I have been doing it all wrong, Join us to discuss Alyssa's post that triggered this conversation, and how we can all learn from it!
[00:00:00] Okay, I always say this because I'm not that smart of a human and I repeat it's kind of my shtick but I think we're actually live now on my channel and so I've got this one and it's going to be a fun
[00:00:09] episode. It's Beard Banter episode 50. I'm here with AlyssaSec, Alyssa Miller. She's somebody I have looked up to for like a long time. I mean like just as in from her stage presence and things
[00:00:21] that I kind of encountered over time and I've used them in my own speeches so this is fun but we might battle it out a little bit here today and and it's because of exactly the content we're
[00:00:31] going to get into so let me set the stage for y'all before I introduce Alyssa and before she like pops me right off my pedestal here but let's get into it real quick Alyssa. It's great to have you here
[00:00:41] let's do it okay here's what started this y'all. Alyssa posted this a month ago now and she said if your answer to someone and I'll do it in her voice she's sitting there I can imagine she's
[00:00:52] fired up about this post and I'm just getting the presence like you know what if your answer is who asked you for advice in getting into cybersecurity profession as they should get certifications or
[00:01:00] build a homelad you're helping no one no one honestly that's lazy advice that serves no actual value in helping them launch their career it hurts our industry but yet worse yet it's it's our cybersecurity community if that's your response then please consider instead just
[00:01:14] saying like maybe you don't have an answer or like maybe recommend and talk to people who actually have something to offer and maybe in her heart before she typed it she said and maybe
[00:01:22] shut the hell up if you're saying these things maybe that wasn't actually there but that's how I see it so what was in your head Alyssa and did I capture the moment well enough I tried very hard not that
[00:01:32] angry okay okay I had hands I was like hands I love the rage oh my gosh and yes it does come off strong right so I get why it reads like it's ragey but no it's I just it's frustrating because
[00:01:50] I will hear stories from people who are trying to get into cybersecurity right and they don't come ask me questions about the same thing right no tell me that someone told them that
[00:02:05] and it's like and that's all they gave them right like and go go to lab go get some certs yeah go get some first I'm like okay so how does that help you get a job sure right you maybe
[00:02:19] you can put like a home lab you obviously can put certs on your resume and it does get you passed yeah and a lot of the comments were that right like hey but I have certs and I have to get past the
[00:02:28] resume there is that checkbox you got to have a lot of time just with some of these jobs but it's like it doesn't really it's like a it's an to me it's just an easy off-hand answer
[00:02:40] I can give somebody right like I can just say oh you know do this and do this just leave me alone now right like and it's like you know I know what really bothers me about it what
[00:02:51] actually inspired that was I was talking to somebody who had spent literally thousands of dollars between getting certs and building a home lab that they were doing all sorts of stuff is don't even make me unpack that part of this yet because there's like that's a whole
[00:03:07] nether delve we might just like put a pin we might continue continue but so that's why I was that's why I was responding like that because somebody would call them that those were the
[00:03:17] things you had to do and it's it's been a story that people have had you know or advice that people have given for a long time but it doesn't it doesn't really get them it doesn't address
[00:03:31] what's keeping people from getting jobs yeah what's keeping people from getting jobs is not the fact that they don't have certs it's not the fact that they haven't learned on their own in a lab yes those
[00:03:43] things do help you develop right I mean certainly home lab you gain experience but the problem we have is in the hiring process and cybersecurity and if you can't educate people on how to overcome
[00:03:59] the challenges there how to craft a resume that's tailored to a job description how to understand the automatic um applicant tracking systems sure uh those types of things uh even just how to find what
[00:04:15] what it is in cybersecurity that lights their fire let's dig into those three things because you've covered three things that are big there I want to go back first though and kind of get your answer
[00:04:26] to this because your point the three things you hit really are you know yes you have to understand what lights your fire like what makes you passionate about something right like to that point
[00:04:36] I think to your point you have to have the search to get through but you also have to understand the job filters that's another piece piece you made right and then how to get through
[00:04:42] that process how do you actually get hired how do you go towards gainful employment so why this brought me up and I'm going to bring this up is my response to your post that day
[00:04:50] and I was in a car I think it was driving back from like Denver or something um and I know I wasn't driving just for anybody that's going to jump on my case in this conversation
[00:04:58] like I totally wasn't driving myself um yeah yeah and I'm going to come back to comments in a minute so if you got comments throw them in here I'm actually focused on getting the stage set um
[00:05:09] so I wrote back I said I'd love to pick your brain about this anyway we could sit down and chat about it on my beard banter in some ways I get what you're saying but I also have
