Why Every CISO Must Master Communication Skills
- Christopher Russell, CISO @ tZERO Group

Why Every CISO Must Master Communication Skills
- Christopher Russell, CISO @ tZERO Group

Why Every CISO Must Master Communication Skills
- Christopher Russell, CISO @ tZERO Group

Sep 29, 2024

Episode Description

Christopher Russell, CISO of TZero Group, shares his journey in the security field and discusses the role of a CISO. He emphasizes the importance of being customer-facing and understanding the needs and concerns of different stakeholders. Russell also highlights the balance between technical skills and soft skills in the CISO role. He provides insights into his day-to-day responsibilities, including incident response and the importance of trusting one's instincts. Russell discusses the evolving landscape of cybersecurity, the impact of AI, and the need for continuous learning in the field.

Watch On YouTube

Episode Transcript

Episode Transcript

Episode Transcript

hi everyone and welcome to the Hands-On cesa podcast my name is Adie and today we'll be talking to Christopher Russell Christopher's been in the security field for over a decade and today's the ciso of tzero group Christopher how are you doing today I'm doing pretty good how you doing amazing so do you prefer Chris or Christopher uh I go by Chris Christopher or Russell uh being in the military I'm used to being called just about anything that's perfect okay there's always a lot of chrises in an organization so I'm like everyone can call me russle if it makes it easier perfect okay so well I'm not showing now let's call you Russell there go so you feel at home there you go right so Russell how did you end up being a ceso what was your journey like um so uh actually going back to the military uh I was in the the intelligence part of it and then uh after the military I was a civilian doing intelligence work and one thing became really apparent uh not just working alongside classified information but also trying to obtain uh other countries classified information is we were really abysmal at network security and system security and literally everyone was kind of spying on everyone and no one was catching it and it was just really cyber security was just in a really poor state so uh when when the Intel side started to get a little political for me as you kind of move up the ranks I decided to kind of transfer out and I thought seems like there might be some job security in the cyber security thing considering how bad everyone is at it so amazing and have you worked in many different uh Industries within this as a security professional sure you know I started off just a regular kind of network type engineer on firewalls with fortn Nets and P alos and Cisco asay and things like that uh kind of working like a a sock as an engineering piece in the back ground uh and I've also worked for uh VAR uh critical start um and several different capacities but you know uh kind of managing customer uh setups deployments maintaining their back end of things like you know Splunk and their EDR tools and and the monitoring of alerts and things like that so I've kind of been one of the guys uh working on the back end of that making sure all the alerts are coming in correct and make sure everything configured right um and then uh you get a fair amount of time hearing how customers do or don't like certain things over time so it's kind of a good experience I would say everyone in the cyber security field I think at some point should be customer facing because you get a lot more information you get a lot more you learn a lot more about it you know your environment if you're not really seeing much can be kind of quiet but if you work for any sort of VAR or mssp or MDR uh you start you kind of get a lot of you know fire hose worth of data thrown at you and then after that I moved over to t0 where you know I became the ceso and so kind of a quick little J but I feel like in the middle I did you know fair amount leading up to it interesting it's uh I think it's the first time that aiso told me about the that aiso should be customer facing like should have experience in that why do you think that affected or what do you think is important about that for a security you hear lot of different stakeholder kind of needs and wants and concerns that you might not have thought of and you may not you may not even have as an organization yet but then you may obtain later on so for example you know you're working for you know different Financial vectors and you have oil and gas vectors all these people have like kind of different wants needs and concerns uh and things that are important to them and important to their boards and the more things you hear about that and how they want the data and what the things are really scared about the I think the better you're prepared if all of a sudden organ ation starts caring about those things too maybe it doesn't when you get there but you start you bring on a new business unit you know things evolve you grow all of a sudden you might have some of those same you know concerns and needs and you've kind of seen what other people wanted from it what has worked and not worked so just makes you a little bit more well-rounded I would say interesting how much of the cesa role would you say is being Technical and how much is about more communication manag being on the business side I think that's really organizationally specific um there can be the wide range um I'm of the school that I think Tech cisos should have some technical background but I know that's not organizations need that if they have a especially when they're