WEBVTT 1 00:00:00.160 --> 00:00:03.240 Welcome to the deep dive. So, if you've ever tried, 2 00:00:03.399 --> 00:00:06.400 you know, plotting a course for a cybersecurity career, you 3 00:00:06.480 --> 00:00:11.160 probably found it's less like a clear path and more 4 00:00:11.240 --> 00:00:14.240 like trying to navigate a maze that keeps changing shape. 5 00:00:14.519 --> 00:00:16.760 Yeah, it really does feel like that. Sometimes. 6 00:00:16.800 --> 00:00:18.440 Today we're going to try and cut through some of 7 00:00:18.480 --> 00:00:22.239 that confusion. We're drawing on insights from a CISO who's 8 00:00:22.440 --> 00:00:25.199 well been through it all to hopefully give you a 9 00:00:25.199 --> 00:00:26.719 more strategic way to think about it. 10 00:00:26.800 --> 00:00:30.120 And look, we really need that kind of strategy. Cybersecurity. 11 00:00:30.160 --> 00:00:32.119 It's still a pretty young field, isn't it. 12 00:00:32.159 --> 00:00:32.679 Definitely. 13 00:00:32.880 --> 00:00:36.560 I mean, unlike say engineering or law, we don't have 14 00:00:36.679 --> 00:00:42.039 those decades or centuries even of established professional standards. ORG 15 00:00:42.119 --> 00:00:44.719 structures are all over the place. Career letters seem like 16 00:00:44.719 --> 00:00:46.439 they're invented new in every company. 17 00:00:46.600 --> 00:00:49.079 Right, and you hear about how short the tenure is 18 00:00:49.079 --> 00:00:51.759 for leaders like CISOs. What is it two to four 19 00:00:51.840 --> 00:00:52.960 years on average? 20 00:00:53.000 --> 00:00:55.679 That's about right, And that fact alone just raises the 21 00:00:55.719 --> 00:00:58.240 stakes for every single move you make in your career. 22 00:00:58.479 --> 00:00:59.799 It puts pressure on things. 23 00:01:00.320 --> 00:01:03.200 Okay, so that short tenure really frames what we need 24 00:01:03.240 --> 00:01:06.159 to talk about today. Our goal isn't just about you know, 25 00:01:06.159 --> 00:01:07.280 how to get your foot in the door. 26 00:01:07.400 --> 00:01:08.560 No, it's much bigger than that. 27 00:01:08.640 --> 00:01:13.040 It's about building a foundation for a career that actually lasts, 28 00:01:13.439 --> 00:01:16.280 something sustainable, even if you're aiming for those really high 29 00:01:16.280 --> 00:01:19.640 perchure leadership spots. Eventually, we want to look at the 30 00:01:19.680 --> 00:01:23.040 common challenges, the questions people ask at well every stage 31 00:01:23.400 --> 00:01:24.319 and figure out not. 32 00:01:24.439 --> 00:01:28.200 Just what to do, but the why, the fundamental why 33 00:01:28.239 --> 00:01:28.920 behind it all. 34 00:01:29.040 --> 00:01:31.680 That's the key, exactly the why, And. 35 00:01:31.599 --> 00:01:35.120 Honestly figuring out that why is the first, and i'd argue, 36 00:01:35.280 --> 00:01:37.640 the most critical step you need to take. You know, 37 00:01:37.680 --> 00:01:40.239 the old advice was always just trial and error, hope 38 00:01:40.239 --> 00:01:41.519 for some good luck, work really. 39 00:01:41.439 --> 00:01:43.319 Hard, Yeah, the grit and luck model, right. 40 00:01:43.719 --> 00:01:47.120 But if you actually start with some deliberate thinking, some introspection, 41 00:01:47.680 --> 00:01:49.920 you take a lot of that luck element out of 42 00:01:49.920 --> 00:01:51.760 the equation, or at least you minimize it. 43 00:01:51.840 --> 00:01:56.680 So you've got to constantly ask yourself why security specifically 44 00:01:57.040 --> 00:01:59.040 all parts of the job actually give you energy? What 45 00:01:59.120 --> 00:02:04.239 motivates you deep down? Is it the learning, the paycheck, status. 