Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 100! AMA with the George and Guest Host Amber DeVilbiss image

Episode 100! AMA with the George and Guest Host Amber DeVilbiss

S3 E11 ยท Bare Knuckles and Brass Tacks
Avatar
87 Plays1 month ago

Episode 100! And this time, George K and George A are the ones in the hot seat!

Guest host, and friend of the pod, Amber DeVilbiss takes the mic to put the Georges on the spot.

They take on listener questions about:

  • Tech and industry trends, AI, new risks
  • The deep, dark, and personal
  • Selling and marketing tactics
  • And MORE!

Thank you to all the listeners who submitted questions!

Recommended
Transcript

Introduction and Ask Me Anything with Amber DeVilbus

00:00:06
Speaker
All right, welcome to Bare Knuckles and Brass Tax, the 100th episode. I am George K. with the vendor side. And I'm George A., a Chief Information Security Officer. And today, we are in the hot seat. We are the ones getting interviewed because we have a guest host, the one, the only, Amber DeVilbus. Hi, everyone. It's nice to meet you, also known as George Deep. Yes, officially.
00:00:31
Speaker
bringing the triplets together. Sweet. All right, so you have sent in your questions. Thank you very much. This is an Ask Me Anything episode. We have not really prepared, so we're going to answer live

The Next Big Thing in Cyber (Excluding AI)

00:00:44
Speaker
fire style. And Amber is going to be the one to read your questions to us, and we'll see where it goes from there.
00:00:51
Speaker
OK, guys, are you ready? We're going to start off with some industry questions. The first one comes from Neil Saltman. OK, you ready for this? Get ready. What's the next big thing in cyber? Is it consolidation, specific gaps? AI is the obvious one, so it can't be that.
00:01:11
Speaker
I like that curveball at the end. um Let's see. I'm going to say one thing and then I'm going to come around to another. um I think someone's lunch is going to get eaten, which is to say...
00:01:27
Speaker
a lot of the big players are getting a little slow or they're taking their eye off core products or they're Microsoft and everyone's tired of them. So someone's going to come around. I mean, I think we're seeing a little bit of that with Wizz, but somebody's going to come around and like just really nail something in a very innovative way that the big players have taken their eye off the ball and it's it's I don't want to say disruptive but it's going to feel like that. It sounds like you have insider information on that. No, I wish I did. That would be amazing but I just I sense that we right now we're in a period of consolidation but like every period of consolidation is followed by
00:02:06
Speaker
a very surprised turnaround. I mean, I think right we saw that with Symantec and then CrowdStrike. And yeah like that sort of push and pull in the market is almost an inevitability. OK. What about you?

Managing Risk Acceptance and Liability

00:02:21
Speaker
I um ah do agree with George that we are definitely in an era of like consolidation, especially in the vendor space at the moment. um But where I see innovation heading is not actually at the enterprise level at all. The last kind of untouched frontier of the cyber business is the SMB market, is the household market, is the individual user selling B2C. I think selling B2C and I think technology design specifically for individual households and customers at scale. yeah Whoever can actually crack the formula to to design a product that provides enterprise level services and and technology and capability, but bake down to household price that you could buy a package at Costco from, you know that's going to be the one that takes the market. like George is right. Someone is going to disrupt the whole thing, but it's the person who's going to figure out the formula between value over cost.
00:03:14
Speaker
Yeah. The reason I think that hasn't been cracked is like the typical VC model, you know, run up and then sell to enterprise because right we're just used to that pattern. And I think it's going to require someone not taking that funding model and doing something different. But that is a completely greenfield. It's there for the taking. Yeah. And i think I think a big thing that needs to stop because this wouldn't be bare knuckles and brass tacks if we didn't call out nonsense. Innovators and founders need to stop designing point solutions that are literally just built to be acquired. They're not innovating. They're not trying to disrupt anything. They're not trying to make life better. They're trying to go for profit with the same formula they've done for two, three, four, five times. We're going to make this widget that Google will buy. Yeah. that's That's all Black Hat and Defcon were this year. That's all the conferences are. That needs to die. All right.
00:04:06
Speaker
OK, moving on to the next one from Alex Hurtado. Yeah, Alex. I like that. She's awesome. okay How do you address situations where stakeholders acknowledge the risks but still choose to maintain the status quo? Similar to like a smoker who knows smoking is bad but still continues to do this anyway.
00:04:28
Speaker
um I mean, Lecisa definitely has his answer. I think you become comfortable with the that discomfort, right? Because of his risk management. Ultimately, it's the security team's job to present the risks. But people are going to also accept risks. And you just kind of have to tamp down the OCD that like wants to secure all the things. Because if the business says, like i I see you, I hear you, I sign off on this, like we accept this risk. like But I guess you have to be comfortable with that. I think from a CSO perspective, it also comes down to personal liability nowadays. So you know there are a couple of tools in the box for us, like D&O insurance, making sure that any CSO listening to us, make sure you have your D&O insurance. If not, talk to your general counsel. I strongly encourage it. um And the other thing too is, is
00:05:20
Speaker
We have to equip ourselves with these things called risk risk acceptance statements. so When I'm dealing with a CEO or a board member or it's just someone in a superior position to me and I'm identifying a risk in something that's directly to do with our project or our infrastructure, if they're still going to push forward and say, well, the business wants to do this, I will say, cool, I have drawn up a very nice legally verified letter that says, I as your senior security advisor and professional have advised against taking this action. There you go. I love that. You have decided that this is in the interest of the business. right You accept the risk of taking on this decision. I have advised you, I am no longer liable.
00:06:05
Speaker
yeah And it's funny, but 85% of the time, maybe 9% of the time, I put that paper in front of whatever person's asking me to do a thing, that request of theirs goes away. As soon as that liability gets in their face, they don't want to deal with it. So the one of the legacies of cyber going out of IT t right was
00:06:29
Speaker
Back then you were sort of like the IT crowd was in charge of all the things. But now we have this division and there has to be this distinction between security team manages the risk, but others own the risk, right? So if marketing wants to go run a whole bunch of SaaS tools off of company credit cards and they've gotten the clearance and they've done the third party risk assessment or whatever,
00:06:54
Speaker
okay we all agree and you know the security team is going to help manage some of that risk but like it's not you yeah you wanted that you're using it for you have to own the risk i think because of that legacy um the security teams often get saddled with owning risk that they don't They're not part of their remit. And so when something goes down, it's like, well, how did you not spot that? I was like, well, we're not using that tool. Yeah, I don't know. yeah It's a confusion of responsibility and ownership. Interesting. I feel like when I ran a SOC, there were people outside of the SOC that were using like Trello, and they were putting all of our projects up there. Correct. And this was like a compliance guy that was yes nowhere near the SOC or NOC or anything. and he's just like But he's still running and overseeing projects for us, right which included sensitive data. and i'm like
00:07:41
Speaker
My dude. yeah like you What is this? He's like, no, he's fine it's fine. It's fine. It's like the best thing ever. It's going to keep us on track. I'm like, it's also going to totally put us over. So yeah. Interesting. OK.

