From med-school to cybersecurity, our special guest Steve traverses a journey that's anything but typical. Coming out of an unexpected turn of events, Steve found himself immersed in the tech world, and his fascinating stories are testament to the rollercoaster ride that ensued. Uncover how, amid the early days of the tech industry, Steve and his team navigated the unique challenges of introducing new concepts to the market. His intriguing tales of venture capitalist meetings and the unexpected success of a two-hour coding tool will leave you captivated.
Our conversation wouldn't be complete without delving into Steve's tenure at Intel. Hear about Intel's unique approach to security, their diverse capabilities, and how they stand apart from other hardware vendors. Steve also shares Intel's philosophy of supporting customers without biased promotion of one vendor over another. Toward the end of our heart-to-heart, we discuss the importance of becoming a thought leader, captivating your audience, and leveraging internal thought leadership for career progression. Finally, we'll explore Steve's role in the government vertical at Intel and how he's innovatively using security to create a transformation in the tech industry. Tune in for an enriching experience as we traverse Steve's captivating journey in the tech world.
LinkedIn: https://www.linkedin.com/in/sorrin/
Website: https://www.intel.com/
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, Steve ?
00:00:00
It's really good to finally have you on the podcast.
00:00:03
I'm very excited for our conversation.
00:00:06
Speaker 2: Thank you for having me today, Joe.
00:00:09
Speaker 1: Yeah, absolutely So, steve.
00:00:11
You know, i, i, i feel like you hold a very interesting role
00:00:16
within Intel.
00:00:17
But before you know, i eagerly jump into that.
00:00:20
How about we discuss?
00:00:22
you know how you got into security?
00:00:24
What was it about IT in general ?
00:00:26
you know, that kind of piqued your interest and made you think
00:00:30
like, hey, maybe this could be a career, maybe this could be
00:00:33
something I go down right.
00:00:36
Speaker 2: Is a really interesting question there,
00:00:38
because that wasn't the original plan.
00:00:40
I was a hacker as a kid, you know, playing around with
00:00:43
computers and software and figuring how things worked and
00:00:46
how things fell apart.
00:00:47
You know, in the early days And at that time when I started,
00:00:52
you know, sort of thinking about OK, what I want to be when I
00:00:54
grow up and what focus area should I have.
00:00:56
In college I had two main loves .
00:00:58
It was, you know, computers and that kind of stuff, And then
00:01:01
biology.
00:01:01
And in 1989, when I sort of had to make a call on that, there
00:01:07
was a lot of out of work COBOL programmers And it really wasn't
00:01:09
the sexy career we know IT to be today.
00:01:12
And so I went the bio route I actually did.
00:01:14
My direction was research, biology.
00:01:16
I was going to be an MD, PhD and work in a lab And that was
00:01:20
going to be what I was going to do.
00:01:22
And after I graduated and had a year of doing some graduate
00:01:25
research, had a year off before starting med school, an
00:01:28
opportunity arose where someone had some money that they were
00:01:31
thinking of doing this startup thing in the security space.
00:01:34
They didn't know really what they wanted to do, but they knew
00:01:36
they wanted to do it And I got introduced to him and he's like
00:01:39
you know, you know this, you're a hacker guy, you know the
00:01:41
security stuff, you know you want to do this.
00:01:42
I'm like I thought you know this would be a good idea, Make
00:01:45
a little bit of money before I go to med school, because med
00:01:47
school is not cheap.
00:01:47
And so in early 95, we kicked off a startup looking at looking
00:01:55
at desktop security, And after three months I had fallen in
00:01:58
love.
00:01:58
I was all in.
00:01:59
This was an exciting time to be in security and to be in
00:02:03
technology.
00:02:03
It was right around the time.
00:02:04
Netscape was about to go public , It was early days of the
00:02:08
internet and everything was possible.
00:02:10
And so I fell headfirst into into security and into IT
00:02:16
technologies.
00:02:16
At the early stages I had some amazing mentors along the way
00:02:20
who taught me where I like to joke, I suck their brains dry of
00:02:25
all their knowledge and information on the security
00:02:27
space.
00:02:28
In this, in the cryptography space, Bruschner was one of my
00:02:31
mentors and really opened my eyes to the deeper side of the
00:02:35
cryptography side of the camp And I can, my career sort of
00:02:40
took off from there, doing multiple security startups
00:02:43
throughout the 90s and 2000s.
00:02:44
It took my parents a little bit longer to figure out that I
00:02:47
wasn't throwing my life away.
00:02:47
because what do you mean?
00:02:50
you're not going to be a doctor .
00:02:52
That took a little doing But you know, did, like I said.
00:02:56
Multiple startups helped create some new industries.
00:03:00
Web security, xml security was acquired by Intel in 2005 and
00:03:07
was going to do what most people do when they get acquired serve
00:03:09
my six month sentence and then go do another startup.
00:03:11
And the head of the division at the time came to me with a
00:03:15
proposition And she basically was going to look at sort of the
00:03:19
near term research.
00:03:21
If you think about you know, intel does the five to 10 year
00:03:23
horizon research in the lab.
00:03:24
So looking out, way out in the future, what's the next
00:03:28
generation Hardware going to look like?
00:03:29
What's quantum going to look like?
00:03:31
now is a key area, so what's coming next?
00:03:34
Well, but they saw back in 2005 was there was a gap in sort of
00:03:38
innovative research in the two to five year horizon, so sort of
00:03:41
with current hardware, hardware that's about to come out,
00:03:43
what's interesting and novel that you could do with that,
00:03:46
what new use cases are emerging now that we could take advantage
00:03:48
of.
00:03:48
And she wanted to do this cross multiple domains And she said,
00:03:52
steve, would you like to do this for cybersecurity?
00:03:56
Speaker 1: And I mean like I said I get to play like a CTO
00:03:58
with Intel's VC budget.
00:03:59
Speaker 2: I'm good with that, and so for nine years I ran
00:04:02
security pathfinding where we looked at innovative, innovative
00:04:06
cyber security use cases that can either leverage hardware to
00:04:09
be more efficient or to get better security, or to use new
00:04:12
hardware features in interesting ways to accomplish
00:04:15
cybersecurity goals.
00:04:16
And it was an exciting time And we did a lot of innovation
00:04:20
around malware detection, agent protection, being able to do
00:04:24
cloud security and virtualization security using
00:04:26
hardware as a root of trust, and that led me to really expand my
00:04:33
horizons beyond just cyber security to the broader set of
00:04:35
technologies that Intel plays in .
00:04:39
And in 2013, intel was going to focus on, put a renewed focus
00:04:43
onto the federal government from a technology domain, not just
00:04:45
from a sales or enabling domain and was going to stand up a
00:04:47
capability And I was tapped to lead the technology team for the
00:04:54
federal market, be the federal CTO for Intel, and so I jumped
00:04:57
on board with that and have been doing that now for about nine
00:04:59
years, and it really allows me to continue to do interesting,
00:05:03
innovative stuff with cybersecurity, but also now with
00:05:05
AI, with high performance computing, with cloud, with
00:05:08
everything that the federal government is challenged with
00:05:12
and that Intel and our technology and our ecosystem can
00:05:14
help support.
00:05:15
So got there through a weavey path to get to to IAM today.
00:05:20
But I think the key thing is that back in the day, just the
00:05:25
opportunity to go off and cause trouble in the security space is
00:05:29
always what keeps me interested , wow.
00:05:33
Speaker 1: I mean, there's so much to unpack there.
00:05:34
You know, going from a potential like med school
00:05:40
student to IT, specifically security, do you think that
00:05:44
there's any you know related skills that you may have gained
00:05:52
in your studies to prepare for med school, to be the doctor,
00:05:55
that are like translatable in IT ?
00:05:56
Is there any?
00:05:56
I mean, i honestly I don't know .
00:05:58
So I think that's a good thing.