46 00:02:03.799 --> 00:02:06.959 Helping people? You have to know that stuff because if 47 00:02:07.000 --> 00:02:10.280 your choices aren't anchored to what you genuinely value. Then 48 00:02:10.599 --> 00:02:13.199 every bump in the road, every challenge, it just feels 49 00:02:13.199 --> 00:02:15.800 ten times harder than it needs to be. Take the 50 00:02:15.800 --> 00:02:18.960 c IO whose experience were drawing on. She didn't actually 51 00:02:18.960 --> 00:02:21.680 set out to be insecurity. Initially, her core values were 52 00:02:21.680 --> 00:02:26.439 all about the tendability, predictability, reliability. She just needed things 53 00:02:26.479 --> 00:02:27.360 to work as planned. 54 00:02:27.520 --> 00:02:30.879 Okay, so that inherent need for order, How did that 55 00:02:30.960 --> 00:02:31.960 lead her to security? 56 00:02:32.240 --> 00:02:35.039 Well, think about major disruptions like nine to eleven or 57 00:02:35.039 --> 00:02:38.759 the big Northeast power outage years ago. Those events highlighted 58 00:02:38.800 --> 00:02:42.280 the need for solid disaster recovery for business continuity planning. 59 00:02:42.360 --> 00:02:45.159 Ah I see, so her personal need for reliability lined 60 00:02:45.240 --> 00:02:47.639 up perfectly with that kind of planning exactly. 61 00:02:48.039 --> 00:02:51.439 She found her motivation wasn't about you know, chasing hackers necessarily, 62 00:02:51.520 --> 00:02:56.319 but about ensuring things kept running smoothly operational stability. 63 00:02:56.560 --> 00:02:59.759 So the big takeaway there is constantly look for roles, 64 00:03:00.039 --> 00:03:03.000 look for projects, look for experiences that really resonate with 65 00:03:03.080 --> 00:03:05.479 your own core strengths and what you actually care about. 66 00:03:06.120 --> 00:03:08.719 Yeah, it's finding that sweet spot right where what the 67 00:03:08.759 --> 00:03:12.400 business needs overlaps with what genuinely motivates you. 68 00:03:12.800 --> 00:03:14.919 Okay, let's unpack this a bit for someone maybe just 69 00:03:14.960 --> 00:03:18.280 trying to break into the field. Now, security is I mean, 70 00:03:18.319 --> 00:03:22.000 it's obviously a tech heavy discipline. You need some baseline 71 00:03:22.639 --> 00:03:26.400 technical chops, right yeah, networking, maybe cloud, maybe some scripting. 72 00:03:26.479 --> 00:03:30.159 Oh absolutely, that's the table stakes, the prerequisite. But here's 73 00:03:30.240 --> 00:03:34.039 the really fascinating part. The paradox almost go on. Mentors 74 00:03:34.039 --> 00:03:38.120 in this field consistently say that people very rarely ask 75 00:03:38.199 --> 00:03:39.840 them how to do the technical stuff. 76 00:03:39.879 --> 00:03:41.360 Wait, really, what do they ask? Then? 77 00:03:41.840 --> 00:03:45.520 The overwhelming majority of questions are about navigating the organization, 78 00:03:46.039 --> 00:03:49.000 how to deal with difficult personalities, how to understand the 79 00:03:49.000 --> 00:03:53.439 political landscape, how the company structure actually works or doesn't work. 80 00:03:53.560 --> 00:03:56.000 So it's the soft skills those are the real differentiators. 81 00:03:56.000 --> 00:03:59.560 Then, bingo. You hear hiring managers say it all the time. 82 00:04:00.080 --> 00:04:02.280 I can teach someone the specific tech we use here, 83 00:04:02.319 --> 00:04:05.159 but I can't easily teach them how to communicate effectively 84 00:04:05.280 --> 00:04:06.439 or work well with others. 85 00:04:06.639 --> 00:04:09.400 Okay, so let's focus on those non technical areas. You 86 00:04:09.479 --> 00:04:12.919 flagged three key ones that seem to make or break 87 00:04:13.000 --> 00:04:14.199 a career in security. 