WEBVTT 1 00:00:00.040 --> 00:00:02.720 Hey, everyone, welcome back for another deep dive. 2 00:00:03.040 --> 00:00:03.960 Yes, welcome back. 3 00:00:04.120 --> 00:00:08.119 This time we're digging into tribe of hackers security leaders. 4 00:00:08.480 --> 00:00:11.919 Oooh yes, you know, I think everyone kind of gets 5 00:00:12.000 --> 00:00:16.280 by on the technical skills, but like actually leaving a team, yeah, 6 00:00:16.320 --> 00:00:18.000 and you know, making the tough calls. 7 00:00:18.280 --> 00:00:19.120 It's a different beast. 8 00:00:19.879 --> 00:00:20.399 Yeah. 9 00:00:20.800 --> 00:00:23.120 In this cybersecurity world is like a whole other. 10 00:00:23.440 --> 00:00:24.800 Absolutely, a whole other level. 11 00:00:24.920 --> 00:00:25.640 Yeah. 12 00:00:25.320 --> 00:00:27.559 And what I think is so interesting about this book 13 00:00:27.559 --> 00:00:31.519 in particular is that, you know, it's not just a 14 00:00:31.640 --> 00:00:35.039 technical how to manual r you know, it's really a 15 00:00:35.079 --> 00:00:38.640 collection of interviews with a whole bunch of different cybersecurity 16 00:00:38.759 --> 00:00:43.000 leaders and they share their strategic thinking and their war stories, 17 00:00:43.640 --> 00:00:45.600 you know, kind of their lessons learned along the way. 18 00:00:45.880 --> 00:00:48.200 I love it because it's like we're getting a peak 19 00:00:48.240 --> 00:00:51.880 behind the curtain exactly to see how their minds work. Yes, 20 00:00:52.119 --> 00:00:54.679 and you know, it makes this deep dive so valuable. 21 00:00:55.200 --> 00:00:58.920 And it's not just theory. It's like real world oil 22 00:00:59.000 --> 00:01:02.159 world wisdom from these people who've been in the trench, 23 00:01:02.399 --> 00:01:04.959 been they've done that exactly. So let's jump into that 24 00:01:05.000 --> 00:01:07.719 first big takeaway that really stood out to me. This 25 00:01:07.879 --> 00:01:12.560 idea of the evolving cybersecurity landscape. I mean, we hear 26 00:01:12.680 --> 00:01:15.959 all the time about how things are changing so rapidly constantly, 27 00:01:16.120 --> 00:01:18.400 but what does that mean, Like, what does that actually 28 00:01:18.480 --> 00:01:20.359 mean for security leaders? 29 00:01:20.519 --> 00:01:23.000 Yeah, it's a great question. And you know, one of 30 00:01:23.079 --> 00:01:27.359 the most thought provoking ideas I think comes from James Arln, 31 00:01:27.840 --> 00:01:32.959 who leads salesforce for Roku's production engineering team. Okay, and 32 00:01:33.040 --> 00:01:38.120 he argues that cybersecurity should be everybody's responsibility, okay, woven 33 00:01:38.159 --> 00:01:41.560 into every role, not just siloed within the security team. 34 00:01:41.680 --> 00:01:44.560 Yeah. That's a big shift from how most companies operate today. 35 00:01:44.760 --> 00:01:47.680 Huge And he even compares it to this idea of 36 00:01:47.760 --> 00:01:52.120 a chief electrification officer, which you know, that role essentially 37 00:01:52.120 --> 00:01:57.040 disappeared as electricity became commonplace. He's asking like, is cybersecurity 38 00:01:57.040 --> 00:01:58.159 headed in the same direction. 39 00:01:58.439 --> 00:02:00.200 So he's saying, like, could we get to a point 40 00:02:00.200 --> 00:02:02.480 where you don't need a specialist. 41 00:02:02.000 --> 00:02:07.000 Potentially yeah, to like, you know, handle every single security issue. 42 00:02:07.120 --> 00:02:11.080 Imagine if you didn't need, you know, a specialized electrician 43 00:02:11.120 --> 00:02:13.800 to change a light bulb. Could we reach a point 44 00:02:13.800 --> 00:02:17.039 where you don't need a dedicated team yeah, to handle 45 00:02:17.080 --> 00:02:18.319 every security issue. 46 00:02:18.479 --> 00:02:22.759 It's a really compelling idea. But it's also a little daunting, Yeah, 47 00:02:22.800 --> 00:02:25.080 a little bit like how do you even implement that? 48 00:02:25.639 --> 00:02:27.560 Like distributed responsibility? 49 00:02:27.680 --> 00:02:32.280 Well, and he suggests that this model could lead to 50 00:02:32.400 --> 00:02:35.919 greater accountability. Okay, if everyone has skin in the game, 51 00:02:36.120 --> 00:02:39.080 so to speak, when it comes to security, then they're 52 00:02:39.120 --> 00:02:40.319 more likely to take it seriously. 