Unraveling Leadership, Mentorship, and Recognition in Cybersecurity and IT

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:02):
And it's me.
It is the Cyber Warrior.
This is Cyber Warrior Studiosand I know you're all here for
another amazing episode ofSecurity Happy Hour.
And, yes, I got a big showplanned.
We got a lot of big thingsgoing on and some amazing guests
, some you've seen before, someyou haven't, so it's gonna be an
amazing show.
Don't forget like comment,subscribe and Super Chat will
always take precedence duringthe live chat for questions.

(00:24):
So just so you're aware.
Otherwise, enjoy the show, takecare, and I'll be right back.
And I'm back.
See, it was quick.
It's like 10 seconds.
It doesn't take that long.
You'll be all right.
Anywho, look, it's anotheramazing episode of Security
Happy Hour.
First and foremost, I would liketo thank our guest, natalie,
and August for joining me, andwe do have one more joining once
he gets done troubleshootingwhatever issues he may be having

(00:46):
to get us started.
August, you've never been onthe show before, so why don't
you ask him?
He's gonna be on the show.
He's gonna be on the show, sowhy don't you introduce yourself
?

Speaker 2 (01:01):
My name is August.
I currently work in informationsecurity with a specialty and
incident response for an unnamedcompany.
I think that's the end of myintro.

Speaker 3 (01:13):
We're gonna have to work.

Speaker 1 (01:14):
I'm doing quite a bit how you doing.

Speaker 3 (01:18):
Doing good.
I'm doing good over here.

Speaker 1 (01:23):
So we are waiting for Hollis, and I'm sure he's gonna
join us shortly.
So, to start, before we getinto the primary topic, which is
gonna be leaders in cyber, orleadership in cyber, depending
on which platform you look at,because titles and character
links why don't you, in August,tell us about the new show

(01:44):
coming up?

Speaker 3 (01:46):
Yeah, so when I because I used to run a sock,
surprise, surprise.
So when I ran sock, I actuallycame across this happening quite
a bit with our entry leveltalent where we would have, we
had some people that would comein, that were they were, at one

(02:07):
point they were very junior andthen as they came up through the
ranks they thought that theywere still junior to an extent.
But, like, once you hit anengineer level or higher, like
you're now looked up to by a lotof people in the company, all
the new things coming in, onceyou've been at a company for
about a year, you've become aleader and they didn't realize
that.
So they were kind of like veryshort with a lot of, a lot of

(02:32):
people.
And it took me, like as aleader, to recognize it and say,
hey, we can't talk to entrylevel talent that way, because
we're never gonna be able toretain them.
If you do, think about and Iactually the one kid that did
this, I was like you know thisone coworker of ours I was like,
think about when you were firsthired so, and so did, said that
to you when you were firsthired would you still be working

(02:55):
here today?
And he was like oh my God, Inever thought of it that way.
So it's just a matter of themnot realizing that they are, and
they are leadership at acertain level.
You don't have to be managementto be leadership, but
leadership is very important inthe field and it's very
important to retain some of thetop tier talent out there.

Speaker 1 (03:15):
Yeah, definitely, and one of the big things for me.
You know you also got to knowyour audience.
So, depending on where you work, depending on who's around you
and the personalities around you, you can get away with saying
certain things and they won'tget mad at you.
They'll take it with, you know,either a grain of salt or with
respect, or whatever the casemay be, because, let's be honest

(03:36):
, everybody knows me.
I talk shit, that's just what Ido.
All right, especially at work,we have fun, and I talk shit on
my boss on a regular basis andhe talks shit back.
It's kind of how we operate.
Then again, that's the militarymindset.
But you know again, if you aresaying certain things, there's
issues.
So, you know, dealing withjuniors, especially breaking in,

(04:00):
can always be.
You got to kind of total lineand figure out what to say and
what not to say.
August, what has been yourexperience with leadership so
far in cyber?

Speaker 2 (04:14):
Mine's a little bit briefer than y'all's,
considering I have just recentlybroken in the grand scheme of
things, but a lot of it was whenI first started at Quantum
Security, before I'm in the rolethat I'm at now.
It was almost a brand new sock.
So there wasn't a lot ofprocesses and procedures for
training the analysts, includingmyself, because right when I

(04:35):
started I was, you know, bottomof the tier.
But about six months later wepicked up a few people around my
level not quite at the same anda few interns that were
escalating tickets to me andit's almost like they were
scared to mess up or askquestions.
And that's kind of where thiscomes in developing processes

(04:55):
and procedures for training yourjunior analysts and mentoring
them.
Because even once you're in 10years you still need a mentor,
right, everybody needs mentors,and it's just not saying there
aren't already people doing that.
But I feel like there's a gapbetween a lot of the mid-level
and higher-level talent justbecause it's so hard to get in
an entry level.
So that's kind of why I'm hereto provide a bit newer

(05:18):
perspective, considering that Iwould still almost consider
myself entry level until I hitabout three years.

Speaker 1 (05:25):
Right.
I mean, if you look at a lot ofthe entry-level jobs, it is
zero in three years, ain't it?
Yep and that's something thatpeople have, or one in three,
depending.
Yeah, it's really what it is,and I think I'm right over two.

Speaker 2 (05:39):
I'm a little over two years now, I mean.
That being said, I am takingescalation still where I'm at.
But that's just how it falls.
Small teams, small security,that's how it works.

Speaker 1 (05:52):
Yeah, yeah, and that's one of the you know from
a junior's perspective.
It's always good to have thatinsight because you know leaders
a lot of time, depending onyour organization, they're like
oh, give us feedback, talk to usopen door policy.
Me and Natalie and I don't knowabout you all, I guess but I'm
sure me and Natalie heard that alot Military open door policy

(06:14):
ain't gonna change shit, right,you go in, you talk to them, you
tell them what's wrong andthey're like yeah, okay, I got
you, nothing changes.
They act the exact same way andit stays the same.
Nothing ever changes.
And you'll see that in someorganizations.
So that's one of the things thatI try to bring to the table
with my team and I know my buddydoes the exact same thing where

(06:39):
those conversations that wehave in one-on-ones, we take it
to heart and we're like okay, soI need to fix this.
And I tell my teams that allthe time If I need to fix
something, you have to tell me,because if you don't tell me, I
can't fix what I don't knowRight and so and that's been my
issue with a lot of things Likeif somebody doesn't tell me what

(07:00):
I did wrong and you just likequit talking to me.
I don't know what I did wrongso I can't adjust or fix or
change anything.
But before we go any further,finally his troubleshooting is
done and Hollis has arrived.
How you doing Hollis?
Woohoo, all right, now I can'thear you.

Speaker 3 (07:20):
I can't hear you.

Speaker 2 (07:24):
Maybe, maybe where's it at.
It's funny when the IT guycan't fix his own mic.
I do apologize.

Speaker 4 (07:32):
I was in the middle of a circuit.
We had some issues with OSPFget across ABPLS In
troubleshooting that it took alittle bit of time.
It's completely my fault.

Speaker 1 (07:47):
It's always DNS, blame DNS.
Anyone in networking knows that.
It's always DNS Jeez.

Speaker 4 (07:57):
Yeah, I agree.

Speaker 1 (07:59):
I do apologize as we're getting into it.
Why don't you give us a littlerundown on who you are?
Like I said, we've got a lot ofconversation to go through.
We're going to talk aboutleadership in cyber we already
started but I'd like to get yourviewpoint kind of on who you
are, what's your background andwhat your career goals and what
you're looking forward to goingforward.

Speaker 4 (08:21):
Yeah, so of course my name's Hollis.
I've been in IT about seven orso years.
I've kind of wore a lot of hatsI've been help desk, I've been
assistant administration, I'vebeen in cyber and I'm in
networking Currently.
I do a lot of VoIP issues andanything with WAN or anything

(08:41):
around routing.
Like Clare III, I do do a lotof mentoring to my juniors and
in that right what I'm reallylooking forward to in the future
is, I hope, to get intoarchitecting BNSE and network
analysts.
I've really just got my eyes ondesigning and developing my own

(09:04):
solutions to businessesproblems.

Speaker 2 (09:07):
That's my hope and my aspiration, and as I go forward
.

Speaker 4 (09:11):
I'm hoping to either lead people more forward into
that or insecure networks,that's awesome.

Speaker 1 (09:18):
Yeah, networking.
I started in networking andhelp desk, did a little bit of
both and just kind of fell outof love with networking.
I still understand it.
It just got way too complicatedfor me.
I'm like now we're getting intotoo many things that I need to
know, that I don't want to know,that I don't care about, I'm
done, I'm going to stick tooperating systems.
I'm good at this.
This is where I thrive.

(09:41):
So what has been yourexperience so far with the
leadership within IT andcybersecurity?
Have you noticed any trends?
Have you noticed anything bothpros and cons of what you've
seen throughout the industry inyour career so far?

