August 26, 2025 • 25 mins
What does it take to build an online community of 50,000 cybersecurity professionals? Jerry Bell, founder of InfoSec Exchange and former CISO for IBM Cloud, reveals the journey behind creating one of the most influential Mastodon servers in the security world.
When Twitter underwent significant changes in 2022, Bell's Fediverse server, which he'd quietly maintained since 2017, suddenly became the landing spot for thousands of security professionals seeking a new digital home. The explosive growth from around 100 users to 50,000 within a month created both technical and human challenges. "The technical aspects, while challenging, don't hold a candle to the complexities of moderating a community that large," Bell explains, detailing the balancing act between enabling free expression and maintaining community standards.
Bell's contributions to the security community extend well beyond Mastodon. As the host of the Defensive Security Podcast since 2011, he pioneered professional-grade security content when most security podcasts were either consumer-focused or entertainment-oriented. This content creation directly contributed to his career advancement, eventually helping him secure the position of CISO for IBM Cloud. For aspiring security professionals, Bell offers three key pieces of advice: prioritize human networking over resume submissions, develop a deep understanding of networking technology regardless of specialization, and find ways to differentiate yourself through content creation or community involvement.
Whether discussing persistent cloud security challenges like misconfigured S3 buckets or sharing his journey from factory maintenance worker to security executive, Bell's story demonstrates how creating content and building communities can transform a career path. What digital footprint are you creating that will make hiring managers recognize your name when your resume lands on their desk?
Socials
- Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
- Follow us on Twitter: https://twitter.com/SecChipmunk
- You can find us online at: https://securitychipmunks.com
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Edna Jonsson (00:00):
is from a cooperative project for
acquiring skills essential tolearning.
Welcome to another episode ofthe Security Chip Months podcast
, where we keep chipping away atit.
I'm your host, Edna Johnson,and today I'm joined with Jerry
Bell.
Jerry Bell (00:18):
Thank you for having me, edna.
It's really a pleasure to behere and an honor, and thank you
to everybody who is interestedin listening to me talk.
So it's great to be here and anhonor, and thank you to
everybody who is interested inlistening to me talk.
So it's great to be here and Iwas really tickled when you
invited me here.
So thank you again.
Edna Jonsson (00:35):
Oh, thank you.
I'm so glad to have you on theepisode and having you here on
the podcast.
I've been following you onTikTok and then I learned about
your own podcast, so it's beenreally exciting to learn about
your background and your journeyin cybersecurity, and it's
really impressive actually.
(00:56):
So I appreciate you jumping onwith us.
Jerry Bell (01:02):
Oh, I've been lucky for a very long time, I guess,
is the way I would say it.
Edna Jonsson (01:07):
Yeah.
So one thing that I learnedabout you and I was super
excited to hear that is that yourun the Fediverse server
infosecexchange.
Jerry Bell (01:20):
I do.
I started that server back in2017.
So we actually just passed oureighth birthday and it's been
kind of a wild ride.
After Twitter kind of implodedback in 2022.
There was a mass exodus fromthat platform over to the
(01:44):
Fediverse, and prior to that ithad been 50 to 100 people and
kind of within the span of amonth it went from 100 people to
about 50,000.
And that was a really excitingtime.
Exciting time, but I was reallyhappy to be able to contribute
(02:11):
to helping the community kind offind an alternate landing place
.
Edna Jonsson (02:14):
Yeah, I mean it's so impressive because I remember
that time when InfoSec Twittermoved from Twitter to your
server, infosec Exchange, andit's a great community there and
I know that you have a lot ofpeople that have joined it in
the last few years, so it'spretty cool.
(02:36):
So has there been some growingpains going through that?
Jerry Bell (02:48):
going through that, or, um, early on, early on,
there, there certainly was, um,you know, obviously the capacity
to run that many uh, you knowthat many concurrent people is
is uh not cheap yeah, and so soit was.
There's a lot of, uh, you know,kind of juggling of of systems
and trying to keep up with, youknow, with, with the demand,
while not breaking the bank,because I, I mean, I've I funded
(03:08):
it personally for a long timebut eventually I, I, you know,
crossed the threshold where ordonations were paying for it.
Now I, you know, I've I've kindof gotten a, I would say a
happy, you know, consistent anda stable capacity.
Happy, you know, consistent anduh and stable capacity.
Although, you know, recently,the, the, the amount of of, uh,
(03:30):
people has kind of been waningand, and I would say, very
recently, starting to go back up.
So it's, it's, uh, it's, it's alittle bit inconsistent but has
been quite a, you know, quiteinteresting to be part of.
