Anne Baker's journey from mechanical engineering to cybersecurity marketing is nothing short of inspiring. With a love for math inherited from her father, Anne began her career at Boeing before leveraging her engineering skills in various roles, eventually landing in the tech-forward world of cybersecurity marketing. We share our own unconventional paths, including a leap from criminal justice to cloud security engineering, while highlighting the diverse backgrounds that enrich this field. The demand for cybersecurity talent is growing rapidly, evidenced by unique career shifts like an opera singer becoming an application security engineer.
The discussion turns to the significant role soft skills play in cybersecurity, often overshadowed by the emphasis on technical prowess. Drawing from personal experiences, we underline the necessity of communication and conflict resolution skills, learned in high-pressure roles, to succeed in cybersecurity. It's crucial for candidates to balance technical expertise with the ability to foster teamwork and drive security initiatives through effective communication. Hiring for attitude and aptitude, not just technical skills, can lead to growth and stability in this fast-evolving industry.
Interdepartmental dynamics in cybersecurity bring their own set of challenges, from maintaining security protocols under developer pressure to the tension between IT and security teams. We explore how effective communication and emotional control are vital in fostering productive relationships across teams. Additionally, the conversation highlights the innovation of Adaptiva's OneSite platform in automating vulnerability management, helping simplify the patching process. To top it all off, we discuss a remarkable opportunity for aspiring cybersecurity professionals: scholarships for the Microsoft Fundamentals course in security, offered through a collaboration with Women in the Cloud. This inclusive initiative is a great starting point for anyone looking to enhance their cybersecurity knowledge and skills.
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, Anne?
00:00:02
It's great to get you on the podcast.
00:00:04
I think that we've been trying to get this thing done for a
00:00:07
couple months now, but I'm really excited for our
00:00:10
conversation.
00:00:11
Speaker 2: Thanks, joe.
00:00:11
It's great to be here, Happy to finally connect.
00:00:15
Speaker 1: Yeah, absolutely so, anne.
00:00:17
You know why don't you tell me about how your journey started,
00:00:22
right?
00:00:22
What made you go down the path that you did?
00:00:24
Because you have a bit more of a unique background compared to,
00:00:28
you know, the other degenerate hackers that I have on the
00:00:32
podcast, right?
00:00:34
Speaker 2: Yeah, I know.
00:00:35
Thanks for letting you know someone from the dark side of
00:00:37
marketing come into your, your podcast.
00:00:40
I appreciate it.
00:00:41
But I I did start with an engineering degree so I actually
00:00:45
went from the tech deep tech over to a little more soft
00:00:49
skills but still have stayed in technology and cybersecurity and
00:00:54
have really loved this industry and space.
00:00:57
So happy to be on the show.
00:01:02
Speaker 1: So you got your degree in engineering.
00:01:05
What specifically like, what part of engineering?
00:01:08
Speaker 2: I did mechanical engineering.
00:01:10
I really loved math and looked at different careers that would
00:01:15
allow me to do things with math and numbers and analytics, and
00:01:21
it went into that area.
00:01:22
My father was an engineer.
00:01:23
He really encouraged me, which I appreciate to this day, and I
00:01:32
started out interning at Boeing in true kind of mechanical
00:01:34
engineering and then, you know, just sort of evolved evolved
00:01:38
into more product management and then now kind of all aspects of
00:01:42
marketing which I enjoy and still getting to work with a lot
00:01:47
of the technology, getting the dive as deep as I want to go but
00:01:51
still be able to enjoy some of the creative aspects that
00:01:54
marketing brings.
00:01:57
Speaker 1: Yeah, it's interesting, when I was in
00:01:59
college I was getting my degree in criminal justice and I worked
00:02:02
with a guy that was getting his degree in mechanical
00:02:05
engineering and you know, he, he studied more than anyone else I
00:02:11
knew, and I I mean he.
00:02:13
He ended up getting his degree, but he didn't go into
00:02:16
mechanical engineering or anything like that, he actually
00:02:19
just went into iet and I.
00:02:22
I graduated like a year or two ahead of him and I told him I
00:02:26
was like hey, you know, I know you're trying to be a mechanical
00:02:29
engineer, right?
00:02:30
I don't know what the career path looks like for that, but
00:02:33
you already have experience in IT.
00:02:34
Just look at that first and then try and make your pivot.
00:02:37
You know, because he had student loans, like I did, right
00:02:40
, so he has to have an income, you know, coming in to pay off
00:02:44
those loans.
00:02:45
But it's really fascinating, right?
00:02:47
Because I always think if I were to go back and like get my
00:02:51
bachelor's and do it all over.
00:02:53
I would probably get my degree in, like math or engineering or
00:02:57
something like that.
00:02:58
Like that is right.
00:02:59
In my wheelhouse I took calculus for fun, because it was
00:03:02
.
00:03:02
I considered it to be an easy class, and math that is an easy
00:03:06
class.
00:03:06
To people that are not in math, you know that's considered to
00:03:10
be like a difficult class, right , I took.
00:03:13
I literally took it for fun and I wanted to go farther with it.