Speaker 4 (10:00):
Yeah, so a big part of my career.
I've had a few leaders so farthat have been amazing.
So Natalie was a fantasticleader.
I've also got my current bossright now.
His name's Leo.
Both of those exemplify thekind of things that I drive for
and that I live for is I don'texpect anyone to fully just be

(10:23):
in this all the time.
I want people to be able tolook at this and take things as
they come and then take breaks.
I want people to be able toactually live their lives and do
things with themselves.
So, for example, natalie and myboss at the moment when work
gets done, work gets done.
As long as work gets done andif the work is done in a good

(10:45):
manner and as it's there, you'refine.
But in other positions I've hada couple of what I would say, is
a little bit of micromanagement, and so, whether that's an
issue on myself or an issue onthe team around them that
they've had previously, I thinkin some aspects there's been

(11:07):
some bosses in IT that don'tcome from an engineer background
, or they don't come from ananalyst background and they more
come from an MBA or some typeof business background.
And so they don't get the realaspect of those individuals that
actually perform the operationsand that actually perform the
things around them, and so theydon't have that look into it and

(11:28):
that ability to actually managethe people around them.
I'm not saying that they're badat it, but I'm saying that
they're what I wouldn't callexactly fit.
I believe Natalie's like aperfect fit for a leader in IT
and in management, just becauseshe has that technical aspect
and background, is she canunderstand the issues that come

(11:48):
forth to a person and actuallyknow like, hey, this is what's
going to take their time andwhat's going to lead them in a
different way.

Speaker 3 (11:59):
So Natalie's second, after everything and again you
talk about some things.

Speaker 1 (12:04):
One of the big things is micromanagement, and one of
the biggest issues I have seenwithin this space when it comes
to just working in general isstill this idea of nine to five
or eight to five or whatever thecase may be.
And you talk to a lot of peoplethat have been in this space

(12:26):
for a while, especially thosethat research how the mind works
and how you can work bestwithin a certain timeframe.
You only get out of any personaccording to research and books
and I'm not the one that did theresearch, I just overheard this
or was told this four hours,four hours is really solid work

(12:47):
that you get from any person.
After that they need to take abreak and usually it's four or
more hours and then they can goback at it.
So this idea that we need to bein front of our computers like
all day, all morning, allafternoon, until five o'clock,
just needs to go out the window,especially in this space when,
if you're delivering, especiallyif you're in like networking or

(13:09):
cybersecurity, like I don'tknow anything, engineering, even
as an analyst, a sock analystthat gets a little tricky
because you need to have abackup and alternate things like
that.
You're 24 seven usually, butyou need to be able to
understand that if work getsdelivered, it gets delivered,
and as long as it's quality,that's what matters.

(13:30):
It's not, oh, it took him threeweeks to do this, so it's a
shitty product because it's late?
No, did he meet the deadline ordid she meet the deadline or
whatever?
Like that's what's important.
And is it quality work?
Not, oh, they were checking outearly every day.
Okay, was the work done for theday?
Like, if something's not duefor three weeks, I don't count
on someone being here eight tofive every single day.

(13:52):
Sorry, just not the way shitworks, because unless you have
work to do, see, I don't care.
As long as your work for theday is done, I don't care.
And that's how I think a lotmore people need to get into it,
just because this idea in ourindustry of, oh, you got to be
at a computer for eight hours aday, no, most people are spent.

(14:14):
Like I get off of work and I'mlike I'm going to bed, I need a
nap, I can't do this, no more.
So, yeah, because it's mentallydraining.

Speaker 3 (14:28):
That's what a lot of people don't realize is that
it's mentally taxing, like we'renot doing a laborious job
because we sit at a desk all day, but it's still laborious on
our brains.
So you need those breaks togive yourself that pocket of
time to go do something else,get your brain off of it.
And sometimes your greatestideas come when you're taking
those like 10-minute breaks,20-minute breaks, whatever it is

(14:51):
you know.

Speaker 1 (14:53):
Oh, definitely, and you know, you said it right,
we're not physical labor and byall means, I can't do physical
labor anymore.
So you know, I respect thosethat do and I think they have a
hard job.
I think that the physicaldemands that come from it are
ridiculous and the hours theywork are something I would never
want to do.

(15:13):
But we all choose what we do inlife.
This is the route I chose to go.
It's the route we all chose togo.
So it's a different field and Ithink people try to conflate.
You know, oh well, I have to dothis, so you should have to do
it.
It doesn't work that way.
That is never the way you wantto go about something.

(15:36):
Because if we thought, oh well,it was always this way, so it
should be this way, and weapplied that to today, nothing
would ever be secure, becauseeven the internet networks
weren't designed with securityin mind.
They were designed to do theBlinky Lights leak, yes, ok, hey
, we're good, we're good.

Speaker 3 (15:54):
Policy chases the Blinky Lights.

Speaker 1 (15:58):
It's what it was.
I mean, you look at theseconferences and this is the
problem with some of your CISOsand CIOs and directors that have
, you know, your MBAs.
They go there, they hear aboutthe new hot shit and it's like,
oh, blinky, lights, blink andit's powerful, cool, I want to
buy that.
Let's go, we're going to buythis and we're going to
implement it with no team toactually implement it.

Speaker 3 (16:21):
A new buzzword.

Speaker 1 (16:23):
Right when AI came out in ML and they were like oh
yeah it's machine learning, areyou sure?
Oh yeah, it's AI.
Are you sure?
Because we're looking atdifferent concepts and nine
times out of 10 is behavioralanalytics.
That's what it is.
It's behavioral analytics isthe machine, it's the user that

(16:43):
is currently logged in doingsomething they don't normally do
.
Yes, behavioral analytics.
And it takes at least a monthto really get a solid baseline
off of what a behavior is.

Speaker 3 (16:53):
Yep, it's not longer depending on how many devices
that you're monitoring and allthat too, Like it really could
take, you know, six months forsome companies, depending on
their size.

Speaker 1 (17:06):
Yeah, yeah, and there's a lot of good products
out there for it.
Don't get me wrong, I justdon't think and I wish I don't
see him in chat.
I wish Sergeant AR was here.
Infinite and probability AI,because he loves his data
science and his numbers.
I would really like to know ifany EDR, any software out there
right now, is truly using AI orML, like truly by definition,

(17:30):
using AI or ML.

Speaker 3 (17:32):
I've seen a lot of behavioral analytics.
Truly is, I think it's usingpieces of it to do some of the
legwork, but it's not trulyusing machine learning and AI to
do all the work, Like it'simplementing parts of it but
it's not implementing all of it,you know so.

Speaker 1 (17:55):
Right, because it's looking at actions.
It's looking at what's going on.
So if somebody pivots to adifferent computer, then it's oh
, this is against the norm.
This isn't you know, it's rolesand use cases and things like
that.
But in my eyes, ai is learning.
That's the point to artificialintelligence.
Ai can learn, and so it's notlearning that that's bad.

(18:16):
You programmed it to know thatthat's bad.
So it's not AI.
It's already been programmed toknow that this action is bad.
And so that's when I look at it, I'm like is it really learning
or is it just programmed toknow that X, y and Z is bad?
Because if it knows that, thenit's not learning.
You programmed it to know that.

Speaker 4 (18:39):
So yeah, and I think that in looking at generator by
AI, the big thing that reallycomes into mind when that topic
comes up is that they haven'thad the time to actually train
this AI on the business thatwe're currently in.
Right, we're not transitioningfrom like I'm in sawmills to
chemical plants, like there'sdifferent attack vectors, and so

(19:01):
how are you going to get thisone product that has all this
information unless you've beenin here, right, and you have all
these companies private data?
So unless that's happening, Idon't really see a true AI
coming in and being put in theseproducts at this moment.

Speaker 2 (19:16):
I think, if anything, microsoft would be the first
one to do it Integrate it withDefender, because they harvest
data like almost nobody elsedoes.

Speaker 1 (19:25):
That's a lie.
Google and Amazon harvest datamore than anybody.
Well, I don't know.
Meta gives them a run for theirmoney, so we'll see.
But before we go on, because Iforgot to do it, hold on there.
It is All right.
Cool, I had to do the officialsound First.
Take off that security app.
Yeah, I brought through itearlier, but I do so.
Do you think this is going tobe a problem going forward for

(19:47):
even leaders?
Because you see a lot ofleadership they're the ones that
are responsible for acquiringsoftware and hardware, right,
they, they're the decisionmakers and they're the ones that
talk to their bosses and say,hey, we need this amount of
money for this product becauseof this reason.
So he is here.
Yes, I love it.

(20:07):
I'm going to put that up in asecond AR.
Do you think that, lacking thatknowledge of what these things
are and the actual, you thinkthey're getting hooked on the
buzzwords without actuallyresearching what they are?

Speaker 3 (20:29):
When you're going to those conferences, absolutely
Like, because you justeverybody's like oh, you want
your t-shirt, ok, just give usyour name and your phone number.
And then like, next thing youknow, you come back from a
conference and you have like 50people hitting you up wanting to
have a meeting scheduled withyou or whatnot Like.
And it's like Some leadersdon't do a good job of saying

(20:51):
like, hey, this isn't for usright now.
We don't, we don't have thetime to do this, we don't have
the money, we don't have theresources to sit here and
evaluate your tool, and maybe wedon't even have the need for
this tool to begin with.
So, like, a lot of leadersreally really are terrible at
doing that.
And then there are some leadersthat are like you know, we don't

(21:12):
need this, I'll give you myinformation for the free shirt,
and then you know just blackhole the email or whatnot.
But some of them are like I'vehad leaders before that were
even above me that they'd comeback from a conference and I'd
have a list of 20 differenttools to go look at.
And I'm like I don't have timeto look at these tools.
You're gonna hire 10 morepeople for me, like I, yeah,

(21:37):
like.
Are you gonna train them tolike what are you talking about?
20 tools like no.

