Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
What the SOC Really Thinks of Your Product, and How to Win their Trust with Reanna Schultz!
153 Plays5 months ago
On the show this week: Reanna Schultz, SOC Team Lead and all-around badass, talks about life in the trenches of cybersecurity operations.
George K and George A talk to Reanna about:
π― What vendors get wrong about SOC life (hint: it's not all about alert fatigue)
π The importance of integrating new tools with existing processes
π€ Building authentic relationships in the cybersecurity community
πͺ Developing communication skills for high-pressure situations
Plus, she shares her journey of finding mentors and building her career without following the typical playbook.
Whether you're a vendor trying to connect with SOC teams or an aspiring analyst looking to level up, this episode is packed with a lotta juice!
βββββββββ
π₯Want a little BKBT fire for your conference? Or maybe your GTM team needs a high-test dose of buyer insight at your next SKO! Drop us a line at bareknucklespod@gmail.com
Recommended
Transcript
Involving technical teams in processes
00:00:00
Speaker
Honestly honestly honestly goes a very long way for us if it's something that isn't in development or even on deck the one thing that really sells me on sales people is yeah let's take this back to our technical people that are building this product we're including you on the support ticket. you know just for visibility even if you're a customer or not right you can watch the updates through this page and this is where it's at and to me that's a huge win because that shows that company is involved into the cyber security community right they it's more than just
00:00:34
Speaker
a quick buck for them, right? Or a sales pitch. They really are passionate with what they're selling. And if you're with a vendor and a salesperson that is just proud of their product, regardless if they're not like a top 50 security tool, right? They're just proud. Yeah, I'm going to give them another phone call because now you sold me on your energy and your passion and your commitment and you're hearing, you know, my feedback. So now you're already building a reputation and a brand with me. And then you know you get on a call and it happens twice, holy cow. Now you get that technical person who is proud with what they did, you know and now they're taking feedback and hey, we don't have this feature yet. you know But
Introduction to the podcast & guest
00:01:16
Speaker
we're expecting it for a release note on this day. Brand and reputation and passion goes an extremely long way on a sales bid.
00:01:33
Speaker
Welcome back to Bare Knuckles and Breath Tax, the cybersecurity podcast that tackles all the messy human side of cyber, trust, respect, and all the rest. I'm George K on the vendor side. And I'm George a A, Chief Information Security Officer. And today, our
Rihanna Schultz's leadership insights
00:01:49
Speaker
guest is Rihanna Schultz, a security operations team lead. That's right. She's top of the sock. And what an interview. This one was wide ranging. Yeah, we got into a lot here. Real nerdy, but also real actionable.
00:02:05
Speaker
Well, I think the the biggest thing you take away from Rihanna is that she is very much a real person, very much like human as it comes, but also brilliantly technical. um You know, for for a young woman under 30 to be kind of running the show at a sock having worked her way up from the working level. um There's a certain, I would say, energy and expertise and passion like that's very uniquely brought to the table with her, but she still has the technical chops to hold her own with anyone at that table. So I really, really enjoyed spending our time with her.
00:02:41
Speaker
Yeah. And for everyone listening on the vendor side, a lot of juice here about how to approach the saw, uh, you know, too long, didn't read the CISO ain't using your tool. So how are you building relationships with the operators who are a lot of good stuff here and, uh, how to find mentors, how to talk about process. It's, it's real fire as always. And, uh, let's turn it over to our guests.
00:03:09
Speaker
Rihanna Schultz, welcome to bare knuckles and brass tacks. Awesome. Thank you. I've been really looking forward to talking with you guys and collaborating. I really enjoyed what you've been doing in the community. And I'm just really excited to be here. So thank you. Absolutely. You
Misconceptions in SOC and vendor relationships
00:03:25
Speaker
are a sock team lead, which means you are on the practitioner side, which means I get to go first. You
00:03:34
Speaker
That's right. ah The tables have turned. um Let's talk about misconceptions. This is the bare knuckles portion of the show. We try to attack the problems head on. What do you think vendors get wrong about life in the SOC from a product technology standpoint? And i'm I'm going to follow up, but let me just focus on the tech because there's so much you know being thrown out there in in the ecosystem that's like, Oh, SOC is this, let's improve that, whatever. what What do you think they get wrong about life from a product technology standpoint? I think one thing, and we've kind of seen this recently with CrowdStrike happening, right? you know I feel like this is a perfect escape example where they're selling a product and they're trying to resolve the issue before it even makes it to a security operation center.