Edna Jonsson (03:45):
Yeah, that's really neat.
So, as far as the community, Iknow that there's a lot of
InfoSec people on the InfoSecExchange, so I know that there's
been some updates with thetweets or not the tweets, the
toots sorry, the quote toots andall that.
(04:10):
So moderation-wise has it beengoing pretty well.
Jerry Bell (04:17):
You know there's anytime.
You have a bunch of people inkind of the same room together,
you're going to have some issuesand yeah it's really no, no
exception.
Um, I'm not going to say ithasn't been a problem.
I would say the technicalaspects, while they've been a
(04:38):
challenge, really help.
Don't hold a candle to thecomplexities of moderating a
community that large.
You know you don't want to.
You don't hold a candle to thecomplexities of moderating a
community that large you don'twant to be.
Well, let me say it differentlyyou want to enable people to
express themselves andcommunicate freely, but not
(04:59):
everybody has the same idea ofwhat that means the same idea of
what that means.
Yeah, and so it's been.
I will say it's been probablythe largest aspect of the
largest challenge of runningthat community, for sure.
Edna Jonsson (05:16):
Mm-hmm, thanks.
So I also learned that you hosta podcast, the Defensive
Security Podcast, and you havefor many years.
So tell me about the podcastand what got you started in
podcasting.
Jerry Bell (05:34):
So a long time ago, in a universe far, far away, I
was more on a CIO trajectory.
I was more on a CIO trajectory.
I was with a company calledInternet Security Systems from
the late 90s until the mid-2000s.
Sometime in the mid-2000s ourcompany got bought by IBM and an
(06:00):
interesting thing happens IBMdoesn't really need its own IT,
a new IT function or a new CIO,and so I kind of got labeled the
security guy and so, eventhough that really wasn't what I
had been focusing on, securitywas part of my responsibility
set there.
(06:21):
But you know, it kind ofmorphed into more of my, my, my
identity at IBM, and I at thesame time was getting into
listening to podcasts and alsoat the same time we started to
see a really large change inawareness of of, you know, more
(06:44):
advanced threats.
So you know there was the.
Aurora attack with Google,mandiant had just released its
APT1 report and there was justthis freight train of really
complex attacks and at the sametime I was kind of taking on
more responsibility forprotecting customers at my
(07:06):
employer and things likeincident response and whatnot,
and I found it odd at the timethere really weren't any what
I'll call corporate securitypodcasts.
There was like informationsecurity daily, which was cool,
but it was.
I would call it the podcast,the security podcast, equivalent
(07:28):
of like the morning radio zoo.
You know it was fun, but itreally wasn't all that
informative.
And then you had things likeSecurity Now, which was very
consumer oriented, and so I wasa little disappointed that there
was this gap, gap in you know,on the one hand you had, you had
(07:50):
a lot of stuff coming out, alot of change happening in the
industry, and nobody was talkingabout it, and so I, um, you
know, it took me probably a yearto get it started and the the
most complicated part wasfinding the right music okay,
yeah, and that makes sense, likefinding music for podcasts is
(08:11):
hard and then, uh, you know,that was my, that was my excuse
for a long time, but then I got,you know, got it off the ground
and it has been one that wasback in.
I think I started in 2011, 2012,that time frame and I took.
I took some time off.
I I um around 2020.
I got a new job and my co-hostfell ill about the same time and
(08:34):
we took a couple years off andabout a year ago, we, we, we
restarted it.
So it's been uh, it's been beengoing again okay, wonderful,
that's really good to hear.
Edna Jonsson (08:48):
yeah, I, I understand we why people be
taking a break from podcasts,because I've done the same with
this one.
Life happens, but that's goodthat you're continuing it.
So, with hosting a podcast,have you found that, like you're
getting?
Does that help you in yourcareer, like making connections
(09:12):
and meeting new people?
Do you feel like it certainlyhas.
Jerry Bell (09:17):
I would say it really helped elevate me to the
position that I ultimately gotto.
My most recent assignment wasas the CISO for IBM Cloud, which
was just a huge, hugeenvironment, and I was in that
role for about four years andleft and I have been unemployed
(09:40):
now for about a year.
Unemployed by my own choice myown, you know, by my own choice,
um, but you know I will saywhat.
The one one thing that is superimportant and I suspect a lot
of people are, especially thosewho are just coming into the
market right now, are probablyfeeling a lot of uh frustration
(10:02):
and and um, dismay maybe about,uh, the job market.
And you know, things likepodcasts really help
differentiate you.
