February 12, 2025 • 45 mins
This episode explores the challenges of making a meaningful impact in podcasting and cybersecurity amidst a sea of influencers and superficial content. The discussion highlights the importance of authenticity, technical expertise, and effective leadership in building a sustainable path forward in both fields.
• Importance of genuine value in podcasting
• Dangers of influencer-driven superficiality
• Navigating personal and professional growth
• Project management as a key leadership skill
• Managing burnout and team dynamics
• Balancing proactive and reactive responses to crises
Peter Ramadan shares insights on his growth in cybersecurity and offers advice on where to find additional resources and learning opportunities.
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
How's it going, peter ?
This has been a long timecoming right.
We've been talking about thisoff and on since I started way
back in oh my God 2021, I thinkis when I started this February
of 2021.
Speaker 2 (00:16):
Wow, four years now.
Huh, this is the thing, right.
Speaker 1 (00:25):
And I think that this is probably why like 98% of
podcasts don't make it pastepisode 10.
Is because you go into itthinking, okay, there's going to
be a huge amount ofdiscoverability, I'm going to
have all the right hashtags, I'mgoing to have all the right
titles, I'll eventually build arepertoire of really good guests
and whatnot, and all of thatwill enable you to get
(00:49):
discovered.
And that's not the case.
You could have the besthashtags and everything else
like that.
Sometimes the stuff justdoesn't work and I know what my
competitors are doing and I justrefuse to do it.
Speaker 2 (01:07):
Are they going into influencer territory, or is it a
little bit for me?
What do you think is thedifference?
Speaker 1 (01:25):
Yeah, yeah, we can air quotes right that are on
LinkedIn, they're on Twitter,that are that are, you know,
doing this whole.
You know what a day in the lifeof a of a cyber security
influencer looks like.
I couldn't care less.
I could not I could not careless Right.
In fact, it makes them lookdumber, because you're telling
(01:45):
me what your day in life is ofbeing a cybersecurity influencer
.
Again, I don't even know whatthat is, but you're not talking
to me about the nuances of youknow Auth0 and Okta and how you
set up an IDP or what you didright or anything like that.
And, granted, this podcast hasgone a little bit away from that
right or anything like that.
And, granted, this podcast hasgone a little bit away from that
(02:06):
right.
Like we were, we were supertechnical in the beginning, I
feel like, and our guests wouldbe caught off guard and they
wouldn't.
They wouldn't necessarilyalways be able to go that that
technical right and it it wouldpaint them in a picture that's
probably not accurate for whatpeople should look at them as.
But then when I bring onsomeone from from NVIDIA who's
an AI security expert, who'squite literally writing the
(02:27):
textbook you know that sans isgoing to be using for AI
security, and I bring him on andI'm asking, you know, probably
the dumbest questions in theworld- what's your favorite
color?
What's an AI, you know, likethat sort of thing.
But I think, um, I think thethings that I would have to do
(02:49):
to make the podcast go viraltruly aren't worth my time,
because I get value from thispodcast.
Besides, like monetization,right, like, I get the exposure.
The exposure is so much moreimportant in this field than
anything else.
Right, and that's also whatthose influencers are doing
right there.
They want the exposure.
They want the contracts to comein the back door that no one
(03:10):
else is talking about.
You know that they want to beup on stage accepting their
awards and I've had on a lot ofthose people that accept those
awards.
Right, like, it's not out ofthe realm of possibility.
I'm also not bashing people forgetting those awards.
It's cool and all, but at theend of the realm of possibility.
I'm also not bashing people forgetting those awards.
It's cool and all, but at theend of the day, does it really
forward anything incybersecurity?
I don't think so.
Speaker 2 (03:30):
You forward yourself essentially because that's what
I've been noticing too, is thatthe percentage of influencer
into your work has to be smallerthan the actual content.
So I understand that, just toplay devil's advocate, you want
to be unique, you want to beseen, you want to stand out, you
know, and that's when you startto go kind of taking on these
(03:52):
influencer tactics to, you know,catch people's eye.
I've been writing articles onLinkedIn.
My best articles are always theones that start with a number
or it's two simple sockexercises to something simple,
you know.
So it's it's almost kind ofcounterintuitive to what you're
trying to do, because you'retrying to explore, deep dive,
you know, really kind of getinside the facts and everyone's
(04:16):
just skimming on the surface.
So I think, with your focus,you're really trying to figure
out exactly.
You know how to get yourselfout there.
But but stay true to yourcontent and I think that's what
actually ends up showing at theend of the day to everybody and
really standing out is thatyou're dedicated to this content
.
Speaker 1 (04:33):
Yeah, I think, yeah, okay, so there's a few different
things there, right?
So I feel like what you'redoing is helpful.
I'll give you an example of acybersecurity influencer that is
producing content that is nothelpful, and I'm not going to
name them.
I don't feel like getting suedtoday Tuesday, is not a good day
(04:55):
to get sued on.
So this person is making avideo on day in the life of a
cybersecurity influencer.
Right, this person isn't goingto a conference or anything like
that.
Right, they're waking up,they're showing them, put on
makeup and walk down to theirhome office and turn on a laptop
(05:18):
.
Right, I mean, that's whatthey're doing.
And I'm just sitting here andI'm like what, what value is
this content?
Like?
What's the actual value?
Right, is someone going to lookat this video and be like I
want to be in cybersecurity.
That's really cool, that'sreally intriguing.
No, like, no, no one caresabout you putting on your makeup
.
Speaker 2 (05:37):
Okay, You're losing the main message.
Yeah, I mean, what are?
You trying to tell me, you know, within this four or five, 20
minutes, you know, is it aboutyour life or is it about how I'm
going to apply this to my dailycybersecurity life?
Speaker 1 (06:09):
no-transcript.
I just like been grinding, youknow, for 10 months, right?
Like I talk about that everyyear.
For the past four years I'vetalked about it, um, and somehow
I can't get around not doing it.
Right, I talk about mystruggles when we were working
together at the same company Idon't say any company names on
(06:33):
the podcast, so don't do thatbut when I was making $45,000 a
year, not able to pay all of mybills, right, and people were
not doing anything to help me,right Like?
I had a lot of people around methat when I told them I wanted
to get into cybersecurity, thatjust straight up laughed at me
and were like that's never goingto happen.
You know, and you know thatthat competitor in me, right,
(06:54):
people don't realize.
Like I used to wrestle in highschool.
But one of the one of the thingsthat wrestling really ingrains
into you is that competitivemindset where it's like you, you
think I won't, I won't be ableto do this.
You think I won't do it.
Okay, I'm going to go do it andI'm going to rub it right in
your face and it's going to befantastic.
(07:14):
I'm going to enjoy it and Ihope you have a great, terrible
time.
It's like that's.
That's the mentality, right,like the quickest way to get me
to do something is telling methat you think I can't do it.
That is the quickest way to doit.
I mean, hopefully my wifedoesn't listen to this, so that,
but you know that's neitherhere nor there.
Do not take me on vacation, donot take me to hawaii yeah, do
(07:35):
not take me to hawaii for an allexpenses paid vacation.
Yeah I'll show you yeah you,you won't be able to afford this
.
Speaker 2 (07:44):
What I think that's good that you kind of add in the
the personal touch as well, andthat's why I yeah, I'll show
you, yeah, you won't be able toafford this what.
I think that's good that youkind of added in the personal
touch as well, and that's why Iwas like kind of going back to
like finding the rightpercentage that aligns with your
ultimate message, because youknow you're talking about
burnout, because, I mean, themain message is you don't want
others to get burned out.
So you're kind of, you know,letting them know about your
experience.
(08:04):
Hey, this is what I've donethat helped, this is what I've
done that hurt.
So you're even using yourpersonal life to you know, give
instruction to better us daily.
Speaker 1 (08:15):
Yeah, I try, I try at least which I think that's,
like you know, 90 of the battle.
Right, is actually trying to doit.
But um, you know, peter, you'venever been on the podcast before
, so we gotta do an intro, rightum and, as you can tell, I'm
we're 10 minutes in and I didn'teven do an intro, but we've
known each other for a long time.
(08:36):
But you know, why don't youtell my audience how you got
started in it?
What, what was that like?
What made you want to go downthat route?
Yeah, what does that look likefor you?
Speaker 2 (08:48):
Yeah, so once I, you know, getting out of college, I
was working at a very, verypopular computer store.
It's kind of like a pair butdifferent.
I think you got the idea.
So I was able to start likereally kind of learning, getting
into the tech system, but likewhat I've noticed was kind of
what you're saying, like I wantto branch out, I want to build
(09:10):
on what I have here.
I don't want to fix people'scomputers, you know, I really
want to just jump in and seewhere I'm going.
And you know, that's where,kind of jumping in, like joining
a random software company towork as an application support
specialist, and you know I haveno idea what I'm doing.
But hey, I'm going to raise myhand and say I'll be the first
(09:31):
one to do it if you need me to.
And that's where you start tobuild your connections.
And that was one of the firstthings that I was told is that
you know you build yourconnections, you build your
opportunities.
Um, so that was like I said,like always, just try to keep
that in mind, like just tocontinuously build your network
out.
So then, yeah, I would say thatthere was this one person that
(09:52):
you know really gave me anopportunity to get into
cybersecurity.
I think it's the person I'mtalking to right now actually
and, you know, really gave me myfirst chance.
So you know, in that aspect Ilike to think that I'm a bit
lucky.
I had somebody looking out forme there.
But then it was also on me toreally kind of take advantage,
take opportunity, not bestagnant and really kind of just
(10:13):
learn and really kind ofembrace.
So, you know, the first, I'dsay, you know, four years of
working in cybersecurity, verykind of just technical, focused
very much on the engineeringside, and then I was met with,
like this fork in the road Do Ibecome more technical?
