll speak to this, but when I'm comfortable with the team of people I'm
working with, I don't hesitate to disagree with people.
(51:49):
I will call it out and say, no, let's pull back and think about this a different way.
And sometimes it gets me a bad reputation. Sometimes people leave me out because
they don't want that pushback.
But I would rather work with people that appreciate the fact that,
hey, we can debate and at the end have a better product, even if it's just everybody
trusts it more than when we first got there, because we have,
(52:13):
you know, poked around in some of the places and found out that,
you know, no, in fact, this is a pretty solid, solid plan. man,
we can move forward with it.
So yeah, I really enjoy the fact when people are willing to disagree,
they've got to do it respectfully.
I don't want to, let's all shout at each other for five minutes and you can't
understand a single thing anybody says. Add homes at each other. Yeah.
(52:34):
I don't need that. I mean, I listen to political podcasts, so I get plenty of that.
But if you can get, you know, one of my favorite podcasts is one that is specifically,
I'm in the middle and I'm going to host this podcast and here's somebody from
the left and And here's somebody from the right.
And sometimes they agree. Sometimes they disagree.
Usually they're respectful about it. And, you know, it only rarely devolves
(52:58):
into a shouting match, which, you know, at that point you start tuning out.
Yeah, I have an interesting perspective on this one because I'm very often brought
into rooms when I'm supposed to say no.
Like generally, like when people call compliance, it's usually in my ideal world, right?
They bring compliance in as early as possible. and compliance
security are like right you know if you're thinking about like with the
(53:20):
product team right they're like in the design phase like what are
like the potential privacy security compliance concerns legal concerns
like that those are all happening proactively generally the way this plays out
it's usually something has gone wrong or something maybe did something and then
someone complains and is like i don't think we should be doing it this way but
we already are doing it this way so then it's very like retroactive and it starts
(53:42):
to feel like kind of defensive, which isn't great.
It's not good for the culture, for the compliance program, or the organization itself.
It's really not fun to be the person that has to say no all the time.
And so again, there's some finesse with that. So.
I unfortunately, in my role, even as legal or compliance or information security,
very often have to say no.
I will say I'm one of those people that's in the business of being like,
(54:05):
I am trying to agree to disagree with somebody, but also need to make sure that
I have the backing and the authority of the executive team to ultimately be
like, hey, if compliance says no, then that actually needs to be honored.
And then let's come up with a solution that we all can agree on as one team.
So I think I have a different perspective because Brian, normally I do come
(54:28):
in and people are like, they'll bring me in because they're waiting for me to be like, Nina says no.
And I'm like, no, no, no. No isn't my brand, right?
Brian and I on a recent episode that we were recording, Brian was like,
hey, I think compliance is black and white.
And I was like, wow, I fundamentally disagree with you. I think compliance is gray.
And then we were going into that. And I think there's room for that.
And I think as long as you're open to learning from one another.
(54:52):
And again, as long as it doesn't start to feel like it's like a fighting match,
because like, especially my work life, like I'm not trying to like fight with
coworkers. It's like not the goal.
It's a job. It's a job. Even the way you described the remediation is the right way.
Like it's like, well, what's the way, what's the most effective way that we
can get us A, back into compliance and B, make it easier for future so we don't
(55:13):
have this problem again.
Like I'm not, I'm not trying to, I'm not here to mess with you people.
I'm here to make sure that we are doing the right thing.
And it was funny before we talked about this idea of like legal compliance and
it sort of hit me of these like columns.
And I would say like the farthest left is legal.
Then there's compliance, then there's secure.
So you're legal, you're compliant, then you're secure.
(55:35):
And then there's two columns beside them, which I would say right,
because you raised that before Brian, and just right.
And they're, they're very different things because there's nuance between them.
And we often say like, I'm not here to seek being right. We all love being right,
but I am here to seek the right answer.
And the right answer often means, hmm, I was thinking about this incorrectly
(56:00):
before, or I didn't understand the nuance of this, or more data's come to me
that I've since been able to reformulate an opinion based on the totality of data.
And it's really hard sometimes for us to think of like you're being forced to
do a thing because compliance says so or security says so or whatever.
But when we look at it across the spectrum of columns of measurement and where
(56:26):
we move ourselves all the way over.
And sometimes, like you said, Mila, you get into a tough spot where you're like,
I hate to do this because I know this is, it feels like I'm killing your job,
but we just can't do this and we need to make sure we know how to do it.
And that is right.
