Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 7: Securing Connections: Overcoming Loneliness in Cybersecurity with Matt Johansen, Head of Software Security at Reddit
60 Plays1 year ago
Episode 7 of CyberPsych with Dr. Stacy Thayer is now live! Listen to Securing Connections: Overcoming Loneliness in Cybersecurity with Matt Johansen, Head of Software Security at Reddit. In this episode, Stacy talks with Matt about the importance of community and how to embrace resilience and avoid loneliness in the security industry.
Recommended
Transcript
Introduction to Cyber Psych Podcast
00:00:12
Speaker
Hello and welcome to Cyber Psych, an autography podcast where we talk with industry professionals about the human side of technology, how it relates to the field of security and how it impacts overall business. I'm your host, Dr. Stacey Thayer. I'm a cyber psychologist and senior manager of research and engagement and photography.
Meet Matt Johansson: Security Expertise
00:00:29
Speaker
And I'm very excited to welcome today's guest, Matt Johansson. Matt is head of software security at Reddit, and he teaches companies how to protect against cyber attacks, saving them tens of millions of dollars against losses.
00:00:41
Speaker
He coaches entrepreneurs and CISOs that can help with infrastructure, application, cloud, and security policies. And he writes Vulnerable U, a weekly newsletter that teaches people how to embrace the power of vulnerability for growth, includes insightful discussions, latest news, and expert advice. So welcome, Matt. So excited to have you here today. Hey, thanks for having me, Stacey. Good to see you. Good to see you too.
Matt's Path to Security Industry
00:01:04
Speaker
So I'm excited to have you here too, because in following your website, your Twitter, your blogs, and your security background, so head of security at Reddit, but you
00:01:18
Speaker
very, in my opinion, very lovingly describe the emotional side of working the security industry. So I was wondering if you could kick off just talking kind of about your background in security and how you got into it, and then where the interest in some of the things that we'll talk about, but these human factors, how that came about?
00:01:40
Speaker
Sure, absolutely. So yeah, I got into security in a way that ties to your background, a little bit closer than maybe you think. But one of my first in-rows into security was my first security conference straight out of college was Shmukhan. And I was broke, like fresh out of college, forced to move back in with my family out of the dorms, like couldn't even like figure anything out.
00:02:07
Speaker
And, uh, I, I wanted to get to this conference to like, try to meet some people network, you know, maybe even, you know, find a job, uh, all this kind of stuff. And, uh, and I wrote on Twitter to some people out of the Boston area that were, were going down to schmoo con and they were renting an RV to drive down, uh, to DC.
Journey to Shmukhan and Industry Networking
00:02:28
Speaker
They called it the schmoo bus and, uh, yeah, it was Jack Daniel Roo Flanagan. Um, like the whole, yeah.
00:02:35
Speaker
base rogue, a lot of your source Boston crew people from your past, rented an RV and drove down and I said, hey, are you taking I-95? And they said, yeah. I said, if I can get to I-95, can you pull over in New Jersey and grab me? And they said, yeah. And so I paid a few bucks for a train. I was living on Long Island at the time and I paid a few bucks for the train to
00:02:57
Speaker
to get to I-95 popped up and drove down to Shmukon with all these legends of the industry. And a lot of them are personal friends still to this day and all that. So that's just a fun story that I like to tell. I remember. I remember the pictures. I remember that, because that looked like so much fun. What a great way to get into the industry. Yeah, yeah. So I was fresh out of college, met some people down at Shmukon, got a few consulting gigs under my belt, and did a similar thing in Vegas that summer.
00:03:25
Speaker
wind up getting my first job sometime later that year.
Roles and Mental Health in Security
00:03:29
Speaker
So yeah, I've been through a whole bunch of security roles, both on the offensive side and vendor land with White Hat Security back in the day. I ran their research center. That's what ended me up in Texas. They moved me down here.
00:03:43
Speaker
I'll never forgive them for it. And then I'm still here. And then, yeah, I wound up running a security for a startup here in Austin that we got acquired by Goldman Sachs. That's how I ended up in finance. I was a consumer facing CISO on Goldman Sachs due to that acquisition. And then a bunch of our friends that were on the Shmoob bus went and they got hired over at Bank of America and they brought me over to B of A for a little while before I came over and took over this role at Reddit.
00:04:12
Speaker
That's a quick drive through my security space, but yes, I've long time been very open about mental health struggles with me, my family, or even friends. It's just something that I've been very passionate about that all of us should talk about a whole lot more. It's just been very taboo. I know growing up,
00:04:31
Speaker
Um, it was, it was like a very taboo thing. Like, Oh, he's got a shrink. Like, Oh, he's crazy. He's got this or like going to therapy. Like you would never admit that you, that you went to a therapist like when I, like in the nineties or anything like that. Right. And, um,
00:04:47
Speaker
you know, I've had family members that have been on various medications or have had mental health issues or sought out various treatments. And again, they did it from a place of shame and hide and hey, there's something wrong with
00:05:03
Speaker
I've had, we've all lost friends in the industry or even outside of the industry to suicide or other overdoses or because they're self-medicating or any other various degrees. And the fact that we just don't talk about it is insane to me, right? It's like, this is something that we all deal with in some way or another, directly or indirectly. And so it's been just a passion project of mine.
