Episode Transcript
[00:00:00] Speaker A: You're listening to Protect it all, where Aaron Crowe expands the conversation beyond just OT delving into the interconnected worlds of IT and OT cybersecurity.
Get ready for essential strategies and insights.
Here's your host, Aaron Crowe.
[00:00:19] Speaker B: Hey, welcome to Protect It All. Today we're going to have some fun talking about an event that we have coming up, the Lone star Cyber Shootout 2025. It's about a week away and we have obviously Neil Conlon on, on co founder with me on that event, but also Ken Foster, who. Ken, you were, you were at the first event. You've been one of our champions. And as a CSO and a cyber executive, we really want to have. Have you on to really talk about what this event is, what events like this are. Um, obviously as a ciso, you get invited to every freaking, you know, thing and widget and bourbon tasting and, and all the things because of your role, and some of them are more valuable to you from a, from a professional perspective. And, and there's differences in all those. So I'll, I'll stop there and, and Neil, I'll hand it to you before, before we kind of dig into the conversation.
[00:01:15] Speaker C: Yeah, let's do this. I'm just going to say it out loud. Three guys, one beard. I love it.
So this is not to shame anybody who is challenged with facial hair or chooses to opt out of this conversation through. We, we just all decided a long time ago that we wanted to save money on razors.
[00:01:35] Speaker B: That's the only money and time I don't want to shave.
[00:01:39] Speaker C: Yeah, I think. Let's just dig into this for a minute. You know, I think one of the things that I've come across is, you know, over my career in cyber security, I've been on both sides of the fence and I always thought it was really interesting that because I also have been in other industries that what people in cyber security don't realize that the cyber security industry operates like the mechanics of it operate very, very differently. And, and so it's, it's, it's weird, honestly, and there's wonderful aspects of it. But one of the biggest things I think is interesting is because the market share, because the spend is so high, right. There is this weird way that vendors and service providers and the actual subject matter experts kind of show up in the industry and it doesn't happen like that in other, other, other professional industries. Part of that, I think, is because cyber security has still not been around for a long time. If you look at comparing it to know financial services or accounting or other, other verticals.
But it, it's weird because you know, there's all these events, right?
All the different levels of them from, from low end networking, breakfast, Danish things all the way up to very high end experiences. And, and all three of us have been to a bunch of them. But because it is such a topsy turvy industry, something I've learned, and this is Ken and I built a relationship over this for years, is that like the relationship, it's so relationship centric that I think number one, I think the subject matter experts who are the CISOs and those type of people who may or may not have the budgets that they would like to have, have to leverage vendors out in the space or places to get the inside track and, and knowledge bases and other value added opportunities.
And, but along that lines, you know, then there is, you know this, there's a lot of need for integrity and credibility on the vendor side. And yet when you get to the CISO world, and I've been part of this multiple times, is for some reason people don't talk about like hey, if that salesperson or business development person runs an event, let's just say it's a bourbon thing. Just because that's a, that's a pretty popular one. He gets his 20 people to come because that's the number he's committed, committed to. You know, 10 of these people tell them, you know, call me next week, we'll start a poc or call me next week, we'll have a conversation. And then half of them ghost.
Like, that guy might lose his job in six months because he didn't hit his pipeline. And now he's, instead of investing time and effort and resources into people that are of a high integrity or, or relationships, he's now invested that into, into people who have not done that. I've actually started a list. At one point I laughed and said maybe I should publish it. Of all the CSOs who have told me one thing and then done another thing, and I question that because there's people in this industry. And then I'll move over to Ken here a second. If you look at Phil Venables comes up for me, the cyber leader at Google. The guy just operates with such a high level of integrity. Malcolm Harkins is another one who, Malcolm and I worked together for a period of time and the guy just operates with such a high level of integrity. Karen Wurtzel, Ken Foster, you're one of them. Tom Maldonado. Maldonado at the NFL, like These are people who literally show up online and show up the way they do in person.
And I think we need to improve that. I think part of our event series is opportunities for people to build these really mindful and intentional relationships, and we need more of that.
[00:05:38] Speaker B: Yeah.
