Episode Transcript
[00:00:00] Speaker A: You're listening to Protect it all, where Aaron Crow expands the conversation beyond just OT delving into the interconnected worlds of IT and OT cybersecurity.
Get ready for essential strategies and insights.
Here's your host, Aaron Crowe.
Awesome. Welcome to another episode of the Protected all podcast. Excited? You guys have probably seen Neil, if you follow me, on LinkedIn or any of the socials, he and I are constantly doing stuff to together, commenting, sharing, all that kind of stuff.
I. I met Neil a couple years ago. We were, you probably heard the story, but, you know, we were both in kind of cyber in the same spaces, but we. We actually met on. On, you know, other social media platforms where we weren't exactly talking about our. Our cyber stuff. And then we saw each other passing at multiple conferences, RSA and Black Hat. We're like, wait, I know that guy.
And then we had a tequila together. And since then, it's been. It's been. The rest is history. So, Neil, why don't you introduce yourself. Tell. Tell everybody who you are and a little bit about your. Your background.
[00:01:10] Speaker B: Yeah, man. Hey, anytime I get to hang with you for a little bit, I'm always in for it, so.
And bonus, if there's tequila involved, too.
[00:01:19] Speaker A: Exactly.
[00:01:20] Speaker B: So, yeah, I've had. I mean, your podcast is. Is heavily cyber, so I'll lean in on that side a little bit. I've had this really interesting evolution into the cybersecurity world in that one of my first jobs out of the Marine Corps was I worked. I got a job running the mail room at a hedge fund called Guggenheim Partners.
And when I was done giving out mail to some of the richest people on the planet, they'd always find me for new things to do, like, oh, get the guy in the mailroom to do the thing. Right. And so I was always doing inventory over technology stuff and making sure we had enough laptops and all that type of fun asset management stuff. Now, that's what that's called now.
And ultimately, there was a project that I was working on about confidentiality of things that are being printed on printers at one of the most highly valuable intellectual property places on the planet, right? Which is. Which was this hedge fund. The internal sanctum of this hedge fund. And long story short, it just set off this really interesting journey for me about understanding how technology works and how memory works within, within, within machines.
And it just. I kind of kept on coming back to it over and over again. And so I evolved from Guggenheim Partners into a data product manager overseeing some very large data sets that were funded funding or funding data into financial data institutions and into financial algorithmic trading and all kinds of data and tech and infrastructure and data and tech and infrastructure stuff. And then when I started my first company, which was a digital marketing agency, obviously had to learn more about how the Internet worked and how SEO and Facebook ads and the algorithms were working and stuff like that. And when I started this business, I wanted to cater to businesses that were in this kind of cutting, this word is terrible word now, but back then it was cutting edge, you know, on the edge of new things. And back when I started this, cybersecurity was still this confusing thing, but was that everybody needed. And so when I built my digital marketing agency, we had a vertical dedicated to understanding all these different cybersecurity stories and where they fit into the infrastructure. And I kind of inadvertently like landed in like having like, I had clients who were bio, you know, identity authentication stuff, and I had endpoint aging clients and I had the beginning of AI clients. And every single one of them would have to explain to me how the thing worked.
And then little by little, and this is, you know, almost 10 years ago now, I started to really understand the complete holistic infrastructure of how things work. But not from a cyber perspective, not from a cybersecurity perspective, more from like an infrastructure perspective because I'd seen behind that. And then because I come from a military background, could easily understand defense in depth and layers of security and stuff like that, because that's what the theater of combat is doing all the time.
And then one of my early mentors, right, just a shortened story a little bit, was like, Neil, you're a really decent product person, but you're so good at telling the story of like how you get to the solution. You need to shift into, consider shifting into sales.
And this person mentored me for, I don't know, a year or two and taught me all these very sophisticated sales strategies and tactics and really was a catalyst for me shifting gears. And so over the past seven or eight years, I've run global cyber sales organizations, built sales channels across the globe, helped cyber startups and AI startups and different types of startups in all different capacities, coached the advisors, helped them raise capital, done their go to market strategies, done prospecting and all kinds of other stuff along the lines. And it's a fascinating world to me, this industry, because it's become so saturated with businesses, it's still something that still needs to exist.