00:06:00
I mean, let's look at it from a couple perspectives.
00:06:05
Speaker 2: So there's the.
00:06:05
There's one answer which has less to do with biology and more
00:06:07
to do with.
00:06:08
I'm not a CS major in my background And I think what
00:06:12
that's afforded me throughout my career is sort of two key
00:06:15
things.
00:06:15
Number one I'm not been predisposite predisposite to
00:06:21
doing something a certain way, like I haven't been trained.
00:06:22
Well, that's the only way you got to do it.
00:06:23
So it opens the door to out of the you know the art of the
00:06:26
public.
00:06:26
So it opens the door to out of the art of the possible.
00:06:31
You know you haven't been beaten into submission by your
00:06:34
professors that this is how you code, or this is how signals
00:06:36
work, or this is how data flows, and so you think differently
00:06:41
and you bring a different or more diverse perspective to
00:06:43
problem solving And or, as some of my her text user joking,
00:06:48
you're not smart enough to know that that's the wrong way to do
00:06:50
it.
00:06:50
But what's interesting is that you and I've used this
00:06:56
throughout my career of my teams , of building diverse teams from
00:06:59
various backgrounds, because really that's how you solve
00:07:01
those big carry problems is thinking outside the box.
00:07:04
And that's not just well, you've got a smart architect who
00:07:06
can think differently.
00:07:07
It's coming from different backgrounds, coming from
00:07:09
different experiences, you look at problems differently, and I
00:07:13
think for the from the bio specifically, especially on the
00:07:16
research side, but even in the diagnostic side, those that
00:07:19
problem solving, that sort of there's a challenge here.
00:07:22
We're trying to cure a disease or understand how a system works
00:07:25
, and that's a lot of the same mental processes you do when
00:07:28
you're when you're a cybersecurity person.
00:07:30
You want to see how a network falls apart or how to get in
00:07:33
through the, you know, see where the seams are.
00:07:35
It's like looking at a biological system or a disease
00:07:39
vector or how a drug works within the systems.
00:07:42
You have to understand the system and understand where it
00:07:44
breaks in the case of a disease or a cancer, and then you are so
00:07:48
looking at how is this drug going to interact with that
00:07:50
system.
00:07:50
So a lot of the same mental sort of leaps and hoops that you
00:07:54
go through are similar between those two domains.
00:07:56
There's been multiple folks that have written over the years
00:08:00
around.
00:08:00
You know, can you treat a network like biological system?
00:08:03
And I think there's been some innovative research about, you
00:08:06
know, looking at how viruses propagate through bodies versus
00:08:09
how they propagate through networks and drawing co-rollers
00:08:12
there.
00:08:12
But I think more practically it's the thought process of
00:08:16
seeing how things fail is really how good cybersecurity people
00:08:20
approach the world.
00:08:22
Speaker 1: Yeah, i, you know that makes a lot of sense And I
00:08:26
always recommend it to people because, you know, i talked to
00:08:30
some people that are more junior in their career.
00:08:32
They're trying to get into IT or security, and you know
00:08:36
they're worried about failing, they're worried about kind of
00:08:40
pressing the envelope right, and I mean I always go back to when
00:08:46
I started, right, when I accidentally dropped a database
00:08:49
of a company, of our product, of a company's, and was like, oh
00:08:54
okay, now I have to troubleshoot and figure out how to restore
00:08:58
this thing from postgres logs, and I've been on the job for six
00:09:02
months so I'm probably fired.
00:09:03
You know, like I'm already fired.
00:09:05
They're just milking me for the last bit of time.
00:09:08
You know like it's.
00:09:09
It's those times, though, that you learn the most.
00:09:13
You know, like I learned.
00:09:14
I learned so much more than postgres than I ever wanted to
00:09:18
learn, you know, and I actually find it interesting.
00:09:21
I understand the syntax now, i understand how it operates and
00:09:25
whatnot, and so I find it interesting.
00:09:27
But it's like I didn't go into that job to learn about postgres
00:09:32
or Linux or anything like that.
00:09:33
I went into it with an open mind and I learned all that I
00:09:38
could and I made a lot of mistakes along the way, and
00:09:41
that's really when you learn.
00:09:43
Speaker 2: Yeah, we.
00:09:44
The key is to fail forward.
00:09:45
It's not to let not let your failures get in your way, but
00:09:48
actually learn from them.
00:09:49
Try not to make the same mistake more than once.
00:09:52
But I, you know, if I think about my startups, you know much
00:09:56
of what we were doing was trying something and never been
00:09:58
done before.
00:09:59
And there are lots of ideas that never you know, that made
00:10:02
it into code, that never got compiled, never got into the
00:10:05
product because they just didn't work, they were inefficient,
00:10:08
they were flat out broken.
00:10:09
But you tried it and you learned from the experience And
00:10:12
really the really fun nuggets are where you did something
00:10:14
because it worked And it wasn't the reason.
00:10:16
But then later you come back and realize well, that decision
00:10:19
has actually enabled you to a whole bunch of other things.
00:10:23
One of my early startups we were looking at how to better secure
00:10:26
mainframes and be able to provide sort of end to end
00:10:29
encryption and end to end authentication From an edge
00:10:33
component, you know, from a client if you go all the way to
00:10:35
the back end using PKI.
00:10:38
And it was a challenge And we figured out some ways to do it
00:10:41
And we were using some really totally new protocols, something
00:10:44
called SOAP and WISDL and XML to help transfer the data
00:10:48
between the systems in a common format, and that was because it
00:10:51
was efficient, it was easy, fast forward.
00:10:53
You know, a year later and we're working with our customers
00:10:56
and they're having trouble getting data off those systems
00:10:59
And they want to be able to do it in a more web friendly kind
00:11:02
of way And like well, we already have a SOAP server running
00:11:05
there.
00:11:05
We actually have already accomplished that goal.
00:11:07
It takes a little bit of coding on the back end to automate a
00:11:11
couple of the clicks And we actually were able to provide a
00:11:14
wholly new solution to be able to do, you know, sort of getting
00:11:17
at data that was already on the mainframe, because we'd already
00:11:19
created that tunnel For a completely different use.
00:11:20
And that's where sometimes your mistakes or your interesting
00:11:26
tries actually come back to pay you in dividends much later on.
00:11:32
Speaker 1: Yeah, that's a really good point.
00:11:33
You know, in my career I've had the fortunate or unfortunate
00:11:38
opportunity to run into the most random issues with basically
00:11:41
every product I touch, stuff that just boggles the developers
00:11:45
that created it, right.
00:11:47
But I learned early on always take notes, right, take notes on
00:11:53
every single thing, and later on, you know, nine times out of
00:11:58
the 10, it actually, you know, helps me, because I may not have
00:12:02
the best memory right, like I can't recall, things that I
00:12:05
don't take an effort to, i don't know kind of like solidify in
00:12:10
my mind somehow, and writing it down always solidifies it for me
00:12:14
, so it's easier for me to recall.
00:12:15
And so you know, after I would go through an issue, there'd be
00:12:20
like an after action report and I have to I have to, you know,
00:12:23
go through and describe exactly what I did, why I did it, what
00:12:29
the outcome was, and I had the best troubleshooting guides out
00:12:32
of everyone at the company eventually, and eventually
00:12:35
everyone just used mine because it was so much better than even,
00:12:38
like, the developers troubleshooting guide You know
00:12:41
you talked about, you know, early on in your career when
00:12:47
really the industry was just getting started.
00:12:51
So that sounds like an extremely exciting time to me, and also I
00:12:58
mean more exciting, a little bit of a nervous time, i guess.
00:13:03
right, because you may not know what will succeed and what will
00:13:05
blow up.
00:13:06
You know, and did you feel like at that time that you could
00:13:10
basically, just, you know, throw a stone and hit water?
00:13:13
and now you're, you know, in a successful startup that you
00:13:17
created, you know, two weeks ago or something like that?