[00:05:39] Speaker C: Ken, what do you think from your side?
[00:05:40] Speaker D: Yeah, I mean, 100%, this, this role is all about relationships, Right. And not just the vendor relationships, but when you ultimately are in the seat and in your business, it's about the relationships that you're building internally, too. So you have to have that integrity and have to be able to build relationships to be success, successful in the CISO seat. Just. It. It is.
I mean, I'm. Like we said, I'm between roles. I'm interviewing for a couple of jobs right now, and both of those jobs, I didn't apply for them. They came from my relationships with other people. One of them from. And funny enough, both of the guys used to be on my side. CISOs that got me in these. And they're both on the vendor side now.
[00:06:27] Speaker B: Right.
[00:06:28] Speaker D: But they're the ones who put me in front of the customers they're doing business with to say, hey, this is the guy you should talk to because you've got a CISO role. Right. About relationships. And it's funny enough, I can tell you that at this level, a lot of the conversation you're having is about how you're going to foster and build relationships internally as well as externally. Right. Because you're going to need the relationships with the vendors and the manufacturers to help you understand how to be successful in rolling out their product or fixing the problem. Because they're seeing what I lean on these guys for a lot of times is they're seeing a broader swath of a problem than I am. They're seeing the companies that have been successful rolling it out. They're seeing the companies that have been unsuccessful rolling out. They know what works, they know what doesn't work. And what I'm looking for in that relationship and get that honesty and transparency that I'm going to get from having a good relationship with them is the ability to ask them a direct question and go, well, you can't fix this problem for me because of X. I think this goes back to.
We were talking earlier about cloud and how many companies are still not 100% in the cloud, but a lot of the new startups, especially in the AI space, are looking. And look, it's cheaper for them to start in the cloud space and it's easier to start in the cloud space. But in reality, a lot of the big enterprises they're targeting are hybrid. They have a lot of stuff on prem still. So how are you going to. What's your roadmap? Being transparent on what's important to you? How many customers is it going to take for you to have a conversation to say, this is an important feature set for us to add, and when is that going to hit my pipeline? Those are the kind of questions you should be having that conversation to take this back to, like the event. Now you get to sit down with CEOs and leadership at these companies, these startups, and have this open conversation because they're giving you insight into why they jumped into this and why they're doing what they're doing, what their thought process is about it. And you can give them your ideas about what my thought process is, why I'm leery of your product, why I don't think it's. Or I can tell you, hey, I know somebody else who rolled your product out and it didn't work well.
And you guys talk about how you're building your list of people with that. I mean, I'm part of a couple of CISO groups. They're smaller and they're regionalized. But where we actually have the discussion about companies that have done us well, companies that sales people that have treated us well, 100 conversations about the people who haven't treated us well or who won't do business with because of integrity. And then I have.
It's funny enough, I go to a lot of events because I speak at a lot of them, but. And I'm asked to come and I'm. I'm asked constantly to help get those 20 people to the dinner, to get people to come out there. And hey, I've got good relationships and I don't have a problem inviting people to it if I trust that it brings value. And for me, an event that brings value gives us time to have the conversation we're talking about, to build a real relationship. Because that relationship with another CISO or with a manufacturer means that down the road, if I'm having a problem that I think that I need to ask you about, because I heard you mention that you dealt with this. I may have. I've got your cell phone now. I've got your direct connection out. I can reach my phone up and go, hey, Neil, I'm dealing with this issue.
I've seen a couple of these products out there. You know somebody here, you know somebody there? Get me in contact with Them so we can have a private discussion that doesn't get blasted across the public airwaves. So I can get a little. Make myself intelligent this or get the right answer. That's the value of these kind of events to where we get to spend that quality time with a smaller group of people. Look, going to a conference where. Going to RSA or Black Hat where there's 40,000 people. Great. It's a fun boondoggle of an event for the most part, where I'm going to eat way too much food, drink way too much bourbon, spend way too much time walking around the floor looking at way too much sensory overload. Stuff that I'm going to have a hard time translating in. And then I know I'm going to get hounded for the next six months on. You stopped by our booth. No, I didn't. I was just on the list that you got provided to you.