00:03:18
But it was like, okay, you're gonna, you're gonna do criminal
00:03:20
justice, you're gonna do math.
00:03:21
And I was like I don't know about that math thing yeah, I
00:03:25
did.
00:03:25
Speaker 2: There's something great about like getting that
00:03:28
solution at the end of a problem , and so I still, uh, really
00:03:32
enjoy, enjoy math although I don't get to do it nearly as
00:03:35
much anymore now.
00:03:37
It's just maybe calculating revenues and things like that
00:03:39
not as not as much detailed calculus as I was doing at one
00:03:43
point.
00:03:43
But engineering is a great degree that you can use to
00:03:47
bounce off into so many different fields of study, and
00:03:51
that's how I feel about cybersecurity in general.
00:03:53
You know we're seeing more and more people come into this field
00:03:57
and this realm and this area.
00:03:59
They come from all different backgrounds, right.
00:04:01
Sometimes it's communications coming into cybersecurity.
00:04:04
Come from all different backgrounds, right.
00:04:05
Sometimes it's communications coming into cyber security,
00:04:07
sometimes it's testers.
00:04:07
Speaker 1: It all different, different areas that are now
00:04:10
joining kind of the whole swath of cyber security professionals
00:04:13
that are needed to kind of fill some of the resource gaps that
00:04:16
are happening in this industry today yeah, yeah, it's
00:04:20
interesting, you know, as, as I mean, now I'm a cloud security
00:04:26
engineer, right, and so I have to be able to think of problems
00:04:30
forward, backwards, start at the middle, go to the end, start at
00:04:33
the middle, go to the front.
00:04:35
You know, like I have to really be able to just dissect
00:04:38
different problems, no-transcript, you know you'll
00:05:06
see a solution and you start thinking of, okay, well, how did
00:05:08
they get there?
00:05:09
Well, this is probably where they started.
00:05:11
And you know, like it's a game, almost right, and I think that
00:05:16
that's what kind of piqued my interest with cybersecurity,
00:05:20
right, is that ability to be so fluid with your thinking.
00:05:24
Because, you know, I guess it's interesting.
00:05:26
I don't consider myself to be a very creative person.
00:05:28
I consider myself to be like very average, not creative at
00:05:31
all.
00:05:32
I can't draw to save my life.
00:05:33
I can't play an instrument to save my life.
00:05:35
My wife, on the other hand, she can play like six or seven
00:05:40
instruments, you know, like hands down, like she's a
00:05:43
symphony orchestra violinist, like I'm sitting over here, the
00:05:53
least talented person in my, in my family, you know, and somehow
00:05:54
I made it right.
00:05:55
So it's interesting.
00:05:55
Also, you know, you bring up the different backgrounds that
00:05:57
everyone is coming into cybersecurity with, and a few
00:06:00
months ago, maybe even a year ago at this point I think it
00:06:02
might have been a year I had on someone that was a former opera
00:06:06
singer and now she's an application security engineer
00:06:09
and I'm sitting here like how in the world do you make that jump
00:06:16
?
00:06:17
Speaker 2: I think you're going to see more and more of that,
00:06:19
though.
00:06:19
I mean because there is this huge gap, right, four million or
00:06:24
something.
00:06:24
The world economic forum said open jobs and a deficit in cyber
00:06:29
security workers, and so there's a huge opportunity here,
00:06:33
when the job market as a whole may not be as exciting in tech
00:06:37
as we'd like it to be, and so you know you're going to see
00:06:40
people, I think, explore it and see if there are ways for opera
00:06:44
singers or marketers or other people to play a part, because
00:06:48
it is one of the maybe unique roles in tech where you really
00:06:51
feel like you can make an impact and that you're giving back.
00:06:56
In a way, there's a you know, there's a real purpose to it, in
00:06:59
the sense that you're fighting the bad guys.
00:07:01
Speaker 1: Right, you're fighting the bad guys, right,
00:07:21
and you're, you know, not only helping companies be more secure
00:07:24
and resilient, but potentially even the whole 2014, 2015,.
00:07:29
I was doing everything under the sun that I possibly could be
00:07:32
to get into the field.
00:07:33
Yeah, you know anything like that really.
00:07:42
You know, in all honesty, I was underpaid, so I wanted to make
00:07:44
more money, right, I wanted to, like, make enough money to have
00:07:47
a family and whatnot.
00:07:48
But it also, like, piqued my interest.
00:07:51
It seemed like there was just, you know, never ending amount of
00:07:55
things that I could learn, that I could dive into, that I could
00:07:58
specialize in.
00:07:59
And now, you know, that still holds true, right, and so that
00:08:03
kind of scratches that itch for me in a different way, if that
00:08:07
makes sense.
00:08:07
But I think COVID kind of I don't want to say exacerbated
00:08:14
the situation, but it really put cybersecurity at the forefront,
00:08:20
right, because you know, I'll tell you, I have a friend.
00:08:27
He's a manager in a in a ford manufacturing plant, right, and
00:08:31
I went to high school with him and we've stayed in touch ever
00:08:33
since and whatnot.
00:08:34
And when covid hit, he was out of work for like six months.