00:04:25
Speaker
So for those who really don't kind of think about what a sock does, I always like to compare it to first responders, right? They're the first eyes and ears to any security threats happening in business. And whenever I get approached by vendors, it's just, Oh, we already have that solution for you. We already know like what the threats are out there. And for someone like myself, I've been in the field for over six years. We know that threats are forever evolving. They, we know that they're changing. We also know that security products, Are only as mature as the threads that they see so never I get approach is just like oh, yeah, you know, that's where you fix that our EDR 100% and I'm like, no, it's not, you know, I have a job still. but hate tos tell And then they're like, well, we have AI and I'm like, oh, cool. Tell me more about this AI solution for all of the problems I have. but
00:05:16
Speaker
Yes, we have solved cyber and moving on. So that was a that was the technology ah question. So my follow up and then I'll hand it over to the CISO is what do you think they miss from the marketing and messaging side? you know, I think,
Vendor marketing and customer value
00:05:34
Speaker
again, if I just kind of like run through the gamut in my head, it's usually like, sock teams are overwhelmed and sock teams are burning out, they have alert fatigue and they have and you know, some of that is true, but I i feel like so much of it
00:05:51
Speaker
is written as you seem to have implied with a lot of assumptions, especially even maybe assumptions based on past SOC structures than you know what they see today. So what are they missing from the the marketing and the messaging side when they come at you? Yeah, um one thing right we hear about protect, protect, protect, and then you also hear burnout, burnout, burnout, kind of highlight what you're saying. One thing I wish vendors would promote more is the threat and trend analysis with what's happening in organization. Because, for example, if I'm seeing a cluster of machines on a network and they're flagging all the time for you know malicious malware or unwanted applications,
00:06:34
Speaker
Okay, well, maybe there's something going on with that cluster, even though we know it's a false positive. So instead of like having my analyst be burned out, closing the same thing over and over again, right? Especially if you work at a global level, that communication might break off at some point. Now it's like, hey, we've seen a trend with this specific group and this specific policy. So what can you do to resolve this? Um, one thing I really wish vendors promoted more and, um, really just focus on that relationship building, sitting down maybe once a month or biweekly with that vendor, especially you have like a third monitoring service through them that is also that second escalation or that second set of eyes and just being like, Hey, we see this trend. We see you guys are closing this as false positives. Well, maybe it's because the security tool you're using, we have a known bug issue with that agent.
00:07:27
Speaker
So, to fix this, right, so you guys aren't burning out, we're offering you that health check, that service. So, you know, you're investing in us, let us invest back in you, right? Having that vendor relationship, I really wish was promoting more in marketing. Oh, that
Operator involvement in tool selection
00:07:41
Speaker
is music to my ears. It's funny though, man. it's like that's That's basically a customer success manager is what you're referring to. because I have it a bunch of my vendors where we have monthly check-ins with them and they'll talk about about trends that they see in our devices. and so They'll actually go over with us, for example, if it's an alerting thing, if it's a pull thing, if it's a configuration thing. We go through these like configuration reviews with our vendors usually at least like once in a month or two.
00:08:10
Speaker
Yeah, I do agree, though, that if you're serving a sock, you have to make it a cornerstone of your program to do check ins vendors that don't, I think. Good luck. twenty two Um, but yeah, I mean, that's all that is to say, you know, I have a lot of empathy for you. And, um, I just want to tell you as as a dude that used to work in a sock, like I came up from sock world, uh, how tired are you? Cause like, like exhausted on time there's a, there's a saying and it's like, I come in and nothing faces me. anymore. Like you've seen it, you've seen it all between people installing the Harry Potter mouse cursors and it's a Trojan. So like, you know, someone finding a weird corner in the internet, you're like, how did this even exist, man? Like, how did you even get here? You started on Yahoo News and ended up in a category of sites. We have you didn't even bring up shadow it. Let's talk about the requirements.
00:09:13
Speaker
Not long enough for that rant. there was There was a question. So the importance of operator buy-in when acquiring new tools and programming. That even includes third-party like consulting support for a project, let's say like a SOC 2 or a compliance certification. um How important is the pre-evaluation, demo process, POC, and selection, and really just attaining buy-in from the actual operators? right so What my theory is, and kind of in the way that I run things for any technology, the relevant groups, I have i have my team segmented in functions. right so I have a SOC team, I have an AppSec team, I have an architecture team, and I have like a trust and safety team, so I kind of CTI.
00:09:56
Speaker
um If there's a technology that's related to one or all of them, or or multiple ones, they're fundamentally stakeholders at the table. So their team leads are at the table in the selection process throughout the whole thing, requirements building before the POC, before we talk to vendors. They're part of that process every step of the way, right down to the final selection where let's say we've had a compare, like you know We'll go through 12 vendors to start evaluating, pre-evaluating a process. We'll bake them down to two, then run a comparative PLC on two of them, winner of the business case with better technical performance, they get the purchase. Then we go into the integration and and if we have to decommission, then you decommission another product. But that my my team leads, my operators, they're at the table every step of the way.