Vulnerability in Security - A Double-Edged Sword
00:05:28
Speaker
And then yeah, you mentioned in my intro,
00:05:31
Speaker
I started this year, this Vulnerable You newsletter, and my wife is a big fan of Brene Brown. And Brene Brown has her TED Talk called The Power of Vulnerability. Brene Brown says that she's a vulnerability researcher. And I hear that, and I go, hey, wait, me too. Different type. But I always kind of latched onto that play on words. And I've read her books and watched her talks, and I'm a big fan myself now as well.
00:05:59
Speaker
And so I finally, yeah, I leaned into the play on words and said, hey, you know, uh, this is something I've talked about loosely just on social media and things like that. I'm going to put a little bit more format around this and consistency and try to start to put some resources out there to talk about just mental health in general. But also, as you said, our field specifically has some very interesting and specific challenges to do with mental health that I don't think the industry does a whole lot to talk about. So yeah, yeah, I agree. I had a, uh,
00:06:28
Speaker
guests about two, three podcasts back, but, um, dr. Bob bear. And when we were talking about trauma and vulnerability, and he's not from the security industry. So it was a little bit of a, kind of a unique,
00:06:41
Speaker
bridged across, but an interesting one. And so you have to understand that this is an industry of people who are, vulnerability is the worst possible thing to have. Now, like, in fact, you just fight against vulnerability. Don't be vulnerable. Don't be vulnerable. That is your job is to make sure an organization is not vulnerable. And yet at the same time, we as humans are inevitably vulnerable and you know, and then there's all sorts of challenges to it. So how do you get in that mindset of like,
00:07:11
Speaker
Vulnerability bad, personal vulnerability good. Yeah, and it's also, but like to even further pull on the analogy thread, vulnerability bad is also not exactly the best place to be from a security professional's point of view as well.
00:07:29
Speaker
because there are tons of vulnerabilities that we just all accept and it's fine and we're never going to fix them and all this kind of stuff. So if you really dive into it, I ran a team at B of A that was all about vulnerability management and the goal of that team was not to have no vulnerabilities.
00:07:45
Speaker
The goal was to manage the life cycle of a vulnerability and really identify some critical ones and knock those out. Some of these other ones, it's like, okay, what kind of compensating controls are you going to put in place for some of these other ones? I see the same thing in our lives. It's like, okay, well, what are some of the things that we need an incident response plan on?
00:08:04
Speaker
to really beat the analogy dead right but like oh here's something this is coming up like we really need to react to this we need some outside help right like at work everyone calls mandiant or something like that when things hit the fan okay in your personal life what do you call or when when you need like a response versus
00:08:20
Speaker
Hey, uh, you know, I went to, I went out to the bar last night with a, with a friend and I, maybe I overshared a little bit. That's, that doesn't need a response plan. You were, you were vulnerable. You built a connection with someone. That's a completely different type of vulnerability,
Mental Health Challenges in Security
00:08:33
Speaker
right? That's much lower risk and probably even has maybe some upside, right? So, um, yeah, the analogy can get beat to death, but I think there are some interesting, uh, threads of how we treat it day to day versus how we treat it in our, in our personal life.
00:08:48
Speaker
A lot of times with things that happen with our own mental health, I think we sort of just set it aside. Like, okay, I'm just going to ignore it. Now, in a security program, I'm hoping anyway, you don't just ignore it. Like I said, you get a response plan. On the psych side of things, one of the things I'll say is the only way to get through something is to go through it. You can't go around it under it. You just got to do the work and get through the pain or get through the trauma or whatever is eating you up.
00:09:18
Speaker
go, you know, roll up your sleeves and get into it. And so yeah, I mean, again, we're beating that analogy to death, but it's such a good one. It is. I've dedicated a whole newsletter and blog to it. Yes. And what, you know, one of the things that you wrote really about was this, this beautiful blog entry that was about loneliness.
00:09:40
Speaker
And in starting there, because if we're lonely and we don't have the connection, so in order to be vulnerable, there has to be someone on the other side to be vulnerable too.
00:09:50
Speaker
But if we take it back to loneliness, so going back and I'll be posting links to this. So for anybody listening, there'll be links that go along with it. So you can refer to this because it was very carefully and as I said, lovingly. I mean, kind of a love letter to loneliness in a way is the way that I had read it and how much in this industry people can be.
00:10:11
Speaker
lonely both by choice but also by circumstance whether you're alone in a knock or a soccer you're writing code in midnight because you don't want anybody disturbing you can you talk more a bit about why that came up and what led you to writing about that.
00:10:27
Speaker
Yeah, I get a lot of inspiration from consuming content. And one of the pieces of content I consumed at some point this year was a discussion with the actual, the Surgeon General of the United States. And he was talking about that there's a loneliness epidemic in our nation, specifically post COVID, right? That really exacerbated it. We literally isolated, right? And have had a hard time coming out of that isolation for a lot of different reasons, right? Either medical or
00:10:56
Speaker
remote work popularity skyrocketed or whatever it is. And so it really got me thinking and also just the stats on it are just mind boggling to me, right? When you hear the Surgeon General's office come out and speak about how people who are like lonely, live alone or anything like that, or are alone the majority of their weeks, it could be worse for your health than smoking a pack a day, like just in all cause mortality.
00:11:26
Speaker
Um, it just, the statistics were mind blowing to me, right? You, you almost think of loneliness as like a choice sometimes too, right? Or just like a set of circumstances that, you know, maybe will one day sort themselves out, right? Of.