really large and they have a really deep bench on the technical side um but the a lot of things a lot of people miss the the soft skills and the business side of the ceso piece that is really a lot more important than they think they kind of downplay it and think that it's something that everyone can learn when it's it's not something everyone's necessarily great at because you're only as good as what you can communicate you're only as good as what you can get approved you're only as good as you know the kind of the tools you can tell your company and and convince them that we need to invest in these and if you don't get those it doesn't really matter if you can technically set it up if you don't get a bot few in the first place and if you don't get buying from your organization and people are just doing whatever they want then all the policies and procedures you wrote really aren't that useful either so you you really should have a mix of both um and I know that's a really political answer um but you know in my experience there is no there is no right recipe um but I will say people think that they can be just Technical and will work out and and in some orgs that are really engineering L that may work but the the knowing the business and how to support the business is a is a skill that um people you know maybe when they go to school to get a M's or a PhD kind of learn but they don't really get taught that well in in just coming up through the ranks and that's where the disconnect is you know when they want to get to from like VP to ceso or something is understanding kind of the business side and and how to kind of relate to the other peers interesting how does your day-to-day look like right now like in terms of your time management between team things management actually doing technical things yeah it varies kind of depending on you know what what fire is burning in what part of the world but in general um I wake up pretty early uh because I work out early to try and start the day but uh I do check slack and alerts first thing to see if there's any issues over the night so I can address them you know for my organization before the Market opens so if there's any sort of issue I've got a couple hours to fix it you know before anything you know is kind of really a concern so I get up check that checking one my people overseas make sure there's nothing on fire go work out uh come back and while I'm eating my breakfast I'll start looking at emails you know from vendors and outside people and other things anything I respond to um anything internally from my legal department that we've been working on I'll go through that uh and then I I try and start my day updating and cleaning up any sort of documentation or processes or procedures or diagrams that we're working on for for any projects that day um I feel like getting that done early um just because it's not it's not the most fun activity if you do it later in the day when you're tired your brain's not working it's just really painful while I have the most energy I kind of knock out the more mundane tasks and I leave the kind of the funner technical things where I'm tinkering for later in the day um and that kind of works for me um I have a fair amount of set kind of meetings here and there I have to do for the business but fair amount of my time is responding to things and alerts and doing investigations that are kind of ad hoc throughout the day and people will get these random fishing emails and you know you know sometimes it's a fishing email sometimes just a really badly formatted email that is a real invoice and you have to figure it out and you can't just tell people to ignore things that look weird so I'll work with different teams in the finance you know they'll they'll send me over anything that looks kind of oddly not you know not perfect and I'll give them the green light like yeah this is a real invoice where we actually have to pay this but I'd rather have them do that than uh make any poor choices so I'm I'm I'm fine helping out in that realm but it's it's a little more reactive during the day depending on again what kind of alerts are coming in what you know what your wff what Your edrs you know firing off what your Cloud security tools telling you that'll uh that'll dictate a huge part of your day when it's quiet you can kind of focus on your more long-term projects interesting you say that the first thing is kind of making sure nothing's on fire what if something is on fire how does that they look like uh you kind of go into instant response mode you uh you have your instant response plan you have a checklist of things of who you're who you're communicating depending on the scenario and you just kind of go into autopilot actually um it's uh you know for people that haven't had to do any sort of in response it's kind of stressful to think about but uh if you've done it a couple times and you've been through a couple different you know fire drills uh it's not as bad as you think because you've established a process you know who you're going to communicate with you're going to set up a bridge you got you know who needs to get invited you know who needs to be alerted and you kind of just go through those steps uh and you dig into it and you know I would say half the time it's not as bad as it looked to begin with but you know sometimes it's not great and uh you know but as long as you have an established process to respond to it it feels a little bit less daunting uh anyone that uh doesn't really have that and then all of a sudden something bad happens like that first thing in the morning it it there could be some