00:10:43
Speaker
So they're bought into whatever we get. So if we get a piece of software and it doesn't quite work as good or it doesn't quite work the way we wanted it, we don't have that guilt of like, well, I've got this ram down my throat. I don't want to fucking deal with it. They were part of that process the whole time. Yeah. Do you think like it's really important to get that that buy in from your operators or can managers and senior managers still get away with just purchasing shit blind and then handing it over to their SOC team being like, figure it out? Yeah, I've come through many different environments. I've been on the blindsided environment, and then I've been in the incorporation environment. Now, I really will say the collaboration with your technical people go a long way, right? Those are the people that are are in the weeds or the customers of the product, you know, they're going to be using it. And then if you're a manager, and you're like, no, my technical people don't have a say, I'm in charge of the budget, blah, blah, blah.
00:11:38
Speaker
You're gonna be on the other side of the sword where you're gonna be dealing with the complaints and the burnout in the frustration from the people that are using your product. And kind of building on what you said, George, um one thing that I have seen and seen and seen over and over again is the shiny tools syndrome. And i can i go back to a you know you see these really popular vendors and then i see the new upcoming vendors how they promote a and how they're promoting machine learning you know people are starting to get afraid of these new types of cyber threats that are utilizing a and you know just involving and so the security vendors are trying to be like well we're evolving with the a because we have a and now it's just like nobody knows what he was talking about the buzz word.
00:12:22
Speaker
so technical terms eventually become buzzwords at some point.
Technology procurement pitfalls and advice
00:12:27
Speaker
But one thing, and I wrote an article about this not too long ago, is know what you're wanting in a tool, right? You have two things to think about, right? Am I trying to find something to fix a defense and death gap to protect my assets and my data and my brand? Or am I trying to find a better solution with what's already existing at a more cost-effective manner? And so whatever that point is, right if you're looking at a new solution, think about what is your price range. If you're just walking in with loaded pockets of money, sure, go have fun. Go go play with all the tools. But if you're like, hey, I don't want to spend anything more than $1.5 million, and this product has to have API logging that has to have this or this or this, having one list and a need list,
00:13:15
Speaker
Because if you're thinking about it from the leadership and management side, you're going to have to go vet this to potentially see sweet people or stakeholders as to where their money is going and why it is being used that way. Now, if you're looking at the replacement tool, right, and sorry if I kind of deviated down a different path, but if you're looking at a replacement goal, right, same thing. What is your needs? What is your wants? And if you bring in a new product to replace this, Are you gonna have a gap that the previous product did that this new one probably can't do right so now that's a risk. So, thanks. i do think so that Like it's a problem across the board in my experience um in this organization and past one sometimes.
00:13:55
Speaker
When you're doing the security, we could do assessments on everyone's procurement. right yeah um I'm sure you guys are the same. I find that a lot of shops, not just security shops, but perhaps different shops throughout the entire IT infrastructure. They will oftentimes have or are in the middle of a procurement without actually determining a common set of requirements at the start. Or I think we get in trouble. It's like we don't actually identify what we want when we want something. We either see a product or see marketing for something that's really cool and appealing. And so we create a whole process to actually go get it.
00:14:34
Speaker
or we have some vague idea of what we want. And then, and I i personally find this frustrating. I went through a whole thing with this. um Let's say, you know, you're looking up like customer moderation software, like a horrible product like that. You can go through all these different tests and not all the stakeholders will be aligned to the table, like at the senior management or C-suite level, yeah to purchase on anything, which then wastes the time of the vendors and then wastes the time of your team going through all these demos and evaluations. I really think at the start, we fail as an industry to come up with common sets of requirements that everyone's aligned into before we go on the search party.
00:15:17
Speaker
Yep. And this is where, you know, your technical people come in, right? Cause these are the people that, again, right, are in the weeds. They know, you know, the skeletons in the closet and they know what needs to be fixed or what's already, you know, resolved at that point. But yeah, to go back, it it goes a long, long way as well. And some people, they don't even know this, right? Or even think about it. They go to these fender sales pitches and they're like, yeah, I'm sold. Did you even ask to have a 30 day free trial? Nine times out of 10, that vendor is going to give you a free trial to see how it's going to integrate into your environment. You know, is it even going to meet your need before we start this whole paper trail and contract and NDA process. So, yeah.
00:16:02
Speaker
Yeah, there are a lot of things there to unpack. So for example, i'll I'll set this up and then I'll come back to it. In the conversation we had with Meryl, which you and I were talking about before we started recording, you know, one of her main gripes is Sometimes, however advanced the tooling is, it doesn't have like the most... Let me guess, XML or JFon? Yes. And she was just saying, like if it doesn't do this simple thing, the amount of work that I need to do to make it translate, right like that it it creates a lot of administrative overhead and process that isn't otherwise there. so
00:16:43
Speaker
By way of that, I want to ask you, I guess similar to what George was asking, how do you want to be approached or involved with a sales team? so And I ask this because, as you know, as everyone who listens knows, the CISO is like the Holy Grail, right? Oh, how much do I have to do to get in front of the CISO? And every time I talk to a product team, i have to I find myself having to remind them, I was like, you know, the CISO is not going to use your product, right? Like they're not hands on keys. um and And I have also known product teams that have intentionally created
00:17:23
Speaker
like a dashboard view in their product. Like it's literally just a demo to the CISO. Like, Oh yeah, it looks hella cool. Has nothing to do with the day-to-day operation. Right. so like Yes. Yeah. So my question to you is, is I guess where, how would you recommend people approach the operators, the people who are going to be using the tooling? Absolutely.