00:11:42
Speaker
you find a partner or if you move to a new city or whatever it is. But I never really thought about it as a health risk. And so to hear that and say, hey, there's more strokes, heart attacks, everything, all cause mortality goes up for people who identify that they spend most of their time alone.
00:12:01
Speaker
And so yeah, I thought about this and it hit home just in general. Not that I spent a lot of my time alone, but we as a tech industry and specifically security have been doing this work remote thing long before COVID and long before it was cool.
00:12:18
Speaker
We all got hired for remote jobs at some point. Because our field is such a niche skill set, generally you can get approval even in some of the more strict work from office type things. Security is usually one of those carve outs of, hey, it's hard enough to hire people. Let's not geo lock this kind of thing. And so we've all worked remote for longer than that. And like you said, there's a nature, there's almost like a,
00:12:46
Speaker
built in. You must be alone in this battle because some of your stuff is actually secret stuff that you can't share. We all go to our conferences and talk about stuff and write blogs or whatever it is, but there's certain things that you can't get on stage and say about what you're doing at your day job, especially if you're on the blue team side of things.
00:13:09
Speaker
or even if you're on the red team side of things, you have an NDA in place with somewhat, you can't get up and be like, hey, this is how I broke into that bank that hired me until that NDA expires or whatever it is. And so there's a lot of secrecy in our job. And so you get wind up getting really close with the people that you can kind of share that stuff with at your day jobs.
Combating Loneliness in the Security Field
00:13:29
Speaker
But for some, I know a ton of people that are consultants that don't have those coworkers, they kind of get hired for a gig, they go in, they do their thing, and then they go home.
00:13:38
Speaker
And they don't have that like, oh, who can I bounce off of and do this, right? Another reason that kind of inspired me to talk more about it, also just more of a passion project, not professionally involved, but also getting more involved with like the urbanist movement and like cities and how cities are structured and how most American cities are built for cars, not for people. And if you can travel to somewhere like Europe or Spain or France or Amsterdam,
00:14:07
Speaker
something like this that those cities were built for people not for cars and you can kind of feel the difference and there's a lot more walkability and
00:14:15
Speaker
a lot more, there's a lot of cultural differences that come with just organizing your cities differently, right? And this struck me as interesting also in our field because of, again, because of remote work, and I'm not on the side of remote work equals bad, by the way. I like remote work. I'm sitting in my house right now. I like it. But I do understand that the trade-off of you need to go bounce into people elsewhere. And when your cities are not organized to have a whole lot of elsewhere to bump into people,
00:14:42
Speaker
that gets harder and harder, right? So if you're working in a city that's exploded in the last 15 years, like Phoenix, Arizona, that's just like suburban sprawl or Dallas, Fort Worth, it's just suburban sprawl, there's no walkability. So there's this whole concept, and I think I wrote about it in that piece, the concept of the third place.
00:15:02
Speaker
So it's not work, it's not home, there's the third place, right? Some people that's church, some people that's the corner pub, some people, you know, that's maybe some sort of like adult fraternal organization or something that they're a part of, whatever it is that's like, it's not work, it's not home, it's this other place that I go and bump into other people. We don't have a whole lot of that.
00:15:22
Speaker
And I think that's probably why security conferences are so popular, right? It's like, hey, that's a third place that I'm going to go fly to. I'm going to go to this b-size. I'm going to bounce off of like-minded people for that. We crave that. And so when you don't have a lot of that baked in, it's so fascinating to me that there's actual health consequences of not baking that stuff into your life. And that's why I kind of felt called to talk about it a little bit.
00:15:50
Speaker
It's a great topic, and I think a lot of people, myself included, can relate to it. I'm an introvert, diehard. Most people don't believe it, and the way that I put it, it's like when I'm around other people, it fills my heart, but it drains my battery. I'm not good at maintenance. The security conferences are great because I'm like, I go, I am on for a week, and then I come back and talk to...
00:16:16
Speaker
Nobody likes me when I get home from a security conference in my family. They're all like, wow, are you cranky? I'm like a little troll by the time I get back. I am so peopled out. Yeah. And what happens is the crease is I get lonely and I don't even know it. It's it's when just just the other day a former coworker of mine had a
00:16:38
Speaker
she brought some women together that we're all at the former at the my last company. And it was so good to see them that I almost was in tears at like the warmth. Like it was like if I could glow, I would have glowed. And I had no idea how much I missed them, how refueled I felt by them. And it was just this amazing experience. But I didn't know it. I didn't know that I needed that. And that awareness of like, hey, I might be lonely right now because
00:17:06
Speaker
We don't have neighborhoods, like at least I don't think anyway, but like if you go back, you know, even in, in one of my favorite places in Scotland is this Glencoe, which most people know for Harry Potter, but it was one spot and I sit there and it's like this little village and I'm like, nothing, no cities matter. Nothing else matters. Everybody knows each other's name here. They know each other's business there. We need to be part of something and to belong.
00:17:31
Speaker
And so in your experience, especially in the security industry and even like in your different working environments, it helps people pull it out because we all hate when HR is like, we're having a, sorry, HR, we're having a, you know, bond team bonding event and nobody goes. But most of the time that you go and kind of like it, I find I just never go. I call it, I call it forced fund. Yes, for fun. Yes. Yeah. The pizza will continue until. Yeah.