00:13:19
like, was it that kind of environment or is it different?
00:13:24
Speaker 2: So it's interesting that we look at it back now and
00:13:28
say, oh, some of those things were so easy.
00:13:30
And I joke that our my second startup.
00:13:35
I had the idea on an international plane ride.
00:13:37
I was coming back from an overseas trip And you know when
00:13:42
you're stuck in a seat and this is the early days.
00:13:44
You didn't have the ability to have a laptop on a plane back
00:13:47
then And you know, all you can do is think.
00:13:50
And so I had this interesting idea.
00:13:51
I landed, i called my mentor, i called one of my partners and I
00:13:55
said, hey, i've got this idea.
00:13:56
What do you think?
00:13:57
And from the point of having that idea and jotting it down,
00:14:01
jet lagged in my you know, at my home to having money in the
00:14:06
bank and are off to the races was two months.
00:14:09
I mean literally from idea to funding was two months.
00:14:12
That was the beauty of the 90s.
00:14:14
So it was a lot easier And all we had, you know, i did it with
00:14:17
like two pieces of paper and a set of bios And that was all
00:14:19
it's got.
00:14:21
Now it takes a lot to go from that initial seed round to
00:14:24
actually executing a product and getting it into market, but I
00:14:28
think one of the things that was interesting about the early
00:14:32
days different from now is that you didn't have as much noise.
00:14:35
You know it was a smaller industry.
00:14:37
There weren't you know when you would come out with an idea.
00:14:40
That was maybe one or two competitors.
00:14:42
If you start to get real successful, you could get to
00:14:45
five competitors.
00:14:46
Now there's like a thousand people doing all the same thing
00:14:48
you're doing.
00:14:49
So it was it's.
00:14:50
Back then it was much easier to get your message out.
00:14:52
The flip side problem is that you had a high barrier in it in
00:14:57
the CIO or the precursor, you know, the director of
00:15:00
architecture, because they didn't have a CIO back then
00:15:02
Oftentimes to convince them they needed your technology.
00:15:05
It was a lot less understanding of the cyber threat or of what
00:15:09
the technology was going to do to the architecture, And so we
00:15:12
had a lot more education we had to do about the problems to
00:15:15
convince them that they needed our widget or the jure that was
00:15:18
going to solve their big problems that they didn't know
00:15:19
they had yet.
00:15:20
So it was a balance of we had to convince people that there
00:15:24
was a problem.
00:15:25
We knew there was, but at the same time I didn't have to.
00:15:28
You know, try to separate what I was doing for 50 other things
00:15:31
that were sounded like they were doing the same way.
00:15:32
So there was a balance there.
00:15:34
I do remember some funny stories about early conversations on
00:15:38
cybersecurity with VCs because while IT people could basically
00:15:43
understand the idea of firewalling and authentication
00:15:45
and some of the cybersecurity principles, unless that VC had
00:15:48
already invested in a security company, they were completely
00:15:51
unaware of what that meant.
00:15:52
And it just I remember there was one VC didn't want to give
00:15:56
me his business card because you'd heard I had done hacking
00:15:58
as a kid And like that made him scared of me.
00:16:00
And I'm like I'm totally not threatening, it's just something
00:16:04
you know.
00:16:05
The lot of education and what we did back then is we went with
00:16:08
very visual demos.
00:16:09
So and it's something I still hold on to today that people do
00:16:13
better when you show them a visualization of what's going on
00:16:16
.
00:16:16
A lot of demos today where you see a little peak in the poor
00:16:19
man's benchmark and like, yes, look, we can do this and we can
00:16:21
do it 20 times faster.
00:16:22
It doesn't tell me what you're doing, it just tells me you're
00:16:24
doing it faster.
00:16:25
Or we can, you know, spin up a thousand nodes, but what do you
00:16:29
actually see, see a blinking light on a screen.
00:16:31
I find that for the end customer, when you can sort of
00:16:34
make it tangible for them what does it mean to me?
00:16:36
and show them, and so we would actually lug around demos
00:16:39
showing you know, here's the attack, here's our thing,
00:16:41
detecting it or here's our thing , blocking the actual attack.
00:16:44
Making it real is really what it would have helped in those
00:16:47
early days, because they didn't have the understanding or they
00:16:51
didn't know that they had that problem.
00:16:52
And there were great examples where we had one of my startups,
00:16:56
a symptom.
00:16:57
We had built a.
00:16:58
We had an application firewall, one of the very first web
00:17:01
application firewalls.
00:17:02
We built a scanning tool to basically show that you had
00:17:05
vulnerabilities.
00:17:06
That's why you needed the firewall.
00:17:07
So we created a little tool that would scan your website and
00:17:10
identify all the little places where you had cross-site
00:17:12
scripting and SQL injection and actually could demonstrate it
00:17:15
for you to prove that you really did need that application
00:17:18
firewall.
00:17:18
What would happen over the course of that company is the
00:17:21
interesting thing.
00:17:22
That scanning tool became the most valuable asset.
00:17:24
The firewall was important, but it actually wasn't the thing
00:17:28
that blew up.
00:17:28
The scanning tool became the powerful tool because it allowed
00:17:32
auditors to show their internal business units.
00:17:34
You've got these issues and I can prove it.
00:17:36
It allowed the quality people that beat up on the developer
00:17:39
the developers be able to fix it because they can identify it.
00:17:41
So that was the game changer was having something that could
00:17:45
show the problem, and then the thing that actually fixed the
00:17:48
problem became almost less of an importance, even though we know
00:17:51
in security it's equally important.
00:17:52
But it wasn't the visual ah-ha, i have that problem.
00:17:57
Speaker 1: Huh, that's really interesting, going from a place
00:18:01
that you're trying to sell one thing and this minor tool that
00:18:07
probably took someone like what two hours to code or something
00:18:10
like that.
00:18:10
I mean, that's not extraordinarily difficult to do.
00:18:14
I'm a pretty poor coder, but I can probably clump that together
00:18:19
.
00:18:19
That is very interesting.
00:18:23
Yeah, i will say that scanning web apps.
00:18:27
Speaker 2: Back in those days, though, you think it was easy,
00:18:29
but we have to remember how completely horrible web
00:18:31
programming was back then and how everyone made it So having
00:18:35
something that could crawl without crashing actually took
00:18:37
some real coding.
00:18:38
The first tool took a couple of minutes, but back then the crazy
00:18:42
stuff you'd see people do in HTML like that.
00:18:44
it was wild west in the early 2000s, so I will say that it
00:18:48
took some good engineering to build that, to be a quality
00:18:51
scalper.
00:18:51
But yeah, the tool originally was a side project by one of our
00:18:55
chief architects.
00:18:57
Speaker 1: That's really interesting.
00:18:59
I guess I've been so removed from the early 2000s that I mean
00:19:04
I never noticed it.
00:19:05
I guess I wasn't thinking I was going to go into IT in the
00:19:11
early 2000s.
00:19:12
I was more preoccupied with playing with my other friends in
00:19:16
fifth grade and whatnot.
00:19:18
You talked about that.
00:19:23
You were on the plane, you wrote down this idea and you
00:19:26
called up your mentors.
00:19:27
So how did you find mentors?
00:19:30
How did you even just identify the mentors in your life that
00:19:36
you would be able to bounce ideas off of and trust and gain
00:19:40
their respect and whatnot?
00:19:41
That's maybe the biggest question that I get the most
00:19:45
often.
00:19:46
That is difficult to answer because there's so many
00:19:49
different avenues to doing it.
00:19:50
But actually doing it is the hard part.
00:19:55
Speaker 2: So I would say that I wish there was a one shot
00:19:58
approach of here's how you get good mentors.
00:20:00
I can tell you a couple of ways I came to the people that I
00:20:03
treat as my mentor.