And then just is moving a little further saying like, seriously,
(56:50):
how do we do this for you as like have empathy for that person that like they
themselves are not trying to be non-compliant or an insecure.
It's just they maybe don't know better. And it's just trying to get shit done. Yeah.
And I and I love the way that you frame that, Eric.
(57:11):
Be happy to debate it. I can think of variations and you and I can spend hours
discussing this one topic, I'm sure.
But I like that concept of, you know, it's a spectrum of things.
And, you know, we can hit some, we maybe should always aim further,
because what it kind of comes down to ends up being that, yeah,
(57:34):
it's great to have a debate, but a debate requires some level of,
one mutual respect and in a team oriented manner where you're trying to achieve a goal together.
A common goal, something that you both can, can agree on in the distance as, as the goal.
And it's almost like the, yeah, I'm going to aim for the stars,
(57:54):
but if I hit the moon, that's okay. Type of a thing. Yeah.
Like let's all aim on being just because hopefully we can all agree on what
being just is and whatever we're trying to do.
Yeah. And if we can, if we can get through not breaking the law and get past,
you know, being compliant and being able to get those check check boxes that
we want to get and be able to get to the point where we're secure.
(58:16):
And even if we don't get to that, you know, that fourth and fifth step.
Our mutual goal to aim for something further away helped us to get to the same
place that, that is truly the most important place because we can all agree
on some level that we have a mutual goal and we need to get there.
And I've worked with people who didn't like, they were all about them.
(58:37):
And if you weren't aiming for making it right for them,
them you were going to run into conflict with them over and over
and over again and that annoyed
the piss out of me like i couldn't stand working with people like that
because it's like it's not about you man it's there there's a bigger picture
here that if you can't fit yourself into that bigger picture like one i can't
(59:00):
understand how you operate the world without putting yourself into the bigger
picture because what's the point of life at that point and two you know you we're We're a team here.
Like, we should be aiming for the same thing, but you're constantly pulling
us aside or pushing back on us. And we as a team can't get there.
And people like that tend not to last long unless they've got dirt on somebody.
(59:21):
But, you know, having to deal with those types of people do.
That's one of the things that will drive me nuts with people.
Very few things will annoy me to the point where I won't want to work with a
person. But that's one of them. When the...
The one thing that you talked before, we've sort of danced on this one,
is the idea of like the nuance of a lot of the stuff we talk about.
One that I would ask, and I hope that, and I say that, I know you're going to
(59:44):
do this, but the one thing I want everyone to always produce at the end,
like I said, that you are one hour older, but more than one hour better having
experienced a discussion.
And the one thing that drives me nuts when I do a lot of stuff with AI lately,
of course, because AI everything.
Thing and every single conference has an ethics like five ethics of ai you know talks and i can.
(01:00:10):
Guarantee you i know as much at the start and at the end
zero information has changed at the end of it god bless the fine folks that
are doing what they're doing out there but it's the same talk over and over
again we just say we've got to be careful we've got to look out for doing these
things we got to like that's fantastic but what prescriptive outcome like steps
have you generated for me that I can take and put into practice.
(01:00:32):
So by golly, when we talk about compliance, whatever, the best thing you can
always ask for are like, what are specific prescriptive steps that somebody
could take as a listener to move closer to that goal?
And when we put that lens on it, then even sometimes when you tell your guests
that, it's like they know at the end, And, oh, you know, we can talk all we want about this stuff,
(01:00:57):
but that's just people talking, you know, it's great.
It's a bus conversation, but it's like, I want to make this actually educational,
which that's not that that isn't educational.
Sometimes just hearing the conversation opens the door for people's own internal thought process.
But, you know, and I know, again, Milou, to your background,
(01:01:17):
it's tough because nuance is tricky because it's, it's also,
it's nuanced for a reason.
It's gray for a reason because it can go either way.
And when you approach everything from a point of moral neutrality,
then it's like, okay, scrub it all away.
Okay, let's start with the fundamentals. And that's what's cool.
(01:01:37):
But it's very hard to bring people to that point where they don't have prior experience.
You know, Brian, you talked about that with like, you know, this person's been
here for so long and they do it this way. So they're going to be a curmudgeon.
And then on the other side too, Marilou, where you get brought in and they're
like, oh God, here's Marilou again.
Oh, what's she gonna tell me I can't do now? Oh man, Eric, you should see some of the stuff I pull.
(01:02:00):
I have a walkout song when I come, because sometimes I'm like the bearer of bad news.
And then I'll go to clients and be like, yo, we gotta like make this a little
bit more fun. So I have a compliance.