00:17:57
Speaker
the pizza parties will continue until morale improves. There's no one-size-fits-all answer to this. I think that notching up the importance and awareness, like you said, I'm the same way. I'm an introverted extrovert is kind of what I say. I'm really good at being an extrovert and playing an extrovert on TV. I'm very personable. I like
00:18:21
Speaker
going, like we're at security conferences, I'll close down the bars with everyone. Like, you know, I stopped drinking, but I'll still close down the bars with you. Right. Like we can, uh, you know, I really, really like spending time with people, but I also absolutely need that, you know, that day or two or three or four when I get back of like, Hey, I could use like absolutely no human contact, maybe some video games, maybe whatever. Right. Like I just need something that's like completely brain off. So completely understand you. Um,
00:18:50
Speaker
But but notching up the importance and the awareness of like, hey, I am like a little bit of a cave troll this week and haven't done anything. And no part of my day to day life forces me to not be a cave troll. Right. Because I work from home and I, you know, maybe I'm maybe I don't not involved in my community or whatever it is. You know, I'm speaking hypothetically for maybe a listener. Right.
00:19:13
Speaker
It's just like notching up that importance of like, Hey, this is like important for my health that I go and like get somewhere. Um, I talk about, I really like going to a gym and I've had a home gym before. I know a lot of people.
00:19:27
Speaker
build a gym at home, especially during COVID. Everyone built some exercise equipment at home. I don't even talk to the people there, but I really love going to a facility. Again, because it's like-minded people in a certain degree of like, hey, we're here because we're trying to
00:19:45
Speaker
be health conscious or whatever it is. So you wind up BSing with people occasionally, even if you don't talk to someone day to day, I have my headphones in most of the time, but you're just there and you're just interacting with other people. Even that little bit seems to help me, especially in the mornings, get ready and get right for my day and all that. But having that awareness to sit and ask that question yourself is like, oh, did I force myself into any human interaction recently? Otherwise, I probably should.
00:20:15
Speaker
Um, whether that's like long-term, like building a community, like finding an organization to get involved with like locally or, or something like that. Uh, or even just short-term of like, Hey, I've been inside all week. I'm a like, go just anywhere where other humans might like be. And I'll bump into them a little bit coffee shop and read a book and whatever something. Um,
00:20:38
Speaker
But yeah, just being able to ask yourself that question is super important because especially again, like our industry not only is like it baked in a little bit, it's almost seen as a feature. I know a lot of people that are like humans bad, right? Like I know a lot of people that are like, no, this is why I don't live in New York city or Chicago or something like that, right? No, I live in like Bentonville, Arkansas because people's bad, right? Like I live here.
00:21:03
Speaker
because I've got my slice of land and my dogs and I work from home and like, this is great. And it's like, well, yeah, but like we're starting to see that it might actually like, we're not wired for that. Like we're, we're a social creature by, by nature. So we, uh, you know, we're, our hard wiring is like, Hey, go meet me, meet friend, meet someone who can like go help you in some degree. Right. It's like how we're wired. So I was talking to a friend.
00:21:32
Speaker
And he was talking about his girlfriend. He's very, very extroverted and had been talking to strangers. I love talking to people I know. If you walk me into a room of strangers, that is my big anxiety. I'm not good at doing that. But
00:21:51
Speaker
And he's like, yeah, no, and she gets me out there and she makes me talk to people and it's really good to me. You know, it's really good for me. It's good for me to get out there. And I was like, yeah, a proctology exam is also good for you, but it doesn't mean you have to enjoy it. And the people who were standing in line behind us kind of like looked at me and I'm like, yeah, this is why I don't go out. You're starting to see why. Yeah.
00:22:14
Speaker
But I mean, I'm not gonna go too far with that analogy, but the fact is, like, yeah, okay, but it is good for you. You know, nobody likes necessarily like, yay, I'm gonna go to my monthly physical or my annual physical, but you do it because it's good for you. And this is why, again, I like the security conferences, because I know they're coming. I have like a good week to plan. I can't cancel. I'm not gonna cancel at the last minute, be like, I don't feel like it tonight. But I think, you know, to your point, I think it's right. It's like one of these things you have to almost prescribe to yourself.
00:22:44
Speaker
I need, all right, where am I going to get my companionship or my connection? Where am I going to get that human connection? And it can be done online. It can be done in person. Start where you're comfortable with, I always tell people. If you're not talking to anybody, even over Zoom, and you can handle a Zoom call, start there. Just connect to somebody at some point. Absolutely.