53 00:02:40.439 --> 00:02:42.479 Right, But it also means like a huge cultural shift. 54 00:02:42.560 --> 00:02:45.639 Oh absolutely, because right now most companies have these dedicated 55 00:02:45.680 --> 00:02:49.400 security teams. Would those just become obsolete. 56 00:02:49.360 --> 00:02:52.159 You know, not necessarily obsolete, but their roles might evolve. Okay, 57 00:02:52.199 --> 00:02:56.319 they could become more focused on oversight and compliance, ensuring 58 00:02:56.360 --> 00:03:00.039 that everyone's meeting their security responsibilities right, rather than handling 59 00:03:00.080 --> 00:03:01.840 all the technical tasks themselves. 60 00:03:02.080 --> 00:03:04.439 So it's almost like they become a coach instead of 61 00:03:04.479 --> 00:03:04.960 a player. 62 00:03:05.159 --> 00:03:07.919 Yeah. Think of it as a coach who empowers their 63 00:03:07.919 --> 00:03:12.280 team to succeed, rather than a player who does everything themselves. 64 00:03:12.479 --> 00:03:15.719 Right. It's empowering every single person to be a security advocate, 65 00:03:15.960 --> 00:03:18.360 absolutely relying on just this small group. 66 00:03:18.599 --> 00:03:21.479 Yeah, and this actually brings up another challenge that these 67 00:03:21.560 --> 00:03:25.919 leaders discuss, this idea of decision making under pressure. You know, 68 00:03:25.960 --> 00:03:30.360 you're constantly facing these high stake situations where you need 69 00:03:30.400 --> 00:03:35.039 to balance risk and business needs in human factors. So 70 00:03:35.080 --> 00:03:36.039 how do they approach that? 71 00:03:36.240 --> 00:03:39.879 Yeah, any practical advice we can get from their experience. 72 00:03:39.520 --> 00:03:41.479 There's some really great advice, and you can apply this 73 00:03:41.520 --> 00:03:44.560 to your own work. Andrew Bagrin, the founder of omninet. 74 00:03:45.120 --> 00:03:47.479 He gives you a framework for making those tough calls, 75 00:03:48.240 --> 00:03:52.199 but the business and your team's needs first, especially when 76 00:03:52.199 --> 00:03:53.599 it comes to personnel decisions. 77 00:03:53.919 --> 00:03:57.319 So that's interesting because it's saying, sometimes the technically right 78 00:03:57.400 --> 00:04:00.759 answer yeah, might not be the best for the organize. 79 00:04:00.800 --> 00:04:03.479 It might not be or even the people. Exactly. And 80 00:04:03.639 --> 00:04:07.199 you know Christopher Caruso who has extensive experience in both 81 00:04:07.599 --> 00:04:12.280 IT and OT cybersecurity. Now, what's ot OT is operational 82 00:04:12.319 --> 00:04:17.279 technology and it refers to the systems that control physical processes. Okay, 83 00:04:17.800 --> 00:04:21.079 so he adds another crucial element, understanding your audience. 84 00:04:21.680 --> 00:04:25.959 So it's not just about being right, it's about being persuasive. 85 00:04:26.839 --> 00:04:31.959 Yes, exactly. So when you're presenting security recommendations to leadership, 86 00:04:32.639 --> 00:04:37.079 you need to be factual, confident, and most importantly, understand 87 00:04:37.079 --> 00:04:38.000 the board's perspective. 88 00:04:38.040 --> 00:04:40.600 Okay, So you're saying, like you've got align your recommendations 89 00:04:40.720 --> 00:04:43.360 online with their priorities that makes a lot of sense, 90 00:04:43.680 --> 00:04:46.120 but it's not always black and white. Sometimes you have 91 00:04:46.199 --> 00:04:49.439 to make these judgment calls where there's no easy answer. 92 00:04:49.639 --> 00:04:53.120 Absolutely, and another leader, Rafel Loss Okay, talks about this 93 00:04:53.160 --> 00:04:58.279 delicate balance between data driven analysis and gut feeling. 94 00:04:58.759 --> 00:05:01.639 So you're saying, it's not just the hold hard data, 95 00:05:01.879 --> 00:05:04.519 not just the data, it's also like trusting your instincts. 96 00:05:04.839 --> 00:05:08.920 Yes, he emphasizes combining data with your intuition. 97 00:05:08.639 --> 00:05:12.240 Okay, and your passion. That makes sense because cybersecurity you're 98 00:05:12.279 --> 00:05:15.560 always dealing with the unknown you are and making decisions 99 00:05:15.560 --> 00:05:18.639 when you're not really sure what's going to happen next. 100 00:05:19.040 --> 00:05:21.839 So you've got this framework for decision making, but then 101 00:05:21.879 --> 00:05:22.360 you need. 102 00:05:22.199 --> 00:05:24.560 The right team absolutely. 