The roles and designations are still confusing as to who actually should be doing what. And why? And, and they still struggle, but it's still just an infant. It's such a big problem, but it's still in its infancy days and yet so sophisticated the same time.
And so, you know, here we sit today, you know, partnering on, running different types of events, you know, events, events all over the country and this weird world of cyber security partnerships, you know, selling, but also adding value as well.
[00:06:42] Speaker A: Yeah, you know, it's, it's been odd to me from a. Obviously cyber security is very technical focused and, and a lot of these super high technical disciplines for me, you know, I got to a certain place in my career where I, I hit this ceiling. Kind of what sounds like what you were talking about, where somebody said, hey, I think you would be, you know, you're a decent over here, but man, you're, you're next.
Right. And you kind of took a sidestep and took that different path.
I have a similar path. I didn't really move into sales necessarily. I've never had a job. Well, I've been a realtor since 2006 and so I've done selling, not in cyber. I've never been in a technical sales title.
But I had multiple leaders along the way.
Helped me to understand my true skill set. And that skill set was yes, I'm very good with technical. Right. I'm strong, I'm a strong technical person for sure. And I should, I should continue to hone that capability. But the bigger piece and the bigger value that I bring to the table is having those conversations where I can translate a super technical concept and idea, architecture, whatever the thing is, into non technical speak. Not that the people, you know, sometimes the board, they don't have time. It's like your generals, you know, you're, they don't have time to know every detail. They need to get a, the 5 minute elevator speech or the 60 second elevator speech and make it enough that they understand and you're selling those people. So even if you're not working, and this is where, really where I wanted to, in the back of my head, where I wanted this conversation to go right is, is even if you don't think you're a salesperson, right, you've never been a salesperson, you don't work for a vendor, you work at a power utility or you work at Amazon or wherever the hell you work and you're technical, you are a salesperson because you have to sell your management, you have to sell the other teams, you have to sell people on your team. You have to convince folks that Your ideas and the things that are going on and, and, and the things that need to be fixed, that they need to be done and they have to. Everything is a pros and cons. It's weighted. You know, it's all, it's all priorities. You know, yes, if, if money were no option time or no option everything, we'd fix everything. Right. But that's not the reality we're dealing in. I have to make priorities. Do I fix this or this? Like do I replace the tires on my car or do I buy groceries? Like sometimes it's that they both need to happen, which is a higher priority.
[00:09:23] Speaker B: Well, all of that and like for anybody who's listening to this, who's a CyberSecurity executive, a CIO, you know, head of enterprise risk management, anything, any of these cyber ish roles, right. What you have to realize is that this industry that you've decided to jump into or been in for a long time is still, is very different from like how you build leadership, how you build, how you build leverage, how you, how you actually operate.
And it, and because of that, it creates a very interesting thing where you know, with the average, you know, life cycle of a CISO at a company being, I think it's like 18 months. It's like you have to move fast, you know, to do things and be successful. And I'm a huge believer of like, you know, unfortunately your, your network is your net worth and, and if all, and if you're going to take, take a, take a job where you have to be eyes on a screen, you know, 8:12 hours a day and you don't have a plan in place where on top of going to, you know, get your CPE credits or whatever structures like you, you need to be in an environment where you are constantly figuring out like what's the, who are the people you're networking to know, what are the skills you need to improve upon?
What is the leverage that you need to go out and create and then bring into the workplace.
And if you're not doing that, then you can't be shocked when you don't have that leverage and you get exhausted and burnt out and, and, and, and right. And I think it's like a whole, it's on that side. What's wild about it is you can definitely look at the, the organization of a cyber team and not be surprised when you know, things go the way that they go. Like that's just a harsh reality. This is like if you, if you, if you look at the legal industry and you look at a high performing law firm, you look at the way those lawyers show up every day, you look at, you look at a high performing, even a high performing accounting firm, which is a very boring business in my opinion. You look at a really good accounting firm firm, they all kind of show up in a certain way. They all, there's a, there's a certain way of doing business in their space and yet in this space, it's all over the place. Right. I mean if you go to a cloud company, there's a culture there. You go to a non cloud company, there's a, there's a, there's a culture there. You go to on prem. There's all these different layers to it. Right. Hence, you know, the layers of security here. But I think that cybersecurity people miss huge opportunities by not having solid relationships not only with other CISOs, but with value added resellers and vendors who can deliver lots of value to them in very powerful ways. And it just, it's a huge setback for people.