00:23:05
Speaker
Yeah, I have one of my favorite things that I started this year in this vein. And it was kind of around the time that I was becoming aware of this. So it's not like I chose to start this because of what we're talking about. But I was very conscious that I was like, oh, that's helping in this regard, is once a week on a morning, I get a coffee with a few people. And we can kind of invite some other people if we want or whatever. But two or three of us,
00:23:33
Speaker
It's like this morning, we're out of our house getting coffee for a little while. We just like, Hey, you know, push your meetings back. Like your calendar, like just set it like, Hey, no meetings till 10 o'clock that day because like eight 30, we're going to, we're going to all sit together and like, and do this. And it's been so great, right? Like it's, uh,
00:23:55
Speaker
It forced us to get out. Like I said, sometimes we'll bring another person. Sometimes we won't, but it's like, these weren't even friends that I had until recently. And like we got coffee and I was like, Hey, you want to do this next week too? And they were like, yeah. And then, and then it was like, do you want to just like put this on the calendar? Yeah, great. And like, it's like, wait, is this how adults make friends? Are you now my friend? And it's like, they are, they are security people. And that's like how we knew each other. But I was like, are we friends now? Like,
00:24:21
Speaker
But it's funny, but like it kind of just worked. It kind of was like, Hey, we, we got a coffee to talk about work, but now it's like, Hey, let's just make sure that we keep doing this because it fills our cup a little bit, right? It's not a stranger. It's not. So it's like, I'm kind of saying this in a way of, I, I, it's not a proctology exam. It's not like, Oh, I need to go do this because it, and it sucks, but I need to go do it. It's like, no, even though we're all kind of weird introverted nerds, it's like,
00:24:50
Speaker
this is a safe, like we're all just getting a coffee with some people that we know, like, you know what I mean? And so it's like a safe way to kind of do that. And, and yeah, it's opened, it's opened doors for all of us. We've all helped each other professionally. We've, you know, like I said, personally started to become friends a little bit, but yeah, even just something as little as that is like, Hey, two, three people get coffee once a week. That's not, that's nothing. Come on. Like we can all do that.
00:25:12
Speaker
Yeah, the meetups. I remember, you know, having like the B-sides, the monthly B-sides. I mean, just again, I can't understand the concept of being part of something. And I think right now also where people are part of a team, and then there's layoffs, or then something happens, and the thing that you were part of
00:25:32
Speaker
changes. Beside is a great example, and I always encourage people to volunteer at them. I don't take my own advice. I'm not involved with the local Bsides for me, but I have helped other Bsides in the past. Just such a great organization, but I have so many friends that are volunteers at these places or help run the day of.
00:25:49
Speaker
And like, okay, you with source Boston or source Dublin, how many of those volunteers have then worked with each other at some point in the future? It's non-zero, right? Same thing with B-Sides. So like, I know volunteers that like, Hey, I, you know, ran the coat check at B-Sides SF one year. And because of that, when I got laid off, it was easier for me to get a job because I, because some people knew me as the guy that like ran the coat check.
00:26:14
Speaker
And just like these little things, there's like, who knows how this is going to pay off. I did not know that getting in that RV in New Jersey, like, you know, 15 years later, the guy would be my boss, right? Chris Hoff was in that, it was in that RV as well. He wound up hiring me later. It's like, yeah, I had no idea this guy was going to hire me 10 years after that.
00:26:34
Speaker
Don't get into a van with strangers. But I got into a van with strangers and it changed my life. I wish I could have hardwired the look on my parents. Like I said, I moved back home after college because I was broke. And so I literally had to tell my parents that I met this guy on the internet named Jack Daniel. He's got a beard down to here. He looks like a mall Santa. And I'm going to get in his RV on the side of I-95. He's going to take me to DC. It's like, his name is Jack Daniel? Yeah, yeah, yeah. He wears a top hat sometimes. He's cool.
00:27:07
Speaker
Yes, and absolutely one of the most wonderful people you'll ever meet. We have no way of knowing that on the side of the road in 95. One of the other things that you talked about that I thought was really insightful was this concept of resiliency.
Building Resilience in Life and Security
00:27:21
Speaker
And that's something, got a couple of books that are better back there or whatever, but resiliency, I almost did my dissertation on it because I thought it was so interesting because
00:27:32
Speaker
things happen in life, right? Like the good, the bad, the ugly, and how you cope with it, how you come back from it, how we deal with it, really can impact how we move forward. And so I wanted to get a little bit of your insight and kind of the inspiration in what you've read about that, because I thought that was also a great blog entry.
00:27:52
Speaker
Yeah, I was just checking. The vulnerable you t-shirts that I got printed, it says build resilience. And yeah, it's kind of like the core concept for, I think it's the word that perfectly ties the analogies together between emotional and cyber vulnerabilities, right? It's like the whole goal in both of these things is to become more resilient, not to drive vulnerability to zero, like we talked about earlier, right? The whole goal is to become more resilient.
00:28:18
Speaker
Um, and yeah, I think, uh, there, there was a piece recently, I can't remember who put it out and of course I should, uh, on this kind of conversation. There's a piece recently that I read that was like, it was called something around along the lines of the right amount of trauma. And it's like how that there is actually, you don't want like your, like if, for those of us who are parents, you don't want your children like in the like bubble boy situation where like you've got them,
00:28:47
Speaker
wrapped in bubble wrap and that they cannot get hurt and nothing will ever make them sad. That's not the goal. Even though it pains you as a parent to see your children sad or see them get hurt, the goal is to not make that never happen. The same thing with ourselves. What happens if you overcorrect on this whole resiliency thing? You get really lonely because you're not going to go
00:29:12
Speaker
and try to go get your heart broke by falling in love. You're not going to go meet a friend who you're not going to share with them and build a true friendship because, oh, they're going to know too much about me and they're going to be able to use that to hurt me in some way. There are just these trade-offs that we need to make in order to, okay,
00:29:34
Speaker
we've all dealt with trauma in some way. How do you like look at those things and come out the other side better for it almost, right? Like don't, we have a saying at work, don't let a good crisis go to waste, right? It's like, okay, something bad happened. We could probably drum up a little bit more budget now because this bad thing happened. And I can say, Hey, like don't, we don't want to let this bad thing happen again. You know, similar, similar in your life, right? Is a name, a bad thing that happened that you didn't learn something from.