AI: Hype vs. Reality

00:07:53
Speaker
This next question comes from Alana Bernal. Oh, yeah. Bernal. I've sat through so many presentations on AI in marketing and cybersecurity, and they all seem to say the same things, either what we already know or vague generalities. Word.
00:08:09
Speaker
Is AI losing its edge? Let's go to your first story. We were just talking about this actually on the drive-in. i am I don't know how you'd word it. I'm the wet blanket for this whole AI parade. like I objectively think that in what's available in the market right now and what is a realistic AI-enabled threat or a threat factor, um it it's a lot of hype. It's a lot of hot air. like ai is literally just like
00:08:41
Speaker
and a more advanced calculator if you want to imagine that. Because you still have to put in the prompts. You still have to train the data. It is not a sentient thing that can independently think and learn and and that kind of thing, right? When that happens, yeah, great. I'll be scared to death. Cool. yeah Just like everyone else. But for now, what we get is a fancy image generator, a cool thing that can help you with the presentations, can streamline reports. That's great.
00:09:05
Speaker
But to to turn it into this whole thing of just, and this is our, a whole of industry level. Like it was zero trust before, you know, and it was like getting into your wafts before that. Like there's always something that people just linger on and it's like the big topical buzzword of like whatever the year. um I just think AI is a lot of hype and you know, there are some solid use cases, but it's still an early stage development.
00:09:31
Speaker
And it's it absolutely does not deserve the degree of marketing investment and hype that it gets. And that's my honest opinion as a technician. Interesting. What's your take on it? And by the way, this is like a a three-part question, so this is part one. Oh, wow. It's a lot to answer. Is it losing its edge? The talk about AI is certainly losing its edge. On the one side, we have sort of the messianic, we're creating super intelligent, god-like, alien intelligence, and those people can get the fuck out.
00:10:04
Speaker
um The other is more practical, narrow AI. So let's like make that distinction between generative AI and narrow applications that have been in use, especially like machine learning and cyber for decades now. That is still extremely useful. But I think what we, I think people are intentionally conflating cut through marketing generative AI because it feels more powerful. Before it required data science, it required scripting, it required something else. But now the idea that you can just type in like um which endpoint was this found on is very appealing. Great. I think that has some use cases in a UI, UX for defenders. but
00:10:45
Speaker
The be all end all? No. The whole job replacement thing? Not quite. Because ah the law recognizes human liability and not machine liability. 100%. Yeah, as it should. OK, so here's part two. Do we need a new more authentic conversation around its real impact? What's a fresh take on AI b beyond sorry the usual claims of helping the end user or making our jobs easier?
00:11:12
Speaker
Yeah, so the thing that strikes me that's missing from the conversation is neural networks and deep learning are predicated on neuroscience from the 1970s. That was our understanding of how brains operated. And what's missing is the reflection that this is holding up to us.
00:11:35
Speaker
like There is psychological evidence and neuroscience, yes. The way that we see things is around the edges kind of like how they trained neural nets for image recognition. Great. Right. But the other connectivity, the stuff that like, you know, why do you come up with your greatest ideas in the shower or on a walk? Like the unconscious thought. And I think what we're missing is asking ourselves,
00:12:01
Speaker
Okay, if if we question the premise that is going to replace us, like what is the value of our thinking? What do our human talents bring to the table? And the idea that you can is a one for one replacement is just bananas dumb. It's like very reductive and humane and annoying.
00:12:21
Speaker
Right. i feel like you know I feel like there's a lot of times where you could have myself or even my partner put into something into like chat GPT, for example. And I'm going to get, no offense, far better responses and outputs because I'm putting a lot more into my inputs, right? So it's like it's all about the creative mind, I think, behind it. And it's also one thing I think is cool is it's like it's training us to think better, like to think differently and think more thoroughly and more creatively.
00:12:47
Speaker
which is Well, in some instances, I think yeah i think it might also, like, um writing is thinking, and so, like, I worry about students who, like, you know, like, know people who've spent more time editing the output than, dude, you could have just yeah sat down and written the thing. Totally. So, um and just yeah, I, yeah, anyway, I think they the reflection of how we think is what's missing from the conversation.
00:13:14
Speaker
I love that. I love that. Are you ready for part three? I'm going to give you part three. okay You ready for this? Okay. How can AI truly revolutionize industries in ways that we're not discussing enough yet? I want to hear something real as if you guys do anything fake. What's your take?
00:13:34
Speaker
i think um I think until we get to the point that AI is out of this the pure tech space, pure technology space, right it's not a Silicon Valley thing. When AI can actually replace the functionality of doctors and engineers and you know even potentially ah surgeons right if you're getting robotics involved because We have to think of robotics in the conversation as well. yes And i know youbodied ai yeah like I know you have a big background in robotics, too. So like you you kind of get that correlation. And actually, something interesting that I saw, given you know where my primary employer is, like I work in the online dating space, I work in the sex tech space. And sex tech is doing some really innovative things around AI. So around AI companions, where people are actually having full relationships with AI figures. um And there's another thing, too, before that, where
00:14:27
Speaker
there was a there is a movement, there what was there is a movement of a certain demographic of people who actually have these these dolls as their partner and these dolls are like actually like dolls or robots but they're like live action. Now though, what you're seeing on the cutting edge, I was actually just at um a conference in August and in in marial love and sex with robots and they're talking about the utilization of ai into those sex bots into those sex dolls so when what you're creating is a more
00:15:00
Speaker
closer to life companion if you're going to go down the artificial companion route. So and you know if you think of that Joaquin Phoenix movie Her, I really liked that movie because that was a good futuristic take on it. um But again, until like AI can actually run the machines and we have the robots that can communicate with the AI in a way that we can replace the need for manual labor,
00:15:24
Speaker
I think that's the groundbreaking thing people are looking for. And then, you know, we're dealing with things right now. I know in the US, there's a big um labor dispute with the Longshoremen's Union because they don't want AI implementations, their process, right? So they're actually stopping the direct type of disruptive progress that I'm talking about. And so that, I think, is going to be where the real frontier is. Because as long as it's just stuck in tech and it's just a Silicon Valley thing or a Tel Aviv thing, no one outside of our world is going to give a shit. yeah Going back to the way we think, other than sex robots, is like the most innovative uses of AI that I have seen that don't get any press because it doesn't involve Sam Altman or whatever their own.
00:16:10
Speaker
is humans' ability to imagine ways to investigate things and take advantage of the full potential of machine learning to do things at orders of magnitude faster or greater scale. right So for example, this team that innovated catheters which is the most banal of technologies. But upstream infection from catheters is responsible for hundreds of thousands of deaths every year. But it's like a vital piece of equipment in the hospital. So they were able to analyze fluid dynamics in catheters, which is notoriously difficult. Fluid dynamics is like it's like chaos theory stuff. right like It's very hard and randomized. And finding patterns, again, at a speed which might have taken humans like thousands of years of analyzing that data.
00:16:57
Speaker
were able to innovate like small changes in the shape inside the tubing and use 3D printing to do that, right? So they reduced upstream infections by 30%. This is something that could save lives, and it's machine learning, but it's not like AGI. It's not mainstream yet. Yeah, so it doesn't like get, so I think for Alana's question, you need, you that is still takes the creativity of human scientists to be like, if only we could solve this fucking problem that would take me 3,000 years to do manually, then you can apply that magic. But you have to have that
00:17:33
Speaker
that creative spark. And you also have to have that essentially humane touch, like I want to solve this problem. yeah but you You got to remember one other factor that we're not thinking about. The amount of power in GPUs necessary to talk about the functionality you're speaking of. yeah It makes it extremely limiting. I think what's going to be the real groundbreaker, and I've been saying this like some kind of John the Baptist at every conference, and every talk I've done for the last three or four years, the real a tectonic shift we're going to experience is once we've reached like ah QCD, once quantum computing becomes consumable by the mainstream, then we can actually power that kind of functionality at scale. I think that's the thing that we need to worry about that we can look forward to. Compute is the thing, man. I'm so excited you said that. We see some stuff coming up around that ya for Teach Good Sook. OK, well, that's great. So there you go, Alana. There you go. There's your bedtime story of the answers. OK, now it's time. Sex robots and catheters, Alana. So we do it here on this podcast. OK, this next question is from Carolyn Jacobs.