88 00:04:14.360 --> 00:04:18.160 Yeah, free, big ones. Number one. Communication, and this isn't 89 00:04:18.199 --> 00:04:21.199 just about writing good technical reports though, that's important too. 90 00:04:22.120 --> 00:04:25.399 It's about being able to answer questions from management succinctly, 91 00:04:25.720 --> 00:04:28.279 get to the point, don't bury the lead and drug in, 92 00:04:28.600 --> 00:04:32.800 and crucially, learn to use business cases. Frame your arguments 93 00:04:32.800 --> 00:04:35.199 in terms of the business understands. 94 00:04:34.959 --> 00:04:40.879 Translate risk into dollars and cents or competitive advantage precisely. 95 00:04:40.920 --> 00:04:44.319 If you can't do that translation, your brilliant technical idea 96 00:04:43.759 --> 00:04:47.360 of dies on the mind because nobody with budget authority 97 00:04:47.439 --> 00:04:49.240 understands why they should care makes sense? 98 00:04:49.439 --> 00:04:50.360 Okay, what's number two? 99 00:04:50.439 --> 00:04:55.279 Number two is emotional intelligence EI or EQ. Honestly, this 100 00:04:55.319 --> 00:04:57.240 one is almost about survival and security. 101 00:04:57.399 --> 00:04:59.279 Survival that sullds dramatic. 102 00:04:59.399 --> 00:05:02.319 Well, think about that piece of feedback we saw. You 103 00:05:02.399 --> 00:05:04.720 might be right, but you're not being effective. 104 00:05:05.879 --> 00:05:06.720 Yeah, that's blunt. 105 00:05:06.879 --> 00:05:09.519 It's incredibly powerful, though, isn't. It gets right to the 106 00:05:09.519 --> 00:05:12.519 heart of the issue. Security folks often have to tell smart, 107 00:05:13.120 --> 00:05:16.240 driven people that they can't do something the quick or 108 00:05:16.279 --> 00:05:21.759 easy way HEI EI. Knowing yourself, managing your reactions, having empathy. 109 00:05:22.279 --> 00:05:26.240 That's what lets you navigate those conversations without just alienating everyone. 110 00:05:26.399 --> 00:05:29.079 So even if you have the technically correct answer, if 111 00:05:29.079 --> 00:05:31.240 you deliver it badly, you lose. 112 00:05:31.399 --> 00:05:34.360 You lose effectiveness. Absolutely, you might win the argument but 113 00:05:34.519 --> 00:05:36.000 lose the war, so to speak. 114 00:05:36.160 --> 00:05:39.600 How does someone who's maybe naturally focused on rules and 115 00:05:39.639 --> 00:05:44.319 logic learn to well manage their ego or approach in 116 00:05:44.360 --> 00:05:45.000 those moments. 117 00:05:45.120 --> 00:05:47.439 A lot of it comes down to empathy, really trying 118 00:05:47.480 --> 00:05:50.879 to understand the other person's perspective, which ties directly into 119 00:05:50.959 --> 00:05:52.399 the third skill partnership. 120 00:05:52.480 --> 00:05:53.040 Partnership. 121 00:05:53.120 --> 00:05:55.839 Okay, this isn't just about doing your assigned tasks. It's 122 00:05:55.839 --> 00:05:59.160 about actively looking for ways to make processes better, especially 123 00:05:59.199 --> 00:06:02.759 processes that involve multiple teams. It means trying to see 124 00:06:02.800 --> 00:06:05.120 the world through your partner's eyes. What are their goals, 125 00:06:05.160 --> 00:06:06.720 what are their pressures. 126 00:06:06.279 --> 00:06:09.360 And figuring out how security can help them achieve their goals, 127 00:06:09.480 --> 00:06:11.560 not just block them exactly. 128 00:06:11.680 --> 00:06:15.199 If you can frame security as an enabler for their success, 129 00:06:15.240 --> 00:06:17.800 you become so much more valuable, so much more effective 130 00:06:18.160 --> 00:06:20.839 than someone who just sits in their silo and enforces rules. 