[00:05:17] questions and thoughts that go against the statement and like if I was like totally reading into the moment I actually didn't just have thoughts or questions um I I had literally just gotten off a call two hours before and said both of those things like I'll tell
[00:05:31] them myself I was totally talking to this kid from my alma mater in same high school and he was like I can't get a job in cyber and I was like okay what have you done in your
[00:05:39] home lab have you built anything have you done anything in your world to find where your passion is and I and I'd sprinkle in that I think that's where you and I find some common ground
[00:05:47] right but I I then said you know hey have you got any certs like there's free certs out there like cc there's all kinds of stuff that you should be going down the path of
[00:05:56] and I think one of the things we should unpack in here is a lot of people giving that advice or doing it because they're selling you something to buy from their course right and so that was
[00:06:03] what I was trying to dodge for a sec but we're gonna get there and then you gave a great response to a request that was done by think tim uh tim uh uh yeah I don't remember which
[00:06:14] one it was but it was one of the temps uh and said well first I'd work with them to identify what aspects of cyber security they're actually interested in like you and I want 100p on that
[00:06:23] because it and the same thing with Leslie Carhart she said hey if you're not focused if you're not focused on what you really want to do like and maybe I won't paraphrase her wrong but many of them
[00:06:31] do not know without doing some deliberate discovery agreed then I would walk through with them how they can demonstrate and how they demonstrate the transferability of their existing skill sets which is what do you bring to the table right how are you employable
[00:06:42] what's the value here then I'd talk with them about how to understand and assess what real needs are when they look at a ridiculous job descriptions that seem to be searching for a magical unicorn right like I need somebody that's done go for 12 years you're like bro
[00:06:54] goes been out for like three or five or something so like hold on how are we there um anyways this goes on so let's let's unpack some of that because I think your answer is so practical
[00:07:05] which is find what you love so how does somebody do that what's the right answer how do you give advice there for Alyssa oh there's lots of ways I can't I can't proclaim to have
[00:07:13] the right answer I can claim I can claim to have a answer it's true and this is so that whole post honestly comes right from my book like okay okay I saw someone quote that no I saw someone
[00:07:26] quote that so I know yeah that was correlated yeah you know but it because I was in that same you know first of all it comes from having people countless times like reach out to me and say
[00:07:40] you know can you help me get into cyber well what about what part of cyber security do you try to get it I just want to learn here I'm like you can't learn at all there's nobody that knows it all
[00:07:52] so you know so as I started thinking about the book I'm like okay how do I do this so one of the exercises this is actually uh you know that yeah go yeah love it is you know go out
[00:08:03] go to you know most of us who are have some desire to be a part of cybersecurity probably read some cybersecurity news hope so I said go out pick like 10 15 maybe even 20 however you headlines on cybersecurity articles that are particularly interesting to you
[00:08:24] right just take the okay you're gonna read the article just grab the headlines okay now sit down and with each one what in that headline caught your interest like just categorize it somehow right like sure was it because it was about you know a breach and that was
[00:08:42] you're really exciting or whatever um was it you know about you know some new regulation that passed or you know whatever it is break that down and then just kind of look at okay what is
[00:08:53] the theme you'll find the theme in those headlines of the things that are standing out to you the most in cybersecurity news sure and that will immediately start you down a path of maybe
[00:09:05] I mean you know if it's a policy thing maybe I'm more of like a g r c type person sure it's all about the incident response maybe I'm down an i r teams play exactly right yeah I could see that as a
[00:09:15] as a about new you know uh threat intel maybe that's whatever but it's a great way just to start to identify within yourself where is my passion in cybersecurity yeah or conversely and this I don't
[00:09:31] go into this typically but I'll say it because it's true you may discover that really you're not that interested in cybersecurity you might have just you know but legitimately there are people really
[00:09:42] this isn't the career path that they're gonna enjoy but they heard that it was a hot job market so no you're accurate I so I had my series 766 lhva when I was like 19 years old so I had my stock
[00:09:54] broker's license I worked for American Express financial advisors and I did it because of a job board posting that said make this much money in this time frame like I was like yeah bro commas
[00:10:03] I like commas I'm down with commas right but I found it wasn't for me I didn't enjoy it I wasn't I had no passion in it I think to your point you do have to figure out if you have a passion
[00:10:12] and there's a reason if you're in cybersecurity in my opinion you're gonna get punched in the face it unfortunately is kind of the nature whether it comes from internal whether it comes from a board that makes a decision that doesn't agree with what the risk profile should be
[00:10:27] whether it be whatever it may be you're not in a world where you get like all the adab boys you think you're going to get right and and so you have to in my mind be passionate about what you're