Political Deepfakes as Modern Warfare

00:18:37
Speaker
I have a burning question that's probably off topic, but I want to know anyway.
00:18:41
Speaker
Perfect. yeah In the world of political deepfakes and disinformation, disinformation, are we seeing more of these targeted at one party versus another? No, I mean, I did a lot of disinformation research in 2019, 2018, 2019. And then it was like the mental model of Russian election interference was militarized, right? Because that's sort of the Cold War mental model that we had was They're lining up these cannons on the border and they're just firing misinformation into the pool. And I had done this network analysis and I went to a cyber command and I was like, it's not a full frontal assault. it is It's a drug trafficking, right? It's like they're sending the supplies in and they have certain accounts and that is like the dealer and that's a better metaphor. But the problem is
00:19:32
Speaker
And myself and many others predicted that once the playbook was out there, the threat was not going to come. It was going to stay outside, but it was also going to come from within, right? It's there. And so it's very tempting that if you want to your side to win and we're living in kind of this zero-sum thinking,
00:19:53
Speaker
So I don't see it stopping until there's some sort of criminal liability on platforms, which we have been unable to put into law since forever. Yeah. um And yeah and then and then then we got smacked in the face with generative AI, which just lowered the barrier to injury, right? like Picture this, it's crazy. Like 2019, you have the internet research agency out of St. Petersburg, thousands of military personnel hammering on keys and fake accounts. And now like one person can pretty much automate that with scripts and just like invent stuff out of thin air. um So it's more like we're going to have to just start training ourselves. Yeah. Yeah, like that's that's a big part of it. a similar Similar timeline to you, um up in Canada,
00:20:40
Speaker
At the time, I actually was one of the first commercial consultants to ever get contracted by provincial government during an election to do threat intelligence monitoring for electoral interference. And that was in the spring. That was in the spring of 2018. And what I found was really, it's a lot of the same trends that we saw from 2016 onward, like the same Cambridge Analytica playbook, is that was being utilized. I think the bigger problem is,
00:21:07
Speaker
We need to look at global or international political misinformation campaigns for what they are. yeah They are warfare. It is an intelligence warfare. And we hesitate in civilian society, like and then for the context of everyone, I'm i'm a military veteran, and um we hesitate and in in civilian society to look at what This actually is and and in the military world we call the cyber theater of operations Because we are actually conducting battle with adversaries with the real world kinetic impacts and part of those battles is Manipulating the political leadership of country because if you look at traditional warfare you look at traditional spying and you look at the history of countries that have downfallen because We'll say certain three-letter organizations managed to corrupt their government and
00:21:56
Speaker
That is literally just classic, classic global soft power playbooks. Yeah, they went for the movies, they went for the theater, and then they went for the newspapers. Usually in that order, in my history is in Latin America. And so now they just go for social. They go where the attention is. 100%. That's kind of wild. It's crazy, the world we live in, and in this day and age. I mean, look at how, if you look at the opening credits to most Hollywood movies these days, how many of them are financed by Chinese companies. And so the baddies tend to be, let's say Russians. All I'm trying to say is, yeah I am wholeheartedly surprised that John Cena is very, very fluent in Mandarin.
00:22:40
Speaker
Oh my gosh, that's like a brand new fact. Look, we're all learning pop culture today. Yeah, he's he's got a very close business relationship in China. Interesting. yeah Okay, well, time for the final question of the industry questions from Mika. Do you think there's a need for more truly entry level roles in the industry and how do we get people willing to be involved in mentorship and skill sharing?
00:23:06
Speaker
No, we got to fund it. it's not du There are plenty of people who want to mentor. There are plenty of people who want to coach people. We have to get organizations to stop putting ah ROI with every goddamn headcount they hire. like If you want to invest in developing talent, that means you might have to take a loss leader and invest in a couple of prospects that don't work out. Or maybe you do train them up and then they leave. But guess what? They might come back and work for even better.
00:23:29
Speaker
I think the problem is we are so growth-driven, we are so profit-driven. We do not invest in the stakeholders. And not to get all like higher level political ideological, ideological um I really believe the problem with our industry and the problem with society as a whole is that we place way too much prioritization on the shareholder and not the stakeholder. yeah We are talking about a stakeholder problem being the organizations, the customers that we're trying to serve, and the people that try are trying to get into the industry to develop themselves. We're not prioritizing them. The only conversation that matters is, what's the share price? What's the EBITDA? I think until we get over that hump, we're never going to get through this entry-level job issue. Yeah preach um It's incentives right like if they're trying to keep the P and&L and balance. They're like well. We can't afford that so we will keep that lower so Internal stakeholders might be like I I really need this these resources would be really great We have a training program whatever on a balance sheeted and right so I have this wild
00:24:38
Speaker
idea, you're familiar with AmeriCorps, right? And we also have a lot of programs in the U.S. like you want to go to med school and if you go to rural areas that don't have doctors, will for and you work there five years, we forgive your right.
00:24:54
Speaker
well Look at this, we have a bunch of people trying to do career pivots. They're going into boot camps. I mean, the parasitic boot camp economy is something else to tackle. But anyway, somebody spends 16 grand, 30 grand, whatever on these boot camps. That's an investment in their future. But it's a lot to ask them to do if, you know, we have all these open jobs and then they can't get there. Right. But George, like, I gotta be real with you, man. I just think, and and and again, we have to we have to fix the recruiting and hiring process. Yeah, yeah. Unfuck that.
00:25:23
Speaker
But like, true we um I look at like how I got into cyber. And I got into cyber how a lot of people end up getting into cyber. I had ah a best friend of mine who worked in a sock. And I was looking for work, right? And he got me a shot. He got me an interview. He got me, I didn't apply for shit. The funny thing was I'd applied for that same company multiple times for four years like from 2012 to 2016. I'd applied for them a bunch of times. They wouldn't even give me a callback. But when my friend, who worked in there as a team lead was like, hey, dude, you should get a shot. That soft manager gave me an interview, gave me the shot. Oh, yeah. So I think it it really comes down to the the the networking aspect of it, because the actual formal process of recruitment is broken. Yeah. And we we have to fix it. I was garbage. Yeah, 100%. It's so funny that we're talking about these things. But I was going to say, if we can get ah like an AmeriCorps-style program that takes the and incentive to invest in your education,
00:26:19
Speaker
Let's say there's like ah an accreditation program and you take a boot camp that's accredited and you have these skills. That program could then place you into organizations and subsidize your salary. That removes the P and&L conversation from them, but it also gives you a shot to gain experience. yeah So you the candidate, let's say you get two years experience in there, you now have job skills that are transferable.
00:26:43
Speaker
the organization gets a warm body in the sock for two years and maybe they also may recognize a talent and they get to like at the end of that two years keep you on but we have to like look at where the pressures are and try to address those incentives I think yeah um but yes I think to answer some the other part of Mika's question yes there are many many people who want to mentor but ah the pipeline is not there because of the incentive structure is kind of blocking it. And by the way, i know I need to say this out loud, fuck unpaid internships. If you're driving unpaid internships to try to staff up your team and then kick those people out at the end, yeah fuck you're a piece of shit and you don't belong in the industry. There was years ago when I was in college a site called Things White People Like. Oh my God. It was like ages ago, yeah. And one of my favorite things was unpaid internships. Oh my God.
00:27:37
Speaker
Great. Yeah. No, I think that we need to be doing a lot more of this. So like not to change the subject around, but like at Teach Kids Tech, we're trying to do a lot more like ah programs with like the Microsofts of the world and do like paid internships so that kids that were, you know, prepping and going through like vocational courses and things like that for cyber or certain areas of tech will have like, you know, this chance to actually make money and do some some type of an internship there. afterter so they're not just like stuck hanging around and like, all right, now what do I do with this like three month, three year thing that I just went through, right? So. 100%. Yeah, interesting.
00:28:10
Speaker
are
00:28:17
Speaker
Okay, well now we're going to go to the juicy stuff, personal and