In my experience, it has alwaysbeen a benefit if, um, if
people know who you are right ifyou know it obviously helps if
(10:25):
it's for a good reason.
But you know, I would say it hasreally added to my professional
success for sure.
Edna Jonsson (10:39):
Yeah, that's excellent, and it also gets you
used to speaking to people fromdifferent walks of life too,
right?
Jerry Bell (10:47):
Yeah, for sure, we haven't done a ton of interviews
.
A lot it's mostly back andforth between my co-host and I.
We did start a second showwhere we do interview people.
That's kind of on hiatus at themoment, okay.
But yeah, and I will say thatwas another reason that I
(11:10):
started this I am probably aboutthe most awkward person you can
imagine socially, so it hasalso been a big help for that.
Edna Jonsson (11:22):
I think that's very true for a lot of people in
tech having that awkwardness,it just comes with having nerdy
interests, I think.
Jerry Bell (11:32):
Oh, for sure yeah.
Edna Jonsson (11:36):
So you mentioned the role you had at IBM was
cloud security.
So that's so interesting.
What do you think are the mostchallenging things in cloud
security today?
Jerry Bell (11:52):
The complexity and unknowingly making mistakes that
get bit.
So you know, if you look backin time, one of the most
significant challenges which, bythe way, is still still a
challenge even today areunsecured as three buckets.
It is such an easy mistake tomake Um.
(12:14):
Now I think that the providersare starting to turn around.
You know to come around andmake things more secure by
default, but you have a hugeamount of you know stuff that's
already out there, um to thepoint where there's actually on
our, our Mastodon instance,there's a, there's a, an account
called the bucket challenge andyou know they, their, their
(12:35):
whole thing is is trying toidentify, through some kind of
clever means, unsecured bucketsthat contain sensitive data.
And then they try to cut youknow the con, like they're not
doing it for um, for fame or ormoney or or to be nefarious, but
they're actually like trying toget to the owners to get that
(12:57):
turned off, which has been a bigproblem.
So I would say that's probablythe most significant one.
And then, uh, you know, beyondthat it's it's really really
related to the complexitiesaround IAM and each provider has
a little nuanced take on that.
(13:20):
But I would say those are kindof the two biggest issues.
Now I will say as the CISO of acloud provider.
I've been out for a year, so I'malways optimistic that things
continue to get better.
One of the big problems we hadwas companies who thought that
(13:44):
or had some deepmisunderstanding of what you get
when you buy, when you put yourstuff in cloud, and so I've had
an unfortunate number ofinstances where customers didn't
realize that they wereresponsible for patching their
own, the virtual service theyset up in the environment, and
(14:06):
then something bad happensvirtual service they set up in
in the environment, and thensomething bad happens.
And you know they're, they'reum, they're left wondering well,
what, what happened?
And so, um, I, I don't know ifthat's you know again, I don't
know how, how deep of a and andbroad of a problem that still is
, but there's been in at leastin my experience, there's been
(14:28):
some, you know, disconnects inwho's responsible for what yeah,
that kind of reminds me of likethe os top 10, where you keep
seeing the same problems youknow, every time they publish a
new one, it's like seven of themare the same over and over and
over again, because it justkeeps being the same problem for
like a decade later.
Edna Jonsson (14:52):
So, yeah, I definitely understand how that
can continue, even though you'retrying to do better.
And I've noticed inenvironments, misconfigurations
happen a lot.
So that is definitely somethingto look out for, but it's good
to be reminded of it andcontinue talking about it so
(15:13):
people can try to do better andmake their environment safer
Absolutely Very nice.
So your background how did youget into IT?
What was your start?
Jerry Bell (15:49):
basically couldn't afford to keep going and so I
started working at a smallfamily owned factory and, uh, as
, as a maintenance person of allthings, and um, uh, you know, I
I had a pretty big aptitude forall things mechanical and
electrical and um, quickly movedinto kind of project
engineering where I wasdesigning, you know, material
(16:12):
handling, equipment and whatnot.
Again, this was like a 150 or200 person company and the again
this, keep in mind the context,right, this was like 1993 and
PCs were not yet kind of commonin business settings.
And so the IT person, they had alittle mini Unix computer.
(16:37):
The IT person was the owner'sson and the owner was in the
process of retiring and had toreplace himself as the IT person
and so I guess at some pointexpressed an interest in
(16:58):
computers and so I took overmaintenance of their legacy
system and then I moved them toPCs and that was super exciting.
I learned a ton because I wasthe application developer, I was
the person that ran the backups, I was the person that pulled
(17:18):
the cables and built the PCs andeverything.