anxiety I would assume where oh great who's going to be able to respond are they going to be up are they even expecting this like I've been in situations like that especially in the the managed security side where something was going wrong and I'm like oh my God like who's even going to respond at 7 in the morning from this organization I'm like I don't even hear anything so I've definitely been there um but now that I've kind of have a little bit more control over it I like to again set it up for Success where I don't have to use that part of my brain as much I can just kind of go through a checklist and say step a do this and then worry about step B and then worry about step C and not uh not get overwhelmed by the the weight of the moment amazing do you remember any specific incident obviously without names or companies or anything but do you remember any specific incident that was like where you did feel whoa like what am I doing now yeah so early on in my career when I was a more of a network engineer and I was uh um setting up you know Fort Nets specifically for this one project um we had a a small business and when I was in the middle of configuring I forget what it was specifically but it was something around a network interface uh the firewall rebooted and it rebooted without an external IP which is the which is the IP I needed to connect to it in the first place to fix it so it rebooted into a state where I couldn't log back into it remotely and so I was like oh my God so I had to yeah and this was a company that didn't necessarily have an IT person so I had to like call and talk someone through connecting via cable to this firewall and configuring the external you know interface for me to connect and fix it and while that was happening they were like hard down they weren't getting emails they weren't getting like nothing was coming in it was like not a good situation for them either so I just remember going like like what a stressful situation yeah that was super stressful because you know talking through someone who's not an IT expert how to set up a you know you know the uh the cable and and and via command line reset a an interface it's it's not you know it's not super complicated you can look up the commands exactly from fortnite it's not like the end of the world but just getting someone to do it over the phone uh early on in my career I remember being like I was just I was freaking out I was what what a what I've made some poor choices if this is where I've ended up sounds like an experience that built you yeah yeah well I've learned not to Tinker with network interfaces uh without some sort of backup uh IP or something means of connection remotely interesting it's interesting that specifically that case was like sort of your fault but have you ever um do you ever feel like a bad cup like you have to make sure that no one's doing anything wrong and just like being in charge yeah you know I think uh I think the industry has moved away from bad cop and we're moving more towards the carrot than the stick because we've learned that you know beating on you know telling the user they're the weakest link and they're the biggest problem hasn't really helped the problem and when when in real realityy is what we want people to um not be afraid of us and if they even if they do screw up know that they can come to us for help because what'll happen is if you're the bad cop they're gonna they click on something they'll be like well nothing's blowing up so maybe it's okay and they're just gonna not kind of say anything whereas I'd rather someone say you know what I I think I screwed up I would rather just call Chris and and know one way or another and I and so I kind of move towards that but you're right there is kind of a I would say an educational piece where you where you know the ceso or any sort of security leader needs to understand he's there to help you know yes we you know we we know what's good and bad but we're there to help people we're help we're there to help the business so anyone who calls up with any sort of problem that they should get I'm here to help from me and anything short of that I think is is not really conducive for you know good healthy relationship so and the more you do that the you know more things they bring to you where they're like you know I don't know if this is a thing Chris maybe this kind of looked weird and and you you'll you'll find you have these kind of Champions in different parts of the business and your finance department your developers that uh start doing things a little bit more than they would have because they know if uh you know if they need help with it that you're there to help them so they go you know what I was thinking about doing this is this a good idea security wise Chris is this or no that no we wouldn't do it like that um but if they're not even but if they're too scared to have the conversation you're just kind of missing out amazing how would you say you divide your attention between educating the people and putting controls to make sure no mistakes are done you know with no bad intentions but just silly decisions sure I think uh I think frontloading people with the training is important and and explaining why we do things is kind of the key the having guardrails is is important um and and I I kind of here to an extreme ownership type of mentality for familiar with Jack willink and that is if my if any of my people screw up it is my fault I didn't have the right guard rails I didn't have the right training I didn't explain right I didn't give them the whatever it was I screwed up so I already have that mentality so I