Speaker 1 (21:44):
So.
So my buddy did chime in.
He is here.
That is what it that.
That is what is currently theissue with AI and cyber a lack
of data and I can't disagreewith that, because that's what
it takes for something to learnis ingesting all this data.
So I think this is where welook at an issue of Leaders buy

(22:06):
something that says AI, ml orbehavioral analytics.
That's the only one that, whenit says behavioral analytics,
that I truly buy it.
That's when I'm like okay, youknow your shit, I'm actually
going to listen to you.
When you start spewing AI, I'mlike okay, how's it learning?
Well, it learns all of theusers.
Okay, see, that's behavioralanalytics.
That's not AI.
Ai is a completely differentbeast.

(22:26):
Like, it can learn everything.
It can learn everything, notjust user behavior.
So I think this is wherethey're Convoluting terms, just
throwing buzzwords out there,but I don't know if it's
necessarily the company.
I think it's marketing.
I think the, the, the marketingis like somebody came out and

(22:48):
said oh yeah, mine does AI.
So now every product in theworld has to say they do AI or
ML or whatever the next buzzword, and I think it's more
marketing than anything.

Speaker 4 (23:01):
Yeah, and I mean to drive that forward right and a
lot of these, these products andthings that are kind of brought
forward to me and networkingright, like, of course, those
products like account that arereally good for Wi-Fi analysis.
In seeing some of thoseproducts, like even they're
integrating and saying now that,oh yeah we have AI to determine
how this AP is gonna react here.

Speaker 1 (23:21):
This AP is gonna react here and I'm like, okay,
that's, that's, that's great,but how did you pull the data of
?

Speaker 4 (23:28):
how was this AP gonna send a signal and it's gonna
react against this kind of glass.
Our glasses curve this way orthis way and I'm like I don't
really believe you have all thisdata for that Right.

Speaker 1 (23:40):
Right.
So in Brad said it and he'sright.
I've heard this said before.
Most I AI currently used insecurity products are not
actually AI but machine learning, because it's two different
concepts and and I think he'sabsolutely right most people
that say AI or machine learning.
So I want to talk aboutsomething even more important,

(24:04):
though actually that's a lie, Ican't say it's more important,
but I think it's more important,and that is a new podcast
coming out.
I've heard rumors.
I've heard rumors there's asecurity podcast coming out, I
don't know where, I don't knowwho told me or sent me logos,
but you know, I've heard storiesthat there's something new

(24:28):
coming down the line in like twoweeks.

Speaker 3 (24:30):
I'm just saying we can a half man, we can a half.
It's called recorrelatedpodcast and it will be launching
July 31st at 5 30 easternstandard time, 4 30 central
standard time.
You can do the math for theother ones.

Speaker 1 (24:52):
And what and what's it about?
So what is going to be thepremise behind this podcast?

Speaker 3 (24:56):
The premise behind it is leadership in cyber and
leadership in IT and how to facedifferent struggles that you
know first off, identifyingwhat's the difference between
leadership, management and andyou know mentorship, and then
also like really delving intohow to face certain issues that,

(25:19):
like I've been a leader for alot of years but I faced when I
was in IT, cyber security andall that.
I face a lot of differentissues that I never faced before
when I was in the military andI obviously I faced different
issues then that I didn't face,that I don't have to face now,
which grateful for, but like Ihad to face a lot of different

(25:40):
issues that were weird and likewhen I was a new manager I had
nobody to go to, like I was justmaking it up as I was going.
Everybody's like yeah, yeah,this is great and I'm like cool,
good, because I'm just makingit up, man like.
I had logic my way through it,but like I didn't have anybody,
that's like, oh yeah, well,here's some some ideas of some

(26:03):
like type of statistics that youmight want to keep in mind or
what kind of Metrics you mightwant to have at all times on
your team.
That kind of stuff.
You know, really using certainbusiness tax, like using
business need to sell a toolthat you might need or to gain a

(26:25):
tool that you might need Toyour arsenal tools not that
you're going to gain 50 of themthat way, but like maybe one or
two select ones if you don'thave any tools or something like
that or an upgrade to a tool,and using the business need to
actually sell it.
You know, using Appliance tosell it, because compliance is a
business need and kind ofreally speaks to that.

(26:47):
Using the risk and and knowinghow to kind of curb your
argument that way and reallylike what, what leaders should
be paying attention to.
That's different in cyber or it.
Then what is going on in otherlike in retail leadership.
You know that kind of or deal.
So I think these conversationsare going to be really great and

(27:09):
they kind of already talkedabout like where it all started
at like how it all, the idea ofit all, came about.

Speaker 1 (27:16):
But yeah, and I think that's.
I think that's awesome and,again, this is something that Me
and you have talked about, andI'm so happy to see that you're
doing this and where it's goingto go, because I think there's
there's always a differentperspective, and I think the
more people we have interviewingand talking to, other the more

(27:38):
voices we can get hurt, the morepeople can get out there and be
seen and be listened to,because in this industry we see
so many people that go to theknown right.
So the Dave Kennedys of theworld, you know, phillip Wiley
said whatever, and I love, Ilove them to death.
I think they're great peoplehave had, you know, phillip, on

(28:00):
my show.
But there's always more peopleand I think we need more to get
more voices heard, to getdiffering opinions and actually
see how things you know can playout.

Speaker 3 (28:15):
Yeah.

Speaker 1 (28:18):
Hollis, how'd you are actually?
You know what I haven't heardfrom August in a while.
August has been way too quietAugust.
How'd you get dragged into thispodcast?
I'm just gonna ask.

Speaker 2 (28:30):
Natalie bold, natalie bold me into it pretty much you
, yeah, I can just typical armypick it on Air Force.
That's really what happened.
No, I think Hollis let me knowbefore that Natalie texted me
about it and I'll be honest, atfront I was a little hesitant

(28:51):
about it, but I really likedboth of their enthusiasm and
that's what brought me here.
I do think it's good to have alittle bit, because both of them
are a lot more experienced thanI am, right, like I'm the
oldest out of us three, but I'malso the least experienced, at
least in this field, and thefield of our field changes
really fast, right, so it'sreally hard for juniors to keep

(29:14):
up and you know, I'm two yearsin and I still honestly, have no
idea what I'm doing like 75% ofthe time.
And I've been blessed enoughwith my leadership that I've
been guided, even when I'mfeeling that that imposter
syndrome real bad and it's justthis is a way for me to give
back right, like to help guidesomeone that's kind of probably

(29:36):
in my shoes or a little bit, youknow, a little bit earlier in
their career, just because it'sno one's alone here, right, like
it's all a teamwork.
Obviously we all contribute,all of us need to work together,
right, this is we don't havethe time for the infighting and
the bickering that a lot ofcareers do.
We don't have the time for thatbecause criminals aren't doing

(29:57):
that.
They're doing everything theycan to break into an
organization and they're not.
They're not held by what we are.
So that's kind of why I'm here.
It's my way to give back.

Speaker 1 (30:07):
So I mean, look, hackers don't care how many
certifications you have, theydon't care what your blackout
dates are, they don't care whatyour management window windows
are.
I commented a zero.

Speaker 2 (30:18):
I commented on someone that said something
similar to that on LinkedIn.
While I do agree with you thatcriminals or hack black cats
don't need that right, but lookat it this way it's a lot easier
to break a window than it is toreplace one or secure a window
or cut a whole Penetrationtesting in that window without

(30:39):
breaking it.
And that's where I think thefields differ, right like.
You have to learn how toproperly secure something versus
just I'm just going tobrute-fork this or I'm going to
do this zero day and breakeverything.
And I do think we need moreentry level talent, not based on
certifications, but that's anentirely different discussion
and then we could talk aboutthat for weeks.

(31:00):
I'm sure everyone has input forthat.

Speaker 1 (31:03):
Well, that's, that's.
That's a gear multi-yearconversation, I think.
Natalie, how many times we talkabout that?
I swear almost every episodethat comes up.

Speaker 3 (31:13):
Yeah, yeah, I really hate, first off, I really hate
certifications.
They are good to an extent, butthey're not good at building
the base, foundational knowledge, because a lot of people don't
study for them properly, so theyjust the cram for the test and
then after the test they forgeteverything that was on it and

(31:34):
then they forget all thematerials.
So they haven't actually builtthat base foundation.
And I think that certificationmills tend to do that a lot and
just like regular certificationslike requiring a certification
for an entry level job willcause somebody to just rush and
study for it and pass thecertification, and now they have
it for three years.
But do they really have thatknowledge?