So I learned an absolute ton,but it was more kind of a
security generalist typeposition.
And then I went to work for alittle internet security sorry,
(17:39):
internet service provider inMichigan who focused on
commercial customers, so theywere like T1, like not
residential stuff, and I wentthere to be a Unix administrator
and quickly rose up the ranks.
Ibm bought sorry, iss InternetSecurity Systems, bought that
(18:05):
company and probably within thespan of two years I was the
director of IT at ISS.
Edna Jonsson (18:16):
Wow.
Jerry Bell (18:17):
And then, a couple years later, ibm came along.
It has been, I guess, I'll say.
You know, I can never notremember being interested in
computers Like the first one Ihad was a VIC-20 when I was
probably like 10 or somethinglike that.
Edna Jonsson (18:38):
Yeah.
So, it's just been in my bloodfor decades.
Okay, great, well, that'sawesome.
So photography I'm noticing thepicture behind you and it's
reminding me of.
You have a lot of great photosthat you take and you've shown
(19:08):
your work on TikTok and yourflowers and everything.
So what got you into that?
Jerry Bell (19:13):
and what's your favorite camera?
Oh goodness, you know I havehad on and off love affairs with
photography for quite some time.
You know, we, we bought a filmcamera when, when we first had
kids.
This was a long time ago.
My kids are, are all marriedand and whatnot now.
(19:37):
But, um, I got big into it inabout 2010 and I just didn't
have time and interest to keepit going and then, I would say,
about four years ago, the bugbit me again and I really like
(19:57):
taking pictures of flowers, likeI, you know, I, I, um, I, I'm,
I.
I'm a imposter in thephotography community on TikTok,
because you have a lot ofphotographers who take portraits
and they shoot weddings andthat sort of thing, and I can't
(20:17):
take a picture of a person tosave my life.
But I love taking pictures oforchids, of daisies, of you know
of.
We have a place at the beachdown in Florida and I take
sunset shots and whatnot.
So that's really my jam.
(20:39):
My favorite camera is right nowI have a Nikon Z9, which is a
super big mirrorless.
It's very large and becauseit's so big, I can hold it easy
in my hands.
Edna Jonsson (20:55):
Very nice.
That's so cool.
Yeah, your photos are justamazing.
I know you're saying you're notas great as some other people,
but I've seen your pictures.
They're incredible.
Jerry Bell (21:09):
Thank you.
Edna Jonsson (21:10):
Yeah, absolutely so.
Final question what is advicethat you think people need to
hear in cybersecurity today thatare starting their careers?
What's something you would liketo share with the listeners
here?
Jerry Bell (21:28):
So I guess a couple of things.
You know, cybersecurity is abroad field, it's almost as
broad as IT itself.
And so I, you know I, assomeone who has a fairly large
social media presence, I havelots of people asking me how do
I get in, how do I advance, andwhatnot.
(21:49):
So this is a common questionand it has gotten a lot more
complicated in recent times withAI, I think, kind of throttling
the demand for junior people orentry-level people.
But they're still there,they're still our jobs.
(22:10):
It's just it's not as plentifulas we've seen.
Budgets for securityorganizations is, for the first
time, really starting to slowdown and, in some respects,
starting to shrink.
But for people, I would say, sayfor people who are either just
getting into it or looking toadvance, my advice number one is
(22:35):
you know, networking and I I'llclarify, like networking from a
, a human side, is superimportant in terms of getting
jobs.
You're doing doing the resumebattle is not, is not very
productive.
It's a difficult way to land ajob If you, if you're able to
(22:59):
find contacts that can help you.
You know, get, get your firstrole.
That's going to be your most.
You know, get, get your firstrole.
That's going to be your mostyou know, the most successful
way forward.
I think networking, in terms ofthe technology, is also a super
important skill set for any kind, any type of person.
(23:21):
I think it's important for anyperson in IT, but in particular,
for security, and I say thatregardless of role.
Whether you're a GRC person ora pen tester or an executive, it
doesn't really matter.
Having a deep understanding ofnetworking is really, really
important.
(23:41):
And then the third thing is,like I said before, finding a
way to differentiate yourself,and whether that's by starting a
podcast, writing a blog,starting a TikTok channel, doing
something that makes you arecognizable name that people
(24:04):
know you are, when, when theirresume lands on, or your resume
lands on their desk, that it'snot a difficult choice, right?
They, they, every hiringmanager googles their
prospective candidates, right?
What are they going to see whenthey google you?
And that's what you really wantto focus on.