Do I become more managerial?
And honestly, I've always kindof had that leadership backbone.
(10:34):
I love people.
I love, you know, sharing, Ilove to be able to build
programs.
So, with kind of just layingall those things out, I was just
like I think I'm going to getinto leadership.
I think that's where I want togo.
I think that's where I canreally truly make a difference
and be able to myself grow asjust a human being in general.
So then, moving over, I landedmy first IT security manager job
(10:57):
.
I was a team of one, which is adaunting task for someone who's
never been an IT securitymanager before.
All it takes is just thatwillingness and that willingness
to learn and also thewillingness to take chances as
well and not to be afraid ofpeople kind of pausing or being
(11:18):
like I don't think that willwork.
I would say one of the biggestthings that I've done that
sometimes gets met withresistance is project management
.
Of the biggest things that I'vedone that sometimes gets met
with resistance is, you know,project management.
That's one thing that I'vecompletely invested a lot of my
time in is advancing my projectmanagement skills and like
adopting a full methodology andbeing able to implement it
alongside with cybersecurity.
(11:45):
When I started to really diveinto like the agile scrum
methodology, being able to buildsprints with my team, align my
large projects with, you know,actionable tasks and having kind
of that consistent, you know,weekly check-in, just ensuring
that our priorities are straight.
So we're looking at this sprintand it's always through the
lens of risk prioritization andit's always through the lens of
risk prioritization.
(12:05):
So, thankfully, I was able tobuild my team when I was the IT
security manager and you know, Ihad a team of five when I left
and that was actually one of themost you know, I would say,
worthwhile achievements I've had, because I got one.
I got to understand the growthof, you know the team,
(12:25):
understand the needs of the team, truly be able to state my case
to my leadership and let themknow hey, these are the projects
that we have in place, theseare the people we're going to
fall short, you know.
So, to be able to expand thatteam, expand our capabilities Uh
, I was even at a point where Ihired a GRC engineer to help me
with SOC 2, type 2, a bunch ofdifferent items there.
(12:50):
So I really started to learnwhat it was like to delegate,
which I think is a verydifficult thing to do when you
first start doing it, becauseyou have this kind of dominant
attitude where you, hey, ifthere's something I gotta, I
gotta get it done, I gotta getit done.
And once you get into thatleadership spot, you got to step
back, trust your people andgive them the tools to be
(13:12):
successful and you know youcould always be there for them.
But at a certain point you haveto kind of let the bird fly out
of the nest and let them beable to spread their wings.
So that was one of the thingsthat I've kind of learned is,
you know, giving people thespace but also giving them the
tools to be able to succeed, sothey could feel like they have
some autonomy in the decisionand they have more stakes in the
(13:34):
decision, rather than just kindof being told what to do.
Speaker 1 (13:38):
Yeah, that is for me personally, that's like the best
way that a manager should, youknow, lead and manage and
whatnot.
I had one manager that reallylike strongly, took that
approach and I won't sayobviously what company and
(13:59):
whatnot, but you know, heliterally described me as like a
cyber mercenary.
He's like you don't understand,joe, is someone else right,
you're used to these people thatare very regimented and whatnot
, and what they do.
Joe will literally buy you off,if that's what it takes.
(14:20):
He'll take money out of his ownchecking account and buy you
off to get work done, and I'mnot ashamed to do that.
I've done it before.
Whatever it takes, give me thegoal.
And he said, the most effectiveway to manage Joe is point him
in the direction, tell him whatyou want him to come back with
and when he comes back with it,you don't ask him how he did it,
(14:42):
right Cause you may not likethe answer.
You may not like it, you maythink that, oh, now you have to
go do something about it.
Like it's like.
No, you know, and in that samerole, right Like, I was working
with 150 developers literally150 developers working on 40
different applications,deploying a WAF to all of them
(15:05):
in production across you know,four different tiers of accounts
Right, and these developers,they would like, you know, gang
up on me and I'm I'm not thetype of person to, just, you
know, give in right Like okayyou're, yeah, you're, you're
gonna, you're gonna provide alot of pressure.
I don't, I don't really care, itdoesn't register in my head for
(15:25):
some reason, right.
And so, like when I didn'tcrack, they went to my manager
and my manager asked him onething Did Joe tell you to do
this?
And they said yes.
And he said then why are youasking me anything?
You need to go do what Joe justtold you.
And they're like, yeah, but dowe really have to, you know?
And he goes him saying it isthe same as me, it doesn't
(15:47):
matter, and like it just shutthem all up.
And of course, you know Istarted making a lot of progress
, right.
But I think that's really,that's really empowering, right,
because I've had other managersthat that will micromanage how
you get something done, you know.
And they will micromanage yourproject timelines and everything
(16:08):
.
I mean, like you know, myproject timelines.
Sometimes it'll look likethey're falling behind, but the
way that I'm staging all of thiswork, it's like, hey, you know
it's going to be large amountsof progress in small amounts of
time and then it's going to looklike nothing for two months and
then a whole bunch of stuff isgoing to get done all at once,
right like sometimes.
(16:29):
That's what happens, and themanagers that I've really
disliked working with the mosthave all been micromanagers,
every single one of them.
I just I can't do it.
Speaker 2 (16:42):
Yeah, it's rough and especially, like I said, like
you have to be able to trustyour staff like he understands
the risk, he has a plan.
If he's already approached youwith this, I'm going to assume
that he's already done first twosteps.
So, you know, that's where youget into the conversation of,
hey, how do we really kind ofstreamline this?
(17:03):
You know, and then you go backto what's the actual policy and
procedure behind it too, becausesometimes you just need power
of law behind you and that'swhere those policies really kind
of come and save you, becauseyou're saying, hey, I have a
time frame to get this done.
And you know, let's, let's dowhat we committed to the
business.
So, yeah, yeah, let's, let's dowhat we committed to the
business.
So, yeah, yeah, like I wassaying, like one of the I would
(17:25):
say like the three kind ofpillars that I've built myself
into when it comes to, you know,cyber security and kind of
being that next up and comingleader is to really kind of just
, you know, like I said, justcompartmentalize it into three
different parts.
I would say, like leadership isobviously number one.
You need to be able to providea strategic vision for the
(17:49):
organization.
You need to be able to havealignment to the actual business
goals itself, and then you alsohave to have the strong
framework to apply.
I've always been a huge believerin CIS Top 18.
That's the framework that Itake to everywhere I go, just
because it's really built, know,really built on this.
You know this agnostic backboneof you know different
industries, different people andit allows me to be able to kind
of track progress.
(18:10):
You know, in these like 18different areas.
So that's when I start toreally kind of, you know, show
that leadership muscle is sayinglike, hey, like I understand
what the business goals are, Iunderstand what our critical
risks are.
Here's the next year on how wecould start closing that gap.
Then you bring in, kind of,like I was saying before, the
project management skills.
That's when you really have tostart to understand your
(18:30):
capacity for your team andthat's where I really started to
, you know, begin to understand,like the day in the life of an
analyst, of an engineer, youknow, and a lot of us, you know,
wear multiple hats, so you'renot also always doing
operational work.
You might be doing someengineering project work.
You gotta start then putting itinto those different buckets as
(18:51):
well, and starting to managethose that time.
And then people also, you know,take time off.
You have to factor that intoall these different projects,
all these different initiatives,and if you don't have that kind
of that structure, theneverything becomes a hey, did
you get this done, hey, did youget this done, hey, did you get
this done?
And it's not, it's not visibleanywhere and it's not, you know,
(19:14):
tangible.
I'm not clicking someone movingover here to the done pile.
You know it sounds simple, butit's.
It's such a big thing to seesomething go from in progress to
done and be able to say what'sdone, what's in progress, you
know, and just to have thatquickness, efficiency, you
know're implementing it.
What's the goal?
What are you looking to matureit within the next year and also
(19:45):
understanding what newtechnology is out there too,
because that's the one thingthat I've noticed over the last
five, six years is that today'snumber one may not be tomorrow's
number one.
I've seen that with a couple ofproducts in the past the ones
that I'm not going to saybecause I just remembered not to
say them, but I've seen thatwhere this is the greatest
(20:09):
product in the world and then inthe next three years.
They're getting bought out bysomebody and you're like I can't
get a hold on anybody onsupport.
I signed a three-year contractwith these guys.
I look like an idiot.
So you have to really kind ofunderstand your vendors, your
partners, the technology that'sout there and, like I said,
(20:29):
aligning it with what youultimately want to do.
You don't want that stuff to beon the shelf, you don't want to
have projects become stagnantand you need to be able to
continue leading by example.
And that's why I myself throwmyself in the um, the uh which
fall our project management with, like, our sprints and, you
(20:50):
know, our weekly check-ins.
I have a person in there andI'm their director, so I want to
show them that, hey, I'massigning stuff to me as well,
I'm getting stuff done.
This is how I want you to do it.
And I'm going to lead byexample.
And I've had in the past whereI've had my cso lead that sprint
and he never had any.
He was not in there at all.
So he's just like thisomnipotent, you know person
(21:13):
moving things around.
Speaker 1 (21:14):
But you know, I want to have that kind of flat level
surface and say like, hey guys,I'm right here on the lines with
you yeah, well, I think, uh, Ipersonally I really think that
there's a there's a giantdifference between managers and
just all of management, right,just management overall, that
(21:36):
haven't had the technicalexperience and the ones that
have.
Right, there's a giantdifference.
I remember one manager that Ihad, and he was the one you know
that would have his whole teamwork.
You know, 80 plus hours a week.
And if you were working 80, youknow you were getting talked to
(21:58):
saying, hey, you're not workingenough, right, 80 doesn't cut
it over here, right?