[00:13:05] Speaker A: Yeah. You know, and that, that's been a frustration in mine, in the industry. You know, you can go get your cissp, you can get your Cisco certification, you can be a certified ethical hacker, you can get your firewall, you know, certification, there's, there's all of these career paths, certifications, ticket, you know, certificates, all that kind of stuff on the technical side. But again there's, we're lacking the skill and the up leveling of our, of our workforce in these softer skills. So I was fortunate enough and I've talked about it before, but I'll briefly talk about it again is when I worked for the power utility here in Texas, they, they brought in a third party, a consultant, and they brought in the rising, you know, leaders, the ones that they saw, thought would be the next, the next level of leaders in the company. And they put us through this thing called leadership circle. And in that we, we did soft skills, we, we did presentations and book reports and we got up in public speaking and, and we did all of these networking and presentation and how we show up and our appearance, like they weren't telling us like what to wear necessarily, but they were just really showing us. All of those things matter. Right. So we did, I did the first level and then I graduated and then they took the cream of the crop and moved into the second one. And, and I'm not touting my own horn or anything, but you know, I did three years of this. And, and at the time, it's funny because When I first started, I was complaining about it to my wife, right? I hated it because I'm like, I've got a full time job. I'm, I'm, I'm technologist. I don't want any of this stuff. Like, I don't want to be doing book reports. Like, I don't have time for this crap.
And now, dude, it's been the thing, the catalyst in my career that set it on a trajectory that I never would have gotten to if I hadn't learned those softer skills. Yes, I would have had a good career and continued a good career on the technology side, but I would have hit, I was already at that, you know, kind of cap. I could go get another certification maybe, but there really wasn't a path for me to really continue to, you know, grow my career other than just sit where I'm at and, you know, continue to grind it out until the end. But it's opened so many doors and it's, it's really, I mean, I was a CTO of a company and you know, I saw. So I worked at one of the big four accounting firms and as a consultant, like, I was, I was having different conversations, I was in different rooms. And yes, I need to lean on that technology side. But I think organizations really miss out on, you know, the bettering your people. All of the technology people want the certifications, they want to go to the conference, they want to do all those things. And I'm not saying you shouldn't, but I think part of your learning platform and overall, you know, growing your teams and to build high performing teams, you don't just want your technologists doing technology things. You need to teach those folks, even the ones that are, you know, you keep in the basement and are, you know, uncomfortable talking to people. You want those people to get better at talking to them. You don't just continue. Oh yeah, well, Bob is not very good at talking to people. So we're going to keep him in the corner and not make him talk to anybody. Like, yeah, that's, that works so that you don't lose him short term, but the better thing to do is to get him out of his comfort zone and help him. It doesn't mean he's going to be a salesperson or, you know, leading a presentation, but you don't want him to just stay there and, you know, be pigeonholed because it's not best for him and it's not best for the organization and your team.
[00:16:36] Speaker B: Well, I see. I would challenge you back on that in the context of, you know, with all the AI things coming online.
Right. And kind of leveling up the playing field of this again, there are so many things in. Because I work in other industries too. Right? You've worked with other industries. Like there are so many things that are part of the cyber space that are. Just don't happen in other industries. And it's not even the risk, it's just about like, it's just the fact that those people don't necessarily exist.
And the reason why so many of them existed at some point was because some of the, some of the process that need to be done was such a complex thing, they had to go and hire abstract thinkers. Right. In order to process it. That time of needing the abstract thinker is going to be minimalized as this world of AI kind of evolves. Because I can get to the answer better, quicker, faster than I could last year.