Origin Story of the Podcast

00:28:22
Speaker
random. Okay. There's this category. Here we go, Okay, this first one comes from Laura Kenner.
00:28:29
Speaker
I'd love to know a bit about the origin story of how you launched the podcast. like How did you get the idea? The vendor versus practitioner battle. Did you do proper market research and surveys? I know George does. No. Wait, wait, wait. Hold on. hold it Last part. Last part. Sorry. I got all excited about that. Or did you just run with it and see if it would stick? Yeah. So we were joking that our future memoir will be titled Stumbling into Funship. I love that.
00:28:58
Speaker
perfect time my life So I had invited him, I was on the vendor side, I had invited him because he's a CISO but we'd sort of been circling each other on LinkedIn to ah an event we had at Black Hat and he showed up and he'll tell us the side of the story but we sort of acknowledged that it was really awkward and I was like I don't look you know I'm not a salesperson and then we started talking about that shared disdain for that awkwardness or like if we could just all acknowledge that anyway I I think I was sapped him like a day later because we had sort of vaguely talked about a podcast and I was like man this thing sells itself yeah like I'm George on this side you're George on that side we should just do this and he was like all right let's do it and then literally just stumbled into the restroom I love that, though. I love that because people need to hear that because I feel like there's so many times you know that. There's no master plan. There's something to be said about just being the first market or starting and improving over time versus waiting until there's perfection to actually begin. Yeah, yeah. And I love that. Perfect to see you. I got your Torjay's take on this. It's a typical black hat story. I was there with my CIO and with my sock manager. And we've been working the trade show floor the entire time. And we're doing a lot of technical conversations trying to figure out budgeting. And we had a couple executive things that we had to go with some of our current suppliers. So it's at the very end of the day. And I remember just like,
00:30:24
Speaker
Like, I had to move some stuff aside to actually make George's event, because I was like, hey, I committed to go to this dude's event. This is just Yeah, he just seems like a cool dude. I said I'd be there some day. I literally showed up with five minutes left. Oh my gosh. Yeah, it was like a five minute left. I managed to grab like one drink and me, uh, Mico. Yeah.
00:30:43
Speaker
And then like ah George and I just like went off to the side and like the team was kind of a like finishing up and starting to tear things down a bit. And we just kind of kept the conversation going. I think we were both just at this point of exhaustion. Yes. Not only in our like standard work life but like for the event. And it's just like dude this is fucking exhausting. I remember I just looked at him.
00:31:04
Speaker
And you know, ah I'm a neuro atypical person, so sometimes I just get really blunt and really straight with you. yeah Yes. And that's the army. Yeah. And I just looked and I was like, hey man, look. I don't know fuck if I can buy this thing or not. But why don't you just like send me some documentation. I'll like have my team look at it. yeah And then otherwise, fuck if my team's into it, we'll fucking call you. yeah And if not, you know this was a cool time, man. It was all good. It was like refreshingly transparent. That's good. And it was so like, oh, great. We don't have to like do the awkward dance. yeah I know where things stand. Awesome. That's amazing. I love that story. I feel like I've heard this story from you.
00:31:40
Speaker
But it's usually George K. likes to tell me stories when I'm nervous for some type of event or speaking a thing that I love doing so much. And so i'm like I'm remembering fragments and bits and pieces from this, but I remember you saying like you were both just like, ugh, at this whole entire thing. and that's Nothing connects us more than things we just hate, so there's that. Okay, question number