(24:25):
In my experience, you knowthere's lots of ways of doing
that.
You know contributing to opensource projects.
Again, you know blogging,making videos.
There's sky's the limit.
But you know, become a, becomean expert to the extent you can
in some aspect, because that isreally what's going to
(24:47):
differentiate you and and helpyou land not only land your
first job, but also kind of goup the go up the ladder as as
you, as you progress in yourcareer.
Edna Jonsson (25:02):
Wonderful Well.
Thank you so much, jerry.
It's been a pleasure having youon the episode and for our list
.
Jerry Bell (25:11):
The pleasure is all.
The pleasure is all mine.
I really appreciate being here,thank you yeah, thank you.
Edna Jonsson (25:16):
And for our listeners, please make sure to
like, comment and subscribe.
Press all the buttons.
All right, we'll see you nexttime.
is from a cooperative project for
acquiring skills essential tolearning.
Welcome to another episode ofthe Security Chip Months podcast
, where we keep chipping away atit.
I'm your host, Edna Johnson,and today I'm joined with Jerry
Bell.
Jerry Bell (00:18):
Thank you for having me, edna.
It's really a pleasure to behere and an honor, and thank you
to everybody who is interestedin listening to me talk.
So it's great to be here and anhonor, and thank you to
everybody who is interested inlistening to me talk.
So it's great to be here and Iwas really tickled when you
invited me here.
So thank you again.
Edna Jonsson (00:35):
Oh, thank you.
I'm so glad to have you on theepisode and having you here on
the podcast.
I've been following you onTikTok and then I learned about
your own podcast, so it's beenreally exciting to learn about
your background and your journeyin cybersecurity, and it's
really impressive actually.
(00:56):
So I appreciate you jumping onwith us.
Jerry Bell (01:02):
Oh, I've been lucky for a very long time, I guess,
is the way I would say it.
Edna Jonsson (01:07):
Yeah.
So one thing that I learnedabout you and I was super
excited to hear that is that yourun the Fediverse server
infosecexchange.
Jerry Bell (01:20):
I do.
I started that server back in2017.
So we actually just passed oureighth birthday and it's been
kind of a wild ride.
After Twitter kind of implodedback in 2022.
There was a mass exodus fromthat platform over to the
(01:44):
Fediverse, and prior to that ithad been 50 to 100 people and
kind of within the span of amonth it went from 100 people to
about 50,000.
And that was a really excitingtime.
Exciting time, but I was reallyhappy to be able to contribute
(02:11):
to helping the community kind offind an alternate landing place
.
Edna Jonsson (02:14):
Yeah, I mean it's so impressive because I remember
that time when InfoSec Twittermoved from Twitter to your
server, infosec Exchange, andit's a great community there and
I know that you have a lot ofpeople that have joined it in
the last few years, so it'spretty cool.
(02:36):
So has there been some growingpains going through that?
Jerry Bell (02:48):
going through that, or, um, early on, early on,
there, there certainly was, um,you know, obviously the capacity
to run that many uh, you knowthat many concurrent people is
is uh not cheap yeah, and so soit was.
There's a lot of, uh, you know,kind of juggling of of systems
and trying to keep up with, youknow, with, with the demand,
while not breaking the bank,because I, I mean, I've I funded
(03:08):
it personally for a long timebut eventually I, I, you know,
crossed the threshold where ordonations were paying for it.
Now I, you know, I've I've kindof gotten a, I would say a
happy, you know, consistent anda stable capacity.
Happy, you know, consistent anduh and stable capacity.
Although, you know, recently,the, the, the amount of of, uh,
(03:30):
people has kind of been waningand, and I would say, very
recently, starting to go back up.
So it's, it's, uh, it's, it's alittle bit inconsistent but has
been quite a, you know, quiteinteresting to be part of.
Edna Jonsson (03:45):
Yeah, that's really neat.
So, as far as the community, Iknow that there's a lot of
InfoSec people on the InfoSecExchange, so I know that there's
been some updates with thetweets or not the tweets, the
toots sorry, the quote toots andall that.
(04:10):
So moderation-wise has it beengoing pretty well.
Jerry Bell (04:17):
You know there's anytime.
You have a bunch of people inkind of the same room together,
you're going to have some issuesand yeah it's really no, no
exception.
Um, I'm not going to say ithasn't been a problem.
I would say the technicalaspects, while they've been a
(04:38):
challenge, really help.
Don't hold a candle to thecomplexities of moderating a
community that large.
You know you don't want to.
You don't hold a candle to thecomplexities of moderating a
community that large you don'twant to be.