[00:10:37] doing I mean see what your adab boys are by the way it's like right nothing happened today great job right right winning hashtag the stuff works that's supposed to work right everything works
[00:10:48] nothing happens yeah yeah and that becomes the expectation to sure right and so no I I think that's a great call out so that's the first piece is find a passion in my advice I've said you know go
[00:11:00] get on like try hack me in fact my wife is going through this right now my wife cat um and and she's looking at try hacking me and going what do I like and so she's going through a red team course
[00:11:10] she's going through a you know defer course she's going through and just trying to see what she likes now there's a challenge with that and I've given some bad advice there listen my opinion because there's these nomenclature gaps and and knowledge gaps that have to exist before that
[00:11:24] so in your method you're going okay what gets your your passion like what made you attracted to this and then you go into it and I think Leslie gave some really good advice on stage at at Wild West
[00:11:33] Hackenfest which I'll give a shout out to I watched your presentation there I watched her presentation there they were both fantastic and in her she said go find people in that profession
[00:11:41] once you've found them like if you find it a listen you say hey I totally want to be a sysso and ask her what's the worst thing you deal with every day right and that was part of her
[00:11:50] her methodology was and maybe there's some corollary in your book but what's the next stage in your book of how you're approaching now that I've found something I like in the headlines what do I do
[00:11:59] next what's the next step so now it's about identifying yourself and first I'm going to give you a gentle correction that Leslie's I love general corrections yeah yeah so they then thank you
[00:12:08] gave them please uh much better just an important distinction yeah no fair thank you but uh no the next step is really just okay so you've kind of gotten into that mode of all right this is sort of
[00:12:22] I like X whatever X is sorry I'm kind of into this space and then it's really about okay what skills do I have from other jobs sure the jobs I've worked so far the things I've done so far
[00:12:37] that might transfer to the mean example like help me just something perfect example the one I throw out there all the time anyone who's heard me talk about this has heard this before take a barista
[00:12:48] from Starbucks okay let's say hey I'm a barista at Starbucks right now or a barista anywhere but um and I start going through this and I realize wow I'm really into like the the like sock
[00:13:01] analyst type of stuff right like I like that getting alerts and responding and doing the investigation side of it so now take your role as a barista and take all the references out of that
[00:13:15] that have anything to do with coffee making coffee whatever right take all that out and describe it in the most general terms to the point that nobody could tell you what what your job was
[00:13:26] from the way you described it so in other words what do they do well they receive input from a number of different sources right they take that input and they analyze it and they break
[00:13:38] that input down into tasks yeah accurate tasks they have to then prioritize and execute those tasks with quality and with accuracy and also prioritize them and execute them in a way that is most efficient for delivering said products yeah and then deliver that quality
[00:14:02] all the while they also have to be thinking about potentially other maintenance tasks or things that they might need to do along the way sure what I just described our skill sets I absolutely need in a sock analyst I need somebody to be in that fast-paced environment
[00:14:18] grabbing inputs from a lot of different places breaking that down identifying what the tasks are that are necessary what priority and what order they should be executed in and do it accurately but also be mindful of recurrent maintenance type things that have to occur at the same time
[00:14:35] and make sure people aren't missing this right what are those tasks in coffee just to make sure we're not missing it I get an order for somebody once a half latte half oat milk
[00:14:42] single tall in a cup that doesn't burn my hand but also something that is then shaken with two and and four of the like you know what I mean like and then I also have to then think the
[00:14:52] equipment aspect is any coffee beans and eat coffee I need to run this through the express espresso machine and you get milk started and steaming and he didn't also rinse that out
[00:15:00] and clean it so that five more milk vessels like you think about to those points I think that is the aspect of your talking about in my mind of how you get through the filters too
[00:15:10] and making sure that those componentry right right okay I just jumped ahead I'm reading an elissa miller's book of life I love it what you know it what you've got now is you know
[00:15:20] what your core transferable skills are right sure things that you have and I there's in the book I walk through like skills versus knowledge and we'll put a link to the book in the in the
[00:15:30] in the episode chat comments down below too for anybody watching this so but aside from that yeah now it's like when you come to a job now it's like all right I'm looking at this job
[00:15:40] description and I see all their different requirements and some of them are going to be nuts so like you talked about the you know 20 years of experience and in kubernetes right wait wait that's like a thing like can't even be that long what are we talking about
[00:15:55] what there yeah infrastructure is code hadn't been around that right yeah so um you know so you can kind of wipe those away but how do you connect those transferable skills to that