Gaining Confidence in Public Speaking

00:32:00
Speaker
two. Coming in from Maria Harrington. What are some tips and tricks for being more confident and comfortable for public speaking conferences, events, and video? Tell us, Amber. Please, I'd love to know from the experts, guys. Oh, experts. I don't know. I think you just got to do it. You got to get the reps in. Just get the reps in.
00:32:19
Speaker
Get the reps in. You can do things too. You can go to Toastmasters. There are associations that will like give you that yeah platform opportunity. um But i think you know I think it comes down to communication skill. And so George and I were both like at the executive level in my career. like When I met George, he was like a senior director, and I was a CISO. So it's not like George is like some neophyte. He's experienced. He's got like command level board experience talking to adults. We can't tell. None of that is true. when you're talking to them. Like it's just like, when once you're at that level, you're you're kind of used to it because I think you have to go through, you you can't avoid situations that either might be tense or might be conflict. And that is either in your personal life or in work. So if like there's an incident going on and everyone's freaking out and the client's freaking out and you can call to the board room and some VP or some board members looking at you for like a 30 second less briefing on like what is going on. you have to be willing to be that person who's gonna take that answer. And you might get blown up, and it might suck a few times, like really. But you have to know that you're gonna learn, you're gonna get better, and the more you do it, as George said, reps, yeah the more comfortable you are with it. And you know, everyone's always nervous. That's the other thing too, like we might look like we're not nervous. If you saw us at, we did Black Girl's Hat, at Black Hat, backstage, right?
00:33:44
Speaker
We were still going through, like, the actual, like... Yes, we hadn't had time. I would pay money to see this footage because I don't believe you at all. We hadn't had time to... You're both a commissary boy now. But I think you've developed the muscle memory of, like, okay, so you're gonna say this, I'm gonna do that, and we'll sort of pick up on those cues.
00:33:59
Speaker
um A few cheat codes. I did theater in high school, so I got used to standing in front of people. But also like I worked for a big marketing agency, so you're pitching all the time. And you're not just pitching like at clients. like You're always trying to win ideas, so you just have to convince people all the time of stuff. um We had a ah fun game that we would do. We would be going up in the elevator.
00:34:23
Speaker
ah to Sony or wherever big client with HBO. And some senior partner would just give you a random ass word or combination of words. And it was understood the gauntlet was thrown down for you to get that in the pitch somehow. Like they might literally say like a butterfly and you're like, fuck, I got a good butterfly in this pitch to Sony or something like that. And it makes you think on the fly and and They do this live. you're like Yeah, I'm like in front of Sony pitching this campaign. And I'm like, so in my head, I know the pitch because we've practiced it. And especially true in agency life, though greatest it sucked so much. But the greatest thing was they made you know your pitch in case HDMI cable didn't work. Whatever. You could do it without your slides. You could tell the story. But because you had that confidence in the story, like inserting one random word was like not Right. Too hard, but it was fun. And no one would know. They would know, and we would know, and we'd sort of have an internal chuckle about it. But it's diffused a lot of them. It sounds like you guys need to do like a a G squared you know yeah like public speaking course. So George looks at it from the pure marketer standpoint. i I am not. I'm relatively new to this industry. like You've been probably commercial for way longer than me, maybe.
00:35:39
Speaker
The more I look at it is like high performance athletics because I used to be like a university football player. I played wrestling, rugby and all that stuff and I fight now. And one of the scariest things you could ever do is compete in fighting. Like I won a provincial boxing title. I still compete in Muay Thai now. And backstage, it doesn't matter if it was like 12 years ago or if it's like today, I am still like 24 hours beforehand scared to death.
00:36:04
Speaker
12 hours beforehand, psyched as fuck. Six hours beforehand, why the fuck am I doing this? I'm fine. I have a nice home. What fun is this? Why have I signed up to get punched in the face? so But then like when you're right like backstage and you're in the waiting area before your song comes out and you do the walkout, you kind of like... You have to bring yourself back because what happens if if you don't control it, if you don't learn to control your emotions and you don't learn to focus on what you actually have to focus on, which is the task at hand, then you're going to be overwhelmed by your nerves. yeah and And what happens is in in fighting what you get is something called an adrenaline dump. So you'll come out and you go through all this shit just to be able to step out and get in that ring. And then by the time the bell goes to start, you're tired you're exhausted. You're already gone. You're you're bagged. yeah right It's the same idea on stage or when you're about to speak. If you spend so much time being nervous about what could happen and who's in the crowd and what job you're trying to get, whatever, you're not actually focusing on the performance that you're needing to do. yeah and so When you become performance-centric,
00:37:09
Speaker
all the other stuff like the crowds, the distractions, the the implications of things after the fact, none of that shit matters. For the nine minutes, three minutes, whatever it is that you gotta do the thing, the only thing that matters is doing the thing. And yeah that's what you gotta train yourself on. yeah I would say there are two practical things. Don't overthink it. So whenever I've done a keynote or we did our thing, there are like just enough notes for us to remember like what is yeah the touchstone that we have to hit.
00:37:39
Speaker
Because if you script it out and you try to memorize it then you get sort of wrapped around the axel you like mr. Word and hundred percent Right, but you know like at this point I need to talk about this at this point and you can rehearse that and it becomes way more comfortable The other thing is to slow down when you get nervous you tend to breathe faster You tend to talk faster and there is a rate at which you start talking faster than you can think And that's when you get the ums the uhs because you're locking up so Yeah. Like if you just talk at a slower rate like we are right now. A hundred percent. My thoughts can basically keep pace with this. So it's smoother and you're not. It feels like I'm in therapy right now. It's because of how smooth and slow everything is. No that's great because I remember George. George already knows. We one of the first times I ever did that by the way that was like my first time public speaking. I know. Sorry to put you on the spot. No, it's great, because I'm sitting there crying almost. I'm so nervous. I'm like, no, no, no. He's like, what? You're fine. You're going to be fine. I'm like, don't talk to me like that right now. OK, I'm freaking out. I don't know what else to do. And it was the worst thing ever, because I remember I had, OK, so I have ADHD. So I wrote down what I was going to say word for word, because I tried to do the opposite and be like, I'm going to say exactly this. And I did it with different colors. So I had gel pens. I was like, pink was going to be part of this. I came over to you in the corner and I'm like, what the hell? And I was like, I'm going to memorize all this. Oh my God, don't talk to me. But it's funny because my mom has this thing, because we talk about public speaking all the time, because anybody who knows me knows I'm definitely terrified of live action, just improv. OK, sounds great. But we have this joke, and hopefully it's OK to stay on this podcast.
00:39:09
Speaker
She's like, just beat the shit out of it, like prep and prep and prep and know your speech and know what you're going to talk about. Because at that point, it doesn't matter. You can go, you know, your your whole speech could burn up and you're still ready to go because you at least know like the talk track. Like even if you're improving at that point, you still know the general thing you're trying to get across. Absolutely.
00:39:26
Speaker
Which is a big deal. And I just, I feel like over preparation sometimes. When you said don't overthink it, some of us who are still terrified, love to overthink it because then we're like, all right, there's absolutely nothing that's, if if I fuck up a word, and right but at least I know. I think that's a misapplication of like what you can control. So you believe that you can control the script, so you invest a lot of energy in that. right But yeah I would argue what you really can control is the The story right right so 100% and just talking to George and letting him you know therapy eat that right out of you Okay, so now we're gonna move on to everyone's favorite questions, especially yours the sales questions Here we go unload so this one comes from is it Elena? Oh
00:40:13
Speaker
Yeah, Elena. Elena. Elena Bomko. Yes. I love that name. Elena Bomko. She's awesome. Have you ever bought a tool or even booked a call after a cold email?