Well, let me say it differentlyyou want to enable people to
express themselves andcommunicate freely, but not
(04:59):
everybody has the same idea ofwhat that means the same idea of
what that means.
Yeah, and so it's been.
I will say it's been probablythe largest aspect of the
largest challenge of runningthat community, for sure.
Edna Jonsson (05:16):
Mm-hmm, thanks.
So I also learned that you hosta podcast, the Defensive
Security Podcast, and you havefor many years.
So tell me about the podcastand what got you started in
podcasting.
Jerry Bell (05:34):
So a long time ago, in a universe far, far away, I
was more on a CIO trajectory.
I was more on a CIO trajectory.
I was with a company calledInternet Security Systems from
the late 90s until the mid-2000s.
Sometime in the mid-2000s ourcompany got bought by IBM and an
(06:00):
interesting thing happens IBMdoesn't really need its own IT,
a new IT function or a new CIO,and so I kind of got labeled the
security guy and so, eventhough that really wasn't what I
had been focusing on, securitywas part of my responsibility
set there.
(06:21):
But you know, it kind ofmorphed into more of my, my, my
identity at IBM, and I at thesame time was getting into
listening to podcasts and alsoat the same time we started to
see a really large change inawareness of of, you know, more
(06:44):
advanced threats.
So you know there was the.
Aurora attack with Google,mandiant had just released its
APT1 report and there was justthis freight train of really
complex attacks and at the sametime I was kind of taking on
more responsibility forprotecting customers at my
(07:06):
employer and things likeincident response and whatnot,
and I found it odd at the timethere really weren't any what
I'll call corporate securitypodcasts.
There was like informationsecurity daily, which was cool,
but it was.
I would call it the podcast,the security podcast, equivalent
(07:28):
of like the morning radio zoo.
You know it was fun, but itreally wasn't all that
informative.
And then you had things likeSecurity Now, which was very
consumer oriented, and so I wasa little disappointed that there
was this gap, gap in you know,on the one hand you had, you had
(07:50):
a lot of stuff coming out, alot of change happening in the
industry, and nobody was talkingabout it, and so I, um, you
know, it took me probably a yearto get it started and the the
most complicated part wasfinding the right music okay,
yeah, and that makes sense, likefinding music for podcasts is
(08:11):
hard and then, uh, you know,that was my, that was my excuse
for a long time, but then I got,you know, got it off the ground
and it has been one that wasback in.
I think I started in 2011, 2012,that time frame and I took.
I took some time off.
I I um around 2020.
I got a new job and my co-hostfell ill about the same time and
(08:34):
we took a couple years off andabout a year ago, we, we, we
restarted it.
So it's been uh, it's been beengoing again okay, wonderful,
that's really good to hear.
Edna Jonsson (08:48):
yeah, I, I understand we why people be
taking a break from podcasts,because I've done the same with
this one.
Life happens, but that's goodthat you're continuing it.
So, with hosting a podcast,have you found that, like you're
getting?
Does that help you in yourcareer, like making connections
(09:12):
and meeting new people?
Do you feel like it certainlyhas.
Jerry Bell (09:17):
I would say it really helped elevate me to the
position that I ultimately gotto.
My most recent assignment wasas the CISO for IBM Cloud, which
was just a huge, hugeenvironment, and I was in that
role for about four years andleft and I have been unemployed
(09:40):
now for about a year.
Unemployed by my own choice myown, you know, by my own choice,
um, but you know I will saywhat.
The one one thing that is superimportant and I suspect a lot
of people are, especially thosewho are just coming into the
market right now, are probablyfeeling a lot of uh frustration
(10:02):
and and um, dismay maybe about,uh, the job market.
And you know, things likepodcasts really help
differentiate you.
In my experience, it has alwaysbeen a benefit if, um, if
people know who you are right ifyou know it obviously helps if
(10:25):
it's for a good reason.
But you know, I would say it hasreally added to my professional
success for sure.
Edna Jonsson (10:39):
Yeah, that's excellent, and it also gets you
used to speaking to people fromdifferent walks of life too,
right?
Jerry Bell (10:47):
Yeah, for sure, we haven't done a ton of interviews
.
A lot it's mostly back andforth between my co-host and I.
We did start a second showwhere we do interview people.
That's kind of on hiatus at themoment, okay.
But yeah, and I will say thatwas another reason that I
(11:10):
started this I am probably aboutthe most awkward person you can
imagine socially, so it hasalso been a big help for that.
Edna Jonsson (11:22):
I think that's very true for a lot of people in
tech having that awkwardness,it just comes with having nerdy
interests, I think.