And some of the other inconsistencies in the industry are, number one, the fact that you have a cyber leader who probably doesn't sign off on a budget. That's something we should talk about here in a minute. Because I think it's important for vendors to listen to.
Having so many authorities resp. So many groups involved in the, in the conversations to get to a decision is a very challenging thing. And then because of the cap on CISOs make, how they make their pay and because they're not the, they're not well versed in a lot of business conversations, I think that they set up the industry for some challenges as well, because then they're giving poor information to the vendors or the, or the investors who are then spinning solutions out of that that don't struggle or don't have a thing. That's why I'm so adamant about like the biggest challenge with hosting marketing events and just inviting people for free is if you're going to invite me to your bourbon barbecue cigar thing, great. I love that. I like bourbon, I like cigars, and I like barbecue. But you're fitting the bill for me to attend the whole time.
[00:19:13] Speaker A: Right.
[00:19:16] Speaker B: You don't think that that's going to skew my answers to some things? Like I want to be invited back to your thing again, like next time and every time. And that's going to skew drastically all the things and then I've just been through because I've been on both sides of this before, you know, and the fact that the world of cybersecurity is meant to be built, I'll say it like this.
The world of cybersecurity for CISOs is meant to be built on the level of integrity that they have in the workplace. Until they talk to a vendor, then they lie.
Now, call me next week, we'll do a pilot. I'll have my people call your people, like, whatever the thing is. But there's such a conflict of interest in the way that that whole system is built out. And on the vendor side, every time I talk to a vendor, you know, a salesperson or a marketing person, they always, always say the most important piece of this whole thing is the relationship.
And yet they say that the relationship is the most important. But the conflict on their end, and the founder of that company's end, is that all of their spend is not going into intentional events. It's going into digital marketing. It's going to thousands of emails, it's going into ad spend, it's going into automated LinkedIn messages, which are very expensive things to do. But if you do like 10,000 of them and you get 10 clients out of it, they'll pay for themselves, versus building really honest relationships with people to be like, yes, I know him. Yes, I know that person and actually know a little bit about his infrastructure. And your product or service won't work there because that's not how they operate. And it's interesting because it goes all the way up the chain to the investment world, where the venture cap, the VCs will give information.
They give what I call lemming information. And the lemming information is, this is the CISO who went to the free bourbon barbecue cigar dinner, met the VC guy. The VC guy goes, hey, would your company be interested in this product or service? And they go, of course we would be interested in that, because you just gave me bourbon, cigars and barbecue. And the next thing you know, that VC then takes that information to 10 of his companies and then goes, go after that company, because that company and the whole thing just recycles itself into this big, noisy conflict of thing that then the CISOs are going, I don't understand why I'm getting bombarded by all these people. And the vendors are going, I don't understand why the CISOs not picking up my phone. And it's just this big shit show.
[00:22:13] Speaker A: Yeah, yeah, well. And so obviously you let us know why we do these things. And so we've done a few events. We have another one coming up in January.
And it's different, right? It's. It's a different style of event. The focus is different, the outcome is different. And it. We. We really Put that in mind again, because of probably the differing backgrounds of us and how we've approached things and the value that we've seen, right? And coming from other industries and how we've seen all this. So that, that's why, you know, we do these events. So just really quick, we're. We're putting on event at Staccato Ranch. We're having a Thursday night is a cyber roundtable dinner, executive dinner the night before. And then Friday is all day, you know, hanging out, barbecue, bourbon, cigar, shooting, all the things.
But the difference and kind of where we focus, this is a.
Yes, we have sponsors, but it's not selling. They're not getting up, they're not giving a pitch. There's no, there's no PowerPoint presentation.