00:08:37
Like six months he was basically out of work and for
00:08:41
the next maybe two years after that, there will be months where
00:08:45
he just didn't work because they'd shut down the plant for
00:08:48
whatever reason.
00:08:49
You know, and I'm, I'm over here just living my life like
00:08:53
nothing ever changed, because it literally never changed.
00:08:56
You know, the only, literally the only thing that changed for
00:09:00
me was my manager calling me one day and saying yeah, you're
00:09:04
just going to be remote now it's fine.
00:09:06
And I've been remote for the past, you know, four years, five
00:09:09
years at this point, and like there's nothing changed, right,
00:09:13
I've changed jobs several times and whatnot.
00:09:15
And he looks at that and he's like man, I really want, I want
00:09:18
the stability, I want the freedom to be able to you know
00:09:22
kind of work from wherever I want to work.
00:09:25
It doesn't make sense for me to have to be in one singular
00:09:27
place, you know, to do a job.
00:09:29
And he, he wants to be able to have a family, you know, have,
00:09:34
have a career that is paying, paying the bills, you know,
00:09:37
having some money left over for the family and whatnot.
00:09:39
And I think that was put to the forefront of everyone's mind
00:09:43
where there was like I feel like it happened for a week, but
00:09:48
during that week people were like well, what jobs are still
00:09:52
working right now?
00:09:53
What jobs were not even impacted and I mean the job that
00:09:57
was the least impacted that worked the entire time was
00:10:00
cybersecurity.
00:10:03
Speaker 2: Yeah.
00:10:04
Yeah, I mean, that's really eye-opening yeah, I mean, not
00:10:07
only is, I mean obviously cyber security is a, you know, fairly
00:10:10
lucrative field, but yeah, it's not going away anytime soon.
00:10:13
In fact, the problem's only getting bigger.
00:10:15
I mean my company, adam tiva.
00:10:17
We're in the patch management space, where we're patching
00:10:20
vulnerabilities that are discovered on endpoints, and
00:10:24
last year there were like 26 plus vulnerabilities discovered
00:10:28
.
00:10:28
It's going up this year and the meantime the exploitum just
00:10:32
keeps getting faster and faster.
00:10:34
I think it was like seven days on average, and for some of the
00:10:37
high risk ones it was like less than a day.
00:10:39
So when you are facing those kind of numbers and with some of
00:10:43
the new technology that's coming out, like AI, that only
00:10:46
makes it faster and easier to secure your network, but also,
00:10:50
potentially, if the bad guys use it, exploit it, then you know
00:10:56
this career path is one that is only going to become more and
00:11:00
more in demand and potentially, you know just more and more
00:11:04
areas to be able to focus on and have to look at and secure.
00:11:09
And so you know, obviously I think it's a great area to be
00:11:14
involved in, but one that I hope we can recruit more people into
00:11:18
and bring more people into, because there's so much work to
00:11:21
be done.
00:11:23
Speaker 1: Yeah, it's interesting.
00:11:25
You bring up an interesting problem, because I feel like
00:11:31
still there's a lot of companies out there that don't know the
00:11:35
type of position or the type of person that they're looking for
00:11:39
to really come in and make a meaningful difference.
00:11:42
I'll give you an example, you know previously, when I was
00:11:46
interviewing for a job which, if you're my employer right now
00:11:50
and you're listening, I haven't done it in a while, right, but
00:11:55
people would be like extremely, extremely technical, right, and
00:12:00
that's fine, I can deep dive into things.
00:12:02
But typically when I get into those interviews, you know the
00:12:06
recruiter is prepping me ahead of time and they're saying like
00:12:09
hey, they're going to do a deep dive into IAM or Kim or whatever
00:12:13
.
00:12:13
It might.
00:12:14
Be right, because it's a courtesy, it gives me the
00:12:16
opportunity to brush up on that knowledge, because I'm not going
00:12:21
to know everything at all times .
00:12:23
I may have learned it for three months and I haven't touched it
00:12:27
in four years.
00:12:28
I mean, that's a very real thing.
00:12:30
It's not that I don't know it, it's that I haven't looked at it
00:12:33
.
00:12:33
You know, like there's a very big difference between the two.
00:12:36
You know, and you know, this role really needed someone that
00:12:40
was more of a people person.
00:12:42
You know someone that would actually meet with the teams,
00:12:44
get to know them.
00:12:45
You know, kind of sway them to patch.
00:12:48
You know one of those 26 vulnerabilities right and make a
00:12:52
difference in the environment.
00:12:54
And you know this company kept on going extremely technical.
00:12:58
And I'm sitting here like guys, you don't need that.
00:13:00
What you need is you need someone that can talk to people,
00:13:03
that of which you know I have a proven track record of over 200
00:13:07
episodes where I could talk to you.
00:13:09
Know anyone and make an impact right, make a difference to some
00:13:13
extent.
00:13:14
But they didn't see it like that, you know.
00:13:20
But they're hiring for a role now that isn't going to be a fit
00:13:23
for the job functions that they have, and that's a problem that
00:13:25
is very prevalent, I think.