Jerry Bell (11:32):
Oh, for sure yeah.
Edna Jonsson (11:36):
So you mentioned the role you had at IBM was
cloud security.
So that's so interesting.
What do you think are the mostchallenging things in cloud
security today?
Jerry Bell (11:52):
The complexity and unknowingly making mistakes that
get bit.
So you know, if you look backin time, one of the most
significant challenges which, bythe way, is still still a
challenge even today areunsecured as three buckets.
It is such an easy mistake tomake Um.
(12:14):
Now I think that the providersare starting to turn around.
You know to come around andmake things more secure by
default, but you have a hugeamount of you know stuff that's
already out there, um to thepoint where there's actually on
our, our Mastodon instance,there's a, there's a, an account
called the bucket challenge andyou know they, their, their
(12:35):
whole thing is is trying toidentify, through some kind of
clever means, unsecured bucketsthat contain sensitive data.
And then they try to cut youknow the con, like they're not
doing it for um, for fame or ormoney or or to be nefarious, but
they're actually like trying toget to the owners to get that
(12:57):
turned off, which has been a bigproblem.
So I would say that's probablythe most significant one.
And then, uh, you know, beyondthat it's it's really really
related to the complexitiesaround IAM and each provider has
a little nuanced take on that.
(13:20):
But I would say those are kindof the two biggest issues.
Now I will say as the CISO of acloud provider.
I've been out for a year, so I'malways optimistic that things
continue to get better.
One of the big problems we hadwas companies who thought that
(13:44):
or had some deepmisunderstanding of what you get
when you buy, when you put yourstuff in cloud, and so I've had
an unfortunate number ofinstances where customers didn't
realize that they wereresponsible for patching their
own, the virtual service theyset up in the environment, and
(14:06):
then something bad happensvirtual service they set up in
in the environment, and thensomething bad happens.
And you know they're, they'reum, they're left wondering well,
what, what happened?
And so, um, I, I don't know ifthat's you know again, I don't
know how, how deep of a and andbroad of a problem that still is
, but there's been in at leastin my experience, there's been
(14:28):
some, you know, disconnects inwho's responsible for what yeah,
that kind of reminds me of likethe os top 10, where you keep
seeing the same problems youknow, every time they publish a
new one, it's like seven of themare the same over and over and
over again, because it justkeeps being the same problem for
like a decade later.
Edna Jonsson (14:52):
So, yeah, I definitely understand how that
can continue, even though you'retrying to do better.
And I've noticed inenvironments, misconfigurations
happen a lot.
So that is definitely somethingto look out for, but it's good
to be reminded of it andcontinue talking about it so
(15:13):
people can try to do better andmake their environment safer
Absolutely Very nice.
So your background how did youget into IT?
What was your start?
Jerry Bell (15:49):
basically couldn't afford to keep going and so I
started working at a smallfamily owned factory and, uh, as
, as a maintenance person of allthings, and um, uh, you know, I
I had a pretty big aptitude forall things mechanical and
electrical and um, quickly movedinto kind of project
engineering where I wasdesigning, you know, material
(16:12):
handling, equipment and whatnot.
Again, this was like a 150 or200 person company and the again
this, keep in mind the context,right, this was like 1993 and
PCs were not yet kind of commonin business settings.
And so the IT person, they had alittle mini Unix computer.
(16:37):
The IT person was the owner'sson and the owner was in the
process of retiring and had toreplace himself as the IT person
and so I guess at some pointexpressed an interest in
(16:58):
computers and so I took overmaintenance of their legacy
system and then I moved them toPCs and that was super exciting.
I learned a ton because I wasthe application developer, I was
the person that ran the backups, I was the person that pulled
(17:18):
the cables and built the PCs andeverything.
So I learned an absolute ton,but it was more kind of a
security generalist typeposition.
And then I went to work for alittle internet security sorry,
(17:39):
internet service provider inMichigan who focused on
commercial customers, so theywere like T1, like not
residential stuff, and I wentthere to be a Unix administrator
and quickly rose up the ranks.
Ibm bought sorry, iss InternetSecurity Systems, bought that
(18:05):
company and probably within thespan of two years I was the
director of IT at ISS.
Edna Jonsson (18:16):
Wow.
Jerry Bell (18:17):
And then, a couple years later, ibm came along.
It has been, I guess, I'll say.
You know, I can never notremember being interested in
computers Like the first one Ihad was a VIC-20 when I was
probably like 10 or somethinglike that.
Edna Jonsson (18:38):
Yeah.