Speaker 1 (31:56):
Well, that's been my biggest thing, and Hollis will
touch on you in a second becauseI want to get your feedback on
the podcast.
But to me, when it comes tocertifications, right, I have
more letters after my name thana lot of people, except for DR.
I'm not a doctor.
I don't like to pull that much,but you see a lot of these

(32:18):
baseline certifications thatpeople take, test dumps and
things like that, so they neveractually know the material.
So a little bit of background.
Before I got into cybersecurityas a job or a career, I was
studying it, I was on Linux, Iwas on backtrack, I was doing, I
was breaking into things, I wasrunning my labs, I was doing
all this stuff.
So by the time I got into it asan official career field in the

(32:41):
army, when I went through allmy sans training, I knew every
toll and knew how to use everytool they taught us I had done.
I had a new end map backwardsand forwards at that time.
I don't know anymore.
They keep changing and theykeep removing options from me
and I got to download olderversions.
But you know, I knew end map, Iknew metasploit, I knew I knew
all these things.
And so when I went through thecourse, people are like, how do

(33:05):
you know all this?
Well, because while you're, youknow, watching TV, you're going
out and doing other things.
I don't know, I don't know.
Hi Hollis is, I don't know,girlfriend, wife uh, something,
hollis is better half, don'twant to put some protection.

Speaker 2 (33:22):
anagans Sister, I don't know.
He is from Alabama.

Speaker 4 (33:28):
It's just, it just had to bring it up, didn't it?

Speaker 2 (33:32):
I did Any chance I get.
I'm going to jab you about it.

Speaker 3 (33:37):
I'm going to be a good friend of Hollis?

Speaker 2 (33:40):
Yeah, I was at.
Hollis, not Liz.
Liz is the same.

Speaker 1 (33:45):
But yeah, I knew it.
I knew it because I've beenstudying it for years, literally
from the time I I I found outabout cracking Wi-Fi up until I
got my god to say ends I hadbeen studying all of this shit.
And so people are like, how didyou notice?
Because while you're watchingscrubs, I've been studying it

(34:07):
for a long time, I've beenlearning and I knew it all.
Well, I didn't know it all, butI knew what.
I knew all of what I was goingthrough at that time, because it
was G, sec, gci, hg, ced, uh, Iforget what the hacking one is
without a certification.
And then Python came out, butit was GP, gpyc is what it
became.
And so I I worked on all that,so I knew it.

(34:34):
I've been working on it for along time.
I didn't need to test them.
I didn't need someone to giveme the answers.
It's sit in front of it, do itand you can.
You can word the questions anywhich way you wanted to, but
there was no fail for me.
I wasn't going to fail.
Whereas security plus A plusnet plus, you can go online and

(34:57):
find the answers to everything.

Speaker 2 (35:00):
It's a completely different beast On the flip side
.
You know, you usually getcaught out in interviews right
Like oh, I caught.

Speaker 1 (35:08):
I called people out in the military for that shit.

Speaker 2 (35:11):
Like as soon as you ask someone something that's
outside of the norm, ofsomething that would be on the
test versus something that ifthey'd actually study the book
or the reading materials theywouldn't you you can immediately
almost tell who is bullshittingand who's not right.

Speaker 1 (35:25):
Yeah, I had someone in the military asked.
I asked her what 4443 was.
I don't know.
Now, why the hell?
Are you an NCO working the helpdesk?
Yeah, I didn't go over.
Well, I didn't care.
I was like you have no businessbeing here at all.
You need to go lose your rankand lose everything because

(35:50):
you're a cheating son of a bitchand you lied.

Speaker 2 (35:53):
That's I mean.

Speaker 1 (35:54):
It's a cheating scandal that happened across
multiple branches, that answerswere given out for a lot of
things, and the the DODabsolutely ruined cop Tia
because then they came out withthese boot camps that literally
just taught the answers to thetest.
That was their whole premiseand the DOD bought it.

(36:16):
And so I had someone that ifyou had a certain voucher code
because when I was in a guardthey did a boot camp, alright,
and they gave vouchers for theseboot camps, so you can go, take
the voucher code and then theone that was provided by the
boot camp, you've got acompletely different test,

(36:36):
meaning you didn't get theanswers.
You had to pass it on your ownfucking knowledge and these
people fail.
So again, the DOD ruined, justlike wow, we're not going to get
to it.
Anyways, how did you get suckedinto the?

Speaker 4 (36:52):
podcast.
Yeah, so Natalie, originallyhit me up with the idea, and so
I was like I'm gonna never takepart in helping you with the
podcast and so me like notknowing what helping that.
I was like yeah, sure, I'll,I'll go for it.
Um, and then, months later, shewas like so co-host, right.

(37:15):
And I was like uh, I mean I canspeak, but like, and then, once
, once we got August into it,right, because she asked me she
was like hey, you know, I'm notgonna be super close.
August has been kind of like abrother to me and kind of

(37:35):
watching him come up in theindustry.
Uh, it's kind of driven usfurther for me because, uh, you
know him and I just exchangedbanter back and forth all the
time.

Speaker 1 (37:44):
I'm just Natalie.
She's the only banter.
He's like a brother to you.
You live in Alabama, I'm sureit's just Damn it, nothing more.

Speaker 2 (37:52):
You walked us right into that thing.

Speaker 4 (37:56):
But uh, yeah, I mean uh, well, with all that right.
Uh, the the first thing I didwhen August was like first
starting out, I bought him abook.
I was like, hey, I think you'dlove this book and I think you
would have a good time with this.
Uh, and ever since then,watching him grow and then
seeing him getting into liftinglike I've gotten into lifting Uh

(38:18):
, you know I just it for not thebest of my life.
I mean, he's great.
Um, you're a lot of love, um,as well as like it, natalie,
like Natalie helped me grow into, like the positions that I've
gotten into.
Uh, they're both fantasticpeople and you know, I'm just,
I'm glad to actually be a partof this and be able to hear what

(38:41):
they think more and get moreout of them with this.

Speaker 1 (38:45):
You know, and there's nothing wrong with that,
because it's awesome, because Igot, you know, my sister, amanda
and Chad and yes, I call her mysister Um, who's my sister?
I'm the Google Cyber Securitycourse and and it was one of
those things where I saw whatshe did, um, I knew who she was
and what she was capable of, andI said you need to do this.
And so my next school is to gether a job like the FBI or

(39:07):
something like that, because herinvestigative skills are none A
lot of people's out of thewater.
I'm sorry Y'all ain't gotnothing on her.
It'll be done tonight, ofcourse, it'll be done tonight.
Alright, I got so much.
Look, I help people, that'swhat I do.

(39:28):
She's like, ah, it'll be done.
Well, alright, I'm gonna moveon.
So I got a book that somebodydidn't claim that I'm gonna send
to her.
But, yeah, I, um, I think it'sone of those things, you know,
we gotta help each other out, wegotta lift each other up, and
this is the thing about leaders,right?
You?
There's a difference between aleader and a manager.

(39:48):
A leader is gonna bring you upwith them.
A leader is gonna, you know,guide you.
A manager is just gonna tellyou what to do.
A manager is gonna sit thereand not actually.
I look at it this way In the inthe army, we had NCOs that told
people what to do and sat ontheir ass, and then you had NCOs
that actually did the job whileyou were doing it, because I'm

(40:09):
not gonna have you do somethingand I'm not willing to do it.
No, if you're doing it, I'mdoing it.
Those, those be the rules.
This is the rule.
I always live my life and so Ihated when people would be like,
oh go do this, alright, cool, Igot you and then they go sit on

(40:31):
their ass in the AC and not doanything Literally nothing.
Like I've seen these NCOs.
I've seen a lot of NCOslegitimately do nothing but play
on their phone.
That was all they did and I'mlike so we're out here busting
our ass and you're in there onyour phone.

(40:51):
I'm not that type of leader Iwanted to be and so it's.
It's hard because I see a lotof managers.
They want to manage, they don'twant to leave Two completely
different things, and I think inthis industry we need more
leaders and less managers,because the leaders bring people
up with them.
Managers a lot of times areafraid to lose their job or

(41:16):
afraid someone's gonna take overtheir job.
So they hold their job.

Speaker 3 (41:20):
They're not looking Well, and not only that.
Sometimes, like what I've seenand like you can be a leader and
a manager at the same time, youcan still hold a management
title as still be a leader anduse leadership tactics and
leadership techniques to helpyou grow as a manager, right,
but the manager, the managertitle doesn't go away.

Speaker 1 (41:42):
There's no such you're not gonna find unless
you're a lead, like in a companywith a authority, with leader
in it.
Manager, I am a practicemanager, yep, but I'm a leader.
I'm not gonna sit there and dohave my people do something that
I'm not willing to do and,let's be honest, I'm not willing

(42:03):
to do a lot but I still do it,because if they gotta do it, I
gotta do it.
But you're not wrong, that it's.
It's very.
You can be both, but it's veryhard to be both.

(42:25):
You're only both entitled.
Well, one's entitled, the otherone's in what, how you approach
your, your team, yeah, once inphilosophy, much more.

Speaker 3 (42:32):
and and your, your practical side of you.

Speaker 1 (42:40):
You're not gonna be the one, that's gonna be the one
that you're gonna be.
So I look at it, I look at, Ido.
I will always look at leadersand managers different.
A manager doesn't want to help,and so directors and there's a
lot of excuse me directorsthere's a reason.

(43:00):
There's only certain people Iwork for.
I don't go into companies blindanymore.
I love working for him.
I've worked for him at twoother companies.
I will continue should he everdecide for some obscure reason,
to leave.
I will follow this man becausethey're he will always look out

(43:25):
for his people.
He is not in a position to doany hands-on work anymore Like
he's way above that level.
At a director and above level,you kind of don't do that shit
and make sure they are takencare of Bar none above anybody.
I've worked Bar none.