[00:16:06] and then crafting your resume and this is this is the thing where I cannot stress how important this is tailoring your resume for each job you apply to right like I know there's this tendency
[00:16:17] to like spray and pray right you just take your resume and fire it into a hundred job yeah you're echoing exactly what Leslie says too so you guys are peasing apart
[00:16:29] they and I are very close friends and we are very close to the line on this um not because even that like we plan that or work together it just happens that yeah we both seem to agree very
[00:16:39] much so on it's pragmatic in this conversation it is and it's it's a very analytical and logical way of stepping through it right in extensive you just you have to think about it but yeah I mean the
[00:16:51] spray and pray method I understand why people do it I'm not judging anybody for doing it but when people come to me for help and they say yeah I've sent in 150 resumes and I haven't heard anything
[00:17:03] as well if you sent in 150 how many times did you sit down and actually tailor the resume to the job off or to the job description yeah probably none because if you sent it out that many times
[00:17:15] you know and that's the thing it's like yeah how do you even find 150 jobs that are all in the same field so that's probably probably applying to a lot of different types of jobs with the same exact catering right and the same exact information and it doesn't show
[00:17:33] you know I'm I told you this before the show I feel disingenuous sometimes giving any type of advice for careers in cyber because most of the roles I found myself in I've created or been a part of
[00:17:46] or kind of stumbled into in some ways right as being a cyber practitioner and maybe that's everybody but that said for someone trying to get a role today and stepping into it like this one
[00:17:58] kid that I talked to had come from a pretty prestigious high school he came from a decent college he came out with degrees how does someone because for me I have hired before Alyssa I promise
[00:18:09] I'm going somewhere but I have hired before when I was in head of pro services of our company I think we're only about a eight million or so dollar revenue MSP at the time but you know we were
[00:18:18] hiring project service people um and and I was you know looking for it and I always wanted to say I don't care what's on paper I don't care what's in the degree I care about your passion
[00:18:29] and I would look for someone that had a passion and a knowledge and an understanding that I could actually deal articulated in in the subject matter right um and if I said to them a v2v migration
[00:18:38] and they didn't understand it I would probably be shocked if I was hiring a migration engineer right like this would be not work um and so I think how do you get through the filters first
[00:18:48] but then display the passion and show that you've done the work and research to my point of why I believe in a home lab and why I believe in you know doing things and sometimes
[00:18:56] not even home lab you can do it almost for free now you can go get a $10 a month trihacney subscription and build do and destroy all you need in that at least in their catered ways but yeah so let me
[00:19:07] ask you a question to answer just do it I love that when you're talking to me right now do you get the impression this is a topic I'm pretty passionate about yeah like four billion on the
[00:19:18] three why do why do you get that feeling because you're knowledgeable you're assertive on it you you show um a command of the expertise you have reasonable answers for how you would expect someone to go through it you've thought through those things those would be the things
[00:19:33] that come to mind do you notice none of the things you just said are things I did in the past they're things that just happened in this conversation yeah it's true and this is the key
[00:19:43] yeah this is what drives me nuts with the passion I love driving you nuts by the way it's a personal passion of mine so you know back at the beginning of the uh 20 god was that 2020
[00:19:55] yeah was 2020 it's just my favorite surveys as part of I keep referencing the book this is kind of crazy um but I did a surveys of people are trying to get jobs and then hiring managers right
[00:20:07] because there was all research for the book and um and other things but um you know I did one of the things I asked was as a hiring manager what's one piece of advice you'd give every you know
[00:20:24] every candidate or any candidate sure and then I word clouded that okay okay all the answers jump from and did a word cloud do you want to start big word in the center you want to get what guess
[00:20:34] what big word in the center was I don't know passion I don't even have guess passion everybody says passion but how do you demonstrate passion you can't demonstrate passion until you're sitting
[00:20:46] in front of that that's exactly it how do you do that in digital world conversation 100 and so that's where to exactly your point this is what I love about what you just said is it's not about the
[00:20:57] home lab until you're there and are talking about it with yeah about what you did so on the resume you have to not be talking about the whole lab you can mention it right you can say I did this
[00:21:10] thing or whatever it's not gonna get you through the door I did you know I got to level whatever on trihack me or any of those other things sure but to your point you've got to get
[00:21:19] to the point that somebody sees your resume and brings you in and then you can show your passion so how do you get step one is that a ts that applicant tracking system how do I game that system
[00:21:33] and it's looking at keywords it's understanding even something as simple as the format of your resume and how that impacts how it gets parsed I mean most of us who have applied to jobs have at
[00:21:45] some point had to stick our resume in there it was supposedly gonna parse it and then you spend the next 30 minutes trying to fix everything that it has you mean AI is not going to take all of our