00:13:27
And then I think another part of it is companies.
00:13:32
One, they don't know really the skill sets necessary for the
00:13:37
role.
00:13:37
But two, we're also under-hiring.
00:13:41
If you go on LinkedIn Jobs right now, I feel like LinkedIn jobs
00:13:44
is a good barometer for where the job market is.
00:13:48
Every single security role out there has over 100 applicants,
00:13:54
every single one, and if you find one under a hundred, like
00:13:58
it's a, it's a rarity.
00:13:59
You're on page 12,.
00:14:00
You know you're probably pretty desperate at that point, which
00:14:03
is which is crazy to me, because it it tells me something really
00:14:07
weird is going on in the market , where I think everyone's a
00:14:11
little bit nervous.
00:14:12
You know, we have a, we have a major election coming up here in
00:14:15
a couple of days.
00:14:16
People are nervous about where the economy is going to go, like
00:14:20
what the outlook of it is, and I think a lot of companies are
00:14:23
also worried, and so we're.
00:14:26
We're in an interesting like limbo that we haven't been in in
00:14:29
quite a long time at least not not that I remember.
00:14:31
You know I entered the workforce what I like 2009,
00:14:35
technically right, and that was at like the tail end of the
00:14:39
recession, so I didn't even really understand the recession,
00:14:44
you know of like what was going on when it was happening, you
00:14:47
know yeah, and I I mean I I really agree with you.
00:14:50
Speaker 2: Your ability, you know, to communicate is key, I
00:14:53
think, in the cyber security role and you're not alone in
00:14:56
that sometimes those technical certifications and things will
00:15:00
open the door for you and get you the interviews.
00:15:02
But in hiring today there really has to be that balance, because
00:15:07
I had a boss shout out to Lisa Stewart that used to say she
00:15:11
hired for attitude as much as aptitude, and I think that's
00:15:16
really going to become key with cybersecurity roles in
00:15:19
particular going forward, because, you know, not only do
00:15:22
you have to have those technical skills to be able to do the
00:15:25
forensic analysis or whatever the job is requiring from, you
00:15:30
know, just security perspective, but you have to be able to
00:15:32
communicate that, you have to be able to present it to the team,
00:15:35
you have to be able to convince people to, you know, do certain
00:15:39
, take certain courses of action , and you also have to maybe
00:15:44
have just sort of that creativity to try different
00:15:46
solutions to problems.
00:15:48
So, um, and hopefully high integrity as well in this role
00:15:51
is key, uh, too.
00:15:53
So there's a lot of soft skills there that just have to blend
00:15:56
with the the technical skills as well in order to really make a
00:16:00
good candidate and a good employee, but it is still very
00:16:05
competitive.
00:16:06
I agree it's kind of hard to get your foot in the door
00:16:08
sometimes on these positions.
00:16:10
For sure, and a lot of people are recognizing there's a lot of
00:16:14
growth potential, stability potential in this space that are
00:16:19
struggling to kind of find their way in and navigate how
00:16:23
they at least get that first door open for them in
00:16:26
cybersecurity.
00:16:27
Speaker 1: Yeah, yeah, that's a good point.
00:16:30
You brought up the soft skills, right.
00:16:33
We've been talking about it for a bit now, right, but you
00:16:37
brought up the soft skills and having that foundation of soft
00:16:40
skills really, really benefits.
00:16:42
You know you like tenfold in cybersecurity and I'll give you
00:16:47
a good example.
00:16:48
You know I started my career in help desk right, when you're on
00:16:51
help desk and I worked for an enhanced 911 company, right.
00:16:55
So when our solution is going down, people typically just lose
00:16:58
their mind because they may or may not be able to dial 911.
00:17:02
And, yes, it is absolutely an emergency, but you know you
00:17:06
don't have to, you don't have to yell at me right from hello,
00:17:10
right so, but I've learned a lot of social skills in that job,
00:17:15
right, and for probably a year and a half, you know I would
00:17:18
have like massive anxiety in this job, to the point where I'd
00:17:23
have to like go for walks, you know, several times a day for 30
00:17:26
minutes just to just to like decompress and process what I
00:17:30
just went through.
00:17:31
And you know that that may be sound I guess that maybe sounds
00:17:36
potentially like weak or stupid or something like that Right,
00:17:39
but you know, going from being in education right, just being
00:17:43
in college to a job that is high stress like help desk overall
00:17:49
can be high stress regardless but now you're thrown into a
00:17:52
company that supports a critical application for a business and
00:17:55
you don't even know what a critical application is.
00:17:58
You know because you're that new in the field.
00:18:00
It was a trying time but you know.
00:18:04
In that situation I learned how to de-escalate very quickly.
00:18:09
I learned how to you know find out critical information within
00:18:13
30 seconds.
00:18:14
Within 30 seconds, you know find out critical information
00:18:15
within 30 seconds.
00:18:15
Within 30 seconds, you know what's going on generally and
00:18:18
you can start making progress and whatnot.
00:18:20
I learned how to get the right people on the call right from
00:18:22
the very beginning.