Speaker 3 (43:45):
Hey, that's one of our podcast episode.

Speaker 1 (43:47):
Yeah, one of those people that I will follow him
wherever he goes.
Now I, I I yelled at him and Igotta address me.
So comment here in a second.
I've actually called himbecause I've had a number for
years.
I've called him like dude,you're fucking, like literally
you brought me in and you'relike I'm not gonna do it.

(44:09):
But it's one of those thingswhere I respect his drive and
his passion, what he's capableof, and so when he leaves, he
will literally call you and belike hey, you want a job?
It's gonna pay you like 80grand more.

Speaker 2 (44:21):
And you're like yeah, bet, I'm there, yeah, I'm out,
I'm coming right now.

Speaker 1 (44:27):
Alright.
So Misha did say this.
Um, I disagree with you,seborrure studios.
I think it's because of thefact that you're the leaders.
Um, to be fair, most of mymanagement experience came from
the military.
Um, in the civilian world, I'veworked at one, two, three, four

(44:50):
different places.
Now I'm on my fourth placesince I retired out of the army
in 2017.
So, past five years, I'm on myfourth job.
Actually, is that five years?
I'm on my fourth job.
Um, one shitty manager.
Two, two great leaders.

(45:13):
Because, well, at the second job, I had an amazing manager,
slash leader, whatever you wantto call him.
He was the manager of all of us, but he led.
He was willing to do the workif need be.
Uh, he was on the calls with meat three o'clock in the morning
whenever we were handling IR.
The current boss I have now Ihad with my boss at the third

(45:36):
job I had he shit happens, um,and so he was great when he was
there.
I had someone else.
He was a piece of shit.
I hope he's watching.
He'll know who he is.
Um, and then I hope you seethis.
Oh, dude, if he's watching,because he's playing these,
watch my shit, and I hope hedoes, I don't fucking care.

(45:56):
He fired me for no fuckingreason.
I was two and a half years.
Um, my boss there was amazing.
And then I mean, there were,there were things me and him
talked about issues within theorganization, but as an

(46:16):
organization, as him as a boss,absolutely amazing.
And then I went back to who Iworked for twice before and so
because I love working for andI'm like, yeah, and I know when,
when things like bonuses comedown a lot, and he'll be like
you know, you know, you know,you know, you know, you know now
, like they're getting paid andlike see, this is why I love you

(46:40):
, this is this is why we workgreat together, because I'm
gonna make a deal and you'regonna do it.
I'm like that, let's figure itout.
We'll find motherfucking white.
We're gonna make this work.

Speaker 4 (46:53):
Yeah, for sure, and like I'd like to take a second
to caveat off that right, likeIn saying that there's people,
there's managers, that don'twant to become leaders, I would
also suggest you that there'sanalysts and people like myself
that don't want to become aleader.
There's people that don'tactually want that opportunity
and they're just into it.

(47:14):
So I will tell you that I don'tthink a manager can be made
into a leader, and I will saythat, yes, they have to want it
if they want that.
But a lot of times that peopleare put into management are
generally put there in my eyesin this situation, because
they're just kind of their movethere right.
Not whether they're a goodperson or a good leader or
whatever they're just they'reput there.

Speaker 1 (47:38):
That's the only move they have within the
organization to make more money.
Yeah, that's what it comes downto is money.
Organizations need to give youa place to level up technically,
even if that's a creative rule.
When I was at my lastorganization, I kept going back
and forth.
I didn't know if I wanted to bein manage.
I didn't.
I didn't know if I wanted todeal with the headache, but then

(47:58):
finally I got to a point whereI was like I'm tired of doing
all the technical work all thetime.
I love motivating people, Ilove mentoring people, I love
helping others, but actuallydealing with clients trying to
get the technical work done is afucking headache that I don't
want to deal with on a regularbasis.
And so when I finally decidedthat and me and my buddy talked

(48:22):
and he goes, I got a job for you.
Bet I'm there like I'll go runa team for you and this is what
we're gonna Money.
Let's go, I'm all about it,have fun.
I hate and again, nothingagainst where I previously
worked.
I love to work in forum, butit's just a More money and be.

(48:42):
It was a different role and itwas something I wasn't gonna be
able to do, because where Ipreviously worked, we were so
small that even managers orleaders or whatever title you
wanted to fucking give themwe're still doing all the work,
and I didn't want to getpromoted To then have them deal
with people and still do all thework like it just made no sense
.
And so I finally got noposition where I can ease off

(49:05):
the workload like I'm only.
You know, my bonus is like I'monly gonna put in 20, like 20
hours, I think, or somethinglike that of time versus actual
consultants, or no, I'm 20%billable and I might Rather have
that then 50 or 70 is now I canactually do these meetings that

(49:29):
require me to sell shit.

Speaker 2 (49:32):
The add-on to what y'all are saying too.
I think that us all beingveterans, leading veterans as a
civilian is probably not theeasiest thing to do, so that
also have something to do withit.
It's and I'm not downplaying oror down bad talking, talking
down to civilians either it'sjust that veterans are different

(49:52):
breed.
Um, honesty is a really bigthing for us, and up frontness
and not not everyone can handlehow brash veterans are,
especially like Civilian peoplethat have never had to work with
or for or above veterans before.
It's.
It's a little bit of adifferent game for us than it is
for someone else.

Speaker 3 (50:14):
Well, you have to think of it too.
Is that like when we weretraining, we were training to go
to let this?
I was, and I know, derek, youwere All this and August, I'm
not sure when you guys were inbut like we were training for
war, right?
So like you had to trust yourleadership to, regardless what
your job was, you had to trustyour leadership to do what was

(50:36):
necessary so that you could makeit home right Like it, make
right the right decisions versuslike.
So we bring that kind ofmentality to, to the civilian
sector now and they're likewe're not trading for war, like
we're not going nowhere.
We are chair warm rangers here.

Speaker 2 (50:55):
I think that even if you're not training for war,
there's because I was Air Force.
Y'all can make your jokes,that's fine, I was in the Air.

Speaker 1 (51:02):
National Guard.
Before I went out to do thearmy Over the shit, I went
through an active duty any dayof the week in my five-star
hotels.
Now I'll take them.

Speaker 2 (51:13):
I worked on nukes.
Like we don't, we don't reallydeploy right.
Like where am I gonna deploy asa nuke troop?
Nowhere.

Speaker 1 (51:19):
So you're gonna another state.

Speaker 2 (51:23):
Why was Anderson Air Force base Guam?
This is pretty tough.
Let me tell you, taking allthat aside, that the military
mindset is a lot different, andthat's something I've had to
adjust to is Lowering myexpectations for a lot of people
outside of the military thing,just because you can't Expect

(51:46):
everyone to perform at the samelevel that someone that's a
veteran would.

Speaker 1 (51:52):
So I got, I got two questions here.
And you're not wrong, veteransare a different breed.
They're always gonna be adifferent breed, but they don't.
They don't work everywhere.
You can't have veterans incertain positions, not because
they're incapable, just becausecertain ones drank the Kool-Aid
way too much, and and when youbecome like uber marine or uber

(52:14):
army and your whole personalityis ooh raw, I jump out of planes
or, you know, I Make things goboom-boom.
I'm sorry You're not gonna fitinto a lot of places like I'm
sorry, but that's the way it is.

Speaker 2 (52:30):
On the flip side of that.

Speaker 1 (52:31):
I never jumped out of planes.
I was broken as it is and Inever wanted to.
It's perfectly good airplane.
I don't need to be jumping outof it, just Not my style.
But hey, that's me.
I Love the Air Force.
It was what my first branchbefore they said hey, we're not
cross training prior serviceinto active duty.
Yeah, I said okay, fuck you upthere in the army.

Speaker 2 (52:53):
Uh no, also lazy veterans too, though.
So not every veteran is gonnacome out and be a workhorse
right Like I know some peoplethat I've worked with that have
a bad taste in their mouthbecause veterans expect to Ride
the reputation of I'm a veteran,I've done my time right, so I
guess I should add in that too.
There's also.
We call I don't know what thearmy called, and we called them

(53:16):
shitbags in the Air Force, butum, you know, we got a few terms
for them.

Speaker 1 (53:20):
There's there's quite a few we can come up with, um,
although also called them rocks.
Yeah, you know, none of thoseterms we came up with are
probably politically correct.
We're just gonna say there were.
There were quite a few, um, andI don't give a damn like that's
what they were.

(53:40):
I don't know if they were likeshit bag, lazy piece of shit
rock, dumb as a rock.
Um, I can come up with a fewmore.
Mostly they were the ones thatwent and cleaned the rocks,
flipped them over, paint themagain and then move them and
then clean them again and thengo mop the grass, cut the grass

(54:01):
with some scissors, and I wishthey still did that.
That'd be great.
I digress.
Um, we have a question herefrom Andrea.
Do you think leaders are bornor developed within their
environments?
Haulist, you go first.

Speaker 4 (54:22):
Yeah, so when I when I look at a person that's going
into a leadership position, Ithink people can be trained for
it.
I think people can learn thatand adapt to it.
But I do think there are somepeople that are just born with
that inhibition.
There are some people that arejust born with that ability to
take a situation, take peoplearound them and say, hey, we
have this issue, we have thisproblem, can you walk with me?