go into any you know any of my employees training them to do what they need to do like giving them the tools so they understand it and then if I have guard rails I really want them to understand why we have those guard rails so they don't think it's just some arbitrary rule because I said so and if they understand why they're they're going to adhere to it and they're going to not want to have the problems that I've had and and the reasons why I put guard rails there because I've have gone through things where external IPS disappear and you have to talk on someone through the phone to to to reconnect it and we don't want everyone else to have to go through that so um I would say it's important to frontload your people give them as much training up front on their tools as possible um I like to set aside time weekly especially kind of like Friday afternoons um so they can kind of not get into messy problems going into the weekend but sit there and go through and and stay professionally you know adapt at our tools uh learn new things there's constantly release notes going on and somewh tools new features we want people to be familiar with that and and to take advantage of that and not not have a security incident where the vendor is like oh we had a new thing that detects that and you guys just hadn't turned it on yet um you don't want to be in those scenarios so you got to con it's constant education you know even myself I'm working on my PhD right now because there's always more I can know there's always things I can learn and there's never a moment where you figured it all out anyone who thinks that they're an expert and they figured it all out in this field is full of crap because there's infinite amount of things you can know and every day more is added to it so there's always something you can learn how do you learn I mean it's one thing when you're the expert and you're educating other people but how do you yourself find the newest information the new things that are happening it's a field that's changing so fast like how do you keep up I'll be honest I think things like social media help I think Twitter especially the uh Twitter Community for infos SEC uh there's drama there sometimes and people you know go on tangents but a lot of people are doing some real interesting work and they'll be like hey I just found this new cve that hasn't been published yet or hey there's this weird thing going on with uh Microsoft uh tools where you can uh roll back the the version of it and then it's then you can exploit it however you want uh there's there's really you know a lot of upto-date and whenever there's an issue like when the crowd strike thing first hit you know Twitter is the first place who probably saw that I'm in a a ceso group for local to Dallas like a chat group uh and things like that also kind of come up and people are constantly sharing so that helps but um yeah surprisingly uh as much as I'm you know think social Med Med is not the best thing for society when it comes to infosec there's a there's a a load of information that I think use super useful uh LinkedIn not as I wouldn't say as timely but there's also from the business side and maybe more from the Strategic side some really good insights that I would say my colleagues and peers also are putting out consistently so I always take the time to read that and kind of stay up to date with h certain people that I feel like are always trying to put out quality content do you feel like the uh news that end up on the more popular media is usually correct like it when there's a breach or something like that like how much do you trust not always yeah what you're alluding to is Right sometimes it's just the most popular accounts that kind of are the loudest and they're not always right um but I think there's enough people that look and talk about these things that you can start to kind of decide and see and people you know they'll provide evidence and screenshots and and and things saying especially using the crowdstrike example there was a couple different analysises on what happened with that uh the file the uh you know the library file that they added uh that caused it to to malfunction uh there was a a pretty what seemed like a pretty technical analysis that first came out but a bunch of people came out afterwards and said no that's that's just not correct and they did their own so you do have to take everything with a grain of salt but I feel like uh as you're reading through or kind of listen you know if you know something about it you can start kind of smelling that this person's making some reaches or made some wrong assumptions or they're just looking for some you know you know reactions and content um but I like I said if you you know if you if you follow people that you know uh aren't about that and they are about the truth which is kind of you know what I always seek out then you kind of know what you're getting from them and they'll always caveat it with look this is just my opinion this is the way I see it so amazing what do you think is the biggest problem in cyber security right now uh I think um I think somewhere about five years ago um there was a problem with not maybe it was even longer 5 10 years ago there was a problem there was a problem with kind of the whole mentality around cyber security where we really burned out a lot of like there was a lot of people that wore a lot of hats you were you know you were the vulnerability management guy and you were the abset guy and you were the network security guy you you wore all these hats and there was an expectation that you should also be raising up the Next