So, it's just been in my bloodfor decades.
Okay, great, well, that'sawesome.
So photography I'm noticing thepicture behind you and it's
reminding me of.
You have a lot of great photosthat you take and you've shown
(19:08):
your work on TikTok and yourflowers and everything.
So what got you into that?
Jerry Bell (19:13):
and what's your favorite camera?
Oh goodness, you know I havehad on and off love affairs with
photography for quite some time.
You know, we, we bought a filmcamera when, when we first had
kids.
This was a long time ago.
My kids are, are all marriedand and whatnot now.
(19:37):
But, um, I got big into it inabout 2010 and I just didn't
have time and interest to keepit going and then, I would say,
about four years ago, the bugbit me again and I really like
(19:57):
taking pictures of flowers, likeI, you know, I, I, um, I, I'm,
I.
I'm a imposter in thephotography community on TikTok,
because you have a lot ofphotographers who take portraits
and they shoot weddings andthat sort of thing, and I can't
(20:17):
take a picture of a person tosave my life.
But I love taking pictures oforchids, of daisies, of you know
of.
We have a place at the beachdown in Florida and I take
sunset shots and whatnot.
So that's really my jam.
(20:39):
My favorite camera is right nowI have a Nikon Z9, which is a
super big mirrorless.
It's very large and becauseit's so big, I can hold it easy
in my hands.
Edna Jonsson (20:55):
Very nice.
That's so cool.
Yeah, your photos are justamazing.
I know you're saying you're notas great as some other people,
but I've seen your pictures.
They're incredible.
Jerry Bell (21:09):
Thank you.
Edna Jonsson (21:10):
Yeah, absolutely so.
Final question what is advicethat you think people need to
hear in cybersecurity today thatare starting their careers?
What's something you would liketo share with the listeners
here?
Jerry Bell (21:28):
So I guess a couple of things.
You know, cybersecurity is abroad field, it's almost as
broad as IT itself.
And so I, you know I, assomeone who has a fairly large
social media presence, I havelots of people asking me how do
I get in, how do I advance, andwhatnot.
(21:49):
So this is a common questionand it has gotten a lot more
complicated in recent times withAI, I think, kind of throttling
the demand for junior people orentry-level people.
But they're still there,they're still our jobs.
(22:10):
It's just it's not as plentifulas we've seen.
Budgets for securityorganizations is, for the first
time, really starting to slowdown and, in some respects,
starting to shrink.
But for people, I would say, sayfor people who are either just
getting into it or looking toadvance, my advice number one is
(22:35):
you know, networking and I I'llclarify, like networking from a
, a human side, is superimportant in terms of getting
jobs.
You're doing doing the resumebattle is not, is not very
productive.
It's a difficult way to land ajob If you, if you're able to
(22:59):
find contacts that can help you.
You know, get, get your firstrole.
That's going to be your most.
You know, get, get your firstrole.
That's going to be your mostyou know, the most successful
way forward.
I think networking, in terms ofthe technology, is also a super
important skill set for any kind, any type of person.
(23:21):
I think it's important for anyperson in IT, but in particular,
for security, and I say thatregardless of role.
Whether you're a GRC person ora pen tester or an executive, it
doesn't really matter.
Having a deep understanding ofnetworking is really, really
important.
(23:41):
And then the third thing is,like I said before, finding a
way to differentiate yourself,and whether that's by starting a
podcast, writing a blog,starting a TikTok channel, doing
something that makes you arecognizable name that people
(24:04):
know you are, when, when theirresume lands on, or your resume
lands on their desk, that it'snot a difficult choice, right?
They, they, every hiringmanager googles their
prospective candidates, right?
What are they going to see whenthey google you?
And that's what you really wantto focus on.
(24:25):
In my experience, you knowthere's lots of ways of doing
that.
You know contributing to opensource projects.
Again, you know blogging,making videos.
There's sky's the limit.
But you know, become a, becomean expert to the extent you can
in some aspect, because that isreally what's going to
(24:47):
differentiate you and and helpyou land not only land your
first job, but also kind of goup the go up the ladder as as
you, as you progress in yourcareer.
Edna Jonsson (25:02):
Wonderful Well.
Thank you so much, jerry.
It's been a pleasure having youon the episode and for our list
.
Jerry Bell (25:11):
The pleasure is all.
The pleasure is all mine.
I really appreciate being here,thank you yeah, thank you.
Edna Jonsson (25:16):
And for our listeners, please make sure to
like, comment and subscribe.
Press all the buttons.
All right, we'll see you nexttime.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.