00:18:23
You know how to assess the situation quickly and move
00:18:26
forward with it in the right direction.
00:18:28
And all of those skills really do pay off when you get into
00:18:33
security because I always, I always tell people start with
00:18:36
help desk right, like you want.
00:18:38
You want the ability to tell someone no, have them yell at
00:18:43
you in return and you stick to your no, right?
00:18:48
I'm 10 years into security, literally.
00:18:54
Last week I had a phone call with 150 developers on the call
00:19:00
and then I was the only security person on the call the only one
00:19:04
and they were trying to convince me.
00:19:08
At first they were very nice.
00:19:09
They were trying to convince me to put in a certain rule into
00:19:13
my AWS WAF that I was rolling out globally.
00:19:18
And they couldn't really explain it properly.
00:19:21
Right, because I need to know what the rule is, why it's
00:19:23
getting blocked, why do we need to add this exception?
00:19:26
Does it bypass the entire WAF?
00:19:29
You know all of these.
00:19:30
You know minutiae, right, the things that you need to know for
00:19:35
the technical aspect of the job .
00:19:38
Well, at one point in time they couldn't give me any straight
00:19:42
answers, and so I just kept on asking questions for 30 minutes.
00:19:45
I asked questions, I didn't give any answers, I didn't give
00:19:47
any context.
00:19:48
I only asked questions because they were trying to beat around
00:19:50
the bush and I could tell they were trying to bully me into,
00:19:55
you know, just going with them, right, because they wanted to
00:19:57
get off this call.
00:19:58
And so they figure okay, 150 developers are going to
00:20:01
overwhelm Joe and you know he's going to give us what we want.
00:20:04
Right, because it probably would have worked.
00:20:06
At the other, you know 10 security guys that they had
00:20:09
there, but not with me because I got all day.
00:20:12
You know, you, that they had there, but not with me because I
00:20:16
got all day.
00:20:17
You just made this a priority, right?
00:20:21
So now I get to call other things off and at the end of the
00:20:23
questions, literally 30 minutes of me questioning it.
00:20:24
I said you guys are just trying to bully me into bypassing the
00:20:26
WAF because you don't want to deploy it, you don't want to
00:20:28
work within it.
00:20:29
And I had to explain to them.
00:20:31
I said, hey look, this was an audit finding right.
00:20:34
They gave us a timeline for when we needed to fix this.
00:20:38
This is why it's going in.
00:20:39
And they like tried to rebuttal it, tried to refute it you know
00:20:43
many different ways and whatnot and I said there is no refuting
00:20:48
this.
00:20:48
You are doing this or it's going to be reported to your VP
00:20:52
and your director and I will reference this conversation and,
00:20:55
like I told him, I was like it's being recorded.
00:20:58
I have the minute keeper, like right now, and I'll tell them go
00:21:02
to minute 33 in this conversation where I started to
00:21:06
like really go into them.
00:21:07
Speaker 2: Yeah.
00:21:09
Speaker 1: Right, and at the end of the day, you know they very
00:21:11
begrudgingly went along with it.
00:21:14
But you know I had to learn how to stand my ground from 10
00:21:17
years prior, Right, Like I had to learn how to literally look
00:21:22
at someone that is yelling at me in the face in person to you
00:21:27
and you know, tell them no, that's not happening and that's
00:21:33
a very unique skill set that not many security professionals
00:21:37
have.
00:21:37
Like I said, the other 10 security people that they would
00:21:41
have had on that call, they would have just caved in 10, 15
00:21:45
minutes.
00:21:45
It's funny they wouldn't have known that they were making the
00:21:48
environment less secure.
00:21:52
Speaker 2: Our CEO here and founderak kumar.
00:21:55
He came, he actually has a medical degree, so he was a
00:21:58
doctor and now he does software, so he's made a big career
00:22:02
transition.
00:22:03
But he has often, uh, talked about, just you know, the need,
00:22:08
especially when you're in the medical profession and dealing
00:22:10
with emergencies, to sort of stay emotionally calm and how,
00:22:14
like, having a control over your emotions is so key in just
00:22:18
day-to-day business, creating, in marketing and also in even
00:22:24
our technical roles.
00:22:25
He really encourages us to look for people who either have a
00:22:28
customer service background at some point in their career or
00:22:32
like a help desk background, like what you're describing,
00:22:35
where they've had to deal with challenging personalities and
00:22:40
figure out how to just maintain those relationships and be
00:22:44
professional and not get overly emotional or overly reactive in
00:22:48
those situations.
00:22:49
He feels that that basic skill set is something that is just so
00:22:54
hugely important in day-to-day business at all different levels
00:22:58
of the company, and so, as we recruit, that's something he
00:23:01
always encourages us to look for , and I think it applies to the
00:23:04
cybersecurity profession as well .
00:23:06
It's just like I said, even for marketing.
00:23:08
I tend to try to look for that too.
00:23:10
It's just a great skill to have , especially when you're on a
00:23:14
call with you know 150 people who might be, you know telling
00:23:18
you something different.
00:23:19
Figuring out just how you find common ground and work forward
00:23:23
is really key.