If you're going to do 80, go onto another team.
And that was the feedback thatI got.
And the rest of my 12-personteam got right, wow, wow.
And he was technical.
(22:21):
At one point in time he was aweb app developer, but he never
did the security work and henever fully understood it.
He knew all the rightterminology and everything, he
knew the right words to say atthe right times and whatnot, but
he never did the actualsecurity work of what it
actually takes with thesesolutions.
(22:42):
And you know, like you said,right, with that knowledge comes
knowledge of the industry.
Hey, what technology is outthere?
What technology has been outthere for 10 years?
Right, that has been the marketleader in this area.
Why are we looking at anythingelse?
We're going to waste our time,right, unless a new technology
comes out and they go into ourenvironment.
(23:03):
We do a year-long POC, right.
Really test them out, reallyvet them, you know.
And, yeah, we'll pay them acertain amount, you know, for
that year, of course.
But, like, why are we goingwith these subpar technologies?
And that's what a lot ofsecurity managers overall are
lacking it's being able to lookat a tool and say this doesn't
(23:26):
work, this looks like garbage,like this actually looks like
you guys are going to go out ofbusiness and in 12 months or
something yeah, like, how doesthat feature set align to my
goals or my long-term vision forthe organization?
Speaker 2 (23:39):
How does it align with, you know, my CIS Top 18
framework?
How do I map it to actualfields?
That's where it starts toactually start to come together
is when you're actually, youknow, connecting these things
and understanding.
Hey, like I'm meeting about,you know, seven out of ten of my
criteria, I need at least nine,you know.
(23:59):
So it's just understandingthose feature sets.
And then also you know thatpath to implementation as well
too.
So you know there's all allthese products, that zero trust,
you know, and you don't justturn these things on once you
put them out of the box, or elseyou just blow up your company,
your company, yeah, so let's notdo anything for a month after
(24:20):
turning it on exactly everythingis super secure when you can't
turn anything on.
So I guess you know missionaccomplished.
But no, you need to be able to,like, truly understand.
You know the technology, therisk of implementing, the risk
of it going wrong, the impact onthe business, because you know
we're not generating revenue forthe business, so we're already
(24:42):
kind of at a disadvantage.
So, when it comes to total costownership of products, we
really need to be able to draw agranular line of value for the
product to the business because,like you said, most people
don't even understand, andyou're even telling me some
security managers don't evenunderstand.
So how is your board to trulyunderstand the risk Right?
Speaker 1 (25:05):
Yeah, yeah, you know, and you talk about, you know,
actually like showing your team,you know that that you're,
you're, you have a vestedinterest, right, that you're
getting stuff done too.
And I remember that samemanager for me, right, that was
telling us that you know weweren't working enough.
He would like just completelyrearrange our projects.
(25:31):
You know, last minute, right, Iremember one time in particular
, we had a massive outage withone vendor because we rushed to
do an upgrade, right, kind of athis, you know, behest or
whatever whatever the right termis, and so we did this upgrade.
A massive outage was caused.
And then, a couple weeks later,you know he's like hey, they
put out a new version.
(25:51):
We gotta, we gotta put it intoproduction, like right now,
we're gonna do it this weekend,right, and you know my response
was like hey, because of youknow, my response was like hey,
because of that, you know,pretty sizable outage.
Like I created the whole liketesting plan.
The testing plan intentionallytakes six weeks of testing
before we deploy it intoproduction, right, and like it's
(26:15):
very purposeful, you signed offon it, your manager signed off
on it, the CISO signed off on it.
If we don't follow that, it'snot good.
Speaker 2 (26:24):
Six is not an arbitrary number.
It's not like my favoritenumber or a lotto pick or
something.
There's a reason why we havesix weeks of work.
Speaker 1 (26:33):
Right.
Well, it was intentionally likethat, because the vendor had a
history of not fixing bugs in atimely manner Right, so they
fixed it on a monthly mannerrather than a weekly manner and
they would try and give theirone, one off customers that
would run into them, you know, ahot fix, right, so let's
(26:54):
minimize the hot fixes, let'sget it all into one large update
and test it.
Right, and it was also amassive tool.
It's a pam solution, right, soit also takes us two to three
weeks just to run through allthe workflows that we need to do
in our day-to-day job and thengo through and do all the onesie
(27:15):
, twosies sort of stuff.
Like, okay, well, this neverreally happens, but if we need
it to happen, you, you know, weneed to make sure that this
works right.
Like, if I say, stop rotatingpasswords, I need to know it
stops rotating passwords, right,like that's a, that's a break
glass feature that I need towork every time I put I push
that button, right, and so, likeit was, it was, it was very,
(27:40):
you know, like we, very like Idon't know, mindfully made that
process long and arduous, right,because we baked in a period of
two to three weeks of thesolution just just running right
, like, hey, no one, no one doesanything.
No one logs in, right, we'regoing to now interact with it
from the outside and we're goingto see how it performs and
(28:00):
everything, and if it, if it,holds up to our tests we had
performance standards andmetrics and everything If it
meets our standards, then weschedule the production change,
right.
And this guy was like, yeah,it's a Tuesday, we're going to
do it on Saturday.
You guys are going to work allweekend as if we didn't already
have plans, you know.
And, uh, we're just going toget it done as if we didn't
(28:22):
already have plans.
You know, and we're just goingto get it done.
Right, and you know, I, I had to.
I had to slow them down.
I really tried to slow themdown a lot before getting to
this point.
But it got to a point where Iliterally just told them hey, if
you do this upgrade, I'm notgoing to be a part of it.
Like, straight up, I'm the leadhere, these, these guys are my
team.
I'm the lead here, these guysare my team.
(28:48):
I'm not going to be a part ofit.
If you're going to do it, goahead and do it.
That's fine.
You know where the executableis.
You know where the file shareis.
I hope you get the upgradeprocess right.
Here's the document that Icreated on it.
His response was he was going tolet me go if I didn't do the
upgrade.
I said if you're going to forceme to do the upgrade, that's
fine.
I'm also going to let the CISOknow that I recommended, as the
(29:08):
SME of this product, that we donot do the upgrade because it
did not fall in line with ourtesting schedule.
And he really backed off atthat point.
Right, but the only reason.
I mean you, I mean everything Ijust said right there.
Everyone that's technical,everyone that's ever held a
technical role in security,everyone would say what that guy
(29:31):
was asking for was absolutelyinsane.
And I didn't even describe theentire situation around this
product and whatnot right.
Anyone with truly half a brainwould be able to look at that
and be like maybe we should slow.
Whatnot right?
Anyone with truly half a brainwould be able to look at that
and be like, maybe we shouldslow down right.
Speaker 2 (29:48):
Maybe we should slowly understand risk.
You know that's what our jobrevolves around is.
You know risk of doingsomething and something going
wrong and having a plan aroundthat, and what sounds like is
that he did not understand therisk of executing this earlier.
He didn't want to communicateit to his CISO, he just wanted
(30:08):
to get it done, because he mighthave other things to do.
I don't know.
I don't know what's the rush.
Speaker 1 (30:15):
His risk calculation was based off of his bonus.
Yeah, not the risk calculationfor the environment.
The numbers are a littleflexible when it comes to his
bonus.
Yeah, not the risk calculationfor the environment.
Speaker 2 (30:23):
The numbers are a little flexible when it comes to
your bonus stuff.
Speaker 1 (30:26):
It was literally if I get more stuff done, I get more
money at the end of the year.
Who cares if I burn out everysingle person on my team.
I mean, he had literally, I kidyou not, he was known within
the organization to build up ateam of 12 to 15 people and
within 12 to 18 months, afterreaching that 12 to 18 people
(30:50):
amount, all of them would leave.
Every single one of them wouldleave, and he'd have to rebuild
his entire team.
Speaker 2 (30:56):
There's no need to look into why that happens.
It happened three or four times.
Oh don't let this happen again.
Speaker 1 (31:04):
Here's another team, you know, yeah right when?
Speaker 2 (31:07):
when does it become enough?
Speaker 1 (31:09):
right and he was like , because of how the org
structure was of that at thatorganization, you know he would
be poaching top talent from thelower level security teams.
Right, like I mean I want tocall it lower level or whatever.
But when you have a room of 250security analysts, okay, like
you know what I mean.
(31:29):
Like there's, you know, tiersto it, then Exactly Right,
you're by default creating thosetiers and so he would be taking
the top talent from these otherteams and burning them out
completely.
And these are people that havebeen at the organization for
seven, eight years.
They really like it there andeverything else.
Like that.
They go to his team and after12 months they're leaving, right
(31:52):
, but HR would never look at itbecause they're like he was here
for eight, eight years.
You know he just wanted tochange.
It's like, eh, not really.
Speaker 2 (32:02):
Yeah, Like I'm just not going to listen to your exit
interview.
Speaker 1 (32:05):
They didn't even they don't even give them.
Speaker 2 (32:08):
I wonder why yeah, you wonder why things are the
way they are Weird.
Speaker 1 (32:12):
Yeah, no exit.
There's no exit interview.
When, uh when, you're onsecurity and you put in your
notice and three hours latersecurity shows up at your desk
with a box.
He says okay, your last day istoday.
We'll pay you through the endof the month, don't worry, your
last day is today.
Speaker 2 (32:28):
Yeah, you're seen as a criminal.
At this point you could do noright.
You could only do wrong at thispoint, so you need to go.
Speaker 1 (32:37):
You're treated like a traitor for the CIA.
I mean 100%.
Like you just said, what You'requitting, we're going to quit
for you.
Here you go.
Speaker 2 (32:48):
It's like there's one button to nuke all your
accounts.
Just one person just waiting,you know, to press on it.