Building brand through passion and honesty
00:17:49
Speaker
um kind of Going back to like the CISO dashboard, I've been in a couple of vendor calls and they're demoing a product. you know It's ah something such as external media. you know We'll throw that out. Hey, this is how we protect external media being introduced in your environment. and um I was working with this one guy, super smart guy. There's always that one person you work with and it's like a different language that they're speaking because they're so technical.
00:18:15
Speaker
And so he throws out a couple of questions and I felt so bad for this vendor. And they're like, well, you know, we're let's go ahead and go through the demo. And they go through the demo and you can tell it's a screen recording of this demo. and its And then ah this guy, he asked this question again, and then all of a sudden the demo screen went blank as the recording ended. And ah the the this is the nail in the coffin for this vendor. ah The vendor's like, oh, our test environment died. I can't bring it back up. Sorry, I can't show you. and ah Not winning any ah favors.
00:18:54
Speaker
No, I was just like, just be honest, you know, so kind of going back, right? Approaching, at least from the defense side, honesty, honesty, honesty, honesty goes a very long way for us. If it's something that isn't in development or even on deck, the one thing that really sells me on salespeople is, yeah, let's take this back. to our technical people that are building this product we're including you on the support ticket you know just for visibility even if you're a customer or not right you can watch the updates through this page and this is where it's at and to me that's a huge win because that shows that company is involved into the cyber security community right they it's more than just
00:19:37
Speaker
a quick buck for them, right? Or a sales pitch. They really are passionate with what they're selling. And if you're with a vendor and a salesperson that is just proud of their product, regardless if they're not like a top 50 security tool, right? They're just proud. Yeah, I'm going to give them another phone call probably, because now you sold me on your energy and your passion and your commitment and you're hearing, you know, my feedback. So now you're already building a reputation and a brand with me. and then you know you get on a call and it happens twice, holy cow. Now you get that technical person who is proud with what they did, you know and now they're taking feedback and, hey, we don't have this feature yet, you know but we're expecting it for a release note on this day. If it doesn't come out, right you know we're going to provide awareness as to why. All got pushed back on the Scrum board or whatever the case is, but brand and reputation of passion goes an extremely long way on a sales pitch.
00:20:35
Speaker
dan I'll go on further, though, if you talk about that. And this kind of is a couple of years as a CSO. I
Challenges for women in IT leadership
00:20:44
Speaker
will happily engage in that kind of relationship with a vendor yeah on the caveat that if I make a purchase for that product and I've given them feedback that helps them upgrade that product. I want to see some kind of, we'll say discounting for it come contract time. yeah right So like the free feedback and free advice thing, that's like a huge, huge problem. Not only across like the vendor to sale or vendor to client side of the relationship, just like in general, pardon me, excuse me.
00:21:18
Speaker
in general in our industry like you see it with the uh the link in linkedin articles where they just like ask you a random question be like talk about your thoughts for this random subject right and you're like you're just mining your users for free content oh my god roman Yes. But it's the same thing that that vendors do on the software side. Like, hey, security customer, view my demo, tell me how my product could be better. I'm going to make your product better for what? What's the trade off? We're in business, right? Yep. You got thrown a few donuts and a few t-shirts and, you know, a couple of stickers. So I have to ask one one kind of a different direction, um you know, and we are very much like a pro D.I. show here. We'd like to see the nature of our industry change.
00:22:10
Speaker
um Your experience as ah as a young woman operator in this game, right? What challenges have you had to overcome as a result of being a woman in operations and now a woman in operations leadership? And what are your thoughts on earning your place through the table? Yeah. And this, oh man, this goes, this goes way, way back. I do a lot of STEM talks, you know, to high schoolers and college students. And um one of the things that I'm very proud of me personally is I didn't I didn't have a mentor. I had to go find a mentor, right? And it's almost like if you have an older sibling, you get to see them make mistakes or even, you know, being a leadership. Now I've had some terrible managers and supervisors, you know, some people are there just to have a title. And, um, I don't know if you guys have seen my LinkedIn or YouTube or anything like that. I do a lot of conferences. I go out and speak.