00:23:25
Speaker 1: Right, yeah, I mean I've.
00:23:27
You know, I've been in situations where I'll go into a
00:23:32
company and there's a terrible relationship between my team and
00:23:37
another team and of course, a system down incident occurs and
00:23:43
I need that other team.
00:23:44
We're relying on them and they really don't like to work with
00:23:48
us.
00:23:48
I have not shied away from bribery with food and drinks and
00:23:55
whatever it takes, you know, to get the help that I need I
00:23:59
agree on that.
00:24:00
Sometimes it's required.
00:24:03
Speaker 2: It really is.
00:24:04
You know, and I will say, the cybersecurity in general, a lot
00:24:08
of emergencies that that happen, and being able to handle those
00:24:14
crisis communications in a way that's, you know, done
00:24:17
professionally, delicately, understands everything and all
00:24:21
the implications that come at it , can be challenging.
00:24:24
So you have the those big emergencies that happen that you
00:24:27
really need strong leaders who don't get overly, you know,
00:24:33
overly emotional in some of those situations, but then also
00:24:37
just day to day.
00:24:37
I mean, you mentioned starting in IT or starting in help desk
00:24:41
as a way to potentially pivot and swerve into a cybersecurity
00:24:45
career, and one of the things I hear about most often, even from
00:24:49
our customers and prospects is most often even from our
00:24:56
customers and prospects is, you know, that kind of fight between
00:24:57
IT and security today or at least gap we'll call it gap
00:24:59
where you know security is finding all these
00:25:01
vulnerabilities and issues and then pointing to IT to go fix
00:25:05
them and that's saying, oh, it, you're not, you know, moving
00:25:08
fast enough and you're exposing me to too much risk, and so
00:25:11
there is sort of this constant kind of like back and forth
00:25:14
that's going on between IT and security today and having the
00:25:20
skill set to, you know, approach that from a collaborative.
00:25:24
How can we work together to reduce risk for our organization
00:25:28
?
00:25:28
Perspective is important, but you know where we're coming from
00:25:31
too.
00:25:31
Perspective is important, but you know where we're coming from
00:25:35
, too is we also want technology to help bridge that gap too,
00:25:37
between IT and security teams, where the reports and the
00:25:39
findings and the vulnerability assessments all that data is
00:25:43
there and being found by technology.
00:25:45
But then IT can also show their progress against it and how
00:25:50
they're taking action on that data, and you know the rationale
00:25:54
they have behind what they're prioritizing and how they're
00:25:57
taking action on that data.
00:25:58
And and you know the rationale they have behind what they're
00:26:00
prioritizing and what they.
00:26:00
They can connect all that in technology and use technology as
00:26:03
a way to bridge the, the security teams and the IT teams.
00:26:07
That can help augment some of the and hopefully resolve some
00:26:11
of the communication issues that come about because of just that
00:26:16
dynamic between IT and security teams.
00:26:20
Speaker 1: Yeah, you know something that I've recently run
00:26:24
into that's been a prevalent problem for many years now.
00:26:28
Right, is, with the advent of the cloud, your on-prem legacy
00:26:33
solutions don't quite work like they should in the cloud, right,
00:26:36
and so now you end up having, you know, six, seven solutions
00:26:40
doing vulnerability management, looking at different things,
00:26:44
different ways, and how in the world can your developers or
00:26:49
your engineers or just it overall keep up with that?
00:26:52
Right, because I'm the security professional that's supposed to
00:26:55
own all seven of those tools and I don't look at all of them.
00:26:59
Right, like I need a solution that correlates all of it,
00:27:04
brings it all in and tells me what I need to pay attention to.
00:27:08
Right, and I think that's like kind of where most of the
00:27:13
industry is missing the mark.
00:27:15
Right, it's like they provide a solution of we do pipeline
00:27:19
security vulnerability management, right, or we do
00:27:22
infrastructure in the cloud vulnerability management, all
00:27:25
this stuff.
00:27:26
It's like I don't care.
00:27:28
You said vulnerability management.
00:27:30
At the end of all of that, I need it all in one singular tool
00:27:34
.
00:27:35
Speaker 2: Yeah, and it's been interesting.
00:27:36
I mean, vulnerability management is one area, right,
00:27:39
but security in general I mean, how many different tools and
00:27:42
technologies and vendors are there in that space?
00:27:44
Now it's unbelievable, and that's why we're starting to see
00:27:47
especially some of the big leaders, like CrowdStrike and
00:27:50
Microsoft and others, start talking about consolidation.
00:27:52
And how can we help you consolidate the number of
00:27:55
vendors you're using, the number of technologies you're using,
00:27:59
so that you know, I mean because there's a risk to that.
00:28:02
I mean, just managing a whole bunch of different vendors is
00:28:05
hard on resources, but also, like making sure they're all
00:28:08
secure and keeping up to date is key, and so we are seeing a
00:28:13
move towards trying to consolidate and have fewer
00:28:17
vendors and fewer different products in the space.
00:28:22
And so I think the technologies that are going to be, you know,
00:28:24
cross-platform, like for us, like helping you patch Windows
00:28:28
and Mac and Linux on all your devices as opposed to needing a
00:28:32
different solution for each those are the ones that you're
00:28:34
going to start seeing win across the board.