(54:44):
Uh, and I think that's whatdifferentiates a leader from a
manager is having like derrick'sother type of videos.
Is the walk with me situation,uh, being able to take people
around you and move them forwardwith you?
Uh, I think that's somethingthat, like I said, some people
are kind of born with it.
It's something some people canlearn.

(55:04):
It's kind of a harder trait tolearn and it's something that
I've explained to my currentboss is that, uh, while I love,
uh, technology, uh, he wanted meto kind of move more forward
into leadership, I I don't seetechnology like.
I see people.
I see people as more of achallenge.
Uh, I see them.

(55:24):
As you know, I could learn themand I can learn how they are
and what they do and like movethem forward with me.
But you know, there's somepeople that don't want to walk
the same way as me.
There's some people that don'twant to walk in the same pace as
me.

Speaker 2 (55:37):
And I think that's what really separates a leader
and a manager.

Speaker 4 (55:41):
Um, but uh, you know being bored or developed with it
uh, I'd really give it a 50-50right.
Um I think it's a thing wherethere there are people, like I
said, that are born with it.
There's other people that youknow.
They pick it up, they take thetask and they say you know what,
I may be a good analyst, but Ican be good with people.

(56:03):
Uh, but it's just a.
It's a tough line and it's atough line to ride, but um.
It's, it's, it's a line that atsome point I'll have to face.
But uh, right now I keeppushing a line away.

Speaker 1 (56:18):
Eventually, you'll get there.
Eventually you'll get there.
So, natalie, what do you think?
Our leaders are born or arethey developed within their
environments?

Speaker 3 (56:29):
Um, okay, so I think it's a little bit of both.
Um, some people are naturalborn leaders and you cannot take
it away from them.
They like they.
They will find their way intoleadership every time without
even trying it.
And like they're the ones thatthey constantly are finding
their way into leadership, um,leadership positions.
They haven't tried to findtheir way into a leadership

(56:50):
position, but the next thingthey know they're just like
promoted into a leadershipposition.
Um, but you can learn differentways to lead and it takes a
little bit longer to develop itfrom their environment.
But I've also, I think thatI've developed my leadership
style From seeing greatleadership and also seeing

(57:12):
really bad leadership.
Like, I've seen some reallyterrible leaders and I was like
that Is not what I want to bewhen I become a leader.
So take note of this now self,because and I would write it
down I'd be like don't do this,because that was what I wanted
to be the furthest from when Ibecame a leader.
Um, so I I've always said I am abyproduct of really great

(57:37):
leadership and really poorleadership, and that's kind of
how I've developed my leadershipstyle.
Um, but you can also takesomebody who has no natural
likes who doesn't really havethe natural instincts and and
still develop them.
If you work with them enoughand you really get them to
understand why we're doing thethings that we're doing, you can

(57:58):
still develop into a leadershipor into a leader role.
Um, as you know, without havingthat natural instinct, it's
just a lot easier when you dohave that natural instinct to
lead others.

Speaker 1 (58:15):
Yeah, definitely, I completely agree.
Um, there's a lot ofdifferences, it's just.
It varies and I'll give my takeon it here in a minute, but I
want to let august go.
Go ahead, august.

Speaker 2 (58:26):
I think it's both like nap, like Natalie said, um,
I do think there are peoplethat are born for it.
That's just how they are andhow they're going to find their
way.
Is that right?
But on the flip side of that, Ido think it can be taught, um,
by circumstances or byhappenstance, right, like
something happens and they haveto and they either learn or fail

(58:48):
.
Uh, the third part of that is, Ithink that the people that I'm
going to pick on hauls a littlebit here.
Hauls said he doesn't want tostep into a leadership role.
Right, and I think that's whatwould make him a good leadership
role, because he doesn't wantthat role, and and he would set
an example, or a good examplenot just an example by being the
leader that he would have hopedhe had when he was younger.

(59:09):
Right, and I think anybody canmaybe not anybody, but I think
most people can recognize whatare good and what are bad
leadership traits, andespecially in cyber or
information security, whateveryou want to call it.
Um, it's a small field andObviously, a lot of us are
either neuro divergent orintroverted.
I'm not, I'm extroverted, but Ithink that takes a certain kind

(59:31):
of person and To lead someonelike that, because you have to
bring someone at least enoughout of their shell To be able to
instruct them and guide them.
So I I think that's aroundabout way to answer the
question.

Speaker 1 (59:44):
Natalie knows all about me bringing people out of
their shell.
How many people have I had onthis show that are like, oh, I
don't want to talk, I don't know, and I'm like, uh, fuck you,
you're coming on.

Speaker 3 (59:56):
And also holless says he doesn't want to be in
leadership, but I know for afact that holless is a great
leader.

Speaker 1 (01:00:05):
Called it.
Well, here's the thing.
So so, but but Austin said itright.
Who's Austin?

Speaker 4 (01:00:12):
My bad dude.

Speaker 1 (01:00:12):
I ain't got my name.
It's not as bad, as it isn't asbad as what I do to when.
All well, you're right, I'mjust giving you a hard time.
What August said it right isyou know, absolute power crops,

(01:00:33):
absolutely.
So if you don't want power, ifyou don't want to be in charge,
you usually make the best leaderbecause you don't want that
power.
You were Good enough to do thejob that your, your team, the
people around you, yourcommunity Chose to put you in
that role, and so you will dothings to make sure that those

(01:00:58):
under you Are taken care of,whereas if you choose or if that
is your absolute Goal was to bein power and have power and
make decisions, you'll burn alot of bridges and hurt a lot of
people just to get there.
First, the people that don'twant it.
They're not burning bridges,they're not trying to hurt
people, and once they get there,they want to continue to keep

(01:01:20):
their hands on keyboard and dothe work and mentor others.
So it's those that don'tnecessarily want it to make the
best leaders.
Just the way it works.
Sorry, sorry, paulus, butyou're gonna end up in
leadership solely because I'llkeep fighting it.

Speaker 2 (01:01:42):
I'll fight it to the end.
I'm gonna send your boss aLinkedIn message tomorrow.

Speaker 1 (01:01:47):
Paulus, you're being promoted especially because you
know.
August is gonna create a sockpuppet account now of Austin.
Similar is gonna be the name.

Speaker 3 (01:02:06):
I'm just glad it wasn't me.
They called him Austin, becauseI usually do.
I usually will impex him likeAustin.

Speaker 1 (01:02:13):
I don't know where that came from.
August Austin, I don't know.
They sound like I had the awright.
I hear good man.

Speaker 2 (01:02:21):
It happens all the time.

Speaker 1 (01:02:23):
So we got, we got started AR here.
Infinite probability, ai Heard.
The need for cybersecurityanalysts is due to lack of
retention.
What can a leader do to improveretention and what would cause
you specifically to stay loyalto a company?
Uh, august, go first.

Speaker 2 (01:02:41):
So this actually happened to me pretty recently.
I I'm not gonna name where Iwork or where I turned down a
role, but both Paulus and Nat no, I turned down a role.
That was probably.
The compensation was quitesignificantly higher than I'm
making now.
But the reason that I did thatis because the company that I'm

(01:03:05):
at is paying for sands once ayear.
We're also paying for Um.
I also have access to immersivelabs.
I'm not micro managed.
My bosses recognize when we dogood work.
They also Voice thatrecognition to not just our team
but to higher leadership.
That is one of the things.

(01:03:25):
Um, I forgot everything I justsaid sands, immersive labs.

Speaker 1 (01:03:33):
August.
Are you sure you fence overthis?

Speaker 2 (01:03:42):
Man, I completely lost my training thought.
So training is one of them, uh,recognition is one of them.
Appropriate compensation is oneright like to an extent, once
you're at three to four years,your salary is going to be
fairly similar across mostcompanies.
Um, obviously some are going topay more than the others, but

(01:04:04):
realistically, like being heardand being recognized are two
major things.
And and a boss asking if youneed anything, which sounds
trivial, right, but that hasn'thappened to me at the two
companies that I've worked at insecurity.
I've been more than happy withboth that I worked at, but when
I worked at help desk before, itwasn't like that at all.

(01:04:26):
It was more of You're doingyour job.
That's cool.

Speaker 1 (01:04:31):
Oh, you got the experience of a grunt, or a
soldier.

Speaker 4 (01:04:34):
You know, you know all about that.

Speaker 1 (01:04:41):
But uh, I'm not gonna get a holless.
No, your last holless.
You're going up last, you'regoing last.
I'm just talking about man.

Speaker 3 (01:04:50):
I would say as a leader, you can value your
people.
If you value your people andyou let them know that you value
them, you value their time, notjust during work, but also like
don't ask them to work outsideof their working hours unless
it's absolutely necessary.
You value them to get them thetraining you value them to where

(01:05:12):
you're actually shouting themout, you're valuing them.
There's a lot of different waysthat you can show that you
value your people and somepeople they don't want their
shout out because that's justthat's not their thing.
Like I'm that person.
Like I hate being crazed.
I hate it because I getembarrassed.
I'm like I don't even know whatto say, I'm awkward.
But you can value people indifferent ways.

Speaker 1 (01:05:31):
I know why, but we'll talk later.

Speaker 3 (01:05:38):
But if you value your people and you let them know
that, like, come hell or highwater, I don't care if this
business says like, excuse this.
They're like oh, we want you,as a leader, to speak this
company line, I won't do it.
I will go to my people and saywhat I'm supposed to tell you is
X, y and Z.