103 00:05:24.000 --> 00:05:27.639 To help you execute those decisions for sure. What insights 104 00:05:27.639 --> 00:05:31.680 does the book offer on building and leading these high 105 00:05:31.720 --> 00:05:33.160 performing security teams. 106 00:05:34.240 --> 00:05:37.519 There's a lot of great advice, but Leslie Carhart, principal 107 00:05:37.519 --> 00:05:40.319 threat analyst at Dragos, really hit the nail on the 108 00:05:40.360 --> 00:05:44.399 head with her emphasis on team well being. She says 109 00:05:44.439 --> 00:05:50.959 that good leaders shield their teams from negativity and create 110 00:05:51.000 --> 00:05:53.519 a supportive environment where everyone can thrive. 111 00:05:53.759 --> 00:05:57.160 You know, that's so important, especially in cybersecurity, because burnout 112 00:05:57.240 --> 00:05:59.399 is such a real issue. It is how do you 113 00:05:59.439 --> 00:06:02.920 actually do that? How do you create this positive environment 114 00:06:03.000 --> 00:06:05.319 without ignoring the real concerns. 115 00:06:05.480 --> 00:06:09.079 It's a tough one. It is a delicate balance. You 116 00:06:09.120 --> 00:06:12.879 don't want to create this culture of toxic positivity where 117 00:06:12.879 --> 00:06:16.000 people are afraid to speak up, but at the same time, 118 00:06:16.319 --> 00:06:19.000 you don't want to overwhelm your team with negativity. It's 119 00:06:19.040 --> 00:06:22.800 about finding that balance, acknowledging the challenges but also focusing 120 00:06:22.800 --> 00:06:25.639 on the solutions and celebrating the successes. 121 00:06:25.839 --> 00:06:29.519 So it's that psychological safety where people feel like they 122 00:06:29.560 --> 00:06:33.639 can speak up exactly without being you know, or shut 123 00:06:33.639 --> 00:06:34.160 down exactly. 124 00:06:34.360 --> 00:06:38.240 Yeah. And there's another leader, David Evenden, founder of Standard 125 00:06:38.279 --> 00:06:45.199 User Cybersecurity okay, and he talks about evolving from a 126 00:06:45.680 --> 00:06:50.360 more assertive leadership style okay, to a more empathetic approach okay, 127 00:06:50.560 --> 00:06:54.800 really focused on teen growth and satting clear expectations. 128 00:06:54.800 --> 00:06:58.240 So it's about adapting, adapting your leadership style to fit 129 00:06:58.319 --> 00:07:02.639 the needs of your team and this ever changing security landscape. 130 00:07:02.920 --> 00:07:04.759 So not being stuck in your waist right. 131 00:07:04.920 --> 00:07:06.920 Not just doing it because that's how you've always done it. 132 00:07:07.279 --> 00:07:11.560 And Charles Mowatu, an engineering manager at Netflix, adds that 133 00:07:11.680 --> 00:07:16.199 transparency and vulnerability and creating a supportive environment for growth 134 00:07:16.600 --> 00:07:20.120 are really crucial for building that trust for sure, and 135 00:07:20.199 --> 00:07:21.480 empowering your team. 136 00:07:21.800 --> 00:07:25.720 Absolutely. I love that he emphasizes vulnerability. Yeah, it's so 137 00:07:25.879 --> 00:07:29.399 important for leaders to show that they're human too, and 138 00:07:29.439 --> 00:07:32.560 that they're not afraid to ask for help or admit 139 00:07:32.920 --> 00:07:34.199 when they don't have all the answers. 140 00:07:34.360 --> 00:07:36.800 Right. It creates a culture where everyone feels safe to 141 00:07:36.879 --> 00:07:39.279 take risks and learn from mistakes. 142 00:07:39.360 --> 00:07:43.759 Absolutely, And speaking of learning, the book also delves into 143 00:07:43.879 --> 00:07:48.439 the cybersecurity skills gap. Oh yeah, which is a huge topic. 144 00:07:48.560 --> 00:07:51.800 Yeah, that's a big one. It is what concrete solutions 145 00:07:51.839 --> 00:07:53.160 did these leaders offer. 146 00:07:53.480 --> 00:07:56.199 There's a little bit of debate, okay about the nature 147 00:07:56.240 --> 00:07:56.680 of the gap. 148 00:07:56.800 --> 00:07:57.079 Okay. 149 00:07:57.399 --> 00:08:00.079 Andrew Bagrin argues that there's no shortage of you and 150 00:08:00.160 --> 00:08:03.639 your talent, but a lack of experience senior professionals. 