00:28:37
And then also, in addition to just sort of consolidating the
00:28:43
different vendors, I think in general, you know just the more
00:28:47
that we can bring together visibility into what's happening
00:28:51
across your systems, the better in and get all your alerts and
00:29:05
keep an eye, but I feel like IT is missing, that IT doesn't have
00:29:06
that single view into all my deployments that are happening,
00:29:08
all my patches that are happening, all the things in
00:29:11
real time and I actually believe certainly that's where we're
00:29:14
heading from a product vision perspective is starting to give
00:29:19
companies more unified insight into both their security and
00:29:22
their IT operations, bringing them together into one kind of
00:29:27
single pane of glass so that you can stay on top of all the
00:29:32
changes and data that are happening across endpoints and
00:29:34
across the network.
00:29:37
Speaker 1: So talk to me about how Adaptiva does that right,
00:29:43
how you guys bridge the gap between all these different kind
00:29:47
of sprawling domains of vulnerability management and
00:29:50
bring it all together into a consolidated way.
00:29:54
Speaker 2: Yeah, so we built a platform we call it our one-site
00:29:58
platform and on top of that we built a suite of products, and
00:30:02
the one that most you know we're talking about most these days
00:30:05
is our patch management one-site patch solution which integrates
00:30:10
with all your different vulnerability management
00:30:13
solutions out there in the marketplace today.
00:30:15
So, for example, next week I'm going to crowdstrike's falcon
00:30:19
event in in europe and um, and there we'll be showcasing how
00:30:25
you can use Falcon to analyze and assess all the
00:30:29
vulnerabilities on your network.
00:30:31
They have something called their expert AI rating that
00:30:35
prioritizes them as critical, high, medium, low.
00:30:38
We take all that data and we take their criticality factors
00:30:43
in and we allow you to set up patching strategies based on
00:30:47
that data.
00:30:47
So if it's a critical one, maybe I want you to go patch it
00:30:51
right away with very limited approvals, but if it's a lower,
00:30:54
medium one, maybe I want to roll that out more slowly.
00:30:57
A series of deployment waves.
00:31:00
Deployment waves she set up those rules in our system, but
00:31:06
we're pulling in all the vulnerability management
00:31:07
information from the vulnerability management
00:31:08
providers and then we're kind of consolidating, reporting them
00:31:13
right.
00:31:13
So, immediately, the security teams can quickly see the
00:31:17
reports, see the insights in real time.
00:31:20
Okay, how are my vulnerabilities getting patched?
00:31:22
Which devices still need to be patched?
00:31:24
Which ones are successful?
00:31:26
What versions are they on All that rich insight and data in
00:31:30
real time?
00:31:31
So today in many companies those vulnerability assessments,
00:31:37
they print them out on like huge Excel spreadsheets and hand
00:31:41
them over to IT and say go patch this.
00:31:43
And they meet every week and kind of fight back and forth on
00:31:47
why more things weren't patched.
00:31:49
We're hoping again that by just pulling all that data, in
00:31:52
taking automated action on the data, you can solve that or
00:31:57
resolve those kind of back and forth fights on vulnerabilities
00:32:01
and provide a single, unified view into the compliance of your
00:32:05
organization and it.
00:32:08
Speaker 1: So it sounds like you know my, my developers or my
00:32:13
engineers.
00:32:13
They would be able to log in and like see the assets that
00:32:17
they're responsible for, or get like some sort of automated
00:32:20
alerts like hey, you know this new high finding or whatever
00:32:26
right is on your assets over here.
00:32:27
Here's the card.
00:32:28
Go work on it, that sort of thing.
00:32:31
Is there a flag?
00:32:34
Speaker 2: We're taking a slightly different approach.
00:32:35
I mean traditional patch management forces kind of the IT
00:32:40
teams to have to go in and every time a patch comes out
00:32:43
they have to take it down, take the metadata, configure it, test
00:32:47
it, roll it out to a test system, make sure it's working.
00:32:51
With us we have a team that's constantly putting those patches
00:32:56
into our catalog and really our customers just set up the rules
00:33:04
.
00:33:04
They say anytime for you know this group of machines or for
00:33:10
this type of patch, do these things, and so we let you really
00:33:16
set up the strategies and then we automate it.
00:33:19
So we believe in really speeding and accelerating the
00:33:23
patching through automation so you're not having to manually
00:33:28
patch and set up deployments for each patch.
00:33:30
You're setting your rules for patching as an organization and
00:33:34
we're taking care of the rest.
00:33:36
But we're putting controls in place too, because we know
00:33:39
automation can be scary.
00:33:41
Bad things can happen sometimes when you roll out patches and we
00:33:44
give a lot of control over that process so you can pause
00:33:48
patching, you can cancel patches , you can roll back patches to
00:33:52
previous versions.
00:33:53
Our belief is you need to move faster.
00:33:55
The bad guys are not slowing down.