[00:10:59] Speaker C: I just got the socks.
[00:11:00] Speaker D: Yeah, yeah, socks. Right. Or something like that. You had a cool pair of socks. And I have a collection of vendor socks because I'm gonna, I'm gonna have somebody make me a blanket out of them one of these days of all this, this big box of vendors.
[00:11:13] Speaker B: I get them all for my daughter. My daughter loves the socks. I always get the socks when they're available.
[00:11:17] Speaker D: And Sydney, I think when we go back to integrity, I think if you're there just to collect the socks, just be honest and tell them, look, I have no product, I just want your socks. Yeah. Or I have no interest in this. I just want the Yeti Cup. Right. Just tell them that they're not going to it. Some of my long term relationships with the manufacturer side and it's led into a couple of board advisory roles for me is because the first time I ever met the person, I said, I love the thought process of what you're doing as a business, but you're not able to help me. A because of your size. B, because of what you're doing.
[00:11:55] Speaker B: Whatever it happens to be whatever it is.
[00:11:57] Speaker D: Yeah. I was transparent with them and told them I can't. You can't help me.
[00:12:02] Speaker B: Yeah.
[00:12:02] Speaker D: But I like what you're doing. I like how you're approaching it. I'm going to tell other people who may be the right fit for you.
[00:12:10] Speaker B: Sure.
[00:12:10] Speaker D: Talk to this person. That's led to some very long term relationships that I've had with companies and with, with people. It's led to the relationships that I have with a lot of other CISOs out there. It's led to Neil And I, as a relationship that we've had for a long time, and, you know, it's. It's because we have that honest conversation and go, yeah, I don't have a use for you. Or maybe down the road, when I look at my next budget cycle, and this is what I try to tell a lot of people too, is like, look, you can have the most amazing cyber security product I've ever seen on the market. It. It's the, it is the thing that's going to solve some problems. But you know what? I don't have that problem right now. Or you hit me. It's January. I just finished my budgeting cycle in December. I've already.
[00:12:58] Speaker B: And I didn't think about this.
[00:13:00] Speaker D: I didn't think about this. Yeah, I'm not buying it in the next three months.
[00:13:04] Speaker C: Yeah, well, also, Ken, just, please, just jump in there for one second.
[00:13:09] Speaker D: Yeah.
[00:13:10] Speaker C: Because I want to go back to something you said and capture it for a second. You know, we've all walked the, the boost of the conferences, and they all, they all have a, they serve a purpose. Right, Right. But I very clearly remember being at one RSA where Attack Surface Management was like the thing. And literally you could go booth to booth to boost to booth, and they'd be like, so what do you, what do you guys do? And they'd be like, we specialize in Attack Surface Manager. And you literally go, next one. We specialize in Attack Surface Manager. Right. And I think, you know, the, the market is so competitive that you have to be in these think tanks and come up with these marketing buzzwords. But all three of us know that at some point you're going to get into the weeds with some tech and somebody's going to go, the real secret sauce of what we do is A, B or C. At some point, once you get past the marketing, they're going to say, it's our team, it's our ip, it's our data, whatever the thing is. Right, right.
And more than anything, I think what I've experienced at these events that we've done is that conversation gets expedited very, very quickly. And, and that conversation gets remembered because it takes all of us as humans a little bit of time to, like, unpack past our own personal marketing and things we're going to say. And if you're sitting there, you know, three or four hours into the day, you know, at an off site with the right people around you, you're going to have those secret sauce conversations and you're going to walk away Very quickly and be able to be like, number one, did I like that person? Do I want to work with them in the future? Number two, you know, do they have some kind of secret sauce thing that makes sense? And then number three, like, will I actually remember the event? Because all of us have been at events and you've been like, I think I had a great time. I barely remember the food, barely remember the people, and I barely remember the conversations.