00:23:02
Speaker
And I think the biggest thing that just kind of irks my gurks almost is when you see people call themselves a CISO, but then they follow up a topic with things such as, no, we don't practice security education. We don't believe in it. We don't do this, you know? And I'm just like, how can you call yourself someone that's a security professional when security isn't your first priority? You know, you're more proud to call yourself a title rather than how proud you are and how you're securing your assets and your brand and stuff. so It's just something that I kind of keep up and in the back of my mind. and so Whenever I got into the field, I've had a lot of a lot of lot of different diverse people to work with. I don't know if you've seen IT people. They're very ah quiet sometimes. The word you're looking for is squirrely. They're very squirrely.
00:23:51
Speaker
I am very bubbly and loud and I'm usually like double fisting two sugar-free Red Bulls in the morning. You know, like people do not want to talk to me before 10 a.m. I'm like, what are we doing today? Let's go. You know, and they're just like, go away, go away. But, you know, I've learned that at least for me, I'm not like everyone else. I'm not trying to be like so-and-so or do that person. And some of the most successful mentors I've had They've had their own voice in this field. And with me, right, I've had experience underneath my belt. I took the time to become very knowledgeable and passionate in a specific subject like cyber defense, right? And I learned that credit. I've earned it. And Simone Biles actually has something very interesting happen to her. She did an interview and she said, I am the best gymnast.
00:24:43
Speaker
And people might think of me as cocky or arrogant, but I have five world class medals. You know, like I have proof that I am that. So it's not her being cocky, right? It's her having confidence and then the taxes that come with it as well. So finding your own voice, finding your passions, you know, that holds me a lot to overcome those diverse diverse struggles that I deal with. You know, just um I have to say, it's a controversial opinion, but I truly believe you're not a real CISO if you've never spent any time in security operations. that's the Until you have that real major cyber threat in your network and then you're like, holy cow, we cannot disclose this to the media just yet. you know like i you know That's a real make or break moment. You can see people, especially like I'm on the defense, right?
00:25:33
Speaker
so i see You name it, I've seen it at this point in my life. But the people that have gone through the weeds and the dumpster fires and, you know, everything else is crashing around them. They're chilling at their
Podcast announcements and community engagement
00:25:43
Speaker
desk, you know, they're kind of like flipping through YouTube shorts and they're like, oh, okay, cool. You know, my, my grandson, you know? And then everyone's like, what's going on? And you're just like, oh, it's fine. You know, it's okay. We'll get it back up in 30 minutes. They're like, what? You know? And so it's always, it's always fun to where you can see the people that have never dealt with it before and the people that are very, very seasoned in this stuff. So.
00:26:04
Speaker
nice All right, well we will take a short break there and then we will be right back. um
00:26:15
Speaker
Hey listeners, we are speaking at SquadCon during Hacker Summer Camp, coming up in a few weeks. August 8th, we take the stage for our talk, Future Proof Your Career with Threat Intelligence Techniques. That's right, we're going to show you how to use steps from Cyber Threat Intelligence to turn your career development from reactive to proactive. We've got more conferences coming up. If you'd like us to talk at yours or maybe hype your sales kickoff next year with insights from hundreds of hours of buyer interviews, get in touch. Email us at bareknucklespod at gmail dot.com or just DM George A or myself on LinkedIn. Now back to the interview.
00:27:00
Speaker
And we're back and it's time for the brass tax portion of the show. ah Since other George got to start off, I'll be giving you the first question for the brass tax portion. We're going to talk about dealing with layoffs and workforce reductions for a sec. How do you personally approach workforce reductions or budget cuts ah when you're you know having to try to look for tooling or travel? You're gotten constantly getting the no from your CFO or from from your VP or whatever. and How do you keep your team bought in during those times? Yeah. So answering the first half of that question, what is the value added?
00:27:37
Speaker
That's what I ask myself whenever it goes, hey, we need a cut budget. you know We probably shouldn't be spending X amount for whatever the case is. OK, so what are we doing? What is the value added? So looking back, we can use security tools as a good good example. We talk about, hey, we need this tool to do this. We need tool this tool to do that. What do we have already that might be overlapping? And honestly, it mind blows me so did the stay how many people have two to three yards in their environment and i'm like.
00:28:11
Speaker
Why? Why? Why? Just why? And they're like, well, this one does this, and this one does this, and this one does this. And I'm like, you do realize most of the time they're getting the same signature updates as the other EDR system, right? And they're like, well, you know, but we have to turn half of the configurations off. I'm like, yeah, because you have like two to three EDRs. They're going to be scanning each other at that point. So again, what is the value added? And if we're looking at maybe you know, we talk about layoffs, we talk about personnel, or even morale with that, right? Transparency
Vendor focus beyond technology
00:28:47
Speaker
from leadership down goes a full way. And ah there was a very, I guess, ah emerged last year, it was a ah sales gal that worked at cloud player, and she didn't really know that she's going to get cut. I don't know if you guys saw that video. And she just like,
00:29:04
Speaker
Drilled into the ah HR people and you know, it turns out her boss didn't know she's getting laid off and like all these people, you know, and she just showed up one day and they're like, hey, bye. And that was it. So having it comes with working on bigger companies, right? It just happens. But again, full transparency goes a long way. There have been very top, you know, fortune 50 companies where the founder even comes down and he goes, hey, this year's not good. prepare for the worst, prepare with your families, it's not good this year. And to me, that goes a long, long, long way. Now with that, it's missing, you know, your people are going to be coming to you as leaders and they're going to be asking the lies. They're going to be afraid, right? Just being honest with me, like, I don't know, you know, I'm in the same boat as you. I will give you information when I can, you know, having those relationships professionally definitely helps in those stressful situations.