There's none of that. And it's, it's. The other probably biggest difference is we, the CISOs pay the, the cyber executives pay. Now granted, they're not paying full price. They are being subsidized somewhat by, by the sponsors intentionally, but they're having to show up. So what that means to your point is the cyber executives, they, they're paying their way, right? They, they, they don't feel, not that they, you know, intentionally feel that way before, but they're showing up on their own dime. They want to be there. And, and because it's about networking and they're not being sold direct, you know, the same way that you do it, you know, any of the, I won't name the, name the conferences, but you know, all the big cyber conferences that we all go to, you know, you go to the party, you sign up for all of them, you show up to whichever ones you feel like, and then you're just there for the swag, the beer, the, the, the drinks, and then you bounce to the next one because that one didn't have as good of a showing. Whereas this is intentional. I'm. These folks are signing up, they're putting their money where their mouth is. Many of them are traveling from around the country, they're staying in a hotel, and they're, they're attentive. So like you're, we're, we're putting cyber leaders and vendors and sponsors all in the same place, and we're saying, hey, go break bread. Hey, go do an activity. Like we're, we're doing team building and getting to know you. And it's not the stupid, you know, cliche, you know, dating game where you ask these silly questions and you hope to get to know each other better, which those can Help. But you're going to be spending a day and a half with these folks. By the end of it, you're going to know the CISOs, you're going to know the vendors without them having to give a PowerPoint presentation. You're going to know everything they have and everything they know because they're going to have gotten to know know you. Right? So in six months, when they, when they need a cloud vendor or a vulnerability detection product or whatever, the thing is, they're like, hey, Bob has that capability. That's what I want to go to. So, yeah, I mean, ultimately it's the whole intention and design around the event that we're doing is to be different and to give folks the opportunity to be in the room. You know, when, when you go to RSA or Black Hat or any of those, you Pay, you know, $100,000 to sponsor those things. Yeah. You get 3,000 people that come by your booth. Three of them are, you know, maybe 10 of them are actual interested in your product and have budget and need to buy something in the next year.
And so. But at the same time, you're chasing those 3,000 again. When I come back from Black Hat, I get a thousand freaking emails from their sales team. Hey, thank you for stopping by my booth.
Let me talk to you about xyz. When I'm not interested at all in their product, I just like their T shirt or their hat or their socks or whatever they were giving. I had zero interest in their product whatsoever and they didn't even ask me.
[00:26:39] Speaker B: Well, I was just talking to a CISO this morning about it. I was trying to explain the differences in these events and I was thinking about it from this perspective, right? Let's just say, for example, two people take off on a Friday and they go to a baseball game and they get nosebleed seats, right? So they're like 20, 30 bucks or whatever it is, and they go up in the nosebleed seats and the weather's nice and they're watching a baseball game, you know. And you know what? If the goal of that game was just to get. The goal of them going to the game was just for two people to get out of work for the day and not have to be in the office. They could totally be like, this is awesome. We're not in the office, we're not doing the work. Right. Like, that's totally a thing that exists for some people. However, when they are at the game at some point, because I've done this before, you've done this before everybody's on this, before you're going to look at people in other seats and you're going to be like, you know what? I wish I was down there. I wish I had more access. I wish I had better exposure. Maybe even I want to meet the players of the game. You know, I wish I could be down there.
[00:27:55] Speaker A: Right.
[00:27:56] Speaker B: That's very, very different than two people who decide, hey, we're going to make an experience out of this. And those are the people that go, you know what?
We could get like $30 seats or $50 seats, but we're gonna spend $200 on really, really good seats.
And we're going to sit really close, maybe even do a VIP experience, you know, because even though you're sitting there, down to lower seats, guess what? In those bleed seats, those people are still paying, you know, for 14 beers and $14 hot dogs.
You're just experience changed.
[00:28:36] Speaker A: Right.
[00:28:37] Speaker B: And the reason why you're there is different. And you know what? The person who was in the nosebleed seats predominantly will probably not remember much of the experience in a couple weeks because they're like, oh, yeah, we went to a game, we sat there. The person who had the VIP experience, who sat down lower and got to meet people and got to sit with people, creates a very, very different experience.
[00:28:59] Speaker A: Yeah.
[00:29:00] Speaker B: And I'm a firm believer that this modality of, like, the people that you have a network with is really your net worth.
[00:29:10] Speaker A: Sure.