151 00:08:04.040 --> 00:08:06.000 So it's not just about getting people in. Not just 152 00:08:06.040 --> 00:08:08.079 getting them in, it's about helping them move up. 153 00:08:07.959 --> 00:08:09.399 Helping them get to that senior level. 154 00:08:09.680 --> 00:08:11.920 Yeah, and that seems to be a common theme, is 155 00:08:11.920 --> 00:08:16.279 that development and mentorship are really key to addressing this. 156 00:08:16.560 --> 00:08:21.800 Absolutely. Steve Christy Coley principal INFOSEC engineer at my tr Okay, 157 00:08:22.000 --> 00:08:26.360 he stresses the need for the industry to invest in 158 00:08:26.519 --> 00:08:32.480 training okay, and support for less experienced individuals, basically saying, 159 00:08:32.639 --> 00:08:35.600 we can't just expect these season pros to magically appear. 160 00:08:36.240 --> 00:08:41.639 We need to create opportunities for mentorship, training, and career advancement. 161 00:08:41.720 --> 00:08:44.519 You Know, it's interesting because sometimes these job descriptions for 162 00:08:44.679 --> 00:08:48.600 cybersecurity roles want people to be unicorns, they do. They 163 00:08:48.639 --> 00:08:51.519 want them to have all this experiences of experience in 164 00:08:51.600 --> 00:08:53.480 every single technology. 165 00:08:52.960 --> 00:08:56.480 Right, and that's something that Steven A. Ridley, a cybersecurity 166 00:08:56.480 --> 00:08:58.600 consultant Okay, he criticizes this. 167 00:08:58.919 --> 00:08:59.279 Okay. 168 00:08:59.320 --> 00:09:03.120 He highlights the importance of giving young professionals a chance 169 00:09:03.840 --> 00:09:08.120 and challenging those unrealistic expectations and requirements often found in 170 00:09:08.159 --> 00:09:08.759 those job. 171 00:09:08.559 --> 00:09:11.440 Descriptions because it can be really discouraging, I bet very 172 00:09:11.440 --> 00:09:13.000 discouraging for someone new. 173 00:09:13.360 --> 00:09:16.279 Yes, so there needs to be a mindset shift, Okay, 174 00:09:16.399 --> 00:09:19.919 not just focusing on years of experience, but looking at 175 00:09:19.960 --> 00:09:22.559 potential and aptitude. 176 00:09:22.679 --> 00:09:26.080 So focusing on those qualities and recognizing that raw talent 177 00:09:26.200 --> 00:09:27.240 can be nurtured. 178 00:09:28.039 --> 00:09:32.279 Absolutely, and they also emphasize the importance of providing opportunities 179 00:09:32.279 --> 00:09:37.279 for mentorship where experience professionals can guide and support those 180 00:09:37.320 --> 00:09:38.360 who are just starting out. 181 00:09:38.639 --> 00:09:42.559 Mentorship is so crucial, it is. It's passing on knowledge, 182 00:09:42.879 --> 00:09:45.399 building confidence, creating a sense of community. 183 00:09:45.480 --> 00:09:49.600 Absolutely, But it's not just about developing individual skills. There's 184 00:09:49.639 --> 00:09:53.720 also a strong emphasis on collaboration and communication. 185 00:09:54.000 --> 00:09:57.679 Because cybersecurity can't operate in a silo, no, it can't. 186 00:09:57.759 --> 00:10:01.480 Leaders need to break down these barriers, build relationships with 187 00:10:01.559 --> 00:10:04.480 other teams, from executives to developers. 188 00:10:04.519 --> 00:10:06.159 Absolutely, and that starts with communication. 189 00:10:06.399 --> 00:10:09.399 So how do they suggest we go about building these bridges? 190 00:10:09.840 --> 00:10:14.240 You know? Edward Prevostky, staff security engineer at Squarespace, has 191 00:10:14.240 --> 00:10:18.879 a great reframing. He suggests that infosec should transition from 192 00:10:18.879 --> 00:10:22.159 a no team oh to a collaborative partner. 193 00:10:22.399 --> 00:10:26.440 So instead of shutting down ideas, security teams should be 194 00:10:26.480 --> 00:10:30.279 offering solutions, offering solutions, working together, working together to achieve 195 00:10:30.320 --> 00:10:31.799 those shared goals exactly. 196 00:10:32.360 --> 00:10:37.440 He talks about clearly defining risk, appetite and offering options 197 00:10:37.759 --> 00:10:39.399 rather than just saying no outright. 198 00:10:39.799 --> 00:10:43.679 That's so important. It is because if security is seen 199 00:10:43.720 --> 00:10:46.799 as a roadblock, people are going to find ways to 200 00:10:46.799 --> 00:10:48.799 go around it. They will, but if they see it 201 00:10:48.799 --> 00:10:51.399 as a partner, then they can work together. 