[00:15:22] Speaker B: Well, and you go to Black Cat or rsa. And again, I love them. I go every year and I enjoy my time there. But you know, Ken mentioned the swath of emails and reach outs that come after that and they're like, hey, you stopped by my booth. I don't remember stopping by your booth. Maybe I did, maybe I didn't, but it wasn't memorable. Like, because I stopped by so many. There's no way that I'm going to get deep level conversations. A few that I'm really interested in, yeah, we'll sit there and have a conversation, do a deep dive. But most of them are just, yeah, I saw that. But I saw a thousand different of those things and none of them really stood out or most of them don't stand out. And it's really why we've decided to do something different. And again, it's not to take away from Black Hat or rsa. I think they have their place. I know they have their place, but it's not the real focus that we're trying to do here, which is, yes, the tech is great. We've got some amazing sponsors that are bringing some amazing tech. But, but Ken hit something really, really. And so did you there. Neil is behind the scenes. Right. It's easy to have the marketing people show up and get the glossy and say, oh, yeah, we can do that. You know, I've been a vendor. I, I've, I've, I've done that. Yes, we can do that. And also in the back of my mind being like, I don't think we can actually do that, but we're not going to tell you that we can do that. Absolutely. Here, sign the sow.
And, but, but when you get beyond that and you build those relationships and it's not about sales and it's not about any of that stuff, and you're really just getting down to the me potatoes of we're all trying to help each other and build relationships and, and be. Because we all know, yeah, maybe I sell you, it's that used car deal. If I, if I, I may sell you one car. But I'm never going to come back to you again if it was a bad deal. Whereas if I treat you well, I may buy the next, the rest of cars for the rest of my life and my kids cars and my wife's car and everything else. Because I trust you. You built a relationship that's a difference between, you know, what hit wonder and you know, the Rolling Stones, right. It's, it's, they continue to build those, those things that are reliable and capable and, and that's the difference here is building those network, having, having that truth and that, that honesty and integrity. To say to your point, Ken, I'm not interested. Your product is really cool, but I'm not a buyer. Don't waste your time with me. I'd love to talk to you about it, but don't think I'm going to buy in the next three months because I'm not.
[00:17:45] Speaker D: Right. Yeah. And I think you both. One of the things when we're talking about like the big events, you're right. There's a place for them, there's a thing and even some of the dinner events, right, because they can get big. You know, you get 30 plus people in a room, it's hard to have a large valuable conversation. Sure, you get a bunch of smaller valuable conversations, but what you don't get is a, a large group of people who are, or having back and forth because it, it gets distracting, it gets noisy, it gets hard to have that conversation. And most of the time you lose focus of what the converse, what you're actually trying to accomplish. You know, I think one of the great things about when we were out here last year in September doing this was the fact that we got to sit down with some, some very knowledgeable industry leader people and have conversations because the conversations were everywhere. Yes. We talked about MSPs and how to deal with that and what some of the things you should be looking at from a metric standpoint. We talked about Hawaii, one of the startups out there, got into the business and what they're doing and how they're doing some cool things that we haven't seen. But then we also sat down as a bunch of leaders on the security side, talked about retention and the problems we're having with getting people and getting, getting our junior folks to go out and build some relations, learn the relationship building and the soft skill piece of this and how we're using this stuff as a, as a retention mechanism for these people. So the conversations we got because we had time. Yep, we had Time and we had a smaller focus, we were able to have more valuable. And we let the people in the room guide the direction of the conversation. It wasn't overloaded marketing, it wasn't trying. And I, I laugh about you talking about attack service management because I had made the comment at this past year's rsa. I was like, I wonder how many banners are gonna, they had to, I wonder how much money got spent the last couple months before RSA to change all the banners to add something that said about AI.
You walked in and everything said AI on it. And you looked at it and you go, I know your product, I own your product. The hell you doing with AI because you, you're not doing anything with AI right now. You may have it in your roadmap, but because of this think tank thing, everybody went, you better have AI in your marketing.
[00:20:11] Speaker B: Yep.
[00:20:12] Speaker D: Now, could those people have a deep dive discussion with you on the floor? Probably not. Could you maybe have a deep dive discussion with in the other rsa, which is the hotel room meetings? Probably. But you know, it still depended on who they had in there and who you were talking to.