Generation and those people probably would have done that and wanted to but they were overworked overburdened and couldn't do that so they wanted someone to just they wanted people to come in and help them that already knew the job because they were burned out and so we we have this kind of Disconnect where oh we have all these jobs but not enough qualified people because the people that are need help in certain circumstances don't they literally don't have the time to sit there and train off it's just not something they always have time to do they're under staff they're working multiple things and they're just saying look all I want is for someone to take two of these off my plate and I don't and if I have to sit there and train them on everything that I know on it that then I'm not going to be doing be able to do the other three jobs I have to do so I I feel and I've I've I've spoken probably many times on this that we need to uh help people going through it the you know the education Academia route of learning to get practical experience um I you know I got my masters but they didn't you know except for a couple teachers that had access to like paloalto networks firewalls there wasn't a whole technical side that allow allowed people to learn like what you really have to do day one and day two and I feel like if we focused on that a little bit more a little bit mess a little bit less about kind of the you know in theory how it works um people could show up with just a degree and be able to do some work you know day one so I think we should have them working on the actual tools at the universities and boot camps you know have them certified from palala networks foret Cisco crowd strike Splunk whatever it is like get them the early certifications on that get them the ability to do those things while they're you know earning their degrees and then they can help an organization that has that tool in their stack pretty early on um but the you know most most people you know most Educators you know push like learning Security Plus and you know I'll be honest it's a great foundational kind of certification but doesn't really tell me that the person can do anything in particular you know dig one anyway so I'm I'm a big fan of that but I also feel like the vendors need to make all that free and they need to you know all the stuff they give their partners and their their uh Professional Services for training they need to open that up to universities and give give all the students free access to all of their tiers so that they can come out ready to actually support these tools cool what would you say to someone who is looking to get into security from another field or someone who is just starting out and wants to advance and like take this as their Journey yeah I mean I think uh I think one thing they should do is talk to some people that have been in the field for a minute so they understand what they're getting into first and foremost what it really is I think a lot of people get excited about the idea of being like a hacker uh just because that's cool and sexy and the reality is is that not a lot of that is going on um there's pentesting and there's red teams and they do exist but that's not the 50,000 jobs in cyber security they're talking about and and that's not I'm not saying it's not a valid career it's perfectly great and and those and a lot of those people end up work moving into product and and because they they understand things at a whole different level so they progress fine into other fields but no one really wants to hire someone that's never really been around a computer computer but like took a couple courses and then say oh yeah come in and just hack our you know hack our environment and this just not really how it works so they need to have a little bit of realist you know realistic expectations um but also understand like what they think their strengths are you know what they think their weaknesses are and it gets people to kind of Point them right direction to get the additional training or education on things they're not great at and uh and you know and you know they have to be aware that you kind of have to have a tinkering mentality you know a lot of trial and error in this job you know we we all think we write the perfect query the perfect use case the perfect you know shell script um and then it doesn't work and you have to go back and try it again so uh anyone who kind of does something and then quits because it doesn't work the first time it's just not going to really work out super great in cyber security because you end up redoing things quite a few times until it gets you know this one's too noise this this one's too quiet so this one's just right you kind of got to have that goldilux mentality interesting thing what do you think if we go into the like the other side of if you have the people who are super starting out the people who are super experienced the cesos is there anything you see that they're missing or that you think they should be paying more attention to um I honestly I think uh the current cop aisos that I deal with are among the much are much better than kind of what organizations had before organizations before had people that were either really technical that made it up the ranks but weren't especially Adept at the business side or people that were just really good Business Leaders and kind of missed the technical side and kind of had to rely on their their smmes for you know that kind of piece now I see people that are pretty well balanced I feel like they're the ones that are really kind of making it through um I I don't know if I don't know