[00:29:10] Speaker B: And the proximity to people that you have and the environment that you surround yourself with in this community is so lacking. Because cybersecurity is no longer about actual security. Because every single person in the cybersecurity space, like, has that checkbox that. That box is checked. Now it becomes about how do you get leverage in your leadership position? How do you make money or make more money in the organization? How do you save the company money or how do you reduce risk?
[00:29:47] Speaker A: Yep.
[00:29:47] Speaker B: And then the final thing I'll say here on the vendor side, which is fascinating to me, is that if you are selling into the enterprise and you don't have a. Use a three prong approach, you just don't have a deal. You just don't. And I looked at enough.
[00:30:07] Speaker A: Three prong.
[00:30:09] Speaker B: Yeah. I've looked at enough cybersecurity pipelines over the past couple years and can poke holes in everybody's. Everybody's pipeline. And the three pronged approach is this. Number one, you've got to understand the mission of the company. You've really got to understand the mission of the company, because Depending on what stage of posture that they are in. It doesn't matter whether it's a cool logo or not. You will get nowhere unless you understand the mission of that company. Number two, you need to have a.
Access to somebody who can sign the checks. You need to know who the budget person is. If you don't know who that person is and someone's holding their cards tight, the person who's in, who's in charge of your, of your conversation, doesn't have the ability, is scared they're gonna lose their job and doesn't have that relationship and you're gonna lose that deal anyway. And the third one is you've got to have control over, like the fact that this is something that they actually can tie to a initiative that the company has. And what you don't realize lots of times is lots of cyber leaders have an initiative. They have their 3, 4, 7 initiatives for the year that they're trying to do. And they will, they will dance, they will play around, they will want their bourbon and want their barbecue. And so they will sometimes not tell people, unless you build a solid relationship with them, what initiatives they're working on in order for you to do, do. So if you're not doing all three of those things, you do not have a deal. You should not be putting that on your, on your leaderboard.
[00:31:51] Speaker A: Right, well, and, and that, that, that's funny that you say that, right? Is, is. It's really easy to, you know, again, like going back to the conferences and you know, yeah, I signed up for your thing, I went to your booth and yeah, you reached out to me and yeah, we're having this event and yeah, I'd like to go to that thing. But do you have any desire or any need for my product? Oh, yeah, sure, I do. And they're not necessarily lying. They're just saying, yeah, but I don't have budget for it. So even if I would like it and I think it's really cool and I think it would benefit us, I can't buy it because I, it's not one of my, my initiatives. And it, there's no way that's going to happen this year unless you're giving it to me for free. And even that, even if the product is free, I still have to implement it, so it still costs me money, time and effort. So none of that matters. Right. So maybe we do a pilot. Maybe we just talk and we, we spin wheels and, and I waste a whole bunch of your time. Right? So, so we, we talk about this A lot. But it's almost as valuable or maybe even more valuable to know I'm not interested or I can't buy or I'm not. It's not. Your product is not totally benefit to me in my organization in the next 18 months. Right. That is, you're not spending time and cycles following like you can still stay in contact with those people. It doesn't mean like you, you ghost them because they're not buying from you. That's not what I mean. But you also don't. You know that they're not on your leaderboard. Right. They're not a real opportunity.
You should keep that conversation and that networking side from a people perspective. But you're not putting them on your sales force to, to say, hey, this is an opportunity in 2025 because it's, it's just not. And that's more valuable to you than chasing a whole bunch of leads and spinning a whole bunch of cycles. That's not going to go anywhere.
[00:33:38] Speaker B: Totally. Totally. It is so much more valuable to be. To be told. Told the no. To chase the no, as I like to say. And also like, understand what the, what the. But the background of that no is and you know, people are pretty transparent. Hey, I'll come to your event. But just so you know, I'm planning on leaving the organization in three months. You know, people say, hey, I'll come to your event, but I've got no, you know, I don't get along with my, with my CIO and I get nothing approved or even something as simple as. Because a lot of us who have been in cyber for a long time know what it's like to get a contract signed for two or three years. You know, asking them what their contract cycles are like or what their procurement cycle is like are. Is very, very powerful questions to ask people.