Speaker 1 (32:54):
Oh, dude, when I put in my notice, I think by the
time I got back to my desk myaccounts were disabled.
Speaker 2 (33:00):
Wow, I am impressed that you did that like I was the
only admin on that oneapplication.
Like I don't know what you'regonna do about that.
Speaker 1 (33:10):
It's like not anymore , not anymore, that little guy.
We're gonna get rid of thatlittle guy throw the book on
that one right, you know what Iwanted to ask you, because I've,
technically, not until recently, um, I've, I've pretty much
always been an individualcontributor, right?
(33:30):
What skills would you recommendsomeone develop to make that
jump into management?
Speaker 2 (33:38):
yeah, I would say the first um kind of first step to
getting into that management andyou know the true delegation,
keeping track of progress on,you know putting time into
building it and you know puttingtheir feedback, having
(34:05):
adjustments due to you know justthe risk of the organization or
needs of the organization.
You need to have a platformthat has all of that work to,
where you could start reallykind of delegating it,
scheduling it and like havingthat normal kind of cadence it
could be once a week, two timesa week but where you're really
kind of keeping track of eachtask and understanding if there
(34:27):
are any bottlenecks or any kindof issues.
You want to be able to flushout issues as soon as possible,
because what I've noticed issome people will have some kind
of drag time with that.
They'll send another email,they'll maybe message them on
Teams.
I didn't get a response.
What do I do?
You know?
(34:47):
That's where you start tounderstand who are the
stakeholders Like, who's trulyresponsible for this, and that's
what I tell everybody on myteam.
I am truly responsible for this.
If you reach a bottleneck withone of our vendors, with another
one of the business units, youlet me know, you raise your hand
, you flag it, we get it takencare of.
And that's one of the biggestthings that the project
(35:10):
management and sprints reallyallow everyone to do is it
forces everyone to go througheach kind of line item, give
kind of a quick update and alsolet me know hey, I'm having an
issue with this and it's justlike oh, you know, it's on my
radar, I'm taking care of it.
I've seen it where I've joinedorganizations and it's just like
you jump on a call and they'relike Joe, what do you got today?
(35:32):
That drives me nuts.
It drives me nuts because itshows that you don't have a plan
.
You don't have a plan.
You're just waiting for people,for people to, you know, come
up with what they think theyneed to do, what they're coming
up with at the top of their head, because there's nothing
written down.
Um, I, it's one of the things Icannot have.
So it's like a nice structuredsystem to where you know I, I
(35:54):
use some kind of like devopsplatform.
You know it's not technicallydoing any commits or anything
like that, but, you know, havingit to where I could build out
epics and projects, tasks and,like I said, really being able
to track each step of the way.
So I understand if there's anykind of hitches.
(36:15):
People to do is find a projectmanagement approach that fits
for you, fits your organization,you know, and really enables
people to become more autonomousbut also gives them the
information to collaboratebetter and just be more
efficient.
Speaker 1 (36:33):
Yeah, that is that's really critical.
You know, on learning howpeople work right, how they
operate, how what works best forthem, right, like with me.
You know that that cybermercenary perspective, that like
that works perfectly for me.
You know, all day, every day,right For other people on my
(36:54):
team it's probably not going towork right Like that.
That won't work.
It's because I come at it froma different mentality.
But, yeah, having that projectmanagement perspective is
actually critical and you know,I almost want to take it back.
It's almost on the manager tocultivate that environment, that
(37:18):
skill set Right.
And I'll give you an example.
You know the best CCO I've everworked with I mean he'll be on
the podcast a little bit acouple months or so he, he like,
explained it to us just how,just how he needed it right.
He said look, I have a monthlycall with the cio, the ceo and
(37:40):
the cfo.
I have to legitimize theproject, spend every single
month in this way.
This is how I do it, this isthe template I use and this is
what I expect as an update.
And I need the update at thistime of this day of the week
because I filter up thatinformation and then at the end
of the month I correlate all ofit and tie it all in for
(38:04):
everyone else to see.
So that's how I expect it.
Here's the template, right?
And he even said he's like hey,if you got a better template,
just send it to me.
Like, if you want to view itdifferently, just send it to me,
you know?
But when he broke it down likethat, like my information isn't
just informing him, right, likeit's informing, like the CFO,
(38:26):
right, a guy that I've nevertalked to, never met, never want
to talk to, never want to meet,right, and you know he needs it
in this kind of structure.
He needs to show, you know,progress in this way.
And then I also learned you know, give the updates in the email,
break everything down, right,like this is what was
accomplished, this is theproject status overall.
(38:46):
This is the percentage complete, based on this metric in jira,
right, that has all these cardsthat are tied to this epic, that
is tied to this project, thathas all the funding and whatnot.
And then here's all theupcoming work, right.
So next week you can expectthis stuff to be in the
completed pile, and if it's not,I'll have a reason why.
And then on top of that, let'stake that information and just
(39:11):
bake it right into his slidethat he needs.
So my manager can just say, okay, drag and drop, it's now in my
slide deck, my job is done forthis project.
But like having thatopportunity, like I never
realized that right, like I'vebeen in this field for, you know
, 10, 11 years at this point, noone ever broke it down to me
(39:32):
like that and as soon as someonedid.
Now, that's just how I do it.
You know, there's no other waythat I do it.
I try to make it as easy aspossible for my manager to go
and defend my work and giveprogress updates yeah, it's a
keep it simple, stupid it's.
Speaker 2 (39:51):
Uh, you know it's.
Yeah, you don't have to reallykind of make everything over
complex.
Like I said, it's, you'rereally looking for a slim,
efficient model, that's, youknow, adaptable to change,
because that's that's what wetruly have to be ready for is
for our sprint to completelychange the next week due to a
(40:11):
new vulnerability, due to a newimplementation, due to a new
acquisition, due to a newimplementation, due to a new
acquisition from the business.
So we need to be able to kindof be like a center fielder, you
know, have your, have your uh,be on the balls of your feet and
be able to go left and rightwhen you need to yeah, yeah,
that's a really good, that's areally good point.
Speaker 1 (40:31):
You know, security isn't always I mean it's never
cut and dry.
You know, like cookie cutterevery single day, right like man
, it is not right.
Like you know, when log 4j cameout, right, everyone's getting
ready for the holidays.
I mean, I think it might havebeen thanksgiving, right like,
and uh, sure enough, now youhave a zero day that you have to
(40:54):
deal with.
Oh, and it's actively beingexploited in the wild and if
this one little thing is exposedto the Internet, it's, you know
, game over for your environmentif it's exploited, because
there's no way you're going tobe able to shut it off, like,
quickly enough, right, right.
And so now everyone in securityall across the globe is no
longer having Thanksgiving.
(41:15):
They're no longer having aBlack Friday shopping spree,
right, they're no longer.
I mean, at the company that Iwas at, we had a large enough
environment.
We, we didn't stop dealing withthat until February, right, I
mean, that's people workingseven days a week, all day.
You know, we had shifts thatwere going in and working it
(41:36):
because we had that many systems.
I mean, there was systems thatwere vulnerable to it.
Where we're, just like, wedon't need it doesn't generate
revenue.
Shut it down, like some of themwas like don't even just shut
it down, just delete it, like,remove from our environment, we
don't need it, you know,evaporate it.
Yeah, we're just like like we.
We had, we had the, you know,the blank check, so to speak,
(41:56):
where it's like, hey, this thingis so serious, where we have 15
000 servers that are vulnerableto this thing, right like our,
our patching solution would takea week to get through it if we
just said patch everything, youknow yes, there's so much risk
around it.
Speaker 2 (42:12):
That's where it's, like you said, there's a finite
amount of hours that you can getfrom your team.
You have all these projects andthen you have log4j coming
around and it's like, why aren'tall these projects getting done
?
So that's where you know it'sreally on your leadership to be
able to let them know hey, thisis the capacity of my team,
these are all the initiativesthat we have.
This is the kind of unplannedwork that comes into our, our
(42:35):
lives, because that's that'swhat we deal with.
And you know, really breakingit down, like I said, building
that roadmap to saying, hey, ifthis occurs again, we hire a
couple more people.
Or, you know, we find a partnerto a third party to kind of
work with, to to be able tolessen the load and, like I said
(42:55):
, like really kind of use thattime smarter.
You know, and that's where,like I said, it's just you
really need to focus on everylittle detail when it comes to,
you know, managing your program,because you know the second
something stops or somebodystarts stops paying attention.
You got to be aware of itbecause then you're, you know,
allowing a risk to, you know,occurring your organization.
(43:15):
That's on you.
Speaker 1 (43:17):
Yeah, yeah, absolutely Well, peter, you know
we're we're pretty much at thetop of our time here and I'm I'm
always very cognizant of myguests time, you know so.
But but it was, it was afantastic conversation and
you're going to be, you're goingto be back on the platform in a
more regular format.
We're not going to, we're notgoing to announce it just yet,
all right, but you know, I thinkwe got something good cooking
(43:39):
here where we're able to providevaluable insights, you know,
into different levels and layersof security.
Overall, right, and I thinkit'd be really, really
interesting to see where it goes.
But you know, before I let yougo, peter, how about you tell my
audience, you know where theycan find you right, like where
your articles are on LinkedInthat are fantastic.
(44:01):
That, you know, I always try tocomment on and share and
whatnot.
Speaker 2 (44:06):
Yeah, yeah, so I post um, I get to create like a
separate site to post these on.
So everything's on LinkedIn.
In P Ramadan, I made my customURL so it's a little easier to
pop in there.
I just P Ramadan and yeah, I'mbusting those out weekly and
just kind of the same initiativeas Joe, I want to be able to
(44:26):
give from you know, in the pastI've I've taken, so this is my
opportunity now to you know, beable to share everything that
I've learned and, you know,hopefully it helps you out yeah,
yeah, absolutely well.