I can really critique what what other people really need to kind of right now like I said I'm really seeing more well balanced cesos these days um the only thing I I think is the mentality needs to change a little bit on we need to remain constant Learners and not think like even if I'm the CEO of a Fortune 500 company I've got all figured out because they're still getting hacked too you know and it's not always the cis's fault specifically but at the end of the day if you took that job and and and there and the whole you know and he charg with the organization it is if something happens so you kind of have have the mentality that you don't know what you don't know you got to constantly be looking for it and you know with the with changes with AI and things like that we've got kind of some new threats evolving and if you've kind of sat back and said well I figured out this organization I've got all my defenses up I've bought all the tools all configured you're just kind of on autopilot just kind of waiting for a problem to happen where you need to be a little bit more proactive now because technolog is Curr you know constantly changing and the threats constantly changing and they'll just start bypassing all your controls and and recruiting your your own developers to put stuff on your network behind your firewalls and if you're not you know thinking about the human aspect of it too I I bring up this example because Rams someware you know is a is a really lucrative business and uh some researchers and some people that have dug into it have found that all those fails with their fishing campaigns and their other techniques they'll literally just seek out employees that they think are disgruntled and offer them a large amount of money to to put things on the network that help them get in and that's something that's really hard to defend against you know you don't have the means of uh really monitoring their external Communications their own private emails their signal anything like that so and and these are people that are are trusted with placement access to are really sensitive uh systems they're kind of you know you know behind the firewalls all that and if they come in and and are and especially if they're you know coding and they can add Snippets you know with back doors and whatnot that's really problematic and and and can really get back get past quite a few controls so if you're not think about that as an aspect of it that kind of Insider threat piece you know you know that I think more I think that happens more often than people realize it's really hard to detect that was my that was my former in Intel that was my former world and it almost never got caught and I think a lot a lot of people are kind of uh uh underestimating how much of that goes on yeah wow as you say that I'm thinking like a I haven't heard about that a lot and B have you experienced have you seen something like that actually play out ever I haven't seen it from like being on the victimized side I was on the offensive side of that and I've seen it work every single time um but um there there are there there have been notes about this where employees uh North Korean employee was working at um what organization was a it was a security vendor uh no before or something like that um you know they they can do they you know especially with uh Ai and VPN and deep fakes and all these things uh they can start impersonating us employees and getting jobs even lowlevel jobs and working their way up so um I I'll I'll have to go back and refresh my memory on that article but that was fairly recently and things like that are they're not the most common and they're they are typically a nation state but you know as these tools become more more easy to AC access from the the you know the regular population uh even you know low-level hackers and script keys can have access some of these tools interesting how much does AI concern you uh a lot yeah it concerns me a lot because there uh the ability for it to dynamically change things that we're used to being static as part of our detection methodology is really was really worrisome so we're you know we've got a lot of tools that check on hashes and check on IPS and check on reputations and all these things and if you have you have the ability to dynamically change that so that every single executable has a different hash and environment uh it's pain in the ass to script that out but with something like AI you could have something like that work you know and so all of a sudden yeah I found this malware and then you go to threat hunt your environment to look for another place on your environment you don't find it but you don't know it's got a different hash on almost every different host or or whatever and so you're not you know it's like things like that that are really worrisome and know dos attacks you know based on IPS you can dynamically have IPS changing at a at a a an ease and speed at which you know we haven't quite seen before so things like that I haven't I haven't seen it fully deployed against anyone in a way that's worrisome yet but I but knowing it's there and could be is is concerning interesting what do you think are some of the main differences between the way cyber security used to be and the way it is right now um I think uh well I think a lot of organizations thought it made it an afterthought before um it's a it's a non-revenue generating department so it was like a luxury to have um some companies didn't even have a ceso until they reached a certain point uh some didn't even have really a security guy they had you know it guys that were kind of good at security