131 00:06:20.959 --> 00:06:26.160 Okay, that's a great framework communication EI partnership. Let's shift 132 00:06:26.160 --> 00:06:29.720 gears slightly to mindset. Especially for people starting out, there's 133 00:06:29.759 --> 00:06:32.319 this huge pressure I think, this feeling you have to 134 00:06:32.360 --> 00:06:34.399 be perfect, know everything. 135 00:06:34.120 --> 00:06:36.920 Oh, definitely, and job postings don't help right, They. 136 00:06:36.839 --> 00:06:39.959 List this impossible combination of skills nobody actually has. 137 00:06:40.040 --> 00:06:42.920 It's often an aspirational wish list. The key thing to 138 00:06:43.000 --> 00:06:45.959 remember if you're applying is not do I meet every 139 00:06:45.959 --> 00:06:49.120 single bullet point, but rather, do I genuinely believe I 140 00:06:49.160 --> 00:06:52.360 can learn and do this job effectively. Focus on your 141 00:06:52.399 --> 00:06:54.000 potential and your ability to learn. 142 00:06:54.120 --> 00:06:56.480 What about certifications, that's always a big question. 143 00:06:56.560 --> 00:07:00.600 Do you need Yeah, certifications, it's nuanced. Look need a 144 00:07:00.639 --> 00:07:03.839 specific certification to actually do the day to day work well, 145 00:07:04.120 --> 00:07:06.079 but you might very well need them to get the 146 00:07:06.120 --> 00:07:09.199 interview in the first place. They act as filters, especially 147 00:07:09.199 --> 00:07:12.319 for automated HR systems. They prove you have at least 148 00:07:12.360 --> 00:07:15.519 a baseline level of knowledge in a certain area, so 149 00:07:16.160 --> 00:07:19.720 needed for the job. Maybe not needed to get the 150 00:07:19.839 --> 00:07:21.639 job quite possibly. 151 00:07:21.800 --> 00:07:25.839 Okay. That clarifies things and for building momentum once you're 152 00:07:25.839 --> 00:07:27.519 in a role. What's the advice there? 153 00:07:27.759 --> 00:07:31.240 Two main things. First, never stop being curious. You never 154 00:07:31.399 --> 00:07:35.120 arrive in security. Things change constantly. You have to invest time, 155 00:07:35.279 --> 00:07:38.000 often your own time outside of work, just keeping up 156 00:07:38.160 --> 00:07:41.399 learning about new threats, new technologies. And the second thing, 157 00:07:41.600 --> 00:07:44.879 don't jump rolls too quickly, especially early on. It's tempting. 158 00:07:44.920 --> 00:07:47.519 I know, recruiters are always calling. Yeah, but you need 159 00:07:47.560 --> 00:07:49.600 to stay in a role long enough to actually see 160 00:07:49.600 --> 00:07:52.240 things through, to understand the real impact of your work 161 00:07:52.279 --> 00:07:54.680 over a couple of business cycles. We're talking maybe a 162 00:07:54.759 --> 00:07:58.319 year or two minimum. Why is that so important Because 163 00:07:58.319 --> 00:08:00.759 if you leave every six or nine months, you only 164 00:08:00.800 --> 00:08:03.959 ever experience the immediate crisis, the fire droll of the moment. 165 00:08:04.160 --> 00:08:06.439 You don't get the chance to learn the deeper strategy 166 00:08:06.480 --> 00:08:08.879 to build those partnerships we talked about, or to see 167 00:08:08.879 --> 00:08:11.720 the results of longer term projects. You just get surface 168 00:08:11.800 --> 00:08:13.000 level exposure, right. 169 00:08:13.000 --> 00:08:16.199 You need that time to actually gain deep skills, not 170 00:08:16.279 --> 00:08:20.759 just a collection of brief experiences. Okay, So, assuming someone's 171 00:08:20.879 --> 00:08:24.399 navigated the entry path, maybe their mid career, Yeah, let's 172 00:08:24.399 --> 00:08:29.360 talk about where things often get really tough. Stress and conflict. 