00:20:03
So in the case of my early mentors, like Bruce Schneier, he
00:20:07
had written the Bible, applied cryptography and, on the advice
00:20:12
of one of my business partners, he said well, why don't you
00:20:14
reach out to him and see if he's willing to answer some
00:20:17
questions?
00:20:17
And so I did.
00:20:19
I emailed him and I said, hey, bruce, i have some of these
00:20:21
ideas.
00:20:22
I loved reading your book, would like to talk to you more.
00:20:24
And he responded and we became friends and he came on, went on
00:20:31
to help mentor me across two of my companies and is still a
00:20:34
valuable friend and colleague, and some of it is just taking
00:20:39
the gumption and reaching out and not being there to say, oh,
00:20:42
i love your stuff, you're awesome, but really to ask
00:20:44
intelligent questions, because the smart people like to be
00:20:49
query, like to answer smart questions, like to be challenged
00:20:51
, like to have problems with, sink their teeth into as well,
00:20:55
and so being able to reach out to people that you're looking
00:20:58
for mentorship from and treat them like they're not up on a
00:21:01
pedestal, they put on their pants the same way we do every
00:21:05
morning.
00:21:06
But they are.
00:21:07
They really are smart people And I live by.
00:21:11
Surround yourself with people smarter than yourself and listen
00:21:13
.
00:21:13
So one is definitely being proactive.
00:21:17
Reach out also, leverage the network.
00:21:19
So being able to from from from Bruce, being able to reach out
00:21:23
and understand and talk to his peers and hear from them, and
00:21:26
you know, and create relationships And it's a lot of
00:21:28
it is the soft skill of creating relationships.
00:21:31
And then the others.
00:21:33
The other side of the mentor is is, i would say, two things.
00:21:35
One, as you're going through your career, there will be
00:21:37
bosses, or oftentimes you know, bosses of bosses that you will
00:21:40
interact with.
00:21:41
Build relationships with those people, because the people got
00:21:44
into those positions because they knew what they were doing
00:21:47
And they're, they are looking to , just like we are.
00:21:49
You know, i am in other senior leaders to mentor the next
00:21:51
generation.
00:21:52
And so, again, as you interact with people within your own
00:21:55
company, you know, reach out to the, to the senior leadership,
00:21:59
get on their radar, create your relationship, have asked them to
00:22:03
mentor you and you'll find, more often than not, they're
00:22:05
more than happy to do so.
00:22:06
And then the last piece of advice is go, you know, think
00:22:10
outside the box on your mentors.
00:22:12
I have probably too many cybersecurity mentors over the
00:22:15
years, or people I would go to who are the super Uber smart
00:22:18
cybersecurity experts in their domains, but the mentors that
00:22:21
have also been a key factor have been the business people,
00:22:24
salespeople, marketing experts that I, that I, you know, that
00:22:28
make me a better, more rounded person in my career.
00:22:32
You can be an absolute, unbelievable top security
00:22:35
architect, but what makes you a successful startup or successful
00:22:39
business person, a successful executive, is having that more
00:22:42
round, rounded focus and people in my life.
00:22:45
You know my VP of marketing at Sanctum, diane Freeman, has been
00:22:48
a key mentor for me through, you know, long beyond the
00:22:51
company after after we exited Sanctum.
00:22:54
And again, a marketing person I mean just an exquisitely smart
00:22:58
marketing person and knows how to communicate whether it be
00:23:02
technologies or our interesting ideas to different audiences.
00:23:06
And that ability to learn how to communicate and also how to
00:23:09
you know to give talks in a consistent way, how to tell
00:23:13
stories, and she's helped me considerably to be a better or
00:23:18
more effective person in my career by understanding those
00:23:21
tenants, and so it's the diversity of mentors is equally
00:23:24
important to having really good mentors within your domain,
00:23:27
because ultimately, those soft skills are how we are successful
00:23:30
.
00:23:30
Longterm VCs aren't going to, you know.
00:23:33
Don't invest in technologies, they invest in people.
00:23:38
And so they want to know, are you going to be successful?
00:23:40
with whatever weird widget you're coming up with, they only
00:23:43
extend a little bit of they're looking at.
00:23:44
Are you the kind of person that can be successful?
00:23:49
Speaker 1: Yeah, i think Warren Buffett talks about that a lot
00:23:53
is how you know he doesn't.
00:23:56
He looks at the company overall, but the deciding factor is
00:23:59
actually the leadership of the company And if he thinks that
00:24:03
they'll be able to be successful , if they'll, you know, still
00:24:06
work his heart after they after you know he gives them this
00:24:09
money and will they still strive for the same greatness.
00:24:14
You know, like even it's interesting.
00:24:17
You know where life takes you and what skills you learn along
00:24:20
the way, like even just with this podcast, i've had to learn
00:24:24
so much more about marketing and conversation skills and soft
00:24:28
skills And I ever thought, going into it, that I would need to
00:24:33
know.
00:24:33
You know, i I don't know why I didn't think that I would need
00:24:37
to know how to market my podcast , but I do, you know, and now
00:24:43
I'm learning right, and it's something not related to IT at
00:24:46
all, but I'm figuring out how to , you know, get new interesting
00:24:51
guests on like yourself that add value to the podcast and add
00:24:55
value to my audience, which it's been an interesting ride.
00:25:00
You know you never know where something is going to take you
00:25:02
until you go down that road.
00:25:04
Speaker 2: Absolutely.
00:25:04
And then how does that, how does that skill you've learned
00:25:07
for your podcast now translate into you, into, you know,
00:25:10
potentially, i'll say, a day job in IT?
00:25:11
better communications with management across business units
00:25:15
can get view the need.
00:25:17
I mean, one of the really cool use cases I've heard is CISOs
00:25:21
that you know, that.
00:25:22
You know we learned how to better market and communicate or
00:25:25
took training.
00:25:26
We actually went out and was proactive, took training on it
00:25:29
communicate better to the board and to the executive team.
00:25:32
And what that really boils down to is when they're trying to
00:25:34
describe a risk or threat that they need to mitigate.
00:25:36
If you just come in and say, oh , we're going to get attacked
00:25:38
and it's this kind of risk, you're going right over their
00:25:41
heads.
00:25:41
But when they could communicate quickly what they find and the
00:25:44
numbers bear this out, they get better.
00:25:46
You know more and more sustained budget because they're
00:25:50
communicated in a term that the board understands.
00:25:52
It's around business risk, about brand risk.
00:25:54
It's about being able to do things.
00:25:56
You know cost efficiencies that will pay it over time.
00:25:59
It's a different language than I've got 12 new.
00:26:02
You know 12 new data breaches that may be happening.
00:26:05
I've stopped 16 non-petschas on the door.
00:26:07
Like that, information doesn't communicate to a board, and so
00:26:10
those soft skills actually help their day job and actually makes
00:26:14
them more successful in getting bigger pieces of the budget or
00:26:17
making sure they're sustained, funding things along those lines
00:26:19
that are actually crucial to the CISO's job.
00:26:24
Speaker 1: Yeah, it's an overlooked skill that when I was
00:26:28
getting into security, you know , i never even thought about
00:26:30
that right.
00:26:30
And then you have that one right CISO that you know is a
00:26:35
little bit more open than most other CISOs because they want to
00:26:40
like kind of foster that development, which is always
00:26:44
very much appreciated, and they start, you know, kind of showing
00:26:48
you the soft skills, they show you how to do it and they demand
00:26:52
it in the meetings that you're in with them.
00:26:54
If you're presenting something, you know this is how you should
00:26:57
be presenting to executives.
00:26:59
This is the template that you use.
00:27:00
This is, you know, the mentality that you have to have
00:27:03
with it.
00:27:03
It's something totally different that is not taught,
00:27:07
you know, with a technical skillset or anything like that.
00:27:10
It's more of, i mean, i view it more as hands on right, like I
00:27:13
need to put a boardroom to sleep before I know how to entertain
00:27:16
one.