(01:05:58):
We can't really talk about whatI really think, but this is
what I'm supposed to tell youand my people will know like, oh
, okay, luckily I don't getasked to do that anymore.
But like, when it comes down toit, I care about my people
enough that I put their needsabove everything else within

(01:06:19):
reason.
Obviously, we're notbankrupting companies and we're
hearing something like that.
But like, you know, then youneed to take two hours to do
something good to it.
Go, I'll see you in two hours.
The haul is used to work afterhours.
Sometimes that'd be a house.
What are you doing online?
Why are you here?

Speaker 1 (01:06:37):
My role on PTO.
This is my role.
Anytime someone takes PTO.
I better not see your ass logon to Teams or send an email or
anything.
If you take PTO and I see yourass show up, I'm gonna make you
take more PTO, dude, no, takeyour time off.
That is your time, not thecompany Go.

(01:07:00):
And I got yelled at recentlybecause I was on PTO and my
buddy who's my, he runs the MSS,the operation site he goes what
are you doing online, dude?
I was just checking.
What are you doing online, sonof a bitch?
Fine, all right, log off, leaveme alone.

Speaker 3 (01:07:20):
That's the hardest thing as a leader is to practice
what you preach.
But it's very important.

Speaker 1 (01:07:25):
Oh, I try, I try, I try.
I'm gonna let haul us go.
I'll give my two cents, I'llhaul us.
Go ahead, brother.

Speaker 4 (01:07:31):
Yeah.
So in terms of what August andNatalie were saying, I think
they're both very accurate insaying that the person needs to
feel valued being in.
I feel like I'm gonna be theforever analyst or the forever
operations guy.
I fully believe in the factthat as long as I have a boss or
a manager or whatever you wantto call them at this point, as

(01:07:52):
long as they value my work andthey value the time that I put
in.
I mean, if I'm gettingcompensated and I'll even quote
unquote fairly and I feel likeI'm being compensated
appropriately.

Speaker 2 (01:08:05):
I'll follow it in his earth right.

Speaker 4 (01:08:07):
Like if you give me this task, this project, and
you're like you know what greatjob you're doing, great, or like
you know, take this time thatyou need, or whatever, like I'm
here for you, right, like me,and you, we can talk, right, we
can do it all right, like.

Speaker 2 (01:08:25):
I'll build the world for you at this point.

Speaker 4 (01:08:28):
So I mean, I really I fully believe that the person
needs to just be valued, andthen you know just the ultimate
like respect of it all, and Ijust there's people that show it
, and those people I'll say that, for lack of a better term,

(01:08:50):
I'll find them in the worldright.

Speaker 2 (01:08:53):
Like well, you can walk across hot coal at this
point right.

Speaker 1 (01:08:56):
I'll be there, yeah, definitely.
So here's the thing, the way Isee it, is like this Lack of
attention for security analystsis definitely on the leadership,
because leadership willimplement tools that will make
things happen.
Because one of the commonoccurrences with a security
analyst is gonna be like logoverload right, you're getting

(01:09:19):
overloaded with logs and alertsand everything else and you just
can't process it all and it's alot of noise.
You're trying to sort throughit and your boss, your leader,
isn't giving you the time toactually take care of yourself
and understand that I need tostep the fuck away.
I need to get away from thiscomputer.
I need to quit staring at thescreen because something's not

(01:09:42):
configured right and it's not myjob to configure it.
So, as a security analyst, Ithink that's one of the biggest
issues is people have beenpromoted or gotten to positions
too early and don't know how toconfigure things the right way.
Or companies have been like ohyeah, we're gonna buy this and
not get pro-serve and we'regonna put our security

(01:10:03):
engineering team on it that hasnever touched this product,
doesn't know how to work withthis product and they're gonna
be the ones to configure it.
So now you got analysts lookingat this going.
I'm out, I'll do this, see youlater.
So we talk a lot about that.
But then you all are talkingabout recognition and stuff.
Look, it wasn't until I got outof the army that I found

(01:10:24):
recognition matters and it wasbecause in the army no one ever
got it right.
In the army it was like oh, yougetting it.
Yeah, I'm cool, you were an E6,so you get the lowest metal
possible.
This is what you get as anaward for doing your job in
PCSing and order point.
First job I got I was theresponsoring.
I left, took, take it therewere pain in my ass, I bounced.

(01:10:46):
Second job I had I have twoawards right now sitting on my
bookshelf.
One is for my second company Iworked for out of the army.
I actually got a securityengineer of the year award for
that company and I did notrealize how much that would mean
to me until it happened Like Ihad never gotten that
recognition, never been known tobe someone that actually knew

(01:11:08):
his shit or was able to actuallydeliver, and so when it
happened, a switch flipped andit was like holy crap, this
company means more to me nowbecause they're recognizing what
I am doing and it made mebelieve more in the leadership
above me and the things likethat.

(01:11:30):
So I don't believe in loyalty toa company, I believe in loyalty
to leadership and again, Italked about this earlier Boss I
have.
Now I will follow to anycompany he goes to.
But I don't believe in companyloyalty.
Because he leaves, that meansthere's something wrong and it's

(01:11:54):
to that I hold loyalty tobecause he always looks out for
his people.
So if he leaves, that meansthey're fucking over their
people and that's when I'm likesee ya, come out.
So for me, recognition eh, Istill love it, I think it's
great.
But I'm loyal to a person, notto a company.

(01:12:14):
And that's the big differencein this industry versus the old
days when you had mines and GMand all that other stuff where
they were on assembly lines.
You were loyal to a companybecause you got a pension and
da-da-da, pensions don't existfor us.
You're 401K transfers, soyou're not gonna get a pension.

(01:12:37):
Pensions don't exist.
We're gonna go where the moneyis and I'm gonna go where my
leader goes.
The person that's gonna takecare of me, that's where I'm
gonna go to.
Then I know he's gonna pay me,then he's gonna take care of me.
I know if he leaves, that's fora good reason, because he talks
to leadership and he's above me, so I'm out.
See ya, I'm gonna go follow him, yeah, just tell them that

(01:13:03):
you're gonna start a metery whenyou leave.

Speaker 2 (01:13:09):
Thanks, Hollis.

Speaker 1 (01:13:13):
My friend I got a good question here and I'll run
this round the table because I'mgonna say it depends.
This might answer right awayand I'll give reason for that.
But what do you guys think isfair pay banned for a junior
security analyst?
And as, Natalie, you're the onein leadership, it's like myself

(01:13:35):
.
I'll let you go first.

Speaker 3 (01:13:39):
I would say it depends on what part of security
you're in and also-.

Speaker 4 (01:13:45):
It's just junior security analyst.

Speaker 1 (01:13:48):
So we'll say in a stock, yeah, but if you're a
stock analyst or you're doingGRC security analyst.
Never heard of one of those.
Maybe a new one on me.

Speaker 3 (01:13:58):
Because GRC analyst is still a junior security
analyst depending.
So if we're talking about likea stock analyst, I mean it also
depends on where you're locatedat and what skills you actually
bring to the table and whattransferable skills you have as
a junior.

(01:14:18):
If you can bring a strongargument.
I mean I've seen juniors startout with decent salaries and
I've seen juniors that startedout with less than less than
okay salaries, like salaries.
I was just like I'm not okaywith that.
That's not okay.

Speaker 1 (01:14:38):
As far as the pay ban , though, what would you say,
like, as far as your pay range,what would you put on a junior
security analyst?
And again to your point dependson experience, depends on
knowledge, depends on a lot ofthings, but what range would you
put on a junior analyst?

Speaker 3 (01:14:53):
I'd say 50 to 70,000 a year.

Speaker 1 (01:14:57):
Okay, I can see that and I get your point.
There's different roles,different positions, different
areas of expertise.

Speaker 3 (01:15:04):
Yeah, like if you're on call, that should be a little
bit higher probably.

Speaker 1 (01:15:08):
Yeah, what about you, august?
What have you seen and what doyou think?

Speaker 2 (01:15:16):
I think fair and reality are two different things
in this aspect.
Right, because the reality ofthe situation is that the junior
market is very oversaturatedand it also depends on your
transferable skills.
So reality, I would go.
Reality, I would say between 45to 75,.
Right, and that's marketdependent, that's your

(01:15:37):
background dependent, that'swhere you're at, that's remote,
that's on site right Now.
Fair, realistically, a livingwage I would say between 55 and
80.
But that also falls back onwhere you're at, if you're
remote, if you're on site, ifyou're commuting to work.
When I was interviewing for SOCanalyst physicians, it was

(01:15:59):
anywhere from as low as 23 anhour to up to about 70,000.
And that was in Dallas, fortWorth area.
So the reality of the situationis employers are gonna drive
that price right now and that'sprobably not the nicest thing to
say.
But the market for entry leveltalent is very flooded and I say

(01:16:24):
that as entry level talent.
Right, because I still don'thave three years, so I'm still
entry level.
Yeah, that's.
I guess that probably answersit in a roundabout long way, but
it's a tough situation forentry level analysts right now.

Speaker 1 (01:16:40):
It's yeah, yeah, paulus.
What about you man?