But you still don't get to spend the time because it is such a commitment of time to sit down and have a deep, meaningful conversation and build a long term relationship. Whereas a smaller event like what you guys have put on and what you're trying to accomplish here, that's the value I get out of this is it is getting into this. We really get to spend time together. We're also getting to do some, some cool stuff, you know, but you know what, we get to spend a few hours talking about security, take a break, go shoot a gun for a minute.
[00:21:01] Speaker B: And have some good food, some bourbon.
[00:21:03] Speaker D: Good food, some good bourbon. But you're also continuing the conversation with those guys out on the range doing something or at dinner, you're having that same. The conversation never stopped. That was the Internet. That's the interesting thing about an event like this, because you're spending an entire day together, a small group of people that you're getting to know each other. And because you're getting to know each other, you're having a conversation that doesn't stop. I'm still having conversations with some of the guys that I met for the first time at that event.
[00:21:33] Speaker B: Well, when you, when you spend eight hours with someone and you're eating together and you're, you're doing an activity, whether it's shooting or golf or whatever, the thing is, right, it's well beyond just work like yes, we have the intricacies in the beginning and we definitely talk about work and we introduce ourselves and we talk about all of those things. But you also also talk about your kids and your wife and your dog and you know, your hobbies and your likes and your dislikes and you get beyond the surface level, five minute conversation, elevator pitch and you get to know the person a little bit better and that, that helps you to retain that People's names. Yeah, right. And something about them, more than just their name but also a little bit about them and, and who they are and what they like and it's going to help you. You mentioned, you know, in between jobs and roles and you know, I, as Neil knows I was you know, in between roles a year ago today and same thing like I was, I got reached out to by many people and not, I didn't apply for a single job. I had jobs coming to me and it was because of the network that I had created and built over time that that happened. And it's super important for. Because you never know what's going to happen tomorrow is not guaranteed and you never know when you're going to be changing, shift, shifting, wanting to go in a different direction or needing to go in different direction and, and that these are all those connections. It's a small industry for sure.
[00:23:00] Speaker D: It is. Yeah.
And you know, I think it also gives, it gives you the ability to build the relationship too with a couple like I know we had a field CTO there from one of the brands, we had a CEO from one of the brands there. You're getting to build a connection with people that you may not necessarily always get to build a closer connection with at these larger events or in the three hour dinner as they pass through town. Because right. You know, their, their sales team, their local account execs are trying to build value for the person visiting town. So that guy is going or gal is going to meet 30, 40 people in a day or the days they're in a, in the town they fly through. It's hard to build a real relationship with somebody at that level in those, those larger companies that's just passing through town and you're getting to meet them for one time. Right. Because they hopefully, you know that maybe you got to have an hour meeting with them, they got some notes and they'll follow up with you down the road. But if you've spent a day with them and got to spend, pull them off to the side and go, you know, I'm a customer. Your product and These are some of the issues we're having. Can you go back to your team and, and look into this and they're going to follow up with you because you've built that better connection and that's the key to this kind of stuff is that just that real personal connection. It's not a passing. Oh yeah, I know, I know. So and so, yeah, no. You met me one time, we spent an hour together.
I remember your face, but I probably don't remember your name.
And I maybe remember the company you work for, but I tell everybody I said I'm horrible with names till I get the. I meet so many people. I'm horrible when I remember faces pretty well, but I'm horrible with names. So, you know, if you ever meet me in person and I don't know your name, forgive me. It's, it's, it's not you, it's everybody I meet that I don't get to know for a little period of time. Yeah, but like I said, out of this event, I pretty much remember everybody's name from that event. And, and it was a good tight knit group and it was really enjoyable and I got a lot of value out of it. That's why I'm coming again. Right. Is this because there was value in it for me where I go to a lot of other events and I'm like, I don't know if I'm ever going to do this. And there's a few that I've told them, I'm like, no, I'm never coming to this again.
[00:25:20] Speaker B: It was free and you got bourbon and it still isn't worth the cost of admission.
[00:25:23] Speaker D: I work the cost. Right. It wasn't worth the cost because, you know, you, you, you realize it was a complete waste of time and, or, and this is, I think one thing that was interesting too. We were talking about things that I haven't heard rehashed 500 times. Times.
[00:25:42] Speaker B: Right.