00:27:16
That's at least my mentality with it.
00:27:19
Okay, so you've had a fantastic you know career and whatnot.
00:27:24
Let's fast forward a little bit to Intel.
00:27:26
So Intel, you know, obviously one of the largest companies in
00:27:30
the world.
00:27:30
I am sure that Intel has its own unique challenges with just
00:27:37
merely being that size, you know , with just having the market
00:27:42
space even that it has, you know it seems to be extremely
00:27:46
competitive.
00:27:46
and you know I'll be full disclosure here.
00:27:50
I think I've only I've only bought Intel CPUs right.
00:27:55
I built computers but I don't, like, i don't, dive into the
00:27:59
nitty gritty of these CPUs.
00:28:01
I watch Linus Tech Tips, i see what's going on there and he'll
00:28:05
tell me which Intel CPU to buy right And I just go buy it like
00:28:09
every three to five years and I build my computer.
00:28:11
But really the space is so much more competitive than that
00:28:17
because you have AMD and they're doing performance potentially
00:28:21
in a different way And Intel is focusing on performance in a
00:28:24
different way from that and they're marketing and gearing
00:28:27
their products slightly differently.
00:28:29
but it has to cover a broad range of of spaces.
00:28:32
You know, when you got acquired by Intel and you were
00:28:38
considering staying on, what were you?
00:28:41
what were you thinking through at that time?
00:28:43
What were the areas that you were thinking through of if you
00:28:47
wanted to stay on and whatnot.
00:28:51
Speaker 2: So you asked a really good question about what was
00:28:53
the opportunity, and I have to tell you, like, coming from the
00:28:56
software security space, intel was not the place I thought I
00:28:59
was going to end up.
00:28:59
You know it's a hardware company.
00:29:01
What do they know about?
00:29:01
you know software security, but then once you got on, you know
00:29:05
behind the curtain, if you will, and you looked at it.
00:29:07
one of the things that I thought was interesting and it's
00:29:10
even more so today is that even though Intel is known for the
00:29:14
chips and where you have chips, you know when it says Intel
00:29:15
inside, we are inside everything from the laptops to the network
00:29:18
, to the cloud, to the H5, performance computing and
00:29:20
everything in between.
00:29:21
There's a lot of software that runs on top of those chips
00:29:24
that's developed by or enabled by Intel.
00:29:26
Commercial software and open source software that runs on
00:29:30
Intel runs best when code that Intel developed is delivered to
00:29:34
those companies or into those ecosystems, and so we produce a
00:29:37
lot of software, and so when it comes to security capabilities
00:29:40
that are in the hardware, we do a lot of that enabling we
00:29:42
actually build a lot of the connectors for securing
00:29:46
commercial and open source software running on Intel
00:29:48
platforms.
00:29:48
So what I found was there was a lot of interesting
00:29:51
opportunities to be able to leverage security in a novel way
00:29:55
.
00:29:55
And I think you know, looking back on one of the very first
00:29:59
projects I worked on at Intel after the acquisition and I'll
00:30:04
give you a comparison So Sanctum , which was probably one of my
00:30:06
most successful startups, we had half of Fortune 5, of the
00:30:10
Fortune 1000 companies using our product, which is a big success
00:30:13
.
00:30:13
That's a key indicator Half of Fortune 1000 and mid 2000 using
00:30:17
your products at scale.
00:30:20
The first technology I worked on at Intel went to 40 million
00:30:23
PCs.
00:30:24
I mean, at the end of the day, it was the impact you can have
00:30:30
in a large company.
00:30:31
Now, in any large company there's bureaucracy and process
00:30:35
and procedures that you don't typically find in a nimble
00:30:38
startup.
00:30:38
but the scale and impact, the ability to affect actually the
00:30:42
day-to-day lives of the populace or to make businesses
00:30:46
successful, that was one of the things that kept me.
00:30:48
that's kept me at Intel even to this day the scale and impact
00:30:51
you can have by doing the thing you do with that specialty area
00:30:55
and where it ends up, because you are supporting millions and
00:30:58
millions of PCs, servers, clouds , all running on Intel.
00:31:03
I think that you talk about the highly competitive environment.
00:31:06
One of the things that makes Intel somewhat unique in the
00:31:08
hardware space is that, unlike some of the competitors and I'll
00:31:11
pick on, let's say, the GPU market they just do GPUs.
00:31:14
They're really good at certain aspects of GPU.
00:31:16
They're looking at that kind of workload across every step,
00:31:21
from the client to the cloud and everywhere between.
00:31:22
Sometimes a GPU, like our max GPUs, is the right answer.
00:31:26
Sometimes it's not, and you don't have to force fit it into
00:31:29
a GPU to make it work.
00:31:30
there You can provide different hardware architectures.
00:31:34
maybe an FPGA, maybe an accelerator would be the right
00:31:38
choice.
00:31:39
When I look at Intel and how we approach the problem, we look at
00:31:42
it more holistically and you can look across a heterogeneous
00:31:46
architecture of capabilities.
00:31:47
From a security person's perspective, there's a lot of
00:31:51
opportunity to innovate in a variety of areas.
00:31:53
Am I solving a problem of an embedded system that's a skate
00:31:57
of control on a factory floor which is its own set of OT
00:32:01
problems, or am I looking at something that how do I protect
00:32:05
secure transactions at scale for high-speed trading?
00:32:07
These are the kinds of questions that you ask when you
00:32:11
work at a company in it, because our stuff is in both of those
00:32:13
kinds of systems.
00:32:14
I think one of the things that makes Intel somewhat interesting
00:32:17
from even other big players in the market whether you're a
00:32:20
cloud provider or an operating system vendor or even OEMs is
00:32:24
that, other than, like you said, some of the hardware vendors,
00:32:26
we're really not competing with our channel.
00:32:29
At the end of the day, when I talk to a customer and I talk
00:32:32
about what their problems are, i'm agnostic to what OEM they go
00:32:36
with.
00:32:36
I'm agnostic to what cloud provider they end up choosing.
00:32:39
Some will be more advanced than others, but at the end of the
00:32:42
day, they're all running on Intel.
00:32:44
My job is not to push one or the other.
00:32:46
How can I help you in customer In my case now the federal
00:32:50
government how can I make you more efficient?
00:32:52
How can I secure your data better with the technologies
00:32:56
that are at our disposal through the channel?
00:32:58
It provides a much more interesting conversation that I
00:33:02
find thinking back to my old days and startups, where I had
00:33:05
really good relationships with CIOs and CISOs but at the end of
00:33:08
the day, i was still trying to sell my software package.
00:33:12
Now I have these kind of relationships with the CISOs and
00:33:15
I'm not trying to really sell them anything.
00:33:17
I want them to remember that Intel was there, but they're
00:33:20
going to buy their stuff from whichever vendor is their vendor
00:33:24
of choice.
00:33:24
It's a much different kind of conversation, which I find
00:33:27
fascinating.
00:33:28
Speaker 1: Wow, that is.
00:33:31
I mean.
00:33:32
Once again, there's a lot to unpack there.
00:33:34
It's also very interesting, i found, when you said that
00:33:42
they're not necessarily at least Intel is not necessarily
00:33:46
competing with other competitors in the space.
00:33:49
They have their own space, they have their own designated
00:33:55
purpose that fits millions of devices.
00:33:58
As a security professional, i just come from the mentality of
00:34:07
I want my work to mean something .
00:34:09
I want my work to have an impact on someone.
00:34:11
I guess that may sound like I don't know self-serving or
00:34:16
something like that, but that's just my mentality.
00:34:20
I want it to mean something.
00:34:22
That must have been a very eye-opening situation When you
00:34:30
created that thing and now, all of a sudden it's in 40 million
00:34:34
devices all over the planet, protecting them in different
00:34:38
ways, that these people probably never even thought of.
00:34:41
Speaker 2: It is.