Speaker 4 (01:16:47):
Yeah, so I'll give my perspective as one of the
lowest paying states.
Really, I'd honestly say you'reprobably looking at as low as a
help desk, right, If you're ajunior SOC analyst or a junior
security analyst you're comingin with about as much experience
as an entry level help deskanalyst.
At least, that's my assumption,right.

(01:17:08):
It's probably a bad assumption,or it could be a bad assumption,
but I would say it could beanywhere from $17 an hour,
because when I've interviewedbefore for a junior SOC analyst
in Alabama here specifically inBruton, if you want to look up
the town it was $17 an hour andthen I've seen it go as high as

(01:17:30):
like $80,000 a year for salary.
So it's fully a it depends, andwe're in an employer driven
market at the moment, so it's upin the air.
Honestly, I would say argue foryourself and try and get

(01:17:50):
something livable.
Do what I did.
When I saw $17 an hour I saidno, I gotta go, I can't pay rent
.

Speaker 2 (01:17:59):
I don't want to look at logs for $17 an hour I mean I
don't have enough time orenough, like patients.

Speaker 4 (01:18:05):
So it's an, it depends, and so I'm saying $17
an hour to $80,000 a year?

Speaker 1 (01:18:14):
Yeah, definitely All right.
So I'm gonna hit my point onthis Again very much depending
on where you live.
It's gonna go by cost of livingin your area and, again, it
also depends on the cost ofliving and the places you're
applying to.
One of the things that willmake known.
I looked at Google.
Google came to B-Side Spitsburgand they sponsored it one year
I think it was last year, theyear before it, I mean, they

(01:18:35):
sponsored it this year.
I didn't see a table, though,but I talked to them and they
came to me and they said, hey,yeah, well, you can work
remotely now.
And I said cool, do I getCalifornia salary?
They said no.
I said then I'm not gonna workfor you.
I'm not gonna work for acompany that I know can afford
$300,000 a year for someone thatlives in California and you're

(01:18:56):
only gonna pay me X amount ofdollars here in Pittsburgh.
No, it's not gonna happen.
And they were like but no, noSee, I know you can afford this
because if somebody lives inCalifornia, you're gonna pay the
salary.
So, no, I know you pay based onwhere you live.
I don't play that game.
You're gonna give me what I'mworth, which is what you see is

(01:19:16):
worth in any other state, and sothat's how I operate.
And again, it's very dependenton the organization and state
that you live in and that you'reapplying for as a junior
analyst.
I will say this in all this, Iknow you've seen it, but I will
say if you're getting paid thehelp desk salary for a junior

(01:19:37):
analyst, somebody's screwing youover, because a help desk is
supposed to be a starting pointto get to that junior analyst
role.
So if you're making the samepay band, somebody is not
willing to open the pursestrings and it's not a company
worth working for.

(01:19:57):
For me and my eyes, no matterwhere you work, no matter where
you live, I would say startingsalary should be at least 60 to
70 grand a year.
At least 60, 70 grand a year.
That's just me.
Some people may not agree withthat, but starting out, security
analyst junior, I don't carewhat role you are, you have

(01:20:20):
experience or you have some typeof education and knowledge
behind it that can carry youinto that pay band.
Now if you come in saying Iknow nothing about security, I
know nothing about IT, you'renot even getting hired.
I'm sorry You're just now seeya, but I'll bring you in
somewhere at the base salary ofabout 60 grand a year for a

(01:20:42):
junior security analyst that'sgonna be looking at logs all day
.
I got no problem with that.
I'll train you, I'll get you upto the point of six figures.
But 60 grand a year, that's agreat job for security analyst,
and no matter where you live.
As far as single in college,not in college, you work for me.
60 Gs, yeah, you'll be allright, but we're well, holy shit

(01:21:07):
, it's close at the time.
Well over an hour.
We're at an hour and a half.
I got a bunch of questions here.
Look, here's the way I wannarun this.
If you want questions answered,please send them to me, please
send them to Natalie, send themto anybody on LinkedIn, discord,
twitter, facebook you knowwhere to find me.
Feel free to send me some cashapp with a question in it.

(01:21:30):
I ain't against that.
I will answer it.
For cash, too, I need money.
Look, I got a wife and fivekids.
I got a house to pay for.
So you know I'm all for money,but otherwise, look, we're gonna
go around the horn.
Call us your last enter.
I'll let you be the first oneto answer this.
Any advice you have for anybodybreaking into cybersecurity.

Speaker 4 (01:21:51):
Yeah, learn like you haven't learned before.
Right, Take the time and takethe topics and you know, take
the time that you have andappreciate the topics that are
given to you and then take thatand apply it, whether it's
addressing an issue or like you.

(01:22:13):
Learn like, hey, I can lockdown an active directory account
.
Take it and apply it throughlife.
Take it, say like hey, I'm alockdown social media or
something.
Just make those applyablesituations and Continue to learn
and grow and you'll be goldenAugust go.

Speaker 2 (01:22:31):
Don't do what everybody else is doing, just
taking certifications to takethem.
By all means, take them,especially your CCNA and your
security plus and your PNT, p,pnpt or O, scp or security blue
team one, I think there's alsocertified cyber defender.
Take them, but expand on it,right?

(01:22:54):
Don't just say, hey, I tookthis, this was awesome.
You need to post somethingthat's going to make you stand
out, because getting intosecurity as entry level is not
all about what you know.
Right, like, knowing what youknow is great, but it's you need
to get your name in front ofpeople because no one knows you
exist and told them and it'sdeveloping a reputation Because

(01:23:15):
it's built.
It's built on trust, that's.
I know there's more to say tothat, but that's.
I feel like that's enough forthe moment.

Speaker 1 (01:23:22):
Yeah, definitely that on you.

Speaker 3 (01:23:27):
Just don't give up.
Just keep going like whensomebody says no, ignore it if
they, you know, say no.
Any no is just the not rightnow, or this isn't the right
time, or maybe this isn't theright company.
It's not Unpermanent no, anddon't never take it as a
permanent no, like I always say.
I was just too stupid to giveup so and I eventually figured

(01:23:51):
out how to get in.
So I mean, just don't give upand you'll eventually get there.

Speaker 1 (01:23:57):
All right, so I love it you all are awesome Check out
recorrelated podcast.
When it drops, natalie, send methat.
I will promote the shit out ofit, the when the link in all
that other stuff drops, and I'malso gonna put it into the
Description of this on YouTubeOnce it comes out.
So send me some type of link,we'll get it out there and we'll

(01:24:19):
leave it in the description.
Otherwise, look, I did get onequestion.
I want to touch on this mepersonally because I've been
doing a ton of shit.
I know it's kind of like gearedtowards me.
It's probably geared towardsthe rescue also, but we're
coming to the end of the show.
Wired celery.
What steps do you take todisconnect from cyber security
and have other interests in life?

(01:24:40):
I will tell you this right nowit is shut off social media.
Me personally.
I am a big proponent of mentalhealth.
I'm a big part of motivation,so I'm security of you name it.
This is what I do, up and doingit for years.
It's not gonna change.
I literally shut off socialmedia at certain points in the
day or the week or whatever thecase may be, and I cut myself

(01:25:02):
off completely, the reason beingBecause we need to do better
about ourselves in our mentalhealth.
And so when you're constantlyanswering emails or Teams
messages or slack or discord orTwitter or whatever the case may
be, you're not stepping awayfrom the machine.
Disconnects, separate from themachine.

(01:25:22):
Get your ass outside, gomeditate, go sit by a fire, go
walk through the woods, go dowhat you need to do, and that is
how you can succeed in thiscareer field, because if you
don't, you're gonna burn yourass out and you're not gonna be
in this career field much, verylong.
You will burn out in less thantwo years.
If all you do is this,guaranteed less than two years,

(01:25:43):
you will burn out.
And for anybody that tells meotherwise, I'll ask what the
hell they're doing besidescybersecurity.
And I guarantee you they giveme other answers they're gaming,
we're spending time with family, they're cooking, doing
something.
If all you do is cybersecurity,you will burn out.
Get outside, step away fromtechnology.
Best advice I can give anybodyget the fuck away.

(01:26:05):
Get away for a few hours a day,maybe a whole weekend, a week a
year, whatever the case may be.
Otherwise, okay, I love you all.
You're all amazing.
You're all my warriors, you'reall my family Shit.
You know the drill.
Otherwise, okay, y'all, takecare.
I will see you again next weekfor another amazing episode,

(01:26:26):
because you know I'm here everyweek and I don't go anywhere.
This is what I do.
Most people like Natalie PaulusAugust.
Please check them out, findthem on LinkedIn, find them
everywhere and if you would sovery much like to support this
channel, support the show, checkthe description in YouTube or
LinkedIn.
It's all there.
It actually it's on Facebook,too.
You can find all the ways tosupport this show.

(01:26:48):
Support me and support what Ido.
Otherwise, take care and I willsee you all next week.
Another amazing episodesecurity happy hour.

All Episodes

Episode Transcript

Popular Podcasts

Crime Junkie

24/7 News: The Latest

Stuff You Should Know

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Unraveling Leadership, Mentorship, and Recognition in Cybersecurity and IT

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Crime Junkie

24/7 News: The Latest

Stuff You Should Know

All Episodes

Unraveling Leadership, Mentorship, and Recognition in Cybersecurity and IT

Crime Junkie