173 00:08:29.560 --> 00:08:32.519 Yeah. Security work carries a pretty unique kind of stress, 174 00:08:32.559 --> 00:08:35.240 doesn't it, And it changes shape over your career. When 175 00:08:35.240 --> 00:08:38.600 you're junior, the stress is often internal, Do I know enough? 176 00:08:38.919 --> 00:08:40.279 Can I handle this workload? 177 00:08:40.360 --> 00:08:41.279 And poster syndrome? 178 00:08:41.320 --> 00:08:44.399 Maybe exactly, But later on, as you get more senior, 179 00:08:44.440 --> 00:08:48.159 the stress tends to become more external. It's about organizational conflict. 180 00:08:48.279 --> 00:08:49.600 What's the root of that conflict. 181 00:08:49.639 --> 00:08:52.919 Typically, it often boils down to a fundamental difference in 182 00:08:53.000 --> 00:08:57.000 perspective security pros. We tend to be evangelists. We see 183 00:08:57.039 --> 00:09:01.639 security controls policies as essential as strategic enablers for the 184 00:09:01.639 --> 00:09:02.679 business long term. 185 00:09:02.759 --> 00:09:05.000 But other people in the business they often. 186 00:09:04.799 --> 00:09:10.000 See those same controls as as annoying speed bumps, friction, 187 00:09:10.399 --> 00:09:13.039 things that slow them down from hitting their targets, launching 188 00:09:13.039 --> 00:09:13.600 their products. 189 00:09:13.679 --> 00:09:15.559 And that gap, that disconnect leads to. 190 00:09:15.720 --> 00:09:19.039 Leads to security constantly being called in late, often in 191 00:09:19.120 --> 00:09:22.360 firefighting mode, trying to fix problems that could have been avoided, 192 00:09:22.759 --> 00:09:26.519 and that constant reactive cycle is just exhausting. It leads 193 00:09:26.559 --> 00:09:27.120 to burnout. 194 00:09:27.279 --> 00:09:31.600 Okay, So if that's the core conflict, managing the stress 195 00:09:31.600 --> 00:09:34.919 means actively trying to bridge that gap. Right, Oh, how 196 00:09:34.919 --> 00:09:37.159 do you manage that disconnect strategically? 197 00:09:37.759 --> 00:09:40.559 There are a few key strategies. First, you have to 198 00:09:40.600 --> 00:09:44.440 teach them, but not using the old fud tactics fear, 199 00:09:44.559 --> 00:09:47.159 uncertainty and doubt that often backfires. 200 00:09:47.360 --> 00:09:48.720 So how do you teach effectively? 201 00:09:49.039 --> 00:09:51.960 You explain how security enables their success. Assume they have 202 00:09:52.000 --> 00:09:54.080 positive intent, that they want to do the right thing, 203 00:09:54.120 --> 00:09:56.559 but just don't understand the risks or the benefits. Show 204 00:09:56.600 --> 00:09:59.080 them here's how this control helps ensure the system they 205 00:09:59.080 --> 00:10:02.039 rely on stays of a fail. Or here's how following 206 00:10:02.039 --> 00:10:05.399 this process helps us avoid millions in fines connected to 207 00:10:05.440 --> 00:10:05.919 their world. 208 00:10:05.960 --> 00:10:07.879 Okay, teach them their language. What's next? 209 00:10:08.279 --> 00:10:13.759 Second, find common causes. Stop framing everything purely in security terms. 210 00:10:14.240 --> 00:10:17.480 Tailor your message. Does your business partner care most about 211 00:10:17.480 --> 00:10:22.000 saving money, reducing time to market, improving the customer experience? 212 00:10:22.200 --> 00:10:24.639 Find their goal and show how security aligns with it. 213 00:10:24.759 --> 00:10:28.120 Precisely, We saw that great example where implementing a security 214 00:10:28.120 --> 00:10:32.120 framework actually helped the network team reclaim unused IP addresses 215 00:10:32.759 --> 00:10:36.279 that saved them time and complexity, something they cared about deeply, 216 00:10:36.759 --> 00:10:39.480 probably more than the abstract idea of governance. 