00:33:57
You need to find ways to accelerate and free up your IT
00:34:01
teams and limited resources, and so by allowing them to set up
00:34:05
their rules and then we automate , but giving them controls and
00:34:08
guardrails that if something does go wrong, they can pause.
00:34:11
Take a minute.
00:34:12
That's our belief on how patching should really happen in
00:34:16
the future.
00:34:17
Speaker 1: Hmm, and does it work for like pipeline security or
00:34:23
pipeline vulnerabilities?
00:34:25
Speaker 2: We're focused on endpoint.
00:34:27
So our patching is around endpoints, but we're beta
00:34:32
testing right now the full cross-platform, so Mac, linux
00:34:35
and Windows updates, and then also third-party applications,
00:34:39
and then also third-party applications.
00:34:41
We support patching of over 9 third-party applications
00:34:46
BIOS, drivers, servers, all sorts of patching, truly unified
00:34:51
endpoint patching.
00:34:54
Speaker 1: That's interesting.
00:34:55
It seemed like when I got into security, the industry was at a
00:35:07
scheduled, a scheduled, you know patching process right, where
00:35:09
you're like, like what you said, this group of devices gets
00:35:10
patched, you know, every monday night at like midnight or
00:35:13
whatever it might be right.
00:35:14
And then I think, as people got more into the cloud and their
00:35:18
environments grew rapidly, they started moving away from that.
00:35:23
It's interesting because I actually never noticed moving
00:35:28
away from it, but I moved away from it and it's a fascinating
00:35:33
way to kind of bring it back, especially if you're
00:35:37
centralizing all of it right, like you're making it more
00:35:41
easily consumable for everything to be in one place and then
00:35:48
schedule it out from there.
00:35:49
That really kind of like frees up at least my developers, right
00:35:54
, frees up my developers to be able to do developing work
00:35:57
rather than security work necessarily.
00:36:01
Speaker 2: It's the only way you can really start.
00:36:02
I mean, with the rate of vulnerabilities that we were
00:36:05
talking about earlier and just how many are coming at you and
00:36:08
how quickly they're being exploited, the only way that you
00:36:11
can get the scale necessary is to automate work, and right now
00:36:17
we did a state of patch management report with the
00:36:19
Ponemon Institute and we found that 59% said it was taking them
00:36:24
two weeks or more to begin a patch, a deployment after a
00:36:28
patch was released.
00:36:29
So that's just like way too long when, on average,
00:36:32
vulnerabilities are being exploited every seven days.
00:36:35
And in many cases I think Gartner found it was taking,
00:36:38
like companies, a month or more to fully roll out of cash.
00:36:41
So that's just never.
00:36:43
You're just constantly going to be behind and it's never going
00:36:47
to scale.
00:36:47
And so we're very bullish on automation that's going to help
00:36:52
you scale, but automation with control, yeah.
00:36:56
So yeah, it's a mindset shift a little bit for companies, but
00:37:01
with how limited we are in resources right now and people
00:37:06
to just tackle this problem, technology is going to have to
00:37:10
fill the gap.
00:37:11
Speaker 1: Yeah, yeah, absolutely.
00:37:13
Well, you know, unfortunately, I think we're at like the top of
00:37:18
our time here.
00:37:18
I know you have a flight to catch and whatnot, but you know
00:37:21
I really enjoyed our conversation.
00:37:23
I definitely would want to have you back on sometime.
00:37:26
Speaker 2: Yeah, it was great, joe, I loved it.
00:37:28
Thanks for letting a marketer stray over here.
00:37:31
I appreciate it and would love to talk again in the future.
00:37:34
Speaker 1: Yeah, yeah, absolutely.
00:37:36
Well, before I let you go, how about you tell my audience you
00:37:39
know where they could connect with you if they wanted to
00:37:41
connect with you and where they could find the company if they
00:37:44
wanted to learn more?
00:37:45
Speaker 2: Sure, I'm very active on LinkedIn, so that's a great
00:37:48
place to find me and Baker and LinkedIn, and then also Adapteva
00:37:54
is the name of the company A-D-A-P-T-I-V-A.
00:37:57
If you're a drummer, I want to go check that out.
00:37:59
I blog on there and we have a lot of great resources just for
00:38:04
training.
00:38:04
And also, I know we talked a lot about entering the
00:38:07
cybersecurity field.
00:38:08
I will just put a shout out to.
00:38:10
I'm very active in Women in the Cloud, and Women in the Cloud
00:38:14
right now is working with Microsoft, who's sponsoring over
00:38:18
5 scholarships for people who want to take the Microsoft
00:38:24
Fundamentals course in security.
00:38:26
That's a great one for women and allies as well.
00:38:29
It's gender neutral to go and apply for those scholarships.
00:38:32
If you want to break into cybersecurity, I highly
00:38:35
recommend going and taking a look at that, and that's a great
00:38:38
way to start getting some of those early certifications with
00:38:41
Microsoft in order to start showcasing and learning more
00:38:46
about cybersecurity.
00:38:47
So definitely check that out as well.
00:38:49
Speaker 1: Yeah, absolutely Well , thanks everyone.
00:38:52
I hope you enjoyed this episode .