202 00:10:51.240 --> 00:10:52.759 To find secure solutions. 203 00:10:52.879 --> 00:10:55.919 But that requires a high level of communication and trust. 204 00:10:56.080 --> 00:10:59.960 It does, absolutely, and Christopher Adneck, founder of Social engine 205 00:11:00.080 --> 00:11:04.480 Near LLC, really hits on this point. He emphasizes transparency, 206 00:11:05.120 --> 00:11:09.759 frequent communication, and creating a culture of trust okay. He 207 00:11:09.879 --> 00:11:12.840 believes that when everyone's on the same page right and 208 00:11:12.919 --> 00:11:17.320 feels comfortable sharing information, that's when it's easiest to identify 209 00:11:17.639 --> 00:11:19.600 right and address security risks. 210 00:11:19.879 --> 00:11:24.120 So it's building those relationships, creating that environment where people 211 00:11:24.120 --> 00:11:26.120 feel safe speaking up exactly. 212 00:11:26.159 --> 00:11:29.360 And Charles Watu, who we mentioned earlier, adds that top 213 00:11:29.440 --> 00:11:33.519 down security awareness okay, embedded in the company culture is essential. 214 00:11:34.519 --> 00:11:39.159 He also stresses the importance of building relationships with engineering 215 00:11:39.159 --> 00:11:44.399 teams working collaboratively to integrate security into the development process. 216 00:11:44.559 --> 00:11:45.919 It makes sense when you put it that way. 217 00:11:46.080 --> 00:11:46.399 It does. 218 00:11:46.519 --> 00:11:48.840 Security is just an afterthought. It's always going to be 219 00:11:48.840 --> 00:11:51.120 playing catch up, absolutely, but if it's baked into the 220 00:11:51.200 --> 00:11:55.159 culture from the top down, it becomes part of everyone's mindset. 221 00:11:55.279 --> 00:11:55.720 Exactly. 222 00:11:55.879 --> 00:11:59.159 So we've covered a lot here, But did these leaders 223 00:11:59.320 --> 00:12:01.200 offer any reading recommendations? 224 00:12:01.200 --> 00:12:05.960 Oh? Yeah, they did. For aspiring cybersecurity pros who want 225 00:12:05.960 --> 00:12:08.440 to level up their leadership skills, Yeah, they did. They 226 00:12:08.480 --> 00:12:11.720 offered a really diverse range of bucks, catering to different 227 00:12:11.759 --> 00:12:14.120 leadership styles and interests. 228 00:12:14.279 --> 00:12:15.840 So like, what kind of stuff? Well? 229 00:12:15.840 --> 00:12:19.120 Some were business and leadership classics Good to Great by 230 00:12:19.240 --> 00:12:22.080 Jim Collins. Okay, yeah, what got you here? Won't Get 231 00:12:22.120 --> 00:12:27.039 You There by Marshall Goldsmith, and The Hard Thing About 232 00:12:27.039 --> 00:12:28.720 Hard Things by Ben Horowitz. 233 00:12:29.000 --> 00:12:32.440 Those are all fantastic books. They are with timeless advice 234 00:12:32.519 --> 00:12:36.840 on building strong teams, making tough decisions, navigating the challenges 235 00:12:36.840 --> 00:12:37.559 of leadership. 236 00:12:37.639 --> 00:12:39.159 Yeah, regardless of your industry. 237 00:12:39.200 --> 00:12:42.000 What about books specifically focused on cybersecurity? 238 00:12:42.120 --> 00:12:42.519 Of course? 239 00:12:42.679 --> 00:12:43.440 What did they say? 240 00:12:43.559 --> 00:12:48.279 Some popular choices were Tribe of Hackers, Naturally, Security Metrics 241 00:12:49.000 --> 00:12:55.159 Replacing Fear, Uncertainty, and Doubt by Andrew Jackwith, and Applied 242 00:12:55.159 --> 00:12:57.320 Cryptography by Bruce Schneier. 243 00:12:57.840 --> 00:13:01.840 Those are must reads for anyone serious about cybersecurity for sure. 244 00:13:01.919 --> 00:13:06.039 What about books on communication, teamwork, and decision making skills 245 00:13:06.039 --> 00:13:08.240 that are essential for any good leader? 246 00:13:08.440 --> 00:13:12.279 They covered those two Team of Teams by General Stanley McCrystal, 247 00:13:12.960 --> 00:13:17.639 Death by Meeting by Patrick Lincioni, Radical Candor by Kim Scott. 248 00:13:17.759 --> 00:13:20.600 Wow, that is quite the list, the reading list. This 249 00:13:20.639 --> 00:13:23.000 could keep me busy for a while. You know, it's 250 00:13:23.080 --> 00:13:26.480 inspiring to see how these leaders are not just experts 251 00:13:26.519 --> 00:13:30.360 in their field, but also well rounded individuals. Yes, who 252 00:13:30.440 --> 00:13:33.600 value continuous learning and personal growth, for sure. But I'm 253 00:13:33.600 --> 00:13:35.679 also curious what keeps them up at night? 