00:29:59
Speaker
for sure. um Yeah, so this is a oh, I have my notes in the questions as process first technology. So it's going to take me a minute to get there. But let's go on this weird journey together. Why not? i like my right here All right. So we have been talking a lot about vendors and the vast majority, I think of vendors in the system. I don't really know the, the cut of, you know, technology solutions versus service providers. But I think in the main, we tend to over index on technology, even though we say people process technology, right? yeah So.
00:30:39
Speaker
I guess what is the the clearest way that you can give insight to vendors on how to talk about process? Because when they say buy this new tool, it's never just like I bought the thing and I stuck it in my environment, right? Like there's a success plan for like, what does it look like a hundred days out? That's a process. Right. And I guess I want to give you the platform to give a clear insight into the sock life. Like, look, man, if I'm.
00:31:11
Speaker
signing on to bring this in. And you just kind of ghost after the S.O.W. is signed. Like you're missing probably a large part of the equation in this relationship. So so what advice would you give them on that process side? and i'll And I'll give you one cue just to give your mind context. Alert fatigue. Alert fatigue.
00:31:34
Speaker
Well, I'll come back to alert fatigue, because I can answer that with this. But when you were talking, George, originally, I instantly thought, how does it integrate, right? We have STEM, we have SOAR, we have firewalls, we have web application, firewalls, IDEs, IPEs, you name every single acronym, you know, a business probably has it enabled at some point. So when a vendor comes to me, and they're like, hey, we have this, and going to alert fatigue already, right? Is that duplicating my analyst work with an existing product?
00:32:05
Speaker
How is this going to integrate? What is the difference? Is this going to play nice with my sim? Am I going to have to you know create custom APIs and scripts in the background? you know Is this going to be more work for my analyst? Do they have to like go through you know the woods and through the river to get to the alert and the console, you know, there're they're, they're gone after three seconds, right? They're already annoyed with this product. So how does it integrate with the current environment that I have set up or the current culture and the learning structure I have? It was a very, very long way.
00:32:36
Speaker
Um, kind of reminded me a bit when we're talking about vendor shopping. I don't know if you guys have ever heard the same word vendor shopping, similar to dating in 2024, where you like go out, you kind of meet for 30 minutes and then someone goes to someone at some point. And then you're like, well, that was fun. So then you go to the next vendor, you know, yes.
00:32:59
Speaker
i work and I work in the dating space. I make the power all the time that this is just dating, but like with a different climax. ah Just a quick
Importance of community and team dynamics
00:33:09
Speaker
follow up. You had joked you know about donuts, t-shirts, steak dinners, stuff like that. Now, this raises a good point also. What is your advice to vendors to kind of break free of the CISO addiction is what I'll call it. Like how would they engage again with the community that is largely using the tooling, not just
00:33:35
Speaker
signing the checks or even championing the cause to the CFO. Like how do they start to build that relationship with your frontline team, you, you know, your ah equivalent in another organization? Yeah. Um, and again, and kind of going back to the dating method, right? Which one works best? Um, calling me on my phone and asking for the CSO absolutely is not the approach. I'm not even kidding. I've had like three to four of those today. They're like, hi are do you work directly with the CSO? And I'm ah like, yes, I am the CSO. And they're like, oh, now that I have five minutes and I just like click, I'm like, no, we're not doing it. But to me, and at least like with some of my team members, um we like to be engaged in the community. And I have this saying where
00:34:23
Speaker
ah cyber is such a great field to be in because we all learn and grow from one another and it's so true right because we get our information from threat researchers or defense people and stuff like that and some of my best relationships I've had with sales and vendors is at conferences or even things like a happy hour that's hosted locally or sometimes they go to a local security event what's going on in my community they're like oh hey i work for soand so and so you like hey i know this technical person that works in that company and then it's just you have a bridge of a relationship already established so knowing someone or even just like.
00:35:02
Speaker
physically being somewhere or even in a Discord chat. There's so much out there, right? Just being able to connect and just be involved. And I always feel bad for our salespeople sometimes. I feel like they have to go above and beyond, pass an email these days to even get ahold of someone that's even interested. so I mean, i guess I think that's just the reality of a change. Right. Like the generation has changed. Covid changed everything. George has said time and again. And I would tell marketers also, like, as you scale, you really have to invest those budgets in those local events because I don't know how you you can't just like zoom your way to.