Building Relationships Over Cold Calls in Sales

00:40:25
Speaker
There we go. Season time. No.
00:40:27
Speaker
Never never surprise never once in my entire Career as an executive and like before see so I was a director in charge of a managed services division um Never ever once has a cold call or a cold email work. In fact um I'm usually like offended when you cold call me and I you know, it's an unscheduled call, I'm doing something else, or I only like answered it because like I'm in the middle of something like busy, and I just like, oh, geez, like, what is this? Because I go through the rule that most most security practitioners are like, if we don't recognize the number, we don't answer it. Right. And so now like sellers have started spoofing phone numbers, so please stop doing that, you assholes, but you know, like,
00:41:08
Speaker
you because They spoof through your local, right? Yes. Totally not social engineering. when when you just like When you get the cold email, it just doesn't work because how are you going to know my problem statement? How are you going to build trust with me? How are you going to start the conversation? like It'd be a lot easier to come to an event. If you want to sell to me, you want to come sell to me specifically, come to an event where I'm at. like I post where I'm at. I go to events in Toronto all the time. If you go to Toronto, Montreal, you probably catch me at a thing. And if you catch me in person and come up to me like a normal human being and they're like, hey, George, how you doing? I'm so-and-so. I work for these guys. We got some cool product. Have you come check out our booth yet? We got some really cool things out there, man. I think we might have some problems for you. yeah If you talk to me like a human being, yeah I'm going to be really interested in what you have to say. I can't automate it, George.
00:41:57
Speaker
But at what point, okay. I can't schedule the 3,000 emails. No, so let's go back to the origin story. The only, so I reached out to him for Black Hat and it was the same it was LinkedIn, DM. I was kind of nervous about it because we needed to fill the room and the BDRs weren't getting it done. ah So, but I had all these people I'd been talking to.
00:42:17
Speaker
And he and I had like vaguely circled around each other. I think anyway, she said, Hey, you know, we have this thing. It's pretty cool. We're taking over this like, E Games arena. And he's like, Oh, yeah, yeah, yeah. I've been following you for a time like, it wasn't awkward. and It was it was cold. But like the long game was we already had been sort of going back and forth. So similar to what he was saying, like,
00:42:44
Speaker
If you go to the events in your territory, you will only make good on them if you have started to build some kind of ground game. That ground game is not assaulting people with solicitations. It's showing up or just like this post, comment here in a way that's not like buy my shit now. Like just be a person so that there's like more of a- Like ease and- Yeah, there's just a thing. I was gonna say, because of a point. A relationship to build on.
00:43:14
Speaker
100%, because ah as a like a security practitioner, i you know i especially as a female, I'm like, OK, if somebody were to do that to find my time, how would they know where I am? At what point does it become like creepy? you know It's creepy all Like, this is your invitation to just stalk and find me at all events. No, we're shit. We had a guest early on that talked about, and we brought him on for this reason. Someone was so obsessed with trying to sell to him, they looked up his partner on social media. They called his wife. Called his wife to try to get to him. Who thought that was a good idea? Like, I swear to God, if you ever call my girl while you're trying to reach me, it's on site. I'm going to knock you out on site. Like, straight up, yeah.
00:43:57
Speaker
That actually happened. Yeah, but there's a desperation there because, you know. Because it's sales. Yeah, well, yes, but also like that looks like the process. Like I was joking, like what he's saying can't be automated. And automation is also a great way to do dumb shit faster. So yes, like, yes, I can email 3000 people.
00:44:19
Speaker
Right. And then just hope that I get, like, 0.5%. That's so crazy. It's crazy that, like, OK, as a current person in the sales side of the space, guys, ah you know, go easy on me. But no, I think, like, there's so many times where I'm told, like, from, like, a company perspective. And this isn't just my current company, but so many others that I've worked for is, like, just send out the email. Like, do outreach. I'd blast that shit. I'm like, but what? Like, what? That's not how I work. It's harder. It's a larger problem with knowledge work is that it's ah The annoying things in knowledge work today, like the return to office, because we can't see you working, is literally sharecropping overseers overlaid onto the assembly line, overlaid onto the office. And it's number of dials, number of emails.
00:45:07
Speaker
Oh, I can measure that. Like we measured right bushels per acre, number of engines that came off the line. If I have X number of people working on the line, but we have to finally reconcile that the stuff that we're doing today is not that same output. And like sellers are essentially relationship managers and diplomats. Like that's what they do is that soft diplomacy and that takes a lot of Ground game and and sure, you might need to prospect, but I think that prospect can also not be awful. Mm-hmm. Sure. Just like public speaking is so fun. um So there's that. OK, cool. So let's move to the next question, because we have a lot of these questions. I love this name. So Gentry Zollars. Yeah, that's a good thing. Oh, Gentry's cool. Cool as I want to meet all these people. Me, all of you. So on LinkedIn, I generally ask questions and very inquisitive toward the security community. Be a peer and not a salesperson. I've introduced myself to some prospects at events very conversationally. I want to see if that's OK in the practitioner space, or will this put me behind the eight ball with some folks? ah I mean, if I'm understanding what she's saying correctly, she's going up to practitioners at like events and talking to them like a normal person. Come here. It's almost like you just said that.
00:46:32
Speaker
That's literally, I'm just like, OK, I can't. Yeah. You know, I think somebody sees, you know, the count rep or whatever. Some people are going to be assholes about it. They might have their guard up. But as long as you're not coming on strong, trying to pick their pocket right then and there. Yeah. Just just I don't know, man. Like like it's vibe's a thing. Like vibe is a thing in everything in life. And you kind of maybe happen to have ah just a shred of emotional intelligence. But what is the vibe you're putting out on the floor? 100%. I feel like this is something I've struggled with. because like why So I was on the practitioner side for a long time, then I became a sales engineer, and then a solutions architect, and all these things. But as a salesperson, because I did do that as well, um i just I feel like there were so many times where like upper leadership would push on me, like, oh, ask. You need to start asking. That's not how I operate.
00:47:20
Speaker
Like I, maybe I'm not going to get 20,000 different leads done in this week, but you know what? I'll get three solid ones because I'll create relationships that'll go with me forever. Because at the end of the day, I don't care whether, this is like the worst thing you can say as a salesperson, but I'm going to say it anyway. I don't care whether or not you buy from me. I care whether or not you trust me so that in the future we can continue a relationship. I mean, you can get the signature without trust. So I was just going to say this yesterday. I took a lunch with another organization and they're selling
00:47:48
Speaker
Not CNAB, but they're sound like ah like a data mapping tool. It's cool. The guys who were on the table, I ran into them in BC at a conference I was at recently in Whistler, and they set up the whole thing. Those guys I had worked with previously with Lacework. I don't think Lacework's around anymore. It's whatever. More abundant. But anyways, at the time, i I was in a dance with them for about six, seven months trying to buy Lacework, and they were just You know, full transparency, far too expensive for a mid-size shop. Right. um But the relationships were good. Like, I liked, like, my, my, my, my seller, Mark Pantoine was a great dude. Benoit was a great dude. There were a lot of great dudes there and I attended a few events with them and we had a good relationship. And we came like, literally it was on my CFO's desk and they didn't sign it, right? So, like, that's not on me and they know that's not on me, right?
00:48:42
Speaker
But as a result of that, like they moved on from that organization. I run into it again. And it's friendly. And it's warm. I don't even know like the new organization they're at. I don't even know what the fuck they sell. I don't even care. But you're willing to have take dinner with them. Yeah, they're them. So I like them. So they're going to hang out with them. What are you guys selling? Once you have that trust with a practitioner, and with a practitioner leader, that that's a green card for life until you fuck it up. Well, and also,
00:49:09
Speaker
people talk right so like he's not like out there blowing up their spot because he trusts them he's not gonna be like don't ever buy from these people because they're charlatans exactly but if they don't trust you they do say that I am i um also in the Caesar Society as a head of community and people give very frank feedback on My rep is totally marking it up like 25%. Is this happening to anyone else with this vendor? Because they want, I mean, I don't know any human, let alone security practitioner who is operating in a vacuum. Like they're going to go talk to people. Security is a team sport, bro. Yeah, they got to talk to people. They got to like among colleagues or whatever. So if you got a bad name, you probably don't even know that you've torched your territory. Yeah, 100%. Because they're not going to tell you, but on your suddenly people aren't taking your phone calls anymore. Exactly. Tethics, guys. Be t ethical. OK, perfect. Next question. Jessica Wayland. There's a balance between relationship-based selling and that funny little thing called quota that weighs in the balance of the back of our brains each and every day. For those sellers that might be starting out and may not have industry knowledge, what are some easy to understand resources that they can consume that will help them not look like they wear a dunce cap or consume only the corporate Kool-Aid as they craft their outreach?
00:50:26
Speaker
Is there maybe three dos and three don'ts you would suggest right off the bat as starting points? Like for a new person, I would say... don't come off too salesy. like I know you're in a sales job, but don't come off like that. like in When you're having that conversation with me, and this is the the hard part to explain to people, and this is where the coaching of a good mentor comes in, it's how to demonstrate that energy, especially like over the phone if you're not having the opportunity to get in person, where you've done this before. Right? You don't have that nervous kind of like overselling sort of angle, like you're you're willing to jump on anything that the prospect gives you. When you're calm, you're relaxed on that phone call, you are going to get infinitely more success just because you're not coming at it with nervous energy. If I feel that you have nervous energy, I like want this call to end. And the other thing too is is kind of
00:51:21
Speaker
take the time, I hope your organization gives you the time for it, the runway, take the time to learn your service and your product enough to be dangerous. And by that, I mean, can you talk about it in your own words? You don't need to be the founder or the solution engineer. You just need to be able to talk about just some surface level, basic functionality, because that's going to gain your prospect's trust. If you call me about a product or service and you can't actually talk to me about it because you're not capable, you're done, you're out. And analogies will be your friend. Yeah, yes, you are the queen of analogy. ah I would say first do is just listen, right? You should listen to all your customers. You should probably talk to customer success and like understand what is working well and what isn't. So and then put time on the ground. So there's a great resource called infosecmap dot.com. These guys put together an incredible database. You can search cybersecurity events by type, city, literally any yeah dimension. And so I don't care where you are, there's an ISSA chapter, there's a b-size, there's a secure world. There's a something there that you should go to and just start talking, start hanging out, start
00:52:36
Speaker
Yeah. Feeling the crowd. But also to his point, ah I think a lot of salespeople are told, like you're going to do this and then like bring in the sales engineer. Security is a team sport. You need to go hang out with your sales engineer and like ask yeah tough questions. And again, the best sellers as we know aren't technical in so far as they have like any sort of engineering degree. But they have gone so deep into the documentation that they can explain it backwards and forwards. Oh, yeah. um I feel like the best reps are technical. Yes, and you know they have that, but it's not like, i do I do this, and sales engineer handle all the tech questions.
00:53:20
Speaker
yeah It's just like i don I love that I'm seeing more and more of that by the way where I'm like, oh, well, okay Salesperson's got some game. I love this and it's not just the I see the whole time So that's great. And by the way for anybody listening I both of my best friends I met when they were my reps and I was their sales engineer stuff be nice to your sales engineers. It'll pay you back for your life. Okay. The next question. Wade Hanson. Big fan of the pod. It's been helpful to get both perspectives to navigate the mistrust between vendors and customers in this space. As a relative newcomer to the commercial side of cybersecurity, I see companies like GuidePoint and Optiv. who have built a significant book of business by bridging that trust gap as value added resellers. How do each of you view the value add that these VARs bring to the equation? What are the pros and cons and best practices for working with VARs from the vendor and the customer perspectives?