[00:34:29] Speaker A: Yeah. 100. So, so how, how is an event like this different? And how powerful is it for a cyber leader? And, and what benefit do they get to doing a different event like this? And the same thing for the vendor sponsor folks. Like why is this different? And why. Because that, you know, that's the question we get a lot from, from both sides of the coin from, from somebody looking to sponsor. Like why. How do I justify this and explain this and, and show that ROI to my. To. To. To grab those marketing dollars and the same thing from a, from a CIO or CISO or cyber leader who gets a lot of things. Why is this the thing that they should focus their attention beyond just the barbecue, the bourbon Obviously those are easy things, but the real value add, like, why is it beneficial? Why should they spend their time and their, their effort in this type of event? And what is the differentiation for it?
[00:35:20] Speaker B: Yeah, great question, Aaron. And a great way to kind of bring it, put a bow on it.
You know, I think nine times out of 10, I think on the vendor side they think that there's this like digital marketing to sales qualified lead conversation that happens. That if you're at this company, you've told me you like my thing and we've had a conversation that might be a qualified lead for a conversation.
And, and I think that's where it gets lost in translation because everything's supposed to be able to go into a CRM these days versus I think, you know, it is, hey, I know this person, I built rapport with this person, I built some trust with this person. And when I ask them those qualifying questions, I know I'm going to get honest answers. Versus like, yeah, we should talk next week. Right, right. That's on the vendor side. On the CISO side, I think it's extremely valuable to be in proximity to other leaders in cybersecurity, other people who, who want to be in decision making roles and, and learn what it's like to, you know, have these very intentional conversations and also be able to be like, test the waters on like, you know, are you shackled to a desk every day? Is like that the job that you want to have? Or can you tell your organization that I'm going to an off site, I'm going to meet a whole bunch of other potential tools and platforms and structures and I'm going to be learning from other cyber leaders.
Those are the words you want to be using?
[00:37:09] Speaker A: Yeah, that's a great, great example. The funny thing is, you look at Black Hat or RSA or any of these larger conferences and they all have a business justification letter. They actually help you, hey, if you want to go to this conference, here's the letter that you can give to your management to justify being there. And usually it's focused on, I'm going to learn technical skills. Yeah, maybe there's some networking there. I'm going to learn the latest and greatest tech and capabilities that's out there. But understanding that that's a soft skill, it goes back that soft skill capabilities that we were talking about earlier of, you know, I need to be able to sell myself and this, this, this, this offer or opportunity as what it is. Right? It is, it's not just, it's not going to A baseball game and checking out. Right. It's, it's really, you're going to be there. You know, last time we had 35 or 40, you know, folks there.
And a lot of those cyber executives, they were networking. Yes.
Look at somebody like me. Right? So I've been both a cyber leader on, on a, on a, the client side, and I've also been a vendor. I've been both sides. But just because I'm currently wearing a consultant hat doesn't mean that I don't have value as an asset owner. Right. So when you're having those conversations in those, in those places, I bring value, even if it's not something I'm trying to sell you. Right. I'm, I'm talking, hey, when I was wearing that asset owner hat, these are the things I experienced and this is how I overcame that and how I convinced my management to buy this and, you know, all that type of stuff. Right. So there's a whole bunch of that going on at these places. And it's, it's, hey, I remember Aaron used to do this, or, hey, Neil had this experience. Let me reach out to him. Even if, even if I'm not trying to buy anything from Neil and like, hey, Neil, by the way, I'm not buying anything. But you talked about something at this event and I'm having a similar issue. Do you mind give me five minutes? Right? And, and those relationships and connections are so freaking valuable that I don't think people focus. Many people don't focus on them enough. And that's really the point of LinkedIn and networking events and things like that. It's not just about the bourbon and the cigars and the barbecue. It's really those connections and that, the knowledge and the connect, the friendships that you can build that can, it's, it's mutually beneficial to all parties if you're actually giving in and showing up in integrity and kind of giving and taking at the same time 100%.