um I think you know between you know initiatives to drive compliance around that from whether it's organizational regulation or self-regularization regulation um we've kind of pushed to be more proactive and we've seen that there's there's value in in um being proactive and and adding security early on to cheaper it's cheaper to embed it early than to try and add it on later companies at least learned that and uh and I feel like uh CEOs and Executives uh used to not maybe care about it quite as much um and because of the unfortunately all the events and all the organizations that have been disrupted uh they are concerned about it now so they have questions and they seek out you know advice from their experts and so I feel like you know cesos and the field have been kind of brought to the table more and and are taken a little bit more seriously than past so I would say it's in a pretty positive place right now interesting what would you say is one thing that you've learned throughout you know your journey that you think anyone in security should know or think about that's a hard one one thing um I'm gonna I'm going to answer this differently just because maybe a lot of people answer this the same way I I'm a big believer in things like intuition and I feel like people have gut feelings and we squash them down and we don't listen to them and I'm going to be honest when certain things are going on and I'm especially I'm responding to incidents I don't know if it's pattern recognition but I get a gut feeling where the you know where I need to look for the right logs to find the answer what system I need to go check on if there's issues I I really go with my gut and and my instincts um because I feel like in the high stress moment in the back of my mind uh my brain saying I we've seen this problem before it's probably this or this has happened before and my you know my conscious mind's worried about the stress of it like what's you know it's it's going through all the panic mode stuff and it's not it's not thinking clearly the back of my mind is going go check your firewall logs then go check you know it's it's already kind of knows and so you get that gut feeling like learn to trust your instincts on it and and especially in times of stress um especially as you have more experience and you've been through these things because through you know again like things like patter recognition and just intuition um you know professionals I think you know they don't know why they know where the answer is but they know where the answer is just go to it you don't need to you don't need to prove yourself that you know why just go and look and if you're wrong then you can move on but nine times at a time I feel people's gut feelings when they're kind of working those incidents is something that they should start trusting a little bit like it's odd I'll see an alert and I'll see an external IP and it'll I can just I can kind of tell if it's bad or not just and it's weird I don't know how to explain it it's not there's not a number combination it's not you know but I'll look at it and be like I don't like it I don't like this you know or or the Hat you know or the binary they'll there'll just be very basic bits of information I'll get a gut feeling right the about like y this one's not a good one and you you got to you know go in and put it through your sandbox and some other things or do some reputation but sure enough it's usually pretty close interesting do you have a team yes how does your team feel about the like intuitions I've had this conversation with a lot of people and and uh and what's funny is people be like how did you know to go look at like here to get the answer and you know you don't want to you don't want to tell people why it was just it just popped into my head that was the place to go you kind of got to give them reasons um so I do explain things like well you know what it's p recognition I've been through 10 of these things before I've been through a 100 of these things before I I mentioned early on if you work for an mssp an MDR or anything where you're kind of customer facing you're seeing you know especially multiple customer you're seeing like a large amount of different attack vectors of different alerts different things and you you kind of see those problems as they come and you start again creating patterns on what they look like and so when it's your time later on it kind of again like ah you know you may not remember that exact incident but your subconscious is like I remember what this was and it's going to kind of nudge you in that right direction so I hate to tell them like well I'm just lucky or I just kind of guessed or it's just I just had a feeling it's you know I say patent recognition but it's you know it's just something that and you know we our brains collect a lot more information and do a lot more processing on the back end that we give them credit for and you should you should use that as an advantage and not and learn and learn when trusted is is what I actually start telling like you know people work perfect I think it's so true for like as soon as you have your experience in the field you can't ignore those feelings like I think people that are new have those feelings and they don't trust them and so they don't do it and yeah I I think I think some people just have some really natural intuition that's you know I I don't can explain where where it comes from I I think about think about hackers is that don't have any formal training but just think about how would I break this they you know they're just no one's broken this before they're not following