00:34:41
Again, it goes to what you were talking about.
00:34:44
From a cybersecurity professional, whatever area of
00:34:47
cybersecurity in, i look at it as sort of two things that drive
00:34:50
us as security people.
00:34:52
Number one give me a hard challenge.
00:34:54
I like to get my teeth into hard challenges, whether it's
00:34:57
how to hack a system, how to protect a system from a hack,
00:34:59
how to solve a problem.
00:35:01
We're all problem solvers.
00:35:02
We want to present it with a unique hard challenge that we
00:35:05
can go solve.
00:35:06
We're problem solvers.
00:35:09
The other part is you want your work to matter.
00:35:11
You want there to be an outcome , whether that outcome is you've
00:35:14
protected a whole industry or, if you're on the offensive side,
00:35:18
you discovered the next big hack that everyone's talking
00:35:21
about.
00:35:21
You got a new item that shows up in the Wasp Top 10.
00:35:25
For that.
00:35:26
You want to have an impact so that you know the work you're
00:35:29
doing matters.
00:35:29
I think those two things are some of the key drivers.
00:35:32
You look at cybersecurity professionals, whether in IT or
00:35:34
in the vendor space, or in academic research or other kinds
00:35:38
of areas.
00:35:38
It's those two things.
00:35:40
Go give me a hard, juicy problem and let me know that it
00:35:43
makes a difference to whatever their constituency that I'm
00:35:47
targeting.
00:35:47
That's what drives a lot of IT people.
00:35:50
When you look inside corporate IT, especially in IT security,
00:35:55
good CISOs help their organization understand why it
00:35:59
matters.
00:35:59
A lot of times people, if you're doing firewall
00:36:02
administration, it can feel like I see blinking lights every day
00:36:05
.
00:36:05
I'm updating a rule here.
00:36:07
Why does it matter?
00:36:08
What I find is really good CIS organizations communicate down,
00:36:13
not just up, that same dashboard .
00:36:15
They're showing the board about how good they are.
00:36:17
This week, the team that actually helped build it number
00:36:20
one sees the same dashboard.
00:36:21
More importantly, oftentimes they get brought along to the
00:36:24
board to see the outcome.
00:36:26
When you present here.
00:36:29
Here's how many active exploits we blocked today.
00:36:32
Here's the team that did it.
00:36:33
That's how you connected us.
00:36:35
Even inside corporate America, where you're trying to, your day
00:36:39
job is to keep the systems running and keep the bad guys
00:36:43
out.
00:36:43
Sure to the folks that it matters to helps them realize
00:36:47
the impact.
00:36:48
I think that really good CISOs recognize that they need to
00:36:53
highlight the teams and communicate in both directions
00:36:56
Because, exactly like I said, it needs to matter, because that's
00:36:59
what gets us up in the morning.
00:37:02
Speaker 1: Right.
00:37:02
I think some of what you discuss, or what we discussed
00:37:08
throughout this entire conversation, is thought
00:37:10
leadership and how that can really shift an organization,
00:37:16
shift your mindset and work for you or against you.
00:37:21
I guess Can we talk a little bit about what thought
00:37:25
leadership is and how it can impact and really drive your
00:37:30
career in a positive way, because I feel like that is a
00:37:34
underrated skill, almost as someone that is not in senior
00:37:39
management or anything like that , you're still an individual
00:37:44
contributor.
00:37:45
How do you get to that next level?
00:37:48
How do you get the skill sets?
00:37:50
I think a part of that is thought leadership being able to
00:37:53
form these revolutionary ideas or even just simple ideas of
00:37:59
what to change, how to change it and leading people through it.
00:38:03
Can we talk a little bit about that?
00:38:05
Speaker 2: Absolutely.
00:38:06
Thought leadership can come in a variety of forms.
00:38:08
Looking for opportunities to provide thought leadership Again
00:38:13
, some of it's going to depend on the organization.
00:38:14
Some of the organizations are okay with people presenting
00:38:17
papers at conferences.
00:38:18
Others aren't.
00:38:20
Depending on where you are and what you're doing, there are
00:38:23
lots of different kinds of opportunities for thought
00:38:24
leadership.
00:38:25
One easy way is most companies have what they call brown bag
00:38:29
sessions or training sessions.
00:38:32
Trying to speak to be the person who talks about the security
00:38:37
topic to Jura, or be the one to say hey, what's this large
00:38:40
language model thing everyone's talking about, talking about it
00:38:43
even within the organization.
00:38:45
Then you become the go-to person that they say they knew
00:38:48
what they were talking about.
00:38:49
I want to go to them for more information.
00:38:50
You're building micro thought leadership in the company.
00:38:53
The first step is just going out and doing it, having an
00:38:58
opportunity to talk, having something to say.
00:39:01
And again, you don't have to be the absolute expert in
00:39:05
something to start talking about it.
00:39:07
You need to be conversing in it .
00:39:09
Your job isn't to be the number one guru on the planet in that
00:39:12
particular area.
00:39:13
Your job is to help educate the rest of your team or an
00:39:16
audience on something they may not be as familiar with A
00:39:20
thought leader isn't about being the guru.
00:39:21
The thought leader is being an educator.
00:39:23
Not really an educator is a thought leader.
00:39:26
When you do that, it gives you the opportunity to push the
00:39:32
conversation.
00:39:33
So let's say you're giving a training or giving a brown bag
00:39:37
on a particular topic.
00:39:38
It is also the opportunity for you to put out there hey, i have
00:39:41
these really interesting ideas about how we use language
00:39:43
language models to maybe optimize IT processes.
00:39:46
Now that gives you a forum to start to push the boundaries And
00:39:49
so finding opportunities to get your message out there.
00:39:52
But it starts with A going off and giving the talk and having a
00:39:57
message And it takes work.
00:39:59
It's not something that happens by accident, but you'll find
00:40:01
there's lots of opportunities to do.
00:40:04
I was one of the things that I was doing recently.
00:40:06
I was looking for to help some of the company customers
00:40:09
understand how the semiconductor process works.
00:40:11
I was looking at some of our trainings that we have for our
00:40:14
own employees.
00:40:14
What I found was interesting is there was one name that kept
00:40:17
showing up on a variety of these early sort of one-to-one level
00:40:20
trainings, and so I reached out to the guy and I said are you
00:40:23
still doing trainings, like, yeah, they bring me out every
00:40:25
once in a while to go train whole new developers and
00:40:28
partners that are trying to learn about our processes.
00:40:30
So, even though his day job is building SOCs or whatever he's
00:40:34
doing, he's still the thought leader for how to train people
00:40:39
on sort of the manufacturing process, and so he's become the
00:40:42
SME just because he has the content out there and you can go
00:40:45
to it and you can see it, and so there's a lot of
00:40:48
opportunities to do thought leadership If you do work in an
00:40:50
environment where they're okay with you publishing papers.
00:40:52
Go speak at conferences, join associations and go to their
00:40:57
events and then become a speaker .
00:40:59
Today there's a lot of organizations you can remember,
00:41:02
but some good ones for cybersecurity, like SANS, isaca,
00:41:06
on the audit side of the camp, there's a variety of these
00:41:09
organizations.
00:41:10
They hold regular conferences.
00:41:11
They do call for papers, go off and speak.
00:41:13
One of the environments that I think is really fascinating is
00:41:19
there's conferences now, like a conference for defense and a
00:41:23
couple others, where there's a whole track called like the
00:41:25
Practitioner's Track and it's a track of IT professionals for IT
00:41:30
professionals, and they're not there to talk.
00:41:32
You are not allowed to talk about a hack that you came up
00:41:34
with.
00:41:34
It's not about the cool hack that you're, it's you're coming
00:41:38
in and say here are the best practices that we found worked.
00:41:40
And it could be something like how do I scale identity
00:41:43
management to remote workers?
00:41:44
Or how did I deploy a secure microservice?