The Decline of Value Added Resellers

00:54:12
Speaker
Do you want to know the real truth? Yeah. I'm getting away from bars. Oh. I find them to be useless, like, for the most part. um I find that they love charging their 10 to 15 points just to give me a purchase order. That's the value, man. But then I could just, for most organizations, and especially now that like money is no longer free, yeah I know that a lot of organizations that used to be like, you have to go through this far or that far. And I'm like, yeah, I don't think I want to re-renew with you now. Then they're like, well, no, no, you can go direct to us. We'll give you the discount.
00:54:41
Speaker
So now, because money is tight and quotas are getting heavily enforced, they're changing their tune. And for VARs, if you really want to add value, send me someone who's going to figure out for me how I can best deploy the thing you're trying to sell me. That's value. But you're just like giving me the PO and quarterbacking that like sales process? Yeah, I've never understood that model. All it is is is it's organizations who are like OEMs or whatever who don't want to invest in their own sales team. The L sorts it out to the VAR. The problem is the VAR doesn't know how to sell your product because you are one of
00:55:20
Speaker
$1,000. And you don't have like as close of a relationship with even the AEs on the OEM side if they're going through a VAR because the actual transaction conversations are through the VAR and it just adds another layer. right So until VARs actually get more involved with the sales process and that's at ideation, that's at discovery, that's at the actual solution architecting. Being in the room with you. Yeah, the resulting firm. Being in the room.
00:55:45
Speaker
then I really just find them useless. My CIO and I are on the same page, is that if we can get rid of them in the relationship, we do. I've heard this more and more, so he's not yeah alone in that. it's The ah perception is the value add is really just the margin pad versus an assistant, a consultant, and an ally. in them Right. I was going to say, because we all know I came from a bar. Two, actually. One of them was listed.
00:56:09
Speaker
um But I will say this. Here's what's crazy. So i when I was at one of these bars, and it's not the most recent one, someone before that, I was like a technical account manager. So I was both. And i I sat there, and I was like, you know what? I feel like I refuse to take the title. It's like salesperson. I was like, dude, there's no way. I just went my whole life. I've been an engineer and a practitioner. And if I put the word sales anywhere, like I'm screwed right without the word engineer next to it. So they made me a technical account manager. I think it was like is some weird title. but um Either way, I was like, this is kind of like the role of a future for VARs, because you really have to have like a consultative approach to everything from like an engineering perspective, but like just enough soft skill to actually like sell it and like be able to converse this and like get this through to a board of directors or whoever it is that you're actually representing. Because then you can take that and use like the architectural side of your brain and go, OK, how can we consolidate stuff you already have yeah so that we can save you? And so you're not spending more. We're actually just reallocating money that you already have and like developing kind of a new architecture and program Or they've been in the room and they know that there's a new plan or a new maturity curve that you're aiming for. yeah But we should get to the lightning round. Ready for the lightning round. Here we go. Okay.