254 00:13:36.000 --> 00:13:36.919 Oh, good question. 255 00:13:37.120 --> 00:13:40.639 What are their biggest concerns? Yeah, when it comes to cybersecurity. 256 00:13:41.480 --> 00:13:47.360 Well, you're right, these leaders are incredibly knowledgeable and passionate. Yeah, 257 00:13:47.600 --> 00:13:51.759 but they're also realistic about the challenges we face in cybersecurity. 258 00:13:51.919 --> 00:13:52.360 Yeah. 259 00:13:52.559 --> 00:13:57.879 One recurring theme is this constantly evolving threat landscape. They're 260 00:13:58.000 --> 00:14:05.200 keenly aware of new vulnerabilities, sophisticated attack techniques. It's relentless, 261 00:14:05.240 --> 00:14:09.000 relentless pressure to stay ahead of the bad guys. 262 00:14:08.840 --> 00:14:11.919 Like these sentinels, always on watch, yes, for the next 263 00:14:11.960 --> 00:14:12.559 big attack. 264 00:14:12.799 --> 00:14:14.000 That's a good way to put it. It's a lot 265 00:14:14.039 --> 00:14:17.159 of responsibility, it is, and that actually ties into another 266 00:14:17.240 --> 00:14:20.399 major concern they share, the talent shortage we talked about earlier. 267 00:14:20.519 --> 00:14:23.600 You know, it's a constant struggle to find and keep 268 00:14:24.200 --> 00:14:31.000 skilled cybersecurity professionals, especially those with experience and leadership potential. Yeah. 269 00:14:31.200 --> 00:14:35.559 The competition for talent is fierce and it's only getting tougher. 270 00:14:35.759 --> 00:14:38.039 And then on top of that you add the rapid 271 00:14:38.080 --> 00:14:44.200 pace of technological change. Absolutely new technologies emerging constantly, which 272 00:14:44.279 --> 00:14:49.120 brings opportunities, yes, but also new security risks so many 273 00:14:49.240 --> 00:14:51.799 it's like this never ending game of cat and mouse. 274 00:14:52.159 --> 00:14:54.200 I like that analogy. Yeah, that's a good way to 275 00:14:54.200 --> 00:14:57.320 put it. You're constantly trying to secure new systems and 276 00:14:57.360 --> 00:15:02.399 applications while also dealing with legacy technologies that might be 277 00:15:02.519 --> 00:15:03.879 riddled with vulnerabilities. 278 00:15:04.000 --> 00:15:08.519 Yeah, and let's not forget the growing complexity of IT environments. 279 00:15:09.480 --> 00:15:14.720 As organizations adopt cloud computing, right, mobile devices, the Internet 280 00:15:14.720 --> 00:15:17.840 of Things, It's expanded tack surface is just. 281 00:15:17.840 --> 00:15:20.000 It's getting bigger and bigger. It's like trying to build 282 00:15:20.000 --> 00:15:23.679 a fortress with walls that are constantly shifting and expand 283 00:15:23.759 --> 00:15:24.120 how do. 284 00:15:24.080 --> 00:15:26.799 You even begin to defend something like that? 285 00:15:26.799 --> 00:15:29.720 That is the million dollar question. Yeah, that's the challenge 286 00:15:29.759 --> 00:15:31.279 these leaders grapple with every day. 287 00:15:31.679 --> 00:15:34.080 Yeah, and of course you can't forget about the human element, 288 00:15:34.200 --> 00:15:37.320 the human elament. Even with the best technologies and processes 289 00:15:37.320 --> 00:15:39.080 in place, human error is. 290 00:15:39.080 --> 00:15:40.759 Still it's still a major risk. 291 00:15:40.879 --> 00:15:44.320 Yeah, A single phishing email, or a weak password, or 292 00:15:45.639 --> 00:15:46.919 just a careless mistake. 293 00:15:47.120 --> 00:15:50.759 One wrong click can open the door to a devastating attack. 294 00:15:50.919 --> 00:15:53.759 It's like, you can have all the fancy tools and 295 00:15:53.799 --> 00:15:58.279 technologies in the world, but ultimately security comes down to people. 296 00:15:58.519 --> 00:15:59.240 It really does. 297 00:15:59.360 --> 00:16:01.159 Yeah, leaders understand that. 298 00:16:01.399 --> 00:16:01.759 They do. 299 00:16:01.919 --> 00:16:04.919 They worry about the impact of a successful attack on 300 00:16:05.080 --> 00:16:09.159 their organization's reputation, romance's customer trust. 