217 00:10:39.639 --> 00:10:42.279 Find the win win got it, and the third strategy. 218 00:10:42.480 --> 00:10:44.679 Third, and this is especially crucial as you become more 219 00:10:44.720 --> 00:10:49.080 senior advice, then let them decide. You have to recognize 220 00:10:49.080 --> 00:10:52.360 that actually implementing a control or funding a security initiative 221 00:10:52.639 --> 00:10:55.639 is almost always a business decision based on risk appetite. 222 00:10:55.679 --> 00:10:58.879 So your job is to provide the best possible advice exactly. 223 00:10:58.960 --> 00:11:02.399 Provide clear, unbiased advice about the risks the options, the 224 00:11:02.399 --> 00:11:05.080 potential impacts, but then you have to let the business 225 00:11:05.080 --> 00:11:07.480 owner make the call, and critically, you need to separate 226 00:11:07.480 --> 00:11:10.639 your personal feelings, your professional pride from that final outcome. 227 00:11:10.799 --> 00:11:12.360 That sounds hard, It is. 228 00:11:12.480 --> 00:11:17.240 Incredibly hard, but it's vital. Your value lies in giving 229 00:11:17.320 --> 00:11:21.120 sound advice. Whether they take it or not is ultimately 230 00:11:21.200 --> 00:11:25.559 their responsibility based on the business context. Getting too personally 231 00:11:25.600 --> 00:11:28.519 invested in every single decision is a fast track to 232 00:11:28.559 --> 00:11:28.960 burn out. 233 00:11:29.399 --> 00:11:32.360 That need to kind of separate yourself or align yourself 234 00:11:32.360 --> 00:11:35.279 correctly seems to link directly to the idea of culture 235 00:11:35.279 --> 00:11:35.720 fit too. 236 00:11:36.080 --> 00:11:38.960 Absolutely, it's just too draining to go to work every 237 00:11:39.039 --> 00:11:40.840 day feeling like you have to put on a mask 238 00:11:41.240 --> 00:11:43.960 to constantly bend your personality to fit in with the 239 00:11:44.000 --> 00:11:44.799 company culture. 240 00:11:45.200 --> 00:11:48.399 So aligning your personal why, your values with the culture 241 00:11:48.440 --> 00:11:51.279 and the specific type of security work you do is 242 00:11:51.399 --> 00:11:54.759 really important for long term sustainability. 243 00:11:53.879 --> 00:11:56.919 Massively important, and this is where thinking about those security 244 00:11:56.919 --> 00:11:59.759 personas can be quite helpful. There are archetypes, of course, 245 00:11:59.799 --> 00:12:02.279 not boxes, but they can give you clues about what 246 00:12:02.360 --> 00:12:04.080 kind of roles might fit you best. 247 00:12:04.159 --> 00:12:05.840 Okay, let's run through them. What's the first one? 248 00:12:05.960 --> 00:12:09.120 First is the protector This is someone motivated by a 249 00:12:09.120 --> 00:12:13.279 sense of duty, community service, maybe even national defense. They're 250 00:12:13.360 --> 00:12:16.919 drawn to roles where they're actively defending. Think Blue Team, 251 00:12:17.080 --> 00:12:21.039 operational defense, incident response. They're the ones running towards the fire. 252 00:12:21.159 --> 00:12:22.919 Okay, the protector. Who's next? 253 00:12:23.080 --> 00:12:25.759 Then you have the puzzler. This person is driven by 254 00:12:25.799 --> 00:12:31.120 intellectual curiosity, by complex challenges. They love taking things apart, 255 00:12:31.200 --> 00:12:33.919 figuring out how they work, solving intricate problems. 256 00:12:34.159 --> 00:12:40.279 Roles like penetration testing, reverse engineering, strategic planning exactly. 257 00:12:40.440 --> 00:12:43.960 Deep subject matter experts often fit here. Think Red Team 258 00:12:44.360 --> 00:12:46.559 or specialized security architecture roles. 