Speaker 1 (44:38):
Hey, peter, you know I really appreciate you coming
on and I hope everyone listeningreally enjoyed this episode
thank you, joe, I reallyappreciate it yeah, absolutely,
thanks everyone.
How's it going, peter ?
This has been a long timecoming right.
We've been talking about thisoff and on since I started way
back in oh my God 2021, I thinkis when I started this February
of 2021.
Speaker 2 (00:16):
Wow, four years now.
Huh, this is the thing, right.
Speaker 1 (00:25):
And I think that this is probably why like 98% of
podcasts don't make it pastepisode 10.
Is because you go into itthinking, okay, there's going to
be a huge amount ofdiscoverability, I'm going to
have all the right hashtags, I'mgoing to have all the right
titles, I'll eventually build arepertoire of really good guests
and whatnot, and all of thatwill enable you to get
(00:49):
discovered.
And that's not the case.
You could have the besthashtags and everything else
like that.
Sometimes the stuff justdoesn't work and I know what my
competitors are doing and I justrefuse to do it.
Speaker 2 (01:07):
Are they going into influencer territory, or is it a
little bit for me?
What do you think is thedifference?
Speaker 1 (01:25):
Yeah, yeah, we can air quotes right that are on
LinkedIn, they're on Twitter,that are that are, you know,
doing this whole.
You know what a day in the lifeof a of a cyber security
influencer looks like.
I couldn't care less.
I could not I could not careless Right.
In fact, it makes them lookdumber, because you're telling
(01:45):
me what your day in life is ofbeing a cybersecurity influencer
.
Again, I don't even know whatthat is, but you're not talking
to me about the nuances of youknow Auth0 and Okta and how you
set up an IDP or what you didright or anything like that.
And, granted, this podcast hasgone a little bit away from that
right or anything like that.
And, granted, this podcast hasgone a little bit away from that
(02:06):
right.
Like we were, we were supertechnical in the beginning, I
feel like, and our guests wouldbe caught off guard and they
wouldn't.
They wouldn't necessarilyalways be able to go that that
technical right and it it wouldpaint them in a picture that's
probably not accurate for whatpeople should look at them as.
But then when I bring onsomeone from from NVIDIA who's
an AI security expert, who'squite literally writing the
(02:27):
textbook you know that sans isgoing to be using for AI
security, and I bring him on andI'm asking, you know, probably
the dumbest questions in theworld- what's your favorite
color?
What's an AI, you know, likethat sort of thing.
But I think, um, I think thethings that I would have to do
(02:49):
to make the podcast go viraltruly aren't worth my time,
because I get value from thispodcast.
Besides, like monetization,right, like, I get the exposure.
The exposure is so much moreimportant in this field than
anything else.
Right, and that's also whatthose influencers are doing
right there.
They want the exposure.
They want the contracts to comein the back door that no one
(03:10):
else is talking about.
You know that they want to beup on stage accepting their
awards and I've had on a lot ofthose people that accept those
awards.
Right, like, it's not out ofthe realm of possibility.
I'm also not bashing people forgetting those awards.
It's cool and all, but at theend of the realm of possibility.
I'm also not bashing people forgetting those awards.
It's cool and all, but at theend of the day, does it really
forward anything incybersecurity?
I don't think so.
Speaker 2 (03:30):
You forward yourself essentially because that's what
I've been noticing too, is thatthe percentage of influencer
into your work has to be smallerthan the actual content.
So I understand that, just toplay devil's advocate, you want
to be unique, you want to beseen, you want to stand out, you
know, and that's when you startto go kind of taking on these
(03:52):
influencer tactics to, you know,catch people's eye.
I've been writing articles onLinkedIn.
My best articles are always theones that start with a number
or it's two simple sockexercises to something simple,
you know.
So it's it's almost kind ofcounterintuitive to what you're
trying to do, because you'retrying to explore, deep dive,
you know, really kind of getinside the facts and everyone's
(04:16):
just skimming on the surface.
So I think, with your focus,you're really trying to figure
out exactly.
You know how to get yourselfout there.
But but stay true to yourcontent and I think that's what
actually ends up showing at theend of the day to everybody and
really standing out is thatyou're dedicated to this content
.
Speaker 1 (04:33):
Yeah, I think, yeah, okay, so there's a few different
things there, right?
So I feel like what you'redoing is helpful.
I'll give you an example of acybersecurity influencer that is
producing content that is nothelpful, and I'm not going to
name them.
I don't feel like getting suedtoday Tuesday, is not a good day
(04:55):
to get sued on.
So this person is making avideo on day in the life of a
cybersecurity influencer.
Right, this person isn't goingto a conference or anything like
that.
Right, they're waking up,they're showing them, put on
makeup and walk down to theirhome office and turn on a laptop
(05:18):
.
Right, I mean, that's whatthey're doing.
And I'm just sitting here andI'm like what, what value is
this content?
Like?
What's the actual value?
Right, is someone going to lookat this video and be like I
want to be in cybersecurity.
That's really cool, that'sreally intriguing.
No, like, no, no one caresabout you putting on your makeup
.
Speaker 2 (05:37):
Okay, You're losing the main message.
Yeah, I mean, what are?
You trying to tell me, you know, within this four or five, 20
minutes, you know, is it aboutyour life or is it about how I'm
going to apply this to my dailycybersecurity life?
Speaker 1 (06:09):
no-transcript.
I just like been grinding, youknow, for 10 months, right?
Like I talk about that everyyear.
For the past four years I'vetalked about it, um, and somehow
I can't get around not doing it.
Right, I talk about mystruggles when we were working
together at the same company Idon't say any company names on
(06:33):
the podcast, so don't do thatbut when I was making $45,000 a
year, not able to pay all of mybills, right, and people were
not doing anything to help me,right Like?
I had a lot of people around methat when I told them I wanted
to get into cybersecurity, thatjust straight up laughed at me
and were like that's never goingto happen.
You know, and you know thatthat competitor in me, right,
(06:54):
people don't realize.
Like I used to wrestle in highschool.
But one of the one of the thingsthat wrestling really ingrains
into you is that competitivemindset where it's like you, you
think I won't, I won't be ableto do this.
You think I won't do it.
Okay, I'm going to go do it andI'm going to rub it right in
your face and it's going to befantastic.
(07:14):
I'm going to enjoy it and Ihope you have a great, terrible
time.
It's like that's.
That's the mentality, right,like the quickest way to get me
to do something is telling methat you think I can't do it.
That is the quickest way to doit.
I mean, hopefully my wifedoesn't listen to this, so that,
but you know that's neitherhere nor there.
Do not take me on vacation, donot take me to hawaii yeah, do
(07:35):
not take me to hawaii for an allexpenses paid vacation.
Yeah I'll show you yeah you,you won't be able to afford this
.
Speaker 2 (07:44):
What I think that's good that you kind of add in the
the personal touch as well, andthat's why I yeah, I'll show
you, yeah, you won't be able toafford this what.
I think that's good that youkind of added in the personal
touch as well, and that's why Iwas like kind of going back to
like finding the rightpercentage that aligns with your
ultimate message, because youknow you're talking about
burnout, because, I mean, themain message is you don't want
others to get burned out.
So you're kind of, you know,letting them know about your
experience.
(08:04):
Hey, this is what I've donethat helped, this is what I've
done that hurt.
So you're even using yourpersonal life to you know, give
instruction to better us daily.
Speaker 1 (08:15):
Yeah, I try, I try at least which I think that's,
like you know, 90 of the battle.
Right, is actually trying to doit.
But um, you know, peter, you'venever been on the podcast before
, so we gotta do an intro, rightum and, as you can tell, I'm
we're 10 minutes in and I didn'teven do an intro, but we've
known each other for a long time.
(08:36):
But you know, why don't youtell my audience how you got
started in it?
What, what was that like?
What made you want to go downthat route?
Yeah, what does that look likefor you?
Speaker 2 (08:48):
Yeah, so once I, you know, getting out of college, I
was working at a very, verypopular computer store.
It's kind of like a pair butdifferent.
I think you got the idea.
So I was able to start likereally kind of learning, getting
into the tech system, but likewhat I've noticed was kind of
what you're saying, like I wantto branch out, I want to build
(09:10):
on what I have here.
I don't want to fix people'scomputers, you know, I really
want to just jump in and seewhere I'm going.
And you know, that's where,kind of jumping in, like joining
a random software company towork as an application support
specialist, and you know I haveno idea what I'm doing.
But hey, I'm going to raise myhand and say I'll be the first
(09:31):
one to do it if you need me to.
And that's where you start tobuild your connections.
And that was one of the firstthings that I was told is that
you know you build yourconnections, you build your
opportunities.
Um, so that was like I said,like always, just try to keep
that in mind, like just tocontinuously build your network
out.
So then, yeah, I would say thatthere was this one person that
(09:52):
you know really gave me anopportunity to get into
cybersecurity.
I think it's the person I'mtalking to right now actually
and, you know, really gave me myfirst chance.
So you know, in that aspect Ilike to think that I'm a bit
lucky.
I had somebody looking out forme there.
But then it was also on me toreally kind of take advantage,
take opportunity, not bestagnant and really kind of just
(10:13):
learn and really kind ofembrace.
So, you know, the first, I'dsay, you know, four years of
working in cybersecurity, verykind of just technical, focused
very much on the engineeringside, and then I was met with,
like this fork in the road Do Ibecome more technical?
Do I become more managerial?
And honestly, I've always kindof had that leadership backbone.
(10:34):
I love people.
I love, you know, sharing, Ilove to be able to build
programs.
So, with kind of just layingall those things out, I was just
like I think I'm going to getinto leadership.