00:30:03
Speaker
It's not like there's something to be learned about it. There's another book I like on this topic. Um, Ryan holiday, um, put out a book called the obstacle is the way and you're like looking at like the hard thing in your life is actually the thing you should be running headfirst at because that's the thing on the other side of, uh, that is going to be more valuable on the other side. And that's obviously a very TLDR LR of the whole book. But yeah, um, it's a, it's an interesting topic.
00:30:34
Speaker
And it's true because you know that old the adage of what doesn't kill you makes you stronger But when you survive something like I'll tell people it's like you've already survived something some somewhere in your life Something has been been hard and I even like tell my kids this when they get worried or something like that. I'm like, okay What's the worst thing that's ever ever happened to you before? They're like, oh, okay. This thing happened. I'm like and you survived and that Builds it up and gives strength. I had a family member who
00:31:03
Speaker
When her father passed away, it completely blew her mind. That's traumatic for anybody. We were sitting and talking. The thing is, I came from a really loving family. She's a beautiful, beautiful woman. She was very popular. She had never been broken up with. I'm like, how are we related? Because we've had very different lives. But we talked about it and she's like, I almost wish I had suffered more.
00:31:32
Speaker
because when something really bad happened, I had no coping mechanisms. I went to college, I did prom, I was prom queen, all these wonderful things that happened, and then when something bad had happened, I had no coping mechanisms. It's like, wow, this is really... It's extremely tragic, and I don't depend on that, but also, I'm a psychologist, my little research brain is like, huh,
00:31:58
Speaker
Okay. And as a parent, it's like, Oh, I know my kids are going to have to make so many mistakes and screw up. But so do we, so do we as individuals have to put ourselves out there and you can't control it, but you've also probably been through something that really, really sucked and you survived and you trust yourself. Yeah. Yeah. I,
00:32:21
Speaker
Like, um, I, uh, sorry, I just heard some weird thing in the back. Um, so, uh, I, I drew the analogy to like a breach also, right? Like if, if there is a breach, that is the, that is the traumatic event that, uh, that like you're trying to avoid, right? But when it happens, like you, you can like come out the other side of it with like, like I said, either more budget or more learnings or something like
Social Interaction in Security Roles
00:32:50
Speaker
that. Yeah.
00:32:52
Speaker
you know, with having that experience. Now, when when you find your day to day interactions with other security professionals, how aware or willing to embrace kind of some of what they've talked about. So like you said, you've got your your coffee group, but then like a work environment. Do people feel comfortable there? Like there's some positions that are that are more designed towards isolation than others, for example. And do you think
00:33:19
Speaker
being able to say, Hey, I'm sitting in this room all day, or add like more social interactions, or our team never gets together. Like, do people feel comfortable asking for that? Or do companies even set it up? Yeah, engineering side of a house. So I can't from personal experience, I just observed
00:33:37
Speaker
Yeah, I've definitely seen it happen. And I've seen people who have come up and say, hey, I'm in a hole, or I've been in a hole this week. And I've been on this project and nothing. And in engineering ways, you can shadow people. You can definitely be asked to move to a project that
00:33:59
Speaker
You're a little bit more team oriented. I think that's like, in my opinion, that's the true goal as like a management in an engineering organization. You're not there to like just manage tasks, right? You're there to
00:34:15
Speaker
to create the culture of the whole org, right? You are a culture carrier. We joke. This is not mean pizza parties, right? It's like that does not equal culture, right? Yeah, but how are you building relationship and trust through that team? Unfortunately, a lot of that does come with shared
00:34:35
Speaker
trauma. If you go to any fraternity organization, hazing exists in fraternities for a reason. I don't condone it. People have gotten really hurt, but there's this shared bonding experience of, oh, we went through this bad thing together.
00:34:50
Speaker
There's a reason for it existing. Again, not condoning it, but just explaining. And so same thing at work is what are the things that are going to go on on your team that are going to bond them? And so not to manufacture shared trauma or anything like that, but are there true team building activities that you can do that aren't icebreakers and stuff like that? I think getting together in person is highly
00:35:20
Speaker
underrated in this example. We spend a lot of time on my current team. A lot of the budget that we do ask for is, hey, we got to get together in person more, is a goal, right? Because you really do build those relationships, not over a Zoom on a 60-minute block with another topic. You really build those relationships over
00:35:44
Speaker
appetizers and drinks and things like that after work. An old professor told me trust is built over beer. Again, I stopped drinking, so I'm not building trust over beer anymore, but the sentiment is there, right? Okay. Trust is really built when you're sitting with someone and just talking about something that has nothing to do with that project that you had to spend an hour and a half on this week together.
00:36:08
Speaker
Well, and there's some that, so I'm a big fan of remote work and managing it, but undeniably when you're just working with you, right? Like when you think about the census, right? When you're sitting next to somebody, like you're getting so much, like you're present, you're in the moment there with them and you can hear them, see them.