[00:21:57] jobs immediately I didn't mean no no I haven't played with one since LLMs have become like this big I bet it gets better I would probably get into all those and probably doing a lot better job
[00:22:09] I would hope but you know you're trying to you know someone used to suggest oh put a bunch of white text at the bottom of your white document that just has all the keywords from the job
[00:22:20] description oh my goodness gracious no doesn't work and in fact it actually gets you kicked out but as you're describing things in your history in your skill set in your knowledge base in
[00:22:33] your experience if you can tie that word in use their word instead of a word you might have used or talk about something you did in a different way that speaks to the language that they used
[00:22:46] in the job description that's how you start to speak to it's your starbucks example right is my point it really is that instead of writing I worked at Starbucks it is expansion upon
[00:22:58] the things you spoke about what you do and meet those those aspects right to that point and that's how many of you've seen that resume right you you've got hey I worked here from this day to this
[00:23:07] date this was my title but then under it you've got your bullets that say what you did yeah yeah right yeah and 100% what especially people coming out of college a lot of times don't understand if you've not been through these processes before maybe even if you've never
[00:23:25] been a hiring manager before you may not realize this the first thing that that applicant tracking system does is score you right you get a score and literally like when I'm sitting here I can go
[00:23:35] into work day and it's got all of the applicants listed out with a relative score and what happens in most organizations is anything below say if it's like a zero to 100 score which they aren't all
[00:23:47] like that but let's just say anything below an 80 we just filter that out we don't show it to the hiring they just get the email it just comes straight back and yeah sometimes yeah it might be
[00:23:58] like below 50% just reject outright or the other thing too is sometimes there's questions there'll be some questions that if you answer it incorrectly will kick you out immediately I actually have someone I hired who initially got kicked out because she accidentally answered yes
[00:24:17] to requiring h1b visa sponsorship I see which my company is not able to do yeah so you do have to be very careful about those things too a lot of times if you get an immediate kick out where it
[00:24:33] rejects you there very well might be something that you did in there it was not okay for them it can be that your salary request if they asked for that was higher than their range
[00:24:47] in which case that's not a job you want anyway sure okay yeah um you know it might be that you ticked a box wrong it could be any number of those very weird things I haven't seen one ask if you
[00:25:01] have a beard okay I just checked I was checking for me you're like my let's say right you're right you have to shave it but that's that's a whole different industry so yeah it's not okay
[00:25:13] it's not happening I've already done it once I did it for charity it'll never happen again I want to tackle a couple things because Zach popped in um Zach great thanks uh good to see
[00:25:22] you thanks for commenting and he asked about networking right and so you know let's maybe get your take on this and and and you know one of the things that I've even said before so
[00:25:32] I'll tell on Matt's self you know it does help to get out there and get known it does help to go out and build um talk about the things you're passionate about if you're doing research is
[00:25:41] like on something write about it talk about it go speak about it be that person does that help does that work and is that reasonable to give us advice or is that unreasonable let's explore it
[00:25:52] it's absolutely reasonable it's not a guarantee I can tell you from my personal experience it has gotten me multiple jobs in fact my last three me too yeah my last three jobs have all been the
[00:26:04] result of you know networking and people I knew who reached out to me and said either hey I have this job or hey I know somebody who's hiring for this thing I think you would be really good for
[00:26:17] right and so that does happen but even if it's not that tactical like even if they don't come to you with like a hey I'm gonna connect you with this person sure here's a job on a silver
[00:26:30] platter they want you you're the one right I mean that can happen but yeah also what does happen is as your networking you're starting to meet other people you're hearing different perspectives when
[00:26:42] you post things online here's why I post hot takes because people like you respond and then I'm sitting here having a conversation it is a great one yeah I'm learning from you
[00:26:54] as we're talking I'm shaping my view of things we've got Zach here in the chat talking about things and I'm learning from all of that right so that's part of what networking does for you is as you're
[00:27:09] doing that you're not just yeah you definitely you make connections people might help you find a job sure but you're also learning and growing and you're hearing how people talk about things which might also make you a little bit stronger in the interview process itself because now that
[00:27:26] we're hearing how people talk about it you know that's a hot take that right there's a listen Miller hot take right I'm telling you it's all throughout your career right like seriously right now for me
[00:27:38] you know see so right I'm still learning now as good as I feel I am at this in fact I'm training people on how to do it sure speaking to the board and speaking in their language