I think that's where I want togo.
I think that's where I canreally truly make a difference
and be able to myself grow asjust a human being in general.
So then, moving over, I landedmy first IT security manager job
(10:57):
.
I was a team of one, which is adaunting task for someone who's
never been an IT securitymanager before.
All it takes is just thatwillingness and that willingness
to learn and also thewillingness to take chances as
well and not to be afraid ofpeople kind of pausing or being
(11:18):
like I don't think that willwork.
I would say one of the biggestthings that I've done that
sometimes gets met withresistance is project management
.
Of the biggest things that I'vedone that sometimes gets met
with resistance is, you know,project management.
That's one thing that I'vecompletely invested a lot of my
time in is advancing my projectmanagement skills and like
adopting a full methodology andbeing able to implement it
alongside with cybersecurity.
(11:45):
When I started to really diveinto like the agile scrum
methodology, being able to buildsprints with my team, align my
large projects with, you know,actionable tasks and having kind
of that consistent, you know,weekly check-in, just ensuring
that our priorities are straight.
So we're looking at this sprintand it's always through the
lens of risk prioritization andit's always through the lens of
risk prioritization.
(12:05):
So, thankfully, I was able tobuild my team when I was the IT
security manager and you know, Ihad a team of five when I left
and that was actually one of themost you know, I would say,
worthwhile achievements I've had, because I got one.
I got to understand the growthof, you know the team,
(12:25):
understand the needs of the team, truly be able to state my case
to my leadership and let themknow hey, these are the projects
that we have in place, theseare the people we're going to
fall short, you know.
So, to be able to expand thatteam, expand our capabilities Uh
, I was even at a point where Ihired a GRC engineer to help me
with SOC 2, type 2, a bunch ofdifferent items there.
(12:50):
So I really started to learnwhat it was like to delegate,
which I think is a verydifficult thing to do when you
first start doing it, becauseyou have this kind of dominant
attitude where you, hey, ifthere's something I gotta, I
gotta get it done, I gotta getit done.
And once you get into thatleadership spot, you got to step
back, trust your people andgive them the tools to be
(13:12):
successful and you know youcould always be there for them.
But at a certain point you haveto kind of let the bird fly out
of the nest and let them beable to spread their wings.
So that was one of the thingsthat I've kind of learned is,
you know, giving people thespace but also giving them the
tools to be able to succeed, sothey could feel like they have
some autonomy in the decisionand they have more stakes in the
(13:34):
decision, rather than just kindof being told what to do.
Speaker 1 (13:38):
Yeah, that is for me personally, that's like the best
way that a manager should, youknow, lead and manage and
whatnot.
I had one manager that reallylike strongly, took that
approach and I won't sayobviously what company and
(13:59):
whatnot, but you know, heliterally described me as like a
cyber mercenary.
He's like you don't understand,joe, is someone else right,
you're used to these people thatare very regimented and whatnot
, and what they do.
Joe will literally buy you off,if that's what it takes.
(14:20):
He'll take money out of his ownchecking account and buy you
off to get work done, and I'mnot ashamed to do that.
I've done it before.
Whatever it takes, give me thegoal.
And he said, the most effectiveway to manage Joe is point him
in the direction, tell him whatyou want him to come back with
and when he comes back with it,you don't ask him how he did it,
(14:42):
right Cause you may not likethe answer.
You may not like it, you maythink that, oh, now you have to
go do something about it.
Like it's like.
No, you know, and in that samerole, right Like, I was working
with 150 developers literally150 developers working on 40
different applications,deploying a WAF to all of them
(15:05):
in production across you know,four different tiers of accounts
Right, and these developers,they would like, you know, gang
up on me and I'm I'm not thetype of person to, just, you
know, give in right Like okayyou're, yeah, you're, you're
gonna, you're gonna provide alot of pressure.
I don't, I don't really care, itdoesn't register in my head for
(15:25):
some reason, right.
And so, like when I didn'tcrack, they went to my manager
and my manager asked him onething Did Joe tell you to do
this?
And they said yes.
And he said then why are youasking me anything?
You need to go do what Joe justtold you.
And they're like, yeah, but dowe really have to, you know?
And he goes him saying it isthe same as me, it doesn't
(15:47):
matter, and like it just shutthem all up.
And of course, you know Istarted making a lot of progress
, right.
But I think that's really,that's really empowering, right,
because I've had other managersthat that will micromanage how
you get something done, you know.
And they will micromanage yourproject timelines and everything
(16:08):
.
I mean, like you know, myproject timelines.
Sometimes it'll look likethey're falling behind, but the
way that I'm staging all of thiswork, it's like, hey, you know
it's going to be large amountsof progress in small amounts of
time and then it's going to looklike nothing for two months and
then a whole bunch of stuff isgoing to get done all at once,
right like sometimes.
(16:29):
That's what happens, and themanagers that I've really
disliked working with the mosthave all been micromanagers,
every single one of them.
I just I can't do it.
Speaker 2 (16:42):
Yeah, it's rough and especially, like I said, like
you have to be able to trustyour staff like he understands
the risk, he has a plan.
If he's already approached youwith this, I'm going to assume
that he's already done first twosteps.
So, you know, that's where youget into the conversation of,
hey, how do we really kind ofstreamline this?
(17:03):
You know, and then you go backto what's the actual policy and
procedure behind it too, becausesometimes you just need power
of law behind you and that'swhere those policies really kind
of come and save you, becauseyou're saying, hey, I have a
time frame to get this done.
And you know, let's, let's dowhat we committed to the
business.
So, yeah, yeah, let's, let's dowhat we committed to the
business.
So, yeah, yeah, like I wassaying, like one of the I would
(17:25):
say like the three kind ofpillars that I've built myself
into when it comes to, you know,cyber security and kind of
being that next up and comingleader is to really kind of just
, you know, like I said, justcompartmentalize it into three
different parts.
I would say, like leadership isobviously number one.
You need to be able to providea strategic vision for the
(17:49):
organization.
You need to be able to havealignment to the actual business
goals itself, and then you alsohave to have the strong
framework to apply.
I've always been a huge believerin CIS Top 18.
That's the framework that Itake to everywhere I go, just
because it's really built, know,really built on this.
You know this agnostic backboneof you know different
industries, different people andit allows me to be able to kind
of track progress.
(18:10):
You know, in these like 18different areas.
So that's when I start toreally kind of, you know, show
that leadership muscle is sayinglike, hey, like I understand
what the business goals are, Iunderstand what our critical
risks are.
Here's the next year on how wecould start closing that gap.
Then you bring in, kind of,like I was saying before, the
project management skills.
That's when you really have tostart to understand your
(18:30):
capacity for your team andthat's where I really started to
, you know, begin to understand,like the day in the life of an
analyst, of an engineer, youknow, and a lot of us, you know,
wear multiple hats, so you'renot also always doing
operational work.
You might be doing someengineering project work.
You gotta start then putting itinto those different buckets as
(18:51):
well, and starting to managethose that time.
And then people also, you know,take time off.
You have to factor that intoall these different projects,
all these different initiatives,and if you don't have that kind
of that structure, theneverything becomes a hey, did
you get this done, hey, did youget this done, hey, did you get
this done?
And it's not, it's not visibleanywhere and it's not, you know,
(19:14):
tangible.
I'm not clicking someone movingover here to the done pile.
You know it sounds simple, butit's.
It's such a big thing to seesomething go from in progress to
done and be able to say what'sdone, what's in progress, you
know, and just to have thatquickness, efficiency, you
know're implementing it.
What's the goal?
What are you looking to matureit within the next year and also
(19:45):
understanding what newtechnology is out there too,
because that's the one thingthat I've noticed over the last
five, six years is that today'snumber one may not be tomorrow's
number one.
I've seen that with a couple ofproducts in the past the ones
that I'm not going to saybecause I just remembered not to
say them, but I've seen thatwhere this is the greatest
(20:09):
product in the world and then inthe next three years.
They're getting bought out bysomebody and you're like I can't
get a hold on anybody onsupport.
I signed a three-year contractwith these guys.
I look like an idiot.
So you have to really kind ofunderstand your vendors, your
partners, the technology that'sout there and, like I said,
(20:29):
aligning it with what youultimately want to do.
You don't want that stuff to beon the shelf, you don't want to
have projects become stagnantand you need to be able to
continue leading by example.
And that's why I myself throwmyself in the um, the uh which
fall our project management with, like, our sprints and, you
(20:50):
know, our weekly check-ins.
I have a person in there andI'm their director, so I want to
show them that, hey, I'massigning stuff to me as well,
I'm getting stuff done.
This is how I want you to do it.
And I'm going to lead byexample.
And I've had in the past whereI've had my cso lead that sprint
and he never had any.
He was not in there at all.
So he's just like thisomnipotent, you know person
(21:13):
moving things around.
Speaker 1 (21:14):
But you know, I want to have that kind of flat level
surface and say like, hey guys,I'm right here on the lines with
you yeah, well, I think, uh, Ipersonally I really think that
there's a there's a giantdifference between managers and
just all of management, right,just management overall, that
(21:36):
haven't had the technicalexperience and the ones that
have.
Right, there's a giantdifference.
I remember one manager that Ihad, and he was the one you know
that would have his whole teamwork.
You know, 80 plus hours a week.
And if you were working 80, youknow you were getting talked to
(21:58):
saying, hey, you're not workingenough, right, 80 doesn't cut
it over here, right?
If you're going to do 80, go onto another team.
And that was the feedback thatI got.
And the rest of my 12-personteam got right, wow, wow.
And he was technical.
(22:21):
At one point in time he was aweb app developer, but he never
did the security work and henever fully understood it.