a pattern they're coming up within their head it's an intuition something's telling them I bet if I tell this certain module to do this it's going to break it and it's going to give me some sort of weird response and then you know and so those people are just they have some sort of gift their brain was you know formed a certain way and they just have it and it's hard when you don't have some sort of uh you know the the I don't know the degree or the pedigree to get people to understand that um so they have to show up with their work but there's some people that have no formal training that have just kind of been self-taught that have figured out things that no one's even seen before yet and I just think it's a Marvel of the human mind amazing how much do you think like if you put it on a scale how much is security a natural gift to 100% to I think it'd be both I think someone can have a natural gift in it and I think anyone can learn it with the right amount of discipline time so I think I think you can have both scenarios um and I'm not one of those people that's blessed with just uh you know the natural Talent I'm the one that had to to do the reading and the working and and do all that so um but I see the people that are you know smarter than me that didn't have to do that don't have to get they're not working on their PHD or anything and I would defer to them on certain things so I think there's both for sure it's just kind of uh knowing what you're working with and and trying to make the most of your strengths that's great is there anything that keeps you up at night as a ceso the I mean it's the unknown um it is the unknown I mean you you you you set up what you think is going to be uh a secure environment you set up what you think are going to be controls that are going to give you the alerts and the early Warning Systems you do all these things and you still don't know what you don't know you don't know what got changed during a production push what got left open I mean there you know you can again you can be as proactive as you want but there's always that thought today could be the day where my environment gets taken down and you just gota you know like I said have that mindset of I've prepared for this I've got you know a plan if it happens um I don't lose a ton of sleep over it anymore I just don't sleep a lot either that's uh slightly disturbing response but it's honest amazing okay so I think I only have one last question and thank you so much for coming on the show by the way this has been super informative and I think that people going learn a lot both from your mindset and from the actual things you said so I appreciate that yeah for sure so my last question kind of relates to that what do you think is going to change from now to two years five years 10 years into the future both for cyber security but also for cesos as a role yeah I think the technical side is going to get far more advanced I think AI is going to become a Force multip for the jobs we do um I don't know it's going to necessarily replace a ton of people um it may push them to be kind of different jobs in the field but it's going to be a force multiplier and we're going to be able to do a lot more um than we're doing now so I think it's G so the attacks the attack complications are going to increase but the defense uh the defensive techniques are also going to increase so we're going to still be kind of a stalemate um I think ultimately we're from the economic standpoint we're always at a disadvantage on the offensive side so we're we're going to probably maintain the status quo of the adversaries always having a little bit of an edge but I feel like um I think we're gonna we're GNA keep Pace with adversaries with the complications and I think we're going to leverage a IML in some pretty in some new advancements to um you know improve overall I mean there's still there there will always be hacks there'll always be uh you know know a human way to get around things uh there there'll always be things that happen but I think we'll uh like right now a lot of hacks happened with the basics you know old passwords that weren't you know turned off from old fire I think we'll see a lot less of that because we'll have tools that detect that we'll have tools that identify that it'll you know we we already have a lot of things like that that make it harder to have some sort of you know old service accounts that aren't functional we have a lot of things that now say hey this hasn't been used this has got too many permissions go change that um so we're already headed there I think it's going to I think it's going to just happen quicker and I don't know if we're going to see more vendors or more consolidation but we're going to see a lot more capabilities and I think we're going to see some pretty cool uh technology around behavioral analytics of users so that we can really identify like the user identity Space is really going to expand that's one thing that as long as you have a login and a password and you and it works and you have the MSA it's you I think there's going to be other ways we're going to start adding some context to that to make it a little bit harder for just credentials and keys to get you in and I think that's going to be a good thing very interesting thank you so much yeah no problem it was it was a pleasure [Music]

Ensure SOC2, HIPAA and GDPR compliance across all your SaaS tools

Built in Tel Aviv, Israel

Ensure SOC2, HIPAA and GDPR compliance across all your SaaS tools

Built in Tel Aviv, Israel

Ensure SOC2, HIPAA and GDPR compliance across all your SaaS tools

Built in Tel Aviv, Israel