301 00:16:09.200 --> 00:16:11.360 It's a heavy burden to carry, it is, for sure. 302 00:16:11.399 --> 00:16:13.840 So given all of these challenges, the book also asked 303 00:16:13.840 --> 00:16:18.759 these leaders what they would change about cybersecurity leadership if 304 00:16:18.799 --> 00:16:19.840 they had a magic. 305 00:16:19.600 --> 00:16:22.159 Wand a magic wand I love it. 306 00:16:22.240 --> 00:16:23.039 What did they say? 307 00:16:23.159 --> 00:16:25.399 What are their big dreams for the future For the 308 00:16:25.440 --> 00:16:30.360 future of cybersecurity leadership? Well, one common theme was this 309 00:16:30.600 --> 00:16:35.679 desire for greater alignment between security and business goals. You know, 310 00:16:35.720 --> 00:16:38.720 they want to move away from security being seen as 311 00:16:38.720 --> 00:16:42.559 a roadblock and instead be viewed as a strategic partner 312 00:16:43.279 --> 00:16:46.200 that helps enable business growth and innovation. 313 00:16:46.799 --> 00:16:49.039 Which makes sense because if it's just seen as a 314 00:16:49.120 --> 00:16:52.639 cost center or like a compliance burden, it's always going 315 00:16:52.679 --> 00:16:53.759 to be an uphill battle. 316 00:16:53.840 --> 00:16:55.960 It is, But if it's viewed as a key enabler 317 00:16:56.320 --> 00:17:02.039 it becomes a real competitive advantage exactly. Leaders also expressed 318 00:17:02.120 --> 00:17:06.240 a desire for a more proactive and preventative approach okay 319 00:17:06.440 --> 00:17:07.440 to cybersecurity. 320 00:17:07.599 --> 00:17:10.359 So instead of always putting out fires, yes. 321 00:17:10.599 --> 00:17:14.599 Moving away from that reactive firefighting mentality that's so prevalent 322 00:17:14.640 --> 00:17:14.880 in the. 323 00:17:14.799 --> 00:17:17.240 Industry, They want to prevent the fires from starting in. 324 00:17:17.160 --> 00:17:20.440 The first place, absolutely, and they recognize that this requires 325 00:17:20.960 --> 00:17:26.079 a different mindset, different skills, different investment. Another wish was 326 00:17:26.079 --> 00:17:30.640 for greater investment in security awareness and training. They envision 327 00:17:30.680 --> 00:17:34.359 a world where everyone in the organization, from the CEO 328 00:17:35.000 --> 00:17:39.680 to the newest intern, understands their role in protecting the organization. 329 00:17:39.880 --> 00:17:42.400 So creating a culture of security. 330 00:17:42.000 --> 00:17:45.839 Yes, where it's not just the security team's job, but 331 00:17:46.000 --> 00:17:48.119 everyone's responsibility. 332 00:17:47.400 --> 00:17:50.640 To be vigilant absolutely, and to understand. 333 00:17:50.359 --> 00:17:52.480 The risks yes, and how to mitigate them. 334 00:17:52.519 --> 00:17:55.160 There is also a strong desire for greater diversity and 335 00:17:55.200 --> 00:17:56.440 inclusion in the workforce. 336 00:17:56.640 --> 00:17:59.720 Yes. Many leaders recognize that we need to attract and 337 00:17:59.759 --> 00:18:04.519 reat talent from a wider range of backgrounds and experiences. 338 00:18:04.640 --> 00:18:06.799 Diversity of thought is so crucial. 339 00:18:06.519 --> 00:18:10.799 Yes, especially in cybersecurity, where you're constantly facing new threats, 340 00:18:11.079 --> 00:18:11.799 new challenges. 341 00:18:11.880 --> 00:18:14.200 Having those different perspectives can only make you stronger. 342 00:18:14.400 --> 00:18:18.319 Absolutely. And finally, some leaders expressed a desire for a 343 00:18:18.400 --> 00:18:23.359 future where cybersecurity is simply baked in to every aspect 344 00:18:23.359 --> 00:18:24.160 of technology. 345 00:18:24.279 --> 00:18:28.480 So you're saying like they envision a world where security. 346 00:18:28.000 --> 00:18:32.480 Is just an integral yeah, of the design and development process. 347 00:18:32.240 --> 00:18:35.240 Not just an afterthought, but a bold on solution. So 348 00:18:35.400 --> 00:18:40.400 making security a fundamental principle, yes, that guides every aspect 349 00:18:40.440 --> 00:18:42.079 of our digital lives, just like. 350 00:18:42.039 --> 00:18:44.960 Safety is a fundamental principle right in the physical world. 