00:35:37
Speaker
a relationship. like You just got to be on the ground meeting these people. I literally have a rule in my inbox at work that looks for keywords of, Hey, do you have a moment followed by like, Hey, I'm following up with my previous email. Like I literally have a rule in my inbox that captures all that and throws in the trash. It's amazing.
00:35:57
Speaker
Yeah, it's like kind of kind of funny that the the big life hack in this entire sales game is just so long. I would have thought. that's what really say But um anyway, I'll take it back to ah kind of an inside baseball sock question. um When I was in the sock, and and I know it's still the same way now because I mentor and and and train a lot of ah different analysts that work at different socks. um You deal with a very oftentimes intense, um we'll say competitive analyst environment. um I have personally witnessed and participated in countless shouting matches with my own colleagues and teammates about whatever the hell issue we were debating in an investigation.
00:36:49
Speaker
And it's because you you want to be right. Because ah at the end of the day, if you're dealing with analysts that have any bit of competitiveness or drive or ambition, they want to be right. They want to have the scoop. They want to get cited in the report. That's that's the game. um So what do you do as a team lead when a member either doesn't fit in or you got a, you got a group of analysts, two or more that just don't get along together and you need them to get along together, but they just don't. How do you as a leader deal with that situation? feels like I'm going to interview right now, George.
00:37:23
Speaker
No. ah So when I do my hiring um and people, they do their own team hiring very, very different, right? i don't I don't do hiring on technical skill at all. And I know that might seem wild, right? And it depends on the level, right? I'm i'm not going out hunting for someone that has all of the certifications in the book, right? You can go take a cert, but it doesn't mean that you know how to apply that cert to your day-to-day. Amen. Yeah, I believe ah Josh Fulmer from Dragos posted something on LinkedIn, and he goes, Cerce get you the interview, but not the job. And it's so true. um But with me, I look at, hey, I already have an established team, right? My team is in the performing stage right now.
00:38:06
Speaker
so if i'm hiring someone and i'm thinking about you know maybe the more sensitive person on that team because there always is regardless or not that's just weird people maybe i'm the sensitive person i probably am i don't know but how are they going to deal with that person in a high stress situation and sometimes in my interviews when i do it all down in my candidates i will put that person who is typically more intense and stuff and i'll throw them in the technical portion Because i want to see how that person's gonna do under pressure or maybe they're not agreeing with you know. That's so sad person how they're gonna perform in that to me is gonna be a reflection on how they're gonna be going into a very high stress environment because it's more than just your team at that point you might have directors on the call you might have you know.
00:38:54
Speaker
maybe stakeholders and you might have you know your stepmom, I don't know. But again, all these people have different emotions and input. And um with my you know experiences and stuff like that, if I have team members that aren't really collaborating very well, I i love doing this and people can disagree or not. They're both most likely because they're so passionate about whatever it is. Okay, cool. You guys are passionate. i Awesome. What's put you together and make a training session for the rest of the team? How can you guys put both of your different types of thinking together to output something amazing?
00:39:36
Speaker
because I need you to be like that whenever we do investigations. And in fact, there's a lot of organization that comes with just cyber incidents, right? You need a person probably working on like getting the weeds, looking at logs, you need another person going, hey, how far back is this, right? You know, everyone has a role, then you might need another person to deal with all the communication if there's multiple users involved, right? There's a whole story that you have to tell at the end of this investigation. So what can I do to play to people's strengths? And that way, everyone has an important piece in this investigation, because now each and every individual person can be called out in this report, regardless of what they did, because they all played a crucial role in protecting the business and keeping it how secure, a best effort.
00:40:22
Speaker
Yeah. you
Communication skills in cybersecurity
00:40:23
Speaker
You bring up a really good point too, about the importance of even soft people, regardless of how technical they may be or not be, um, their communication skills, particularly within the role. Um, one thing that I always trained my analysts on, um, and it's something I brought from a military career. I was a signature for a long time. um When I was in that world, regardless of your rank, if you were the guy on duty, you're on patrol, whatever it is, you're in you're in your truck, you're alive, and something happens. Battle captain wants briefing now. You got 30 seconds or less, brief the matter. They got to make a decision that people's lives are on the line.
00:41:01
Speaker
Right. Like that was a regular part of my world in the army. So in the cyber world, it made a lot of sense where same thing, directors, VPs, C-suites are on the call, major incidents going, clients going nuts. What's going on? You, junior analyst pulled from the lines, explained to us what happened. They have to have that skill. And I think that's something we don't talk about. And it doesn't. And it's, I teach college on the side. And, uh, one thing you do, cause you don't have enough to do. oh wait on It's those It's those rebels, dark rivals. start rifles But one thing that I do with my college students, um I teach a class about usability, privacy, and security, right? Where for implementing security tools, how is this going to be usable for the end user, right? Or be preventing them from doing their work, you know, while maintaining security? how What's the happy balance here?