00:41:48
What did you do in your environment and help train your
00:41:51
peers so everyone gets better at it?
00:41:54
And so what is your motivation?
00:41:55
sharing That thought leadership is about your day job.
00:41:57
It's not you have to come up with some exquisite new idea.
00:42:00
It's sharing of best practices and that thought.
00:42:02
Those conferences foster that kind of thought leadership.
00:42:05
So I guess the answer to your question is get out there and
00:42:08
start speaking, find opportunities to get your
00:42:11
message out there, record a podcast, put out a paper into an
00:42:16
article, speak at conferences, attend conferences and talk to
00:42:21
people, and then do it both externally and internally.
00:42:25
I mean, i can't stress enough Internal thought leadership is
00:42:28
almost as important, if not more important, than external
00:42:30
thought leadership, because external thought leadership,
00:42:33
like brand management, is about increasing your brand for you or
00:42:35
your company, but internal is how you advance your career, get
00:42:38
on the radars of a more diverse set and more senior folks by
00:42:42
being the one that they go to for information.
00:42:47
Speaker 1: Yeah, that's a very good point.
00:42:49
Something that I recently learned was you don't have to be
00:42:55
the world's foremost expert in a topic to discuss it.
00:42:59
You really just need to be able to captivate an audience.
00:43:01
I always thought that I would have to be I don't know 10
00:43:08
levels above.
00:43:09
Where I am, no one's going to listen to me because I'm not
00:43:12
coding Intel CPUs, i'm not breaking into their protected
00:43:16
memory and whatnot, like I'm not doing those things.
00:43:20
And I went to this talk at Defcon a couple years ago and
00:43:23
this guy was talking about how he was reverse engineering Intel
00:43:27
CPUs and breaking into the secured memory and stuff, and I
00:43:32
mean 95% of what he said just went right over my head.
00:43:37
I mean it's like my God.
00:43:41
I was more captivated by the way that he was able to engage
00:43:46
us in a way that was interesting .
00:43:48
It made me wonder what was coming next, what his purpose
00:43:52
was behind it and everything like that.
00:43:54
And I feel like too often as individuals, we get too much in
00:44:00
our head and we think, oh, i'm not ready for that, i'm not
00:44:04
smart enough for that, i don't know enough for that, it's going
00:44:07
to take me 10 years to get there, when every single time
00:44:11
that I have thought that I was wrong Every single time that I
00:44:16
thought that I'll tell you what this podcast I sort of started a
00:44:21
year before I actually did.
00:44:23
I thought about it for a whole year.
00:44:25
I tried to plan it all out, kind of think it through in my
00:44:29
head.
00:44:29
I couldn't think of a logo at all.
00:44:31
Actually, there's a reason why my logo changed a year in is
00:44:35
because, like, oh okay, that's what I want.
00:44:36
There's so many different facets to it, but I was already
00:44:44
in the place where I should have been having a podcast.
00:44:47
It would have probably propelled my career forward with
00:44:51
having that thought leadership space.
00:44:54
Because now I get interesting opportunities based on just my
00:44:59
ideas, because I'll have an interesting guest like yourself.
00:45:02
Come on and we'll just talk about different aspects and I'll
00:45:06
talk about how I think and how you think and how you think
00:45:10
through problems and how I do.
00:45:11
And that gives these other executives and whatnot the
00:45:16
chance to hear about me or kind of inadvertently interview me
00:45:22
without interviewing me.
00:45:23
And I have the job before I even interview.
00:45:27
It's like a side phone call.
00:45:29
It's like, hey, do you want this or do you not?
00:45:31
Which is something I never thought of.
00:45:34
I never thought that that would happen.
00:45:35
I never thought that that would come from this podcast.
00:45:37
I figured, if I have 10 downloads a month, man, i'm
00:45:42
cooking.
00:45:42
And then I hit that almost immediately.
00:45:46
It just blew me away.
00:45:48
It's like, man, i should have been doing this a year ago.
00:45:52
Speaker 2: People are looking for good information.
00:45:53
And I think one other thing I've been very stick lab out
00:45:57
throughout my career and a lot of good speakers are Like I said
00:46:00
, you don't have to be the guru.
00:46:01
You stand on the shoulders of others, give credit.
00:46:06
So when I quote, when I show a vulnerability or an attack or a
00:46:09
defensive measure, i absolutely make sure you quote the people
00:46:13
that you're leveraging and that you're using, and so it's about
00:46:16
some of it is about making sure you give the proper assertion at
00:46:20
the station to those that you are borrowing from or that
00:46:22
you're leveraging, but also it's about creating that community.
00:46:26
You find that if I'm quoting his work, he's quoting my work
00:46:29
and you start to see yours, and again, it helps build that
00:46:32
thought leadership.
00:46:32
But it's the right way to go about it, because if you've got
00:46:35
an idea that's built on other people's ideas, make sure to
00:46:38
give them the credit as well, and it builds the whole
00:46:41
community.
00:46:41
The idea is we're a community, we're building ourselves
00:46:44
together.
00:46:45
Speaker 1: Yeah, that's a very good point.
00:46:47
You know, whenever I use someone else's work or material,
00:46:51
i don't want to be the one that's called out to speak about
00:46:54
it, right, and so I always make sure that I call out like, hey,
00:46:58
i got all of this from this exact resource, from this person
00:47:02
.
00:47:02
You know, it's like almost like a research paper citation,
00:47:06
right Like at the bottom of my work.
00:47:07
It's like this is exactly where I got it.
00:47:09
I am not that smart.
00:47:10
Do not trust in me to you know, explain this at length, or
00:47:14
anything like that.
00:47:16
So, steve, you know we went 48 minutes now and we haven't even
00:47:21
talked about your role at Intel.
00:47:22
Right, with some of my guests we get into this mode where we
00:47:27
just go down these rabbit holes and we forget, you know, what we
00:47:33
originally set out to talk about.
00:47:35
So can you talk to me a little bit about what it's like to be
00:47:39
the CTO of the federal side of the business for Intel?
00:47:43
Because I would assume, just working with the federal
00:47:46
government myself earlier on in my career, that's probably
00:47:49
extremely interesting And it's probably even a it's probably
00:47:54
even a interesting set of people that you have to look for just
00:47:57
for that kind of job.
00:47:58
Because it's not.
00:47:59
It's not something for everyone .
00:48:00
There's a lot of people out there that think that they're,
00:48:03
that they want that life and that they want to be on those
00:48:06
those cool sites and those calls and everything like that, but
00:48:09
it's totally different than what you would think.
00:48:13
Speaker 2: So it's an interesting conversation around
00:48:15
what it, what it might.
00:48:16
My job is And I would say it really falls into three camps.
00:48:19
A large amount of my job is working with those government
00:48:23
customers to help them understand both today's
00:48:25
technology, future technology and how it fits into their
00:48:29
mission or enterprise needs.
00:48:30
How can we help them solve their problems with technology
00:48:33
available today.
00:48:33
So you know, speaking government speak about the
00:48:36
government's mission from an architectural technology
00:48:38
perspective.
00:48:39
The other half of my role is turning around the other
00:48:41
direction and being able to translate government speak back
00:48:43
into Intel speak so that our developers and business units
00:48:46
can build the features and capabilities that the
00:48:47
government's going to need to meet their mission.
00:48:50
Enterprise And the two way communicator is where a large
00:48:53
majority of my job is and being and helping to apply both
00:48:57
directions.
00:48:57
And then the third part is the being able to do interesting,
00:49:01
interesting innovations And so driving.
00:49:03
You know, sometimes you define here's the problem the
00:49:05
technology isn't there today.
00:49:07
We may get it in five years when the next chip comes out.
00:49:09
But what innovations can we do today?
00:49:11
What can we solve or what can we apply from what's currently
00:49:14
available and advance the art today and do innovative projects
00:49:18
, innovative technology to meet mission need, and so that's.