[00:27:54] you have to develop that and how do I learn that by people who are talking to people yeah yeah exactly yeah not just security people right because most board members are not former sissos or current sissos most board members are tfo CEOs you know whatever they ran some
[00:28:13] awesome nonprofit whatever they did hey maybe in one sweet paradise down the road Alyssa we'll have a seat and we'll be there making those decisions and making the horrible soffees choices
[00:28:22] in the same way they have to but yes maybe I don't wish that on us maybe we stay where we're at I don't know I don't know what I think but no that's the thing right you're always learning
[00:28:34] and that you know so as you're in even the interviews now you know you know how people talk about different things you know what the hot topics are so you can kind of understand you know
[00:28:45] what they asked for and rolled and how yours relate to that ask right you get to that stage exactly you're constantly learning that way and I think you're you're right I mean I I always say
[00:28:55] this as a technician as an engineer because my background does come from that side of the world if I ever looked back at my work and said I did a great job I ran out of growth I I suck
[00:29:07] like I want to know that I can get better in life and that I can grow right and I think your point networking has done so much of that for me so Zach in my mind I think you're you're right
[00:29:16] I want to tackle a couple others Eddie Phillips popped in Eddie love you buddy it's awesome to see I hope things are great and you're traversing around somewhere in Europe or something
[00:29:24] doing amazing things as usual it's great to see you buddy it happens lol and then Zach said also it'll take time to build your network you know why because it takes time to build
[00:29:33] relationships it takes time to show interest it takes time to be known it takes time to get and know people it but but I've also known Alyssa and you're another example of this and
[00:29:43] and and they with Leslie are also a great example of this but every time I've reached out to someone in this world they said yes I sat down at Chris Roberts basement just by reaching
[00:29:53] out and saying hey I'm a budding cybersecurity idiot in the SMB space can I come talk to you we sit down this giant Scottish armchair and drink some whiskey together like
[00:30:02] you know it was it was it was it was welcoming and encouraging if you're willing to say I want to learn I'm really having trouble that I'm loving this you and Chris Roberts
[00:30:14] yeah yeah no it was like doppelgangers yeah it was great it's like diures blue and just right here just a little blue there and then gain like a thousand in the hacking skills department would like help me out in that regard but you know that's imposter syndrome talking
[00:30:28] maybe maybe but I live it I suppose we all do but no I you know to your to the point I was making is you're all we all we I counted as we we are so willing to help others almost to a fault in
[00:30:41] this industry if you're willing to be humble and ask for that help and build the network and if you have genuine ideas and they're willing to change or they bring something they're listened to right you speak of imposter syndrome I joined a zero trust working group with
[00:30:55] like Dr. Ron Martin and Alex Sharp and like all these people that are like in this and talking about it kindervog and all these people are just so big and I'm like yeah I'm the SMB representative
[00:31:06] you know what I mean but like I felt like such a baby in there but I had things I could add perspectives people hadn't thought about and that's life right is an instruction here's
[00:31:14] a here's a key thing for everyone out there to think about when it comes to this imposter syndrome thing right now there it's first of all understand what you said before is so important
[00:31:26] everybody has more to learn I've said it a million times in a million different contexts the day that I feel like I have completely mastered something is the day I stopped doing it
[00:31:37] and I've done that in my career I've changed Christian like I've done it all that mortgage can be for me right if you feel that way then yeah yeah 100 you've stopped attempting to learn
[00:31:46] because you always have more and you can always learn from anybody whether they're brand new to the industry or they've been in it for 30 years okay sure both of them have something to teach you
[00:31:56] and that's an important thing so understand that first but when it comes to your imposter syndrome you know a lot of the fear that people have I think at least this was for me so I'm kind of
[00:32:08] projecting the fear of asking for help is the fear of being looked down upon or treated like crap because you asked and there are definitely I'm not let's be honest there are people in this industry
[00:32:25] who will pull that crap yeah it's okay be jerks but those aren't the people that you want help from anyway they're not the people that you want to and they're not the people who matter
[00:32:36] I will say that like yeah someone who has that response to you asking for help is someone who thinks their shit don't stink and that they know everything yeah and where that all comes from
[00:32:50] actually is their own insecurity that they feel you know they're doing their own imposter syndrome but they deal with it by trying to push other people down to prop themselves up yeah not okay
[00:33:02] so so understand that and that you know those people will respond there's a pretty infamous one out there right now that the information security industry as a whole is kind of shunned and trying
[00:33:13] to get rid of who shall remain nameless yeah yeah we don't give any power to it yeah for sure but understand that yeah those personalities are out there and sometimes they're loud what they are