259 00:12:46.679 --> 00:12:47.000 Got it. 260 00:12:47.279 --> 00:12:50.720 Third PERSONA third is the moral crusader. Their core drive 261 00:12:50.799 --> 00:12:54.120 is around ethics, fairness, doing things the right way. They 262 00:12:54.159 --> 00:12:56.399 believe in rules and ensuring they're followed. 263 00:12:56.600 --> 00:13:00.679 Ah So, Governance, Risk and Compliance GRC DRC. 264 00:13:00.480 --> 00:13:02.559 Is a natural home for them. Yes, they're the rule 265 00:13:02.600 --> 00:13:06.039 makers and the rule followers. Ensuring the organization operates with 266 00:13:06.080 --> 00:13:10.200 integrity and trustworthiness absolutely essential. In the last one, finally, 267 00:13:10.360 --> 00:13:14.559 the change agent. This person thrives on novelty, on new challenges. 268 00:13:14.840 --> 00:13:18.200 They see themselves as fixers, problem solvers. They love jumping 269 00:13:18.240 --> 00:13:20.799 into a new situation, sorting it out and then moving 270 00:13:20.840 --> 00:13:21.600 on to the next thing. 271 00:13:21.879 --> 00:13:24.240 They get bored easily with routine, very easily. 272 00:13:24.360 --> 00:13:27.919 They excel in project based work, maybe consulting, or roles 273 00:13:27.960 --> 00:13:30.879 where they're constantly tackling different kinds of problems. Now, like 274 00:13:30.919 --> 00:13:33.480 I said, few people are purely one type. 275 00:13:33.639 --> 00:13:34.679 Most people are a mix. 276 00:13:34.799 --> 00:13:37.559 Yeah, usually have a dominant trait and maybe pieces of 277 00:13:37.559 --> 00:13:42.120 the others. But understanding your primary driver, that main persona 278 00:13:42.440 --> 00:13:45.159 can really help you target roles in environments where you're 279 00:13:45.200 --> 00:13:47.960 more likely to feel engaged and frankly happy. 280 00:13:48.279 --> 00:13:50.879 So pulling this all together, it seems success in this 281 00:13:50.960 --> 00:13:54.480 really complex cybersecurity field comes down to a few key things. 282 00:13:55.120 --> 00:13:59.279 Really knowing your why, prioritizing those crucial professional skills like 283 00:13:59.360 --> 00:14:03.480 EI communication, and then learning how to manage that inevitable 284 00:14:03.600 --> 00:14:07.120 organizational stress by being seen as a partner not just 285 00:14:07.759 --> 00:14:08.440 the no police. 286 00:14:08.639 --> 00:14:10.759 That sums it up pretty well. Know yourself, build your 287 00:14:10.759 --> 00:14:13.480 professional skills, and learn to navigate the human side of 288 00:14:13.519 --> 00:14:14.200 the organization. 289 00:14:14.679 --> 00:14:18.039 And for you listening right now, if you're out there 290 00:14:18.039 --> 00:14:21.600 applying for jobs, maybe you're getting interviews, but you keep 291 00:14:21.639 --> 00:14:24.279 falling short at the final hurdle, not getting the offer. 292 00:14:24.919 --> 00:14:28.120 Our source material had a really specific piece of advice 293 00:14:28.159 --> 00:14:28.399 on that. 294 00:14:28.519 --> 00:14:31.559 Yeah, this is a common frustration. If you're consistently getting interviews. 295 00:14:31.600 --> 00:14:35.159 It usually means your technical skills, your resume on paper, 296 00:14:35.320 --> 00:14:37.399 it's good enough. They see the potential. 297 00:14:37.759 --> 00:14:39.320 So the problem isn't the skills. 298 00:14:39.440 --> 00:14:42.519 The failure is likely happening in the interview. It's probably 299 00:14:42.559 --> 00:14:46.519 about articulation. You might not be clearly explaining why you 300 00:14:46.559 --> 00:14:49.080 want this specific role at this specific. 301 00:14:48.600 --> 00:14:51.960 Company, connecting your story to their needs exactly. 