00:49:21
I think that's the three aspects of my job that you know,
00:49:24
and it's really what makes it interesting.
00:49:25
Exciting is that you're talking to.
00:49:27
You know a variety of different topic areas.
00:49:29
You can be talking IoT, hpc the government itself is a really
00:49:33
interesting vertical in its own right, unlike you know financial
00:49:36
services, which have a common set of of of.
00:49:39
You know enterprise applications and missions and capabilities
00:49:43
across the financial services, such as cash management.
00:49:46
You know certain kind of logging, certain kind of
00:49:48
transaction processing.
00:49:49
Healthcare has got its own.
00:49:51
What you find in the vertical is it's a macrocosm of all of
00:49:54
them.
00:49:54
You want to talk financial services.
00:49:56
You know CMS, medicaid, medicare and IRS do billions of
00:50:00
dollars of transactions.
00:50:00
We want to talk healthcare.
00:50:02
The VA is the world's largest health insurer and health
00:50:05
provider.
00:50:05
We're going to talk logistics.
00:50:07
Dla Defense Logistics Agency, you know, gets things where they
00:50:11
need to be on a global scale.
00:50:12
So they have, you know, a representative of almost every
00:50:16
vertical within the federal government, and so it really
00:50:20
affords you to see the broader industry in the, in the, in the
00:50:23
boundary of the government, of the government agencies, and the
00:50:26
other thing is the government has the scale that many of these
00:50:29
, others don't.
00:50:29
So the sheer volume of data that's number of systems, the
00:50:32
number of people in you know, in the case of the VA, how many
00:50:35
veterans are being serviced by the VA?
00:50:37
you know something like 16 million people.
00:50:39
That's the scale and scope presents really interesting
00:50:42
challenges of how do you take a technology and scale it and make
00:50:45
it stable and operationalize it and get the efficiencies and
00:50:49
tuning you need, secure it, because it is, you know, the
00:50:52
adversaries are absolutely after the federal government, and so
00:50:54
it's those kind of big problems that you get in the government
00:50:57
and the variety and diversity of those problems that makes it
00:50:59
exciting as a market to focus on .
00:51:02
And what you do then is and this is really the reason for
00:51:05
Intel federal existing is taking commercial capabilities and
00:51:10
federalizing them for the government.
00:51:11
So taking what's done in commercial let's say 80% and
00:51:14
making it work for government that 20% needed for government
00:51:17
but also looking at government use cases, building things there
00:51:20
that then can be commercialized to the broader industry.
00:51:22
If we solve it for the US government, well, it will work
00:51:24
for everyone else, and so that is.
00:51:27
I think that's what we know.
00:51:28
The reason why that's it's an interesting place to be at Intel
00:51:32
is because we are servicing both of those sides of the camp.
00:51:37
Speaker 1: Hmm, yeah, something you mentioned was being a
00:51:40
two-way communicator, being able to translate the customer's
00:51:43
needs into you know what the company needs to do to address
00:51:48
them.
00:51:48
And I encountered this very early on in my career when I
00:51:54
when I led federal contracts and you know government contracts
00:51:59
that we had, because you know, i was basically the only one at
00:52:04
the company authorized to speak to these people just on the
00:52:08
phone You know, let's throw out in person, just on the phone, i
00:52:12
was the only one authorized to speak to them.
00:52:13
How I got approval, i have no clues, 23 year old kid, you know
00:52:18
, fresh out of college, and I'm the one at this company that has
00:52:21
approval.
00:52:21
And I found out there was a lot of friction, you know there was
00:52:29
a friction between what the what our customer wanted and
00:52:32
what our company thought that they wanted or needed.
00:52:35
And so then there was a.
00:52:38
There was a, i guess, a dispersed effort in creating
00:52:42
things that they thought that basically the developers and my
00:52:47
executives at the company thought that the federal
00:52:50
government wanted and would need versus what the federal
00:52:54
government actually wanted.
00:52:55
And I would have to translate you know these needs into real
00:53:00
world examples of saying like Hey, this situation happened on
00:53:03
this base And because this other system failed them, they didn't
00:53:09
know where this emergency was happening.
00:53:11
They had no clue of where it was happening, and so now they
00:53:14
have to clear, you know, a thousand acres of land to
00:53:19
actually ensure that the threat is eliminated and the base is
00:53:24
secure.
00:53:24
And once you know, once you kind of find out or figure out
00:53:29
that that's a part of it that's probably 50% of what I have to
00:53:33
do The world becomes a lot easier.
00:53:35
But now it's even more difficult because now the
00:53:39
customer, the federal government , you know, is expecting,
00:53:43
they're expecting that higher level of service.
00:53:45
They're no longer expecting the friction and I'm absorbing all
00:53:48
the friction And it's.
00:53:50
It's an interesting world, for sure, because they have they
00:53:53
have some of the most unique use cases for technology that I've
00:53:57
ever seen.
00:53:57
I mean, i, i went to one facility and I had four, four
00:54:02
buildings.
00:54:02
They were all connected before very distinct structures, and so
00:54:08
I was like, okay, it's just normal, normal building.
00:54:10
You know, they got a lot of people working here, obviously.
00:54:13
So I go in and maybe the third time that I'm there it's finally
00:54:19
discussed like why there's different sections of the
00:54:22
building and why I'm locked down to one section.
00:54:26
And they said it's because they purchase entirely separate tech
00:54:32
stacks per environments of the building and they physically
00:54:35
separate it in the building And then they also, you know,
00:54:39
logically separated technology wise.
00:54:41
And so if Cisco ends up having a you know critical
00:54:46
vulnerability, they just shut off that whole side of the
00:54:49
building.
00:54:49
They shut it off and they're like okay, go home, like, do
00:54:52
something else until we patch this.
00:54:54
And then they, they fire up the whole other side of the
00:54:57
building and they just kind of switch over that traffic to
00:55:00
these other systems.
00:55:01
And I'm that completely blew my mind.
00:55:04
It still has me thinking right even to this day, because it's
00:55:08
just like where else would you ever see that?
00:55:11
You would never see that anywhere else.
00:55:12
It's so unique.
00:55:15
Speaker 2: Exactly, and so they do have unique use cases.
00:55:18
But then when you think about it, when you look, they're
00:55:20
sometimes a vanguard for what you find out in the in the
00:55:24
commercial space.
00:55:24
So something like that sounds really weird.
00:55:26
Today you know in one model, but then you start thinking
00:55:29
about, you know ITOT, separation of having operational
00:55:31
environments, that's Skated Controls separated from IT
00:55:34
controls and having that diversity.
00:55:35
Well, now something that starts to make sense in those kind of
00:55:38
unique environments.
00:55:38
You can see that oftentimes the government it may be a crazy
00:55:41
reason, they did it, but what you did there will have that
00:55:45
ability in other places.
00:55:47
Speaker 1: Yeah, absolutely.
00:55:48
Well, steve, you know we're coming up to the end of our time
00:55:51
here, unfortunately, and I mean I'll just have to have you back
00:55:55
on Like I had such a good conversation.
00:55:57
But before I let you go, how about you tell my audience you
00:56:01
know where they could find you and potentially you know if
00:56:04
there's a separate Intel federal website or something that they
00:56:07
could go to to learn more?
00:56:08
Speaker 2: Absolutely, And thank you for having me today.
00:56:10
Joe, Best place to reach me is on LinkedIn.
00:56:12
It's S O R R I N So LinkedIncom slash.
00:56:15
You know, soren?
00:56:16
And then if you want to learn more about Intel in the public
00:56:20
sector, Intelcom slash public sector, our Intelcom slash
00:56:24
federal will get you there.
00:56:26
Speaker 1: Awesome.
00:56:26
Well, thanks, Steve.
00:56:27
I really do appreciate you coming on and I hope everyone
00:56:30
listening enjoyed this episode.