[00:33:24] in the minority because as you said the majority of people in cybersecurity we all got here the same way you know stumbled into it velocity well not all of us still I mean some people got here
[00:33:35] you know very very intentionally but you took apart Fisher price stuff was your stuff I took apart my parents VCR that's right yeah yeah yeah they weren't really happy about that either
[00:33:47] yeah I imagine not mine either I couldn't get mine first started with an air rifle I couldn't get back together right like it was it was never able to be pushed back it never came back
[00:33:56] see I put the VCR back together and it worked now like three miles because there were like two screws left over and it rattled a little when you had some yeah movement a little bit who needs they were extra parts these were superfluous parts these extra screws
[00:34:14] but I you know I think that brings us back to you know the advice for people getting in in this world and getting into the big thing that is cyber and maybe I have an interesting
[00:34:24] take on this too in that a lot of what is cyber exists because what should be security doesn't and and what I mean by that is the less and less endemic things are built into a system
[00:34:37] the more they're listed as something separate and as you start seeing cyber being how I can figure something how I set up these settings how I actually defend my posture or what I
[00:34:47] choose as an attacker there's so many things that go into that that are really more business things that we've chosen to make cyber things and I don't know I see the world converging more
[00:34:58] over time and how we define that but I get the luxury of being a theorist and I can also be wrong so you know you're not wrong I mean what do we always I know we've been pushing for this
[00:35:09] like 20 years right at least the 20 years I've been in security probably longer but we always talk about push left right sure moving earlier in the life cycle moving left in the development of this product yeah what is that really saying it's saying exactly
[00:35:22] what you were just saying that security shouldn't be the separate bolt-on thing yeah you know security is just part and parcel to making sure that our internet of trash toothbrush attack
[00:35:40] how is that the headline this morning by the way internet of trash yeah what was that go ahead go sorry internet iot toothbrushes we're being used in a d-dos attack today no we're overnight so delicious like does the d-dos drop when I power it up because of the
[00:35:59] amperage drop or does it still have the same throughput I have no idea I haven't even read any report oh my god find out exactly what the hell is going on but I'm like it just it's one
[00:36:11] of those where you just you see the headline your head immediately hits the desk it's like an involuntary reaction yeah yeah like oh it's it's too tasty I mean it's mint flavored but it's just
[00:36:21] too tasty I sorry I couldn't I couldn't help it but yeah no that blows my mind you're right like and that's the world we live in right we we we you know you look at national cyber defense
[00:36:32] strategy that's calling out you know control or 3.3 says you know talk or 3.4 talk about iot and secure iot we've literally built connected attack devices that we haven't secured that are admin one two three four five that have no governments governance or oversight that are living in our world
[00:36:50] you know we're doing it again this is a repeat pattern and it has been for as long as I can remember like sure for the last 10 years now right iot has been the thing and I don't even call
[00:37:01] it iot anymore we know it's my toaster yeah it's a smart toaster yeah it's my smart toaster yeah so connect everything to the internet because it's cool it's fashionable it's fatty right like yeah
[00:37:13] yeah there's no reason to connect your toothbrush to the internet but we do it anyway because well then we can say it's a smart now I brush for one minute 43 seconds not minutes at adequate
[00:37:24] pressure at the right cycles per second with the right amount of accelerates yeah yeah but we're doing it again yeah so we did that because you know it wasn't like we were looking for a you
[00:37:34] it was wasn't like we had a use case that we could solve the problem by connecting it to the internet right right he went out looking for how can we you know what use case can we find to make sure
[00:37:44] that we connect this thing to the internet yeah connect everything to the internet we're doing the same thing now with generative AI you talked to 90% of the companies out there that are using generative AI right now same thing it's not about hey we have this use case
[00:37:58] or this problem case that we think we can solve with generative AI we better be using this or we're behind use cases for how we put this into our product because everybody's doing it we have to
[00:38:08] do yeah true story gosh dang it we could do this for like 12 hours probably on this conversation oh my god like this is this is a this is a the goose bumpies type combo uh for sure how
[00:38:20] well and I talk about this like pardon me but I talk about this as we you know I talk on stage a lot showing this corollary we invented the car in 1897 right the internal combustion engine
[00:38:33] based car Ben's been invented in Germany and and and yet we didn't invent a seat belt until 1950 in fact some woman in California had to paint lines in the middle of the road because cars were hitting
[00:38:44] each other and they offered to put her in jail or sue her until they realized oh my god cars not hit each other as much these lines might be a good egg right like genuinely that's how they
[00:38:54] had to get to that path maybe hyperbolelessly delivered but but ultimately that then becomes the line system and how we separate roads and all of these things that go down that path and yet we