00:36:29
Speaker
Smell them for better or worse But you get their energy you get facial non-verbals all of this stuff. I mean You know, there's a getting go back to that communication model like, you know 93% of communication is done non verbally through your other senses and elsewhere's we're not actually listening to what people are saying 100% we don't remember that or I always say like people remember not what you said, but how you made them feel and you need you build that connection and
00:36:57
Speaker
by being in a room with somebody and sensing them again, just getting a feel in a way that you can't, we haven't really figured out how to do it online. I mean, it's a good place for it, but it's kind of like,
00:37:08
Speaker
Sorry vegetarians, but like nothing can replace real bacon, not turkey bacon, not baked bacon, but I want my bacon bacon. Yeah, no, it's, I mean, no, it's totally, it's totally true. And there's a, there's a lot of compassion built for the other person when, when you like meet them in real life and you share a little bit of background of like where they're from and what, like what they're, what they're doing. Um, I like, I can remember examples of like, man,
00:37:35
Speaker
you know, that guy's an asshole right in my head of like, I just like bumping into this guy like all the time. And like, we're really fighting and we're really not agreeing on things. And then we meet each other in real life and I go, Oh, like, no, he's not a jerk. Like this is like, Oh, like now I can kind of figure it out. Right? Of like, Oh, like, it's just because that's like,
00:38:00
Speaker
this operating model, right, of like, oh, he's on zoom, this part of his brain goes and he's just direct and like, or it's a cultural thing, or like he was brought up a different way. And so he doesn't use the niceties that I use or, or, you know, like, or our industry attracts a fair bit of people on the spectrum.
00:38:18
Speaker
And there's like, there's, I have had that happen where I'm like, ah, that person was like really abrupt and very like curtain to the point that you meet them in person. You go, oh, like they're probably maybe on the spectrum somewhere and they can't translate to the little nuances of like having this. All that stuff super really helps.
00:38:39
Speaker
It's also helped me kind of turn the lens on myself, right? So not just like, I don't want this to be the podcast of like, Hey, just go in person and meet people. Drum. That's not, that's not the whole point, but it's just like, Hey, you also can hold the mirror up to yourself a little bit of like,
00:38:55
Speaker
how many times have you hung up a phone call like this? At the end of this one, I'm gonna evaluate, oh, did I say the right things, right? Or, oh, did I overshare about this? Or, oh man, I really wanna, I went on a, did I really talk about like my mom and dad? Like this was, you know, just like weird stuff like this. It's gonna be like, I quit drinking to not do that. I'm fully present when I say something dumb. Yeah, yeah, yeah, yeah.
00:39:23
Speaker
exactly right and so to like to kind of really start to build these relationships you get to hold the mirror up a little bit and be like oh we all we all kind of stick our feet in our mouth at some point a little bit and no one cares no one's thinking about this like no one's walking away and going
00:39:38
Speaker
uh, you know what what the heck did that person just say right and if they do it's for a second and like that's that's the end of it so yeah, I think like the other piece that's one of the pieces in the resilience article that I wrote to like bring it back to that was self-compassion was like a big part of it right instead of just like Hounding yourself. This is something i'm so bad at right. It's just like I beat myself up Super that's like a default reaction of mine for sure and I think that's fairly common um
00:40:03
Speaker
But yeah, just like getting over that and being like, Oh, okay. Like, yeah, I messed up or, or no, I didn't like that was fine. Everything was fine. Like it's all good is like a reframe that I, you know, it's, that's part of my work all the time. Um, and that's like a key part of building resilience is like not coming away and then like,
00:40:22
Speaker
Have you read Atomic Habits? I know that's a James Clear book. It's super popular. He talks a lot about being able to stick with a habit is making it part of your identity. Instead of saying, we both have said, I stopped drinking. That's not part of my identity. I don't drink.
00:40:40
Speaker
That's like, that's like a thing. It's not, Oh, I'm trying to cut back on, you know, beer at home was like a thing I used to try. Right. Like, or, or, and, and in the book he talks about smoking. Yeah, I'm trying to quit smoking. Right. And that doesn't work, but saying, Oh no, I'm not a smoker anymore. You kind of like do this in your head.
00:41:00
Speaker
And so that's like a form of resilience as well is like, okay, like how can I like self identify with this new thing? Like, no, I didn't mess up. As soon as you say like, Oh, I didn't mess up. That's how you're thinking about that now. So you're not going to like carry for the next few weeks. Like, Oh, this like, Oh, did I, did I not do the right thing? Like in all this kind of stuff. Um, that's super important for sure too.
00:41:23
Speaker
feeds into cognitive agility is like another field. I'm like, I brought the piece up and I was like, Oh yeah, here are some of the bullets that I wrote in the article last week. So cognitive agility is a move. Yep. It's very powerfully written. And like I said, you lovingly wrote those because they're
00:41:42
Speaker
research their thought out.
Integrating Technical and Human Aspects
00:41:43
Speaker
It's not just armchair psychology, right? It's from experience and saying like, okay, this is what the research that is out there and this is what I see. And it was really good advice and really solid. And coming from an understanding of the industry and being in it. And I think it's really great to find
00:42:03
Speaker
those people that kind of bridge the gap right between like okay understanding this is this is and this is why I love to you know looking looking to talk to those people like here I'm bridging the gap between the human side of it that's often overlooked and but also I understand the security side of it and the nuts and bolts and the security of how it works and the humanity behind it all of that of that overlap because it's like people are either
00:42:25
Speaker
really into it or like I look at what like we talked about Jack Daniel and what he's done for a community and you meet Jack and he is a community guy like he will he was that person who like if you needed something he was up at 2am or driving a thousand miles to pick you up wherever you are if you needed something like he is that guy there should be more people in the world like him and um what he did for the community is amazing and so I think
00:42:53
Speaker
to have more of that in the kindness that we give each other to that right we're not all out to judge each other and even if we are it's not the end all be all they probably forgotten things that I remember from like you know seven years ago I did that that and that most people I think forget or forget
00:43:10
Speaker
forgive in one way or another or else they need something else. It kind of self sorts itself out, right? There are those people, but they're gonna wash out of whatever group you're holding close because like, yeah, that's just like, because of those actions, right? They're gonna, that's my experience anyway, is those people in my life have sorted themselves out. Like, it's taking care of itself in one way or the other. And so I try to not worry about too much about what people think about me anymore.