He knew all the rightterminology and everything, he
knew the right words to say atthe right times and whatnot, but
he never did the actualsecurity work of what it
actually takes with thesesolutions.
(22:42):
And you know, like you said,right, with that knowledge comes
knowledge of the industry.
Hey, what technology is outthere?
What technology has been outthere for 10 years?
Right, that has been the marketleader in this area.
Why are we looking at anythingelse?
We're going to waste our time,right, unless a new technology
comes out and they go into ourenvironment.
(23:03):
We do a year-long POC, right.
Really test them out, reallyvet them, you know.
And, yeah, we'll pay them acertain amount, you know, for
that year, of course.
But, like, why are we goingwith these subpar technologies?
And that's what a lot ofsecurity managers overall are
lacking it's being able to lookat a tool and say this doesn't
(23:26):
work, this looks like garbage,like this actually looks like
you guys are going to go out ofbusiness and in 12 months or
something yeah, like, how doesthat feature set align to my
goals or my long-term vision forthe organization?
Speaker 2 (23:39):
How does it align with, you know, my CIS Top 18
framework?
How do I map it to actualfields?
That's where it starts toactually start to come together
is when you're actually, youknow, connecting these things
and understanding.
Hey, like I'm meeting about,you know, seven out of ten of my
criteria, I need at least nine,you know.
(23:59):
So it's just understandingthose feature sets.
And then also you know thatpath to implementation as well
too.
So you know there's all allthese products, that zero trust,
you know, and you don't justturn these things on once you
put them out of the box, or elseyou just blow up your company,
your company, yeah, so let's notdo anything for a month after
(24:20):
turning it on exactly everythingis super secure when you can't
turn anything on.
So I guess you know missionaccomplished.
But no, you need to be able to,like, truly understand.
You know the technology, therisk of implementing, the risk
of it going wrong, the impact onthe business, because you know
we're not generating revenue forthe business, so we're already
(24:42):
kind of at a disadvantage.
So, when it comes to total costownership of products, we
really need to be able to draw agranular line of value for the
product to the business because,like you said, most people
don't even understand, andyou're even telling me some
security managers don't evenunderstand.
So how is your board to trulyunderstand the risk Right?
Speaker 1 (25:05):
Yeah, yeah, you know, and you talk about, you know,
actually like showing your team,you know that that you're,
you're, you have a vestedinterest, right, that you're
getting stuff done too.
And I remember that samemanager for me, right, that was
telling us that you know weweren't working enough.
He would like just completelyrearrange our projects.
(25:31):
You know, last minute, right, Iremember one time in particular
, we had a massive outage withone vendor because we rushed to
do an upgrade, right, kind of athis, you know, behest or
whatever whatever the right termis, and so we did this upgrade.
A massive outage was caused.
And then, a couple weeks later,you know he's like hey, they
put out a new version.
(25:51):
We gotta, we gotta put it intoproduction, like right now,
we're gonna do it this weekend,right, and you know my response
was like hey, because of youknow, my response was like hey,
because of that, you know,pretty sizable outage.
Like I created the whole liketesting plan.
The testing plan intentionallytakes six weeks of testing
before we deploy it intoproduction, right, and like it's
(26:15):
very purposeful, you signed offon it, your manager signed off
on it, the CISO signed off on it.
If we don't follow that, it'snot good.
Speaker 2 (26:24):
Six is not an arbitrary number.
It's not like my favoritenumber or a lotto pick or
something.
There's a reason why we havesix weeks of work.
Speaker 1 (26:33):
Right.
Well, it was intentionally likethat, because the vendor had a
history of not fixing bugs in atimely manner Right, so they
fixed it on a monthly mannerrather than a weekly manner and
they would try and give theirone, one off customers that
would run into them, you know, ahot fix, right, so let's
(26:54):
minimize the hot fixes, let'sget it all into one large update
and test it.
Right, and it was also amassive tool.
It's a pam solution, right, soit also takes us two to three
weeks just to run through allthe workflows that we need to do
in our day-to-day job and thengo through and do all the onesie
(27:15):
, twosies sort of stuff.
Like, okay, well, this neverreally happens, but if we need
it to happen, you, you know, weneed to make sure that this
works right.
Like, if I say, stop rotatingpasswords, I need to know it
stops rotating passwords, right,like that's a, that's a break
glass feature that I need towork every time I put I push
that button, right, and so, likeit was, it was, it was very,
(27:40):
you know, like we, very like Idon't know, mindfully made that
process long and arduous, right,because we baked in a period of
two to three weeks of thesolution just just running right
, like, hey, no one, no one doesanything.
No one logs in, right, we'regoing to now interact with it
from the outside and we're goingto see how it performs and
(28:00):
everything, and if it, if it,holds up to our tests we had
performance standards andmetrics and everything If it
meets our standards, then weschedule the production change,
right.
And this guy was like, yeah,it's a Tuesday, we're going to
do it on Saturday.
You guys are going to work allweekend as if we didn't already
have plans, you know.
And, uh, we're just going toget it done as if we didn't
(28:22):
already have plans.
You know, and we're just goingto get it done.
Right, and you know, I, I had to.
I had to slow them down.
I really tried to slow themdown a lot before getting to
this point.
But it got to a point where Iliterally just told them hey, if
you do this upgrade, I'm notgoing to be a part of it.
Like, straight up, I'm the leadhere, these, these guys are my
team.
I'm the lead here, these guysare my team.
(28:48):
I'm not going to be a part ofit.
If you're going to do it, goahead and do it.
That's fine.
You know where the executableis.
You know where the file shareis.
I hope you get the upgradeprocess right.
Here's the document that Icreated on it.
His response was he was going tolet me go if I didn't do the
upgrade.
I said if you're going to forceme to do the upgrade, that's
fine.
I'm also going to let the CISOknow that I recommended, as the
(29:08):
SME of this product, that we donot do the upgrade because it
did not fall in line with ourtesting schedule.
And he really backed off atthat point.
Right, but the only reason.
I mean you, I mean everything Ijust said right there.
Everyone that's technical,everyone that's ever held a
technical role in security,everyone would say what that guy
(29:31):
was asking for was absolutelyinsane.
And I didn't even describe theentire situation around this
product and whatnot right.
Anyone with truly half a brainwould be able to look at that
and be like maybe we should slow.
Whatnot right?
Anyone with truly half a brainwould be able to look at that
and be like, maybe we shouldslow down right.
Speaker 2 (29:48):
Maybe we should slowly understand risk.
You know that's what our jobrevolves around is.
You know risk of doingsomething and something going
wrong and having a plan aroundthat, and what sounds like is
that he did not understand therisk of executing this earlier.
He didn't want to communicateit to his CISO, he just wanted
(30:08):
to get it done, because he mighthave other things to do.
I don't know.
I don't know what's the rush.
Speaker 1 (30:15):
His risk calculation was based off of his bonus.
Yeah, not the risk calculationfor the environment.
The numbers are a littleflexible when it comes to his
bonus.
Yeah, not the risk calculationfor the environment.
Speaker 2 (30:23):
The numbers are a little flexible when it comes to
your bonus stuff.
Speaker 1 (30:26):
It was literally if I get more stuff done, I get more
money at the end of the year.
Who cares if I burn out everysingle person on my team.
I mean, he had literally, I kidyou not, he was known within
the organization to build up ateam of 12 to 15 people and
within 12 to 18 months, afterreaching that 12 to 18 people
(30:50):
amount, all of them would leave.
Every single one of them wouldleave, and he'd have to rebuild
his entire team.
Speaker 2 (30:56):
There's no need to look into why that happens.
It happened three or four times.
Oh don't let this happen again.
Speaker 1 (31:04):
Here's another team, you know, yeah right when?
Speaker 2 (31:07):
when does it become enough?
Speaker 1 (31:09):
right and he was like , because of how the org
structure was of that at thatorganization, you know he would
be poaching top talent from thelower level security teams.
Right, like I mean I want tocall it lower level or whatever.
But when you have a room of 250security analysts, okay, like
you know what I mean.
(31:29):
Like there's, you know, tiersto it, then Exactly Right,
you're by default creating thosetiers and so he would be taking
the top talent from these otherteams and burning them out
completely.
And these are people that havebeen at the organization for
seven, eight years.
They really like it there andeverything else.
Like that.
They go to his team and after12 months they're leaving, right
(31:52):
, but HR would never look at itbecause they're like he was here
for eight, eight years.
You know he just wanted tochange.
It's like, eh, not really.
Speaker 2 (32:02):
Yeah, Like I'm just not going to listen to your exit
interview.
Speaker 1 (32:05):
They didn't even they don't even give them.
Speaker 2 (32:08):
I wonder why yeah, you wonder why things are the
way they are Weird.
Speaker 1 (32:12):
Yeah, no exit.
There's no exit interview.
When, uh when, you're onsecurity and you put in your
notice and three hours latersecurity shows up at your desk
with a box.
He says okay, your last day istoday.
We'll pay you through the endof the month, don't worry, your
last day is today.
Speaker 2 (32:28):
Yeah, you're seen as a criminal.
At this point you could do noright.
You could only do wrong at thispoint, so you need to go.
Speaker 1 (32:37):
You're treated like a traitor for the CIA.
I mean 100%.
Like you just said, what You'requitting, we're going to quit
for you.
Here you go.
Speaker 2 (32:48):
It's like there's one button to nuke all your
accounts.
Just one person just waiting,you know, to press on it.
Speaker 1 (32:54):
Oh, dude, when I put in my notice, I think by the
time I got back to my desk myaccounts were disabled.
Speaker 2 (33:00):
Wow, I am impressed that you did that like I was the
only admin on that oneapplication.
Like I don't know what you'regonna do about that.
Speaker 1 (33:10):
It's like not anymore , not anymore, that little guy.