[00:25:43] Speaker D: Because we had a diverse group of people there that were bringing up topics that we don't necessarily. At a certain, in a certain area or certain group of people that you're around all the time, you, you tend to kind of regurgitate and have the same conversation a lot. You were getting a broad enough spectrum of people that you were getting a unique perspective on a, on topics that you don't always necessarily have a conversation about. Like, I got to have great conversations with some local folks out of Austin there who had not been in a large enterprise space, in a regulated space and they were asking questions about Some things that they had no experience with and I was able to provide some guidance on and, you know, they were bringing up issues that they were having. And I was like, boy, I hadn't thought about people having that issue still. Because it's not something that we had to deal with in the enterprise space.
[00:26:34] Speaker B: Right.
[00:26:34] Speaker D: It was something that was very specific and, you know, it's some. But then you, you catch a nugget off of it and go, oh, well, yeah, maybe I need to think about this with my own team. Yeah, maybe need to think about this when I'm recruiting people. Maybe I need to look into this industry because these people are bringing a unique perspective to the team and could bring in that diverse thinking. Yeah. That, you know, that help me move my projects forward. So that was, that was some stuff that came out of that that was very cool.
[00:27:03] Speaker C: Well, and I think you hit, you hit on an interesting point, Ken, because what I've, I like to kind of pride myself on staying on the cutting edge of what's coming. But the thing that I, that I, that I realized last year and that was, has been a catalyst for our events is, you know, it all. This is a resources thing. This is a resources thing. Right. And the way that I look at it now is I remember two, three years ago when everybody was talking about how there was such a huge need for cyber security. People like the market couldn't meet its needs for jobs. And then all that really did was expedite a bunch of AI things and suddenly AI tools are eating level 3 work all over the place. Right now, if you are a person like you, you're the prime example is Aaron and I were talking about this actually yesterday as we're getting ready for this. Right. I think I've seen you in the, in the, you know, last few months where you've been looking for a new role. I think I may have seen you post once or twice that you were actually looking for a new role. And you're like, I'm speaking at this, I'm attending this. I'm going to this. I'm going to this. I'm, you know, and people are like, posting, Ken Foster is this amazing person. Ken Foster is this professional subject matter expert. Right. And yet in the same vein, I see almost every day a ciso, hey, I just got let go.
Their last name is even available on LinkedIn. They've got no profile built out. And clearly that person has spent so much time stuck on the keyboard in their role that now they've lost the resource of Having the relationships in the community and transparently probably pissed off a few people in the, in the, in the, in the grand scheme of things. And now the oh, shit factor is going off. And I have to say, with everything going on in the world right now, not to be like ambulance chasing at all, but with AI things eating some of the nuances in this space. I think that in the future, the relationships that you have, the ability for you to bring a diverse skill set to the environment, the way that you do is going to be the thing that makes or breaks conversations in these things. Because here's the reality of cybersecurity.
Every tool that someone buys is going to break, not be deployed the right way, not have a setting on. Something's not going to go as planned. And it's those relationships that you have and that trust that you have with people that's going to determine whether or not people get hired or fired in the future.
It is.
[00:30:09] Speaker D: And I mean, I think your ability to execute on whatever your strategy and whatever you're doing is, is the key, right?
Because yes, I think relationship building. And everybody asked me why, you know, you bring that up. I have a lot of people say, man, you're staying pretty busy for somebody who's not working. And I was like, well, I said the reason I do that is I said it keeps a, keeps my name out there, right? Yeah, it is about keeping those relationships up. It's about making sure that people know I'm looking for a new role. It's about having that. But I'd rather do that in person than I would. Yes. You know, I've made a couple posts that I'm looking for a job early on when I first started, but I haven't really redone that anymore because now it's about getting out, meeting people. Look, if you, you talk to some of these transition special services that you can get for career transition, right, the recruiting firms that, that what their goal is, they will tell you that 60% of your time is supposed to be spent networking. When you're looking for a new job, they want you networking, they want you out meeting people, talking to people. Because what you're going to find out in the networking is you're going to find out about opportunities that are not being published or you're going to find out like I have found out about roles that are out there through my network because of that person you're talking about that's in the role may be sitting in the seat is not the right person for the team, for whatever Reason and you know, not going to get into the specifics of that, but it can be multitude of reasons why somebody's not the right person to be in the seat and they've decided to change a direction. I've had it happen to me in my career, right. You get leadership changes, you get things, then you get, you're no longer the right person to be in that team or they're bringing their own people in, things like that. So you move on.