Lighthearted Quickfire Questions

00:57:18
Speaker
enries Zen Tree Zoller says, George A's favorite hockey team. Montreal, Canada. Okay, perfect. Brownin says, weirdest place or situation in which you've recorded the podcast?
00:57:28
Speaker
I was in an Airbnb closet. I threw a quilt down. Stevie, the sound engineer, understands because it was echoey as hell. I was so hot. I was like sweating on the podcast. But it was the only place that I could record this quiet. That's great. Yeah.
00:57:43
Speaker
ah I was at the ah balcony of a hotel that we were running a strap planning thing with our division in Europe on. So I was dealing with European Wi-Fi, people having smokes all around me and just like randomly coming into the shot while we were trying to deal with background noise from the street yeah in Serbia. Sounds chaotic and amberish, I should love it. Okay, Vegas Podcats, pet peeve.
00:58:09
Speaker
Don't come to our podcast and like, snack. Yeah. Jesus Christ. That was weird. ASMR. Dude, that was weird. I was like, what part of you thinks that this is OK? This is like, high-fidelity mics. Don't chew into them. Oh, yeah. Crumbs and everything. But yours. She knows what I'm talking about. Right?
00:58:26
Speaker
when When guests come, like almost not prepared to talk, like do you remember i that one guy? We were just like pulling teeth, man. Yeah, it was just pulling teeth out of him. I hate that. Like why are you on the show then if you don't want to talk? There you go. Okay. What's the full story behind the Fist and Bolt logo?
00:58:40
Speaker
Oh, I gave my friend Jamil the briefest of creative briefs, which is the epi the show will be called Bare Knuckles and Brass Tax for this reason. And I don't know. It's just got to be aggressive. There's got to be a fist in there. I don't know, like lightning and insight and whatever. And she's like, OK, I got it. And that's what she came back with. Perfect. Yeah. I love that. She's a genius.
00:59:01
Speaker
Okay, Aaron Kinder, if you had to choose between a world with no zero-day vulnerabilities and no surprise meetings, which would you pick? Oh, surprise meeting hands down. Oh, I was going to say zero-day. Surprise meeting hands down. Of course, security. Security and CSO, that's perfect. Okay, Eloise Taylor, if practitioners and vendors had to physically battle it out, gladiator style, over a security contract, what weapon would each wield and who would win?
00:59:22
Speaker
Mmm, I'm gonna say I think that the vendor is gonna go defensive because they're trying to like protect that contract, right? They're gonna come out with a shield, but I don't know so it's vendor versus who the buyer vendor versus buyer in the Coliseum in the Coliseum I'd say like we probably will have a vendor versus vendor Oh, vendor versus vendor. Oh. Oh, wait, no, no, I'm sorry. It is practitioner's event. I got to go back. I go back to that. You know the the thing with the spike ball with the chain on the end? Like a mace? A mace, yeah, a mace. like We would be using a mace. Because for us, it's like, we don't want to talk to you, so get away. But then we do want to talk to you, so get over here. Oh, right wow. There you go. OK. And last one, Elena. Yeah.
01:00:05
Speaker
POMCO. Should cybersecurity marketers and sales people learn cybersecurity? And do you have any special group chats where you put and discuss all unethical companies? Answer the second one is 100% either in communities or private WhatsApp groups that's happening more and more. So your your name and your rep counts for a lot.
01:00:27
Speaker
Marketing and sales people, yes. i don't think you need to I think out of curiosity, you should learn ah cyber stuff. I mean, I've been working with computers since I was seven, so like a lot of the networking stuff I already knew. But yeah my education was more in talking like how do you build a program, like learning about the stakeholder management and like the structure of teams. So I think if you're trying to sell technology into a team and you don't know how a team operates,
01:00:51
Speaker
well are you go how are you gonna yeah just wing it yeah I just want to key on a point that George said there is is curiosity. and so We talk a lot about um you know curiosity being a critical factor and a security analyst having success in their career. If you're not a fundamentally curious person, security is really not for you.
01:01:08
Speaker
I think the same thing goes with with sellers, and they should be curious enough about the tech, about what they're selling, about generally what's happening in the industry to to have that open-mindedness. And I think there's a world of a difference. and You don't have to have a STEM background, but if you are curious and you are a hobbyist about tech, there's a difference between talking to a seller that actually likes the stuff, likes tech, versus someone who's just like, I have to do this because this is what I'm doing for work. This is the widget, buy the widget.
01:01:35
Speaker
Two completely different things. And for me as a practitioner, I definitely want the person who's curious, who's open-minded, who's going to be a good conversation. I love that. And just give a shit. That's what it comes onto. That's what we're going to add. That's our new t-shirts. Give a shit, yeah.
01:01:51
Speaker
Awesome. Well, that kind of wraps it up for all the lightning rounds and all the other questions. And thanks, guys. Thanks for joining my show today. It's been great to have you on. Thanks, George Dee. Yeah, absolutely. George, do you the hose? Props to teach kids tech. That's right. Teach kids tech, y'all. That's right. Start them as early as possible. Negate. Navigate. Oh my god, I can't even say it. Navigate. This is the blooper reel. It is great. Around all of these obstacles, early. All right.
01:02:17
Speaker
That's it. That's episode 100 in the books. Thank you very much to Bright Future Media and our media partners. and that's great Thank you. Thanks, everyone.
01:02:33
Speaker
If you liked what you heard, be sure to share it with friends and subscribe wherever you get your podcasts for a weekly ballistic payload of snark, insights, and laughs. New episodes of Bare Knuckles and Brass Tax drop every Monday. If you're already subscribed, thank you for your support and your swagger. We'll catch you next week, but until then, stay real.