[00:39:02] didn't invent a national traffic safety regulation until 1966 after Ralph Nader's unsafe at any speed that's 81 years of having something growing it ubiquitously we changed where people live like cities used to be born live and die within a mile where you're gonna gonna exist and now
[00:39:20] you can live in a suburb and drive to another city like that changed overnight and we adopted it because we know we die and so as humans we adopt technology we're there with technology now in in
[00:39:30] IT it was born in 1937 with the first digital computer and and it's now at a stage of since 81 being on the internet and we're hooking up our stupid toothbrush so it can attack freaking
[00:39:40] companies somewhere with my sonic care like now I'm sonic DDoS is what it's going to be classified right like oh goodness gracious anyways but we're at that stage where you and I finally get a voice
[00:39:52] I think we're at this stage where the things we've been screaming and you've been screaming out there for a long time are finally getting listened to I feel like maybe as we get better
[00:40:03] or worse yeah I mean you know I hear so here's the thing I mentioned before that like I do training related to boards and I'm sure I've been training board directors on how to talk to their
[00:40:17] CISOs and I've been training sure how to talk to team stealth indulgent to talk to both because it itself lets you set the language which I love but I digress so I know I mean I serve on a board
[00:40:28] I'm also you know CISO so I've been able to pretty rocking human in general so no leaving it at that stage but so here's what I was going with that is you know
[00:40:40] the reason I do that at least with the CISOs is because we squawked and screamed rightfully so that we didn't have a seat at the table sure well then we started to get the seat at the
[00:40:51] table we weren't ready yeah true story I've seen so many I hate this I used to be in consulting I watched so many bad bad board presentations where you know the best case scenario ones were when all
[00:41:08] the board members put their faces down to their you know they're looking at mobile devices not paying attention the worst ones were when you watched that poor CISO just get shredded and I think
[00:41:18] you talked of one where that was you actually in an earlier talk if I remember yeah yeah yeah and yeah I mean it was the very first time I ever was in front of a yeah you learn
[00:41:31] you know the CISO had a great idea of how you wanted this presented so I kind of went with it I didn't think any better of it personally I didn't know any better either so I did it and
[00:41:41] yeah it did not go well um so I've learned and I've had very very incredible experiences with boards more recently yeah and so you know it's but that's the thing is as we get these opportunities
[00:41:58] we need to understand what we're actually walking into what we're asking for um what are we actually asking for? I want to see that table does that mean you're just gonna come in and say
[00:42:06] we're doing this or do you still have to play the politics and understanding of the choices being made at that seat right well I mean let me let me put it this way someone asked me actually I've
[00:42:16] had numerous people ask along the way hey I want to be in an executive role someday too what would you suggest I where should I start like what's the first thing I should do you know what I tell them
[00:42:28] go buy the book 10-day MBA okay it is not a cybersecurity book yeah it's about business conversations yeah book that gives you insight into what you would learn if you actually went
[00:42:42] to get your MBA without having to go through you know multi-year MBA program but it's the concepts being made decisions upon that all of those people in that room have been through it gives you
[00:42:53] empathy to understand what all those strange people are actually thinking about instead of just rejecting them as well they made a business decision instead of a security decision of course they did that's their job yeah I make we're gonna maybe end on this because it's so quick how
[00:43:11] this goes by but I have used your quote on stage now I always let people know I suck and I might be misattributing and misquoting a bit but one of the things that you said that resonated with me
[00:43:22] and this was from 2021 at Wild West Hack and Fest when you spoke and and you said we're told our whole lives as sissos that the language of business is risk and then you paused for an emphasis and said that's horseshit the language of business is profit unadulterated
[00:43:41] fucking profit and I've used that exact terminology I don't know if it's exactly accurate but I think I captured the moment captures the point they take all of the risk on when they started in
[00:43:52] business and from that point forward we're simply trying to explain to them how they have this risk they took it on we have to guide those decisions and help them make right accepted the risk yeah yeah you see the risk and that's the value you bring
[00:44:06] exactly that risk they're in business now right give them something more please I love it so so okay to continue using it in its format that I remember my heart okay yeah out there so people
[00:44:19] start understanding and I use famous sysso and it's only because I gave that description so I'm gonna let it stand because it's my description you know comma space elissa miller famous sysso
[00:44:30] so we'll end on that horrible thing for you and I want to say thank you so much elissa this is a blast and and I think the distillation of this TLDR is you want to make sure that if you're
[00:44:42] giving advice that you actually are thinking about the holistic picture not simply go like cyber and you'll be fine no that's not how this works there's other components to this that matter
[00:44:52] so thank you so much anything you want to say to close if not we'll wrap it up thank you for having me on it it has been a blast obviously I've been all over the place here it's good it's the best