00:41:53
Speaker
And um I kind of tied this into once a week, they'll go do, I call it threat research time. They'll go read, leap in computer or hacker news, and they'll find maybe where MFA wasn't enabled with a company. So what was the outcome? What's something you recommend? You know, give me the executive summary, the bottom line up front of what happened and your recommendation to fix it. And I put them in groups and I bring them up to public speak. And I've done this for maybe four or five semesters now. Beginning of the semester, they're always scared. They're like, and I'm like, hey, this is real life. Like you guys always say that, you know, your studies aren't reflective of the real, I was like, this is the real world. I was like, I walked in at 5 a.m. the day to go give a brief over something. I didn't know what was happening.
00:42:38
Speaker
And I was all like, you guys need to feel confident in what you're reading. I was like, I don't expect you guys to memorize PowerPoints. I don't expect you this. Read the material, summarize it, because that's going to be pretty much your day to day, whether you're incident response, pen testing, or even on the defense side. Yeah, 100 percent. My dad, ah who is, ah you know, an immigrant to this country and for whom English is a second language, always said that like schools don't do enough presentations. yeah And he said, when you get out into the real world, that's like all you're doing, yeah whether you are selling yourself in an interview or you're trying to get buy in for an idea, you basically have to stand up and do a book report and you cannot be nervous doing that. You know, no.
Mentorship in IT leadership
00:43:22
Speaker
I want to circle back to something you said at the end of the first half of the show, which is that you had to go out and find ah mentor a I dig that. I would like to give you the space to talk about some practical steps that you would tell newbies, because there's a lot out there that's like, oh, I need to find a mentor. I mean, there's it's in the zeitgeist, but like, yeah.
00:43:44
Speaker
What is the criteria that you would have them look for? And also what would you ask of them, you know, if you're giving them, these are the top three things you should do if you're, if you're trying to find a mentor. Yeah, I, one thing I did, and this was a lesson I had to learn the very, very hard way. And I kind of go back, I've been saying this throughout this entire podcast, but passionate people, right? There's a difference between being loud and just talking compared to I'm speaking from my heart. And when if you leave feeling inspired rather than admired, you know, that's how you know that you're finding a good mentor and stuff like that. And if you don't know where to begin, um I honestly started again by going to local security events or
00:44:29
Speaker
Local panel discussion and stuff and then you it's scary. It's very intimidating going up to someone you completely don't know and you're like, hi, you don't know me. ah But I was like, I choose you today. and but You know, this is how you start developing your network. This is how you start finding other people. And then eventually, you know, with me, I eventually landed at my first job. And I found someone that I just absolutely connected with. And I still talk to them to this day almost every day about, hey, I don't know how to handle this problem. And they're like, this is what I would do, you know, or stuff like that. And then you can kind of like create your own thought process or execution off of that idea. And that's what mentors are for, right? They're not there to
00:45:15
Speaker
Essentially say you're wrong you're right right there were you're asking questions and they're helping guide you so that way you can follow up the bike in a way right but you're still learning and taking in what they're saying and making your own voice from it. Good yeah i think there's a misconception that like i'm gonna find a mentor and that person's gonna give me a job. Yeah, no, it doesn't work like that. Otherwise, you know, I'll be working on Amazon, you know. All right. Jeff Bezos still has not answered my email. So yeah I would I've also heard from people who have done the mentoring that they would tell they send the mentee with homework. Right. Because if you are asking of their time, which is very valuable, you know, you also have to put in the work. So um it's a fair exchange. Right. Yeah. For the for the time.
00:46:05
Speaker
Well, Reanna, we've come to the end of our time. This was so much fun. Thank you so much. i
Conclusion and listener appreciation
00:46:11
Speaker
schedule ah But this has been a blast. Always, always. Thanks for nerding out with us. I do hope we get to see you at Black Hat if you're going to be there. Maybe.
00:46:23
Speaker
Well, either way, it would be cool to run into you sometime. You seem absolutely outstanding to hang out with. Thank you. And I love your passion here. Thank you for you guys. And don't worry, you don't have to buy me a steak dinner, so.
00:46:37
Speaker
All right. Well, we will talk to you soon. All right. See you guys.
00:46:44
Speaker
That wraps up this episode of Bare Knuckles and Brass Tax. If you liked what you heard, the best thing you can do to help the show is share the episode on LinkedIn and tell us what you liked about it. Check out the show notes for other ways you can support us. We'll talk to you next week, but until then, stay real.
00:47:04
Speaker
And then we'll go from there. We are on video for verbal cues, but we only record and air audio, so just so you know. Otherwise, I would not be dressed like
00:47:43
Speaker
Okay.