But you move on because you, you, you, you, if you've got those relationships, you don't have to panic, right. And you got to learn how to sell yourself a little bit because let's be honest, if you're a ciso, part of your job is to be a salesman. You got to sell your strategy, you got to sell why you doing what you're doing. But you've also got to be able to have conversations with people in a way that they are, they understand what value you bring and by that way is by listening to people on what their concerns are and listening to where they're having pain points and then being able to translate what you can do into whether you bring that business value or you bring that to them.
And then the other reason I go to a lot of this stuff is so I can keep abreast of the new things that are coming down the pipe. As I look at these new startups, as I look at these new companies, listen to what they're doing, it keeps me, it's things that now I can go research or now I can have a deeper dive conversation and go. Because look, AI is going to change the way we do work. It's not going to eliminate work.
[00:33:14] Speaker B: Sure.
[00:33:15] Speaker D: Change the way we do work. I think it's going to make us more efficient on some of the tedious lower level analytical data driven work that we have to have people spending three weeks to put together a damn one week of a display AI totally that force. Once we get the models built right, do we need to worry about protecting it? Yes. Are there things that we should be concerned about risk wise? Absolutely. Is it as big a deal as some people have made it out to be? I argue that if you already have sensitive data and you're worried about AI putting it in the cloud, weren't you already supposed to be blocking it from being put out into the public?
Let's be honest here. It's a data security problem, it's an access control problem. Is it anything different than what we've had problems with before? No, not really. It's, it's, it's a different way. It can be moved and maybe accessed faster than you're able to keep up with it. And, and people are going to find new and interesting ways to make their lives more efficient and use it. Yeah, 100%. These are the conversations that you though you should be having in these smaller groups where you're sitting down with people and go, let's talk about what risk do you see with AI and, and then you should be challenging not only the vendors, you should be challenging your peers when you hear them say something that doesn't make sense. You know, why do you believe this? Why, why do you think? It's, it's like, oh God. It was when CrowdStrike had their issue right after that there was a big thing. I was at a dinner and I literally heard somebody spewing the false narrative that CrowdStrike was offering people ten dollar UberEat gift cards or something like that as payment for what they did.
It's like you realize that was complete, that got put out and all of a sudden it spread like wildfire throughout the world that people and CrowdStrike may have offered some of their personal customers that they were dealing with a grubhub gift card while they were on the phone with them. But it was complete B.S. yeah. And, but then it was like, you know, you listen to some of the misinformation that gets spread out there and you can very quickly sit down with a group of people and go, hey, I know you own this. What did you actually, what were your thoughts about it? What did you deal with? Why did you buy. Why are you using Office360 or Defender or whatever the hell they call it now? What, what are you using instead? Why are you using that instead of CrowdStrike? Tell me why you chose the product you chose. That's a conversation you have in these smaller groups.
[00:36:00] Speaker B: That's right, yeah. Where you, where you feel safe that you can ask questions. Right.
[00:36:05] Speaker D: Chatham House rules type thing. I don't have to worry about you guys going and blasting it all over LinkedIn after that. Oh, well, this guy's using this and this is why. But you get to hear people's thought process now leading into I'm looking for a new job or I'm trying to hire somebody. I sometimes get to hear what their thought process is in a more relaxed, instead of that interview stressor that people are doing. Look, when you're interviewing it, I don't care who you are, you're going to stress a little bit. No matter who you're talking to, there's a stress level to it because you're trying to put your best foot forward and you're trying to make sure you answer the questions in the right way. But in reality, what I want to hear is honest feedback. I want to hear honest truth. I want to hear how you got to that decision, what the things you did to make that. And these kind of smaller groups, when we get in and have that real discussion, it allows me to look at how people are thinking about and critically thinking and thinking about a problem. And then down the road I met a couple of these guys that Maybe they're not CISOs, they're architects or they're senior level engineers or they run these teams and they want to move to that next leadership role or they're looking for something that makes them more happy. Now I've got a list of people I can go, I know this guy. I like the way he thinks about things. I like his personality. We gel. I'm going to reach out to him and let him know I've got a role that I think he might be a good fit for and see if he's interested in it or he's interested in it. Right. And that is the cool thing about that building, that kind of relationship when we talk about hiring is now I know or now when I got a buddy of mine that comes to me and goes, I need an architect or I need an engineer or I need a 100.