We're gonna get rid of thatlittle guy throw the book on
that one right, you know what Iwanted to ask you, because I've,
technically, not until recently, um, I've, I've pretty much
always been an individualcontributor, right?
(33:30):
What skills would you recommendsomeone develop to make that
jump into management?
Speaker 2 (33:38):
yeah, I would say the first um kind of first step to
getting into that management andyou know the true delegation,
keeping track of progress on,you know putting time into
building it and you know puttingtheir feedback, having
(34:05):
adjustments due to you know justthe risk of the organization or
needs of the organization.
You need to have a platformthat has all of that work to,
where you could start reallykind of delegating it,
scheduling it and like havingthat normal kind of cadence it
could be once a week, two timesa week but where you're really
kind of keeping track of eachtask and understanding if there
(34:27):
are any bottlenecks or any kindof issues.
You want to be able to flushout issues as soon as possible,
because what I've noticed issome people will have some kind
of drag time with that.
They'll send another email,they'll maybe message them on
Teams.
I didn't get a response.
What do I do?
You know?
(34:47):
That's where you start tounderstand who are the
stakeholders Like, who's trulyresponsible for this, and that's
what I tell everybody on myteam.
I am truly responsible for this.
If you reach a bottleneck withone of our vendors, with another
one of the business units, youlet me know, you raise your hand
, you flag it, we get it takencare of.
And that's one of the biggestthings that the project
(35:10):
management and sprints reallyallow everyone to do is it
forces everyone to go througheach kind of line item, give
kind of a quick update and alsolet me know hey, I'm having an
issue with this and it's justlike oh, you know, it's on my
radar, I'm taking care of it.
I've seen it where I've joinedorganizations and it's just like
you jump on a call and they'relike Joe, what do you got today?
(35:32):
That drives me nuts.
It drives me nuts because itshows that you don't have a plan
.
You don't have a plan.
You're just waiting for people,for people to, you know, come
up with what they think theyneed to do, what they're coming
up with at the top of their head, because there's nothing
written down.
Um, I, it's one of the things Icannot have.
So it's like a nice structuredsystem to where you know I, I
(35:54):
use some kind of like devopsplatform.
You know it's not technicallydoing any commits or anything
like that, but, you know, havingit to where I could build out
epics and projects, tasks and,like I said, really being able
to track each step of the way.
So I understand if there's anykind of hitches.
(36:15):
People to do is find a projectmanagement approach that fits
for you, fits your organization,you know, and really enables
people to become more autonomousbut also gives them the
information to collaboratebetter and just be more
efficient.
Speaker 1 (36:33):
Yeah, that is that's really critical.
You know, on learning howpeople work right, how they
operate, how what works best forthem, right, like with me.
You know that that cybermercenary perspective, that like
that works perfectly for me.
You know, all day, every day,right For other people on my
(36:54):
team it's probably not going towork right Like that.
That won't work.
It's because I come at it froma different mentality.
But, yeah, having that projectmanagement perspective is
actually critical and you know,I almost want to take it back.
It's almost on the manager tocultivate that environment, that
(37:18):
skill set Right.
And I'll give you an example.
You know the best CCO I've everworked with I mean he'll be on
the podcast a little bit acouple months or so he, he like,
explained it to us just how,just how he needed it right.
He said look, I have a monthlycall with the cio, the ceo and
(37:40):
the cfo.
I have to legitimize theproject, spend every single
month in this way.
This is how I do it, this isthe template I use and this is
what I expect as an update.
And I need the update at thistime of this day of the week
because I filter up thatinformation and then at the end
of the month I correlate all ofit and tie it all in for
(38:04):
everyone else to see.
So that's how I expect it.
Here's the template, right?
And he even said he's like hey,if you got a better template,
just send it to me.
Like, if you want to view itdifferently, just send it to me,
you know?
But when he broke it down likethat, like my information isn't
just informing him, right, likeit's informing, like the CFO,
(38:26):
right, a guy that I've nevertalked to, never met, never want
to talk to, never want to meet,right, and you know he needs it
in this kind of structure.
He needs to show, you know,progress in this way.
And then I also learned you know, give the updates in the email,
break everything down, right,like this is what was
accomplished, this is theproject status overall.
(38:46):
This is the percentage complete, based on this metric in jira,
right, that has all these cardsthat are tied to this epic, that
is tied to this project, thathas all the funding and whatnot.
And then here's all theupcoming work, right.
So next week you can expectthis stuff to be in the
completed pile, and if it's not,I'll have a reason why.
And then on top of that, let'stake that information and just
(39:11):
bake it right into his slidethat he needs.
So my manager can just say, okay, drag and drop, it's now in my
slide deck, my job is done forthis project.
But like having thatopportunity, like I never
realized that right, like I'vebeen in this field for, you know
, 10, 11 years at this point, noone ever broke it down to me
(39:32):
like that and as soon as someonedid.
Now, that's just how I do it.
You know, there's no other waythat I do it.
I try to make it as easy aspossible for my manager to go
and defend my work and giveprogress updates yeah, it's a
keep it simple, stupid it's.
Speaker 2 (39:51):
Uh, you know it's.
Yeah, you don't have to reallykind of make everything over
complex.
Like I said, it's, you'rereally looking for a slim,
efficient model, that's, youknow, adaptable to change,
because that's that's what wetruly have to be ready for is
for our sprint to completelychange the next week due to a
(40:11):
new vulnerability, due to a newimplementation, due to a new
acquisition, due to a newimplementation, due to a new
acquisition from the business.
So we need to be able to kindof be like a center fielder, you
know, have your, have your uh,be on the balls of your feet and
be able to go left and rightwhen you need to yeah, yeah,
that's a really good, that's areally good point.
Speaker 1 (40:31):
You know, security isn't always I mean it's never
cut and dry.
You know, like cookie cutterevery single day, right like man
, it is not right.
Like you know, when log 4j cameout, right, everyone's getting
ready for the holidays.
I mean, I think it might havebeen thanksgiving, right like,
and uh, sure enough, now youhave a zero day that you have to
(40:54):
deal with.
Oh, and it's actively beingexploited in the wild and if
this one little thing is exposedto the Internet, it's, you know
, game over for your environmentif it's exploited, because
there's no way you're going tobe able to shut it off, like,
quickly enough, right, right.
And so now everyone in securityall across the globe is no
longer having Thanksgiving.
(41:15):
They're no longer having aBlack Friday shopping spree,
right, they're no longer.
I mean, at the company that Iwas at, we had a large enough
environment.
We, we didn't stop dealing withthat until February, right, I
mean, that's people workingseven days a week, all day.
You know, we had shifts thatwere going in and working it
(41:36):
because we had that many systems.
I mean, there was systems thatwere vulnerable to it.
Where we're, just like, wedon't need it doesn't generate
revenue.
Shut it down, like some of themwas like don't even just shut
it down, just delete it, like,remove from our environment, we
don't need it, you know,evaporate it.
Yeah, we're just like like we.
We had, we had the, you know,the blank check, so to speak,
(41:56):
where it's like, hey, this thingis so serious, where we have 15
000 servers that are vulnerableto this thing, right like our,
our patching solution would takea week to get through it if we
just said patch everything, youknow yes, there's so much risk
around it.
Speaker 2 (42:12):
That's where it's, like you said, there's a finite
amount of hours that you can getfrom your team.
You have all these projects andthen you have log4j coming
around and it's like, why aren'tall these projects getting done
?
So that's where you know it'sreally on your leadership to be
able to let them know hey, thisis the capacity of my team,
these are all the initiativesthat we have.
This is the kind of unplannedwork that comes into our, our
(42:35):
lives, because that's that'swhat we deal with.
And you know, really breakingit down, like I said, building
that roadmap to saying, hey, ifthis occurs again, we hire a
couple more people.
Or, you know, we find a partnerto a third party to kind of
work with, to to be able tolessen the load and, like I said
(42:55):
, like really kind of use thattime smarter.
You know, and that's where,like I said, it's just you
really need to focus on everylittle detail when it comes to,
you know, managing your program,because you know the second
something stops or somebodystarts stops paying attention.
You got to be aware of itbecause then you're, you know,
allowing a risk to, you know,occurring your organization.
(43:15):
That's on you.
Speaker 1 (43:17):
Yeah, yeah, absolutely Well, peter, you know
we're we're pretty much at thetop of our time here and I'm I'm
always very cognizant of myguests time, you know so.
But but it was, it was afantastic conversation and
you're going to be, you're goingto be back on the platform in a
more regular format.
We're not going to, we're notgoing to announce it just yet,
all right, but you know, I thinkwe got something good cooking
(43:39):
here where we're able to providevaluable insights, you know,
into different levels and layersof security.
Overall, right, and I thinkit'd be really, really
interesting to see where it goes.
But you know, before I let yougo, peter, how about you tell my
audience, you know where theycan find you right, like where
your articles are on LinkedInthat are fantastic.
(44:01):
That, you know, I always try tocomment on and share and
whatnot.
Speaker 2 (44:06):
Yeah, yeah, so I post um, I get to create like a
separate site to post these on.
So everything's on LinkedIn.
In P Ramadan, I made my customURL so it's a little easier to
pop in there.
I just P Ramadan and yeah, I'mbusting those out weekly and
just kind of the same initiativeas Joe, I want to be able to
(44:26):
give from you know, in the pastI've I've taken, so this is my
opportunity now to you know, beable to share everything that
I've learned and, you know,hopefully it helps you out yeah,
yeah, absolutely well.
Speaker 1 (44:38):
Hey, peter, you know I really appreciate you coming
on and I hope everyone listeningreally enjoyed this episode
thank you, joe, I reallyappreciate it yeah, absolutely,
thanks everyone.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!