351 00:18:45.119 --> 00:18:48.920 So these magic wand wishes, Yeah, they really paint a picture, 352 00:18:49.200 --> 00:18:54.319 they do, of where these leaders see cybersecurity heading. Absolutely, 353 00:18:54.359 --> 00:19:00.359 But what about concrete advice? Yeah, for these aspiring leader 354 00:19:01.279 --> 00:19:04.279 what do they suggest for those who are looking to 355 00:19:04.279 --> 00:19:06.880 step into leadership roles in cybersecurity? 356 00:19:06.960 --> 00:19:09.640 Will they emphasize a lot of the themes we've already discussed, 357 00:19:10.079 --> 00:19:14.440 continuous learning, staying ahead of the curve in this rapidly 358 00:19:14.559 --> 00:19:18.920 evolving field, developing both technical skills and leadership qualities. 359 00:19:18.960 --> 00:19:21.319 So it's not enough to be the tech expert. You 360 00:19:21.359 --> 00:19:24.759 also have to be able to lead people, communicate effectively, 361 00:19:24.799 --> 00:19:26.279 and make those strategic decisions. 362 00:19:26.640 --> 00:19:30.119 And they highlight the importance of building relationships, networking with 363 00:19:30.160 --> 00:19:33.400 other professionals, seeking out mentors who can guide and support you. 364 00:19:33.839 --> 00:19:38.200 Mentorship is so valuable, absolutely, especially in a field like this. 365 00:19:38.119 --> 00:19:41.799 Or experience is often hard one. Having someone to bounce 366 00:19:41.880 --> 00:19:46.480 ideas off of, ask for advice, Yeah, learn from their mistakes. 367 00:19:46.559 --> 00:19:50.400 It's invaluable, it is. Yeah. They encourage these aspiring leaders 368 00:19:50.440 --> 00:19:53.920 to develop their communication skills sure, learning to explain those 369 00:19:54.039 --> 00:19:58.200 complex technical concepts in a way that resonates with different 370 00:19:58.200 --> 00:20:01.440 audiences executtives to developers. 371 00:20:01.519 --> 00:20:05.119 Absolutely, that's crucial. And as a leader, you're always going 372 00:20:05.160 --> 00:20:09.400 to be communicating, whether it's presenting to the board, explaining 373 00:20:09.400 --> 00:20:13.359 a security incident to your team, advocating for resources. 374 00:20:13.400 --> 00:20:14.519 It's a big part of the job. 375 00:20:15.000 --> 00:20:19.440 It is. And finally, these leaders urge you to embrace 376 00:20:19.519 --> 00:20:23.359 the challenge of cybersecurity, to see it not just as 377 00:20:23.400 --> 00:20:28.720 a job, but as a mission to protect organizations, communities, 378 00:20:29.319 --> 00:20:30.359 our digital lives. 379 00:20:30.480 --> 00:20:33.039 To find meaning and purpose in your work, knowing that 380 00:20:33.079 --> 00:20:35.119 you're making a real difference. 381 00:20:34.920 --> 00:20:37.839 And inspiring others to join you in that mission to 382 00:20:37.920 --> 00:20:41.319 build a more secure and resilient digital future for everyone. 383 00:20:41.480 --> 00:20:42.200 I love that. 384 00:20:42.240 --> 00:20:43.119 It's a great mission. 385 00:20:43.240 --> 00:20:45.759 This has been a fantastic deep dive. I feel like 386 00:20:45.759 --> 00:20:50.279 I've learned so much from hearing these leaders insights and perspectives. 387 00:20:50.599 --> 00:20:54.440 It's really inspiring to see their passion and their commitment 388 00:20:55.119 --> 00:21:00.640 to excellence, and just their unwavering belief in the importance 389 00:21:00.640 --> 00:21:01.319 of their work. 390 00:21:01.519 --> 00:21:05.920 And what's so great about Tribe of Hackers Security Leaders 391 00:21:06.599 --> 00:21:10.759 is that it goes beyond those technical aspects of cybersecurity 392 00:21:10.799 --> 00:21:14.759 and it really explores that human side of leadership. It 393 00:21:14.799 --> 00:21:17.920 gives you a glimpse into the challenges I triumphs, the 394 00:21:18.000 --> 00:21:21.400 wisdom these leaders have gained from years of experience. 395 00:21:21.599 --> 00:21:25.680 It reminds you that behind every successful cybersecurity program, Yeah, 396 00:21:26.119 --> 00:21:30.240 there's this team of dedicated and passionate individuals committed to 397 00:21:30.279 --> 00:21:32.599 protecting their organizations and the people they serve. 398 00:21:32.839 --> 00:21:35.000 And this deep dive has been a call to action. 399 00:21:35.759 --> 00:21:41.799 Embrace the challenge, develop your skills, build relationships, strive to 400 00:21:41.839 --> 00:21:46.279 become the leaders the world needs in this ever evolving field. 401 00:21:46.759 --> 00:21:49.960