302 00:14:52.480 --> 00:14:54.679 You need to sharpen how you talk about your background, 303 00:14:54.799 --> 00:14:58.159 your motivations, your personal why and directly link it to 304 00:14:58.200 --> 00:15:01.039 the job description, to the company's MISSI show them you 305 00:15:01.159 --> 00:15:04.320 understand what they need and how you specifically can help 306 00:15:04.360 --> 00:15:06.679 them achieve it. Don't just give generic answers. 307 00:15:07.080 --> 00:15:09.960 That's really actionable advice. Okay, let's wrap up with the 308 00:15:09.960 --> 00:15:13.000 final thought, something a bit provocative. Maybe that ties back 309 00:15:13.039 --> 00:15:15.879 to that CSO tenure issue we mentioned right at the start. 310 00:15:16.080 --> 00:15:19.480 Yeah, that average tenure of just twenty four to forty 311 00:15:19.519 --> 00:15:23.559 eight months. It's shockingly short, isn't it, And it means 312 00:15:24.039 --> 00:15:27.240 very few security leaders actually get to leave a deep, 313 00:15:27.360 --> 00:15:29.879 truly lasting legacy within an organization. 314 00:15:30.240 --> 00:15:32.720 So what's a provocative part Well, we talked. 315 00:15:32.519 --> 00:15:36.200 About managing stress and conflict, but think about structural success. 316 00:15:36.399 --> 00:15:40.000 Imagine a CISO builds a fantastic, high performing team, then 317 00:15:40.000 --> 00:15:42.440 they leave and within a year or so that team 318 00:15:42.480 --> 00:15:46.279 gets broken up. Maybe its functions get absorbed by other departments. 319 00:15:46.360 --> 00:15:47.559 Yeah, you hear about that happening. 320 00:15:47.720 --> 00:15:51.360 The provocative thought is that often that dissolution isn't just 321 00:15:51.440 --> 00:15:55.000 bad luck or changing priorities. It might actually be a 322 00:15:55.039 --> 00:15:58.000 failure of the previous leader. How So, a failure to 323 00:15:58.039 --> 00:16:02.240 effectively manage stakeholders up and outwards, to embed the security 324 00:16:02.279 --> 00:16:05.440 function so deeply and demonstrate its value so clearly across 325 00:16:05.440 --> 00:16:09.240 the organization that its mission and structure continue even after 326 00:16:09.240 --> 00:16:11.879 the leader departs. Their efforts weren't sticky enough. 327 00:16:11.960 --> 00:16:15.320 Wow. Okay, So the ultimate challenge for a leader isn't 328 00:16:15.320 --> 00:16:18.360 just building the team, but making its work indispensable and 329 00:16:18.440 --> 00:16:20.639 understood by the rest of the organization. 330 00:16:20.559 --> 00:16:24.279 Exactly, ensuring its value proposition is clear and integrated. 331 00:16:24.600 --> 00:16:27.360 So, if you are a security leader now, or you 332 00:16:27.399 --> 00:16:30.519 aspire to be one, maybe the real mission isn't just 333 00:16:30.559 --> 00:16:33.919 about your own tenure. It's about building a structure, a team, 334 00:16:34.279 --> 00:16:37.840 a set of processes, maybe even a succession plan that's 335 00:16:37.840 --> 00:16:41.919 so robust, so well integrated, that the mission survives your 336 00:16:41.960 --> 00:16:42.840 inevitable exit. 337 00:16:42.960 --> 00:16:43.840 That's the challenge. 338 00:16:43.919 --> 00:16:46.039 Our final question to you, then, is this, what are 339 00:16:46.080 --> 00:16:48.440 you going to do starting today to make sure your work, 340 00:16:48.480 --> 00:16:52.559 your team's work, becomes truly institutionalized, truly sticky enough to 341 00:16:52.679 --> 00:16:54.240 endure long after you've moved on. 342 00:16:54.639 --> 00:16:57.759 Think about the sustainability of your impact. Something to chew on. 343 00:16:57.840 --> 00:16:59.120 Will see you on the next deep dive.