00:43:39
Speaker
I can't as like a content creator. Like I have a YouTube channel now I write this newsletter. So like part of that is built in like, Oh, I hope people like this. But I can't I can't I can't write I try to like, follow my analytics and my trends and make sure that I'm making something that people like but I cannot like
00:43:57
Speaker
sit and read the comments and go like, Oh, I'm worried about this anonymous troll and like what they think. And that's the same thing in your life is you're going to meet real life versions of that anonymous troll in the comment sections and you're going to go, Oh, they're not worth any of my energy. Like, and like, and get out of that. Right. Um, so yeah, it's a, it's a balance. Uh, and I think
00:44:19
Speaker
I think that's probably what like to even bring it back to loneliness.
Avoidance and Mental Health
00:44:23
Speaker
And I think these concepts are tied. It's people have been burned. And so their defense mechanism is to like avoid that interaction ever again, and then you become lonely.
00:44:36
Speaker
or not even tying it to loneliness, just avoidance in general. You said it, you can't avoid your way out of a problem. The same thing goes through professional career. This doesn't even need to be cybersecurity. Just professionally, I know a lot of people who avoid a lot of stuff and responsibility professionally and build their walls and build their silo and just say, if I take care of this little corner of the earth,
00:45:03
Speaker
Like I cannot be fired. Like this is like, so, and I'm not going to like train anyone on what I'm doing because then that's a threat because then someone else can do what I do. Nope. I have like my little fiefdom here. Um, and I'm going to rule over my fiefdom.
00:45:17
Speaker
those people are always shortchanging themselves professionally. It's never the right move. You can read that from a mile away. Okay, that person is just clinging on to some sort of relevance in this way. Yeah, that's like, what are you doing? Well, you're not being vulnerable. You're avoiding other people. You're avoiding
00:45:39
Speaker
cross collaboration, you're doing all this kind of stuff. So yeah, there's tons of knowledge. And then, yeah, personally, avoidance is my defense mechanism of choice, by the way. And so that's why that p I know you came across that piece as well. And that's, that is like, I have an intimate relationship with avoidance. It's like,
00:45:56
Speaker
It's my lizard brain. If you flip over to lizard brain, if you're in a depressive episode or something like that, you're not even consciously trying to, like you said, if I'm the organizer for this conference, I can't cancel this plan last minute. That's me. I'm like, oh, nope, I'm having a bad night. I'm going to cancel last minute. That's avoidance. That's what that is. Something happened, and I'm going to default to not do any of that.
00:46:25
Speaker
And, and to like push that to another degree, like in a depressive episode, this is like a revelation I had is like a lot of people's depressive episodes turn into like, being in bed for a number of days and like you're not showering, you're not taking care of yourself. A lot of that is just avoidance, right? Like you're
00:46:42
Speaker
What are you avoiding that you're staying in bed all day today? What are you avoiding? What's going on? Does your house not feel safe to you? Does your job not feel great to you? Are you avoiding going to work that day? You're calling out sick because you're having an episode. All of that turns into, oh, I'm actually just avoiding something. And I didn't even realize, I didn't consciously avoid something. That was just the path that
00:47:07
Speaker
my brain decided to take. So they're all interesting concepts and professionally and personally.
Closing Thoughts on Social Interaction and Resilience
00:47:15
Speaker
Yeah. Well, it's been absolutely great. Unfortunately, we're out of time because I feel like we could keep talking about this for hours and hours and hours. But thank you so much for sharing your insight. I think there are really a lot of valuable takeaways and the honesty and the vulnerability of, it is lonely out there and it is hard to be resilient to these things, but you find your people,
00:47:37
Speaker
I'm adding a mental note of like, right. Okay. Make sure at least like once a week or once a month or, you know, whatever it is to add that to my, you know, things that I need to do of, of self care, even, even though when you get that feeling, like when you dread plans, you're like, Oh, I gotta go out next week and it'll sit there. And then, but I'm always glad every single time. But like I said, find that like, what's the, there's, there's gotta be something that's not like a big plan, right? Like find a thing that's a little plan.
00:48:04
Speaker
that doesn't feel taxing to you, doesn't feel like the proctology exam. It's just like, Oh, okay. Yeah. Like I got coffee with that person last week or whatever. Instead of like the, Oh, I got to get my nice dress on and go to this nice dinner or like, you know, Oh, I got this conference is going to be 50 people there or whatever. Right? It's like, no, what's the, like, okay. Are there like three people that you feel really cool with? Like, you know, can you, can you go like pick up games of basketball or cups of coffee or whatever? These things they add up and they're super, super good for us.
00:48:33
Speaker
Yeah, yeah, I'm gonna pretend. Well, thank you so much for joining and to our listeners, I will see you next time. Thanks. Thanks for having me.