Intro like a walkout song like you would have at
like a kickoff like a sales kickoff i have that for compliance it's wonderful
you're gonna walk like wwe wrestling
(01:02:21):
that's exactly it's literally exactly
what i do and it's remote and it's amazing and it's
like a 30 or 45 second clip and it's just me dancing around with like all of
my virtual people just being like yep you're gonna listen to 45 seconds of this
song and then we're gonna talk about something less fun but i I need to like
(01:02:41):
make it more fun because I'm sick of being like, hey, we've had an incident.
Like something has gone wrong. Like that's not my brand.
Yeah. So and I guess here is me. So I'll say that is my bunch of advice.
And so that I hopefully it is actually meaningful and useful advice.
The one prescriptive step I'm going to tell people they should do is they should
(01:03:03):
go and they should go to their favorite podcast app and they're going to find
Socialize and Security and they're going to subscribe.
And that's what we should do. I am looking forward like crazy to this.
This is going to be awesome because I know, you know, you've both got such great
stuff to give to the world and I'm excited to see how it becomes something that
you may not even know what it is yet.
(01:03:24):
And I think that's actually the kind of the best part of starting a new venture
is that the thing you start with once you're like three in, you're like,
huh, there's a new thing that I didn't realize we were doing that's working well.
And, you know, you just, it will morph, morph over time, your advice.
Now, here you go. I'm already going to turn it back on you. What's your advice
(01:03:45):
to the new podcaster or someone who is thinking of like having an active voice,
whether it's in a community or something,
because you've chosen to now have an active voice in the world,
what would you tell to the next person that maybe is not quite sure they're ready to make the jump?
(01:04:05):
I would be bold. I get a lot of feedback as a personality that I'm quite brazen
and bold, which especially as a woman is something that people aren't maybe
necessarily used to that I just absolutely will say just like run and go for it.
And then sometimes I'm like, oh, wow, is that not something that most people would do?
I would say if you're thinking about it and you have an idea, just try it out.
(01:04:27):
Like worst case, it doesn't work out and you hopefully had some fun and you
learned something and maybe something else came out of it. I would say if you're thinking about it.
I've had a lot of conversations recently when I'm telling people that I'm starting
a podcast and we're doing something.
They're like, Oh my God, I have an idea for a podcast. Or they're like,
Oh, I'm thinking about this. And I'm like, do it. Go try it and see.
(01:04:48):
And I'll say, Brian and I are both perfectionists. So we hold ourselves back
sometimes because we really want it to be perfect. And it's just not going to.
And so I'm leading into that.
Go for it. And then And also, you're going to mess up, and that's okay.
I think it's how you handle the failure and mistakes with grace will only empower
your listeners to be like, oh, these people are human, worth getting to know.
(01:05:13):
Yeah. And from my perspective, the history of the people I know is littered
with blogs with a year's worth of content and podcasts with nine episodes.
And that's cool. Like I don't look down on anybody because they started something,
even if they abandoned it.
(01:05:34):
You know, we've, we all have experience in the startup space and not every startup works.
We know people that are well known for their success at startups that have a
history of failed startups before that one success.
So don't, you know, do it like you'll learn something from And I'm a huge fan.
(01:05:54):
My biggest mantra in life really is any mistake, any bad situation that you
could turn into at least a good story, if not a learning lesson,
and ideally a learning lesson you could share with others so that they can learn from it as well.
Is not a wasted time. It is not a wasted situation.
And I'll talk your ear off if you want to hear those stories,
(01:06:16):
because Milo's heard a lot of them lately.
There are all sorts of bad situations I've been in that, you know,
I clearly am still healthy and alive. So it wasn't the worst case scenario.
And I now have a fun story that I can use to break the ice or to try to communicate something to somebody.
And as everybody has learned from this podcast, I don't mind sharing stories
(01:06:40):
once you get me loosened up and ready to talk.
Yeah. And that's why I think I know for sure that the content that's going to
come is going to be very meaningful because these are complex topics that need
to be approached in a way that people think through it as they're saying it.
(01:07:00):
And I like that even everything that we've talked about today,
there was no stock answer, there was no built-in reply.
And the fact that I know what you've done here and what you've done in the past,
that you're going to do it again and it's going to be great.
So yeah, I'm looking forward to it. And definitely people need to check this
out and I'm with you, press publish.
(01:07:22):
And like you said, I often forget sometimes I say people like,
oh yeah, everybody gets to 10 podcasts.