I like, you know what? I know somebody that'd be a good fit for you on your team. Let me, let me ping them and see if they're interested in having. If they're happy where they're at. So that, that piece of the moving around and building your network and Bill helping people feel. Because look, I'm not going to recommend somebody that I don't feel comfortable that they don't. They're a good fit because it looks bad on me. If I recommend somebody that I don't know whether they can do the job or not. But if I'm convinced from conversations I've had that they're a good person, they're going to fit well within your team, then I'm going to recommend you look at them and you have a conversation with them. And that's.
[00:38:19] Speaker C: Ken, that's literally how you and I got here. I mean, it's been a long time, right? I mean we're. We're just promoting and practicing what we preach.
[00:38:29] Speaker D: Yeah.
100.
[00:38:31] Speaker C: We're very much looking forward to sharing time with you. Ken, thank you so much for, for making time for this.
You know, the, the, the way I'll close this up really quickly is, you know, I want to go back to that person that I said, the LinkedIn profile, who doesn't have a picture, you know, doesn't have her last name, doesn't have profile built out. And then they'll tell me, like, I want to protect my security. And yet they're in charge of security. Right. Like at their company.
But meanwhile, when we were at our last event, we had Ted Ross, the CEO of Spy Cloud, there. He's in the thick of this every single day. And he's like, just to be clear, everyone's data has already been compromised.
You know, whether it was the MasterCard breach, the Visa breach, the American Express breach, the DoD breach to this breach, and yet that CEO of that company interviewed that person, hired that person with the interview stressor questions.
[00:39:32] Speaker B: Yeah.
[00:39:32] Speaker C: And that person is trying to hide in plain sight. Like, I feel like that's all connected together into being. Like, look.
[00:39:39] Speaker D: Yeah, I get a kick out of that, what you're talking about, because I've seen it so many times and I think about it, I look at, I, I've said this a hundred times. I was like, my, A few years ago, there was an article that got published. It was like the 15 largest breaches to happen over the last 15 years. My data was in absolutely every one of them. And I told everybody, I said, I think the hackers have come up with either a, I'm a honeypot because my data shows up everywhere, all the time, or they've looked at it and decided there's just no value in it. But I, I mean, I've got, I've lost my DNA information right through the dod. But, yeah, everybody's information's out there.
[00:40:19] Speaker C: Everyone's out there. Right.
[00:40:20] Speaker D: And even if you're, if you're on LinkedIn and you're a CISO and you think you're hiding from somebody or a security professional that you're hiding because you don't have a LinkedIn presence, guess how many sales databases are out there that people are buying that has all your information?
[00:40:34] Speaker C: Oh, 100. 100.
So if you are in the area or want to be in the area, on January 16th, we're going to have a dinner at the Vineyard in Florence. And on the next day, we're going to be at Staccato Ranch. Staccato Ranch is shutting down the entire 800 acre facilities just for us. That day. And if you're looking to really kick off this new year with really intentional conversations, reach out to us. We'd love to connect with you. We'd love to have you at this event. Or there's a secret going around that we're going to be doing this event in between Black Cat and DEF CON in August.
Hint, hint. Whisper, whisper. But Ken, thank you so much for taking your time for this day. I'll see you next week, brother.
[00:41:20] Speaker D: See you next week, guys. Appreciate it. Thanks, James. See you. Aaron, good to see you.
[00:41:23] Speaker A: Neil, thanks for joining us on Protect it all, where we explore the crossroads of IT and OT cyber security.
Remember to subscribe wherever you get your podcasts to stay ahead in this ever evolving field. Until next time.