[00:39:32] Speaker B: And I think you just summarized it beautifully. Like, it really is like, if you're gonna play in this space, you know it, you should know all the pieces and know all the things. Right, right. Like, like, like. And I know that might sound vague, but it really is. Like, it shouldn't be like, I need to stay here and build my little castle, right? And then kind of plant anchors into it and then just be curmudgingly here until something shifts. The cybersecurity industry as a whole is a fascinating, valuable opportunity. Right? Where, as I said, in the accounting world and in the legal world, just for comparison, they may show up very differently. They also don't, in those industries, don't have the levels of growth and opportunity in their industries because those industries are hundreds, if not thousands of years old. And they still do things a certain way and there's a certain org structure and you got to become a partner and all those things. So in cyber, if you become good at what you do and great about how you do it, you will be successful and you will like, you will not be one of those people. Unfortunately, there are lots of them that just go on LinkedIn or I lost my job and I don't know where to start.
Yeah, right. And meanwhile, I'm getting people almost weekly reaching out into my LinkedIn DMs and being like, hey, we're hiring. Do you know anybody? Hey, we're hiring. Do you know anybody? Now I'm supposed to, in this weird thing of cybersecurity to go find the person who's complaining that they can't find a job and then have them give me their resume and then be like, yeah, you should hire this guy because he complained about his job the entire time he was working there and then when he got fired. And I should, I should help, right? And I love helping people, but you can't help people who do not want to help themselves first.
[00:41:31] Speaker A: Yeah, we see that a lot, and that's across industries. But as a person that. Let's talk to those folks that are not necessarily cyber leaders, right? Maybe they're, they're up and coming in their cyber career, their technology career, whatever. That, that, that's a way to do that next step and really grow in your career and, you know, working on those soft skills, working on knowing, you know, building your personal brand. You know, getting into events like this, like this, this event that we're doing is, you know, obviously focused on cyber leaders, but it's also why we have volunteer spots, right?
That, that gives people the opportunity to be in the room and learn. So that, that's kind of that next step there. So with that, let's, let's wrap up and, you know, kind of. Why don't you kick us off with, you know, what's the event details, how many stuff do we have left, like just kind of the, the elevator pitch for the event that we have coming up and, and why folks should be there.
[00:42:36] Speaker B: Yeah, let's do that. So the events are January event is January 16th and 17th at Staccato Ranch, about 45 minutes north of Austin, Texas on the 16th we're getting together for a mastermind round table. It'll probably be a square table.
[00:42:54] Speaker A: At.
[00:42:55] Speaker B: The vineyard at Florence. I suggest you Google it. It is an exceptional location. You will find that everything that we offer to people is high end, premium and meant to be executed with a high level of standard.
[00:43:10] Speaker A: Yep.
[00:43:11] Speaker B: Then on Friday morning we'll kick off around 8. Check in is at 8 o'clock in the morning and we'll kick off around 9 and we will have a full day at the 800 acres Staccato Ranch. They're actually shutting down the ranch for us for the day. Yeah, it's going to be amazing. So you can expect a high energy, high tactical, high adventuring, unforgettable experience with 50 decision makers in the facility or on the day, a handful of sponsors. We go with like a 5 to 1 ratio because we seem that ratio kind of works really, really well. And you will get an amazing opportunity to network very intentionally. Learn about some of the new cyber stuff that's coming down the market and some of the existing ones, some of their updates and spend a full day coming out. You're going to come out of that day like, wow, when is the next one? Which is something that people actively post about on LinkedIn, oftentimes after they come to our events. So if you're interested in attending our event, reach out to either Aaron or myself. Shoot us a message, text us, email us, we're on all the channels and we'd love to have you there.
[00:44:24] Speaker A: Yep, absolutely excited for this one. It's coming up soon. Got about a little over a month left and we'll be there. But yeah, I mean, awesome food both nights, all day, the next day on, on, during at Staccato, you know, cigars, bourbon, shooting out of helicopters, you know, learning from tactical, shooting from, you know, professionals. This is a safe environment. Everything is high level, high class, high training. So excited about it and definitely reach out and excited to be there, bro. Thanks for joining us on Protect it all where we explore the crossroads of IT and OT cybersecurity.
Remember to subscribe wherever you get your podcasts to stay ahead in this ever evolving field until next time.