I'm like, but they got to 10, right? The same as when you see somebody,
you know, I remember there's a, somebody has a picture at a race.
It was a meme at one point. It was
a guy that had a shirt that said like overweight over 60 in front of you.
And I'm like, that's it. Like nobody will ever trash talk you from above.
(01:07:47):
They'll only do it from below. And when you can give back to the, to the community,
like you've done already, ready and as you will now continue to
do socialize and security then then when
you do it so i i hope that i get my hat do i get do
i get some swag i will order whatever swag you
put up i'm gonna order so we are doing some
interesting things with swag we're learning some legality about
(01:08:09):
liquor laws as well so we are with some alcoholic and non-alcoholic options
that we can potentially gift and then hopefully having some really cool merchandise
and stuff like that because i don't want boring swag if it's not like a cool
t-shirt that i want to wear like in my regular life,
Then I don't want it. Somebody who this is, this is the kind of weirdness that I do.
(01:08:32):
So, yeah, I brand every, every single thing in my house is branded with GTM,
Delta, Diabolical Coffee.
I'm, I'm an absolute. This is also very creative from a legal and regulatory
perspective. So I see you and that's awesome.
For those only listening, Eric
is randomly picking stuff up in his office and showing it on the video.
(01:08:57):
There was a guitar. Exactly. Yeah, I need to have like a little thing that says,
you know, for people that are only watching the viewing version or the listening version.
Yeah, so this is awesome. So congratulations on what's ahead because it's ahead
of what we're talking about, but it's already going to be alive by the time
(01:09:19):
we go live here, which is great.
And anything I can do to help you folks amplify your message,
I do definitely look forward to.
And yeah, let's talk again in
a bit once you've got a few more episodes published and under your belt.
And hopefully we can share some of the neat stories of the fun stuff behind the scenes.
(01:09:39):
And for people that want to reach out to you, what's the best way that they
can find each of you and the podcast?
Yeah, so I'm Brian Knudsen. and usually searching for that will find me most often.
LinkedIn's probably the best place to reach out for me, though I do show up
on Mastodon on occasion, not nearly as much as I used to.
(01:10:01):
You can reach us at info at socializingsecurity.com if you want to hit us up
from a podcast perspective, or we will be building some community stuff for people that listen.
So more to come on that, I would say.
Yeah. And in the same vein, I'm also on LinkedIn pretty actively, Milu Meyer.
And then you can also visit my consulting company, Compliance Council.
(01:10:23):
That's compliancecouncil.com. And you can reach me there as well.
So looking forward to hearing from you all. And I really hope you invite us
back. I would love to come back to discover. Definitely, definitely.
So now I hope you've got a disclaimer when you say socializingsecurity.com that
this has nothing to do with social security.
We actually had originally looked into it and then we were like, wait,
(01:10:44):
wait, wait we can't go that available domain
and then we were like socialsecurity.com we were like wait wait that
no we don't want that well and
sometimes you even get it you have to worry about what it means in
other languages too like especially when you're coming up with acronyms
because we've been busted by that before even like
i came up with server names at my at one company and
(01:11:07):
we're like let's we got an office in the
philippines let's make sure their alphabet alphabet
lines up with what ours was and every once in
a while you get letter combinations that look a little bit funky or yeah
trade names that yeah well trust me i actually
went to the process of trying to get diabolical coffee
like trademarked i hate
(01:11:28):
lawyers the current company notwithstanding of
course but it was brutal it's the process is brutal not and are stuck with it
well when it's diabolical coffee because it went all the way through it's like
six months of waiting time they're like everything's good good good like no
big hand goes up at the end and says.
(01:11:49):
The you can't include the word coffee i'm like well i can't diabolical i'm out
of things to trademark at that point and they're like it's fine no one's going
to fight you over it and so i but it was it was a funny adventure to go through
and again a reminder that
when we talk about security compliance,
(01:12:11):
random advice that people say like, yeah, don't we have some kind of blanket
license agreement for that?
Or under 30 seconds is fine. It's fair use.
No, no, no, no, no, no, no, no. None of that is true.
So I look forward to the fact that you'll be giving real prescriptive and helpful
ideas and advice to folks.
(01:12:32):
So it's awesome. All right, both of you, thank you very much.
And for that, folks, check it out, socializing security, not related to social
security, but socializingsecurity.com. That's a great domain name too.
Like that's super easy to find. So I like it. I like it. And we'll look forward
to seeing it rocketing to number one on the podcast app near you.
Thank you so much for having us.
(01:12:54):
Music.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!