Steve's Inspiring Shift from Med-School to Cybersecurity

1 00:00:00
Speaker 1: How's it going, Steve ?

00:00:00
It's really good to finally have you on the podcast.

00:00:03
I'm very excited for our conversation.

00:00:06
Speaker 2: Thank you for having me today, Joe.

00:00:09
Speaker 1: Yeah, absolutely So, steve.

00:00:11
You know, i, i, i feel like you hold a very interesting role

00:00:16
within Intel.

00:00:17
But before you know, i eagerly jump into that.

00:00:20
How about we discuss?

00:00:22
you know how you got into security?

00:00:24
What was it about IT in general ?

00:00:26
you know, that kind of piqued your interest and made you think

00:00:30
like, hey, maybe this could be a career, maybe this could be

00:00:33
something I go down right.

00:00:36
Speaker 2: Is a really interesting question there,

00:00:38
because that wasn't the original plan.

00:00:40
I was a hacker as a kid, you know, playing around with

00:00:43
computers and software and figuring how things worked and

00:00:46
how things fell apart.

00:00:47
You know, in the early days And at that time when I started,

00:00:52
you know, sort of thinking about OK, what I want to be when I

00:00:54
grow up and what focus area should I have.

00:00:56
In college I had two main loves .

00:00:58
It was, you know, computers and that kind of stuff, And then

00:01:01
biology.

00:01:01
And in 1989, when I sort of had to make a call on that, there

00:01:07
was a lot of out of work COBOL programmers And it really wasn't

00:01:09
the sexy career we know IT to be today.

00:01:12
And so I went the bio route I actually did.

00:01:14
My direction was research, biology.

00:01:16
I was going to be an MD, PhD and work in a lab And that was

00:01:20
going to be what I was going to do.

00:01:22
And after I graduated and had a year of doing some graduate

00:01:25
research, had a year off before starting med school, an

00:01:28
opportunity arose where someone had some money that they were

00:01:31
thinking of doing this startup thing in the security space.

00:01:34
They didn't know really what they wanted to do, but they knew

00:01:36
they wanted to do it And I got introduced to him and he's like

00:01:39
you know, you know this, you're a hacker guy, you know the

00:01:41
security stuff, you know you want to do this.

00:01:42
I'm like I thought you know this would be a good idea, Make

00:01:45
a little bit of money before I go to med school, because med

00:01:47
school is not cheap.

00:01:47
And so in early 95, we kicked off a startup looking at looking

00:01:55
at desktop security, And after three months I had fallen in

00:01:58
love.

00:01:58
I was all in.

00:01:59
This was an exciting time to be in security and to be in

00:02:03
technology.

00:02:03
It was right around the time.

00:02:04
Netscape was about to go public , It was early days of the

00:02:08
internet and everything was possible.

00:02:10
And so I fell headfirst into into security and into IT

00:02:16
technologies.

00:02:16
At the early stages I had some amazing mentors along the way

00:02:20
who taught me where I like to joke, I suck their brains dry of

00:02:25
all their knowledge and information on the security

00:02:27
space.

00:02:28
In this, in the cryptography space, Bruschner was one of my

00:02:31
mentors and really opened my eyes to the deeper side of the

00:02:35
cryptography side of the camp And I can, my career sort of

00:02:40
took off from there, doing multiple security startups

00:02:43
throughout the 90s and 2000s.

00:02:44
It took my parents a little bit longer to figure out that I

00:02:47
wasn't throwing my life away.

00:02:47
because what do you mean?

00:02:50
you're not going to be a doctor .

00:02:52
That took a little doing But you know, did, like I said.

00:02:56
Multiple startups helped create some new industries.

00:03:00
Web security, xml security was acquired by Intel in 2005 and

00:03:07
was going to do what most people do when they get acquired serve

00:03:09
my six month sentence and then go do another startup.

00:03:11
And the head of the division at the time came to me with a

00:03:15
proposition And she basically was going to look at sort of the

00:03:19
near term research.

00:03:21
If you think about you know, intel does the five to 10 year

00:03:23
horizon research in the lab.

00:03:24
So looking out, way out in the future, what's the next

00:03:28
generation Hardware going to look like?

00:03:29
What's quantum going to look like?

00:03:31
now is a key area, so what's coming next?

00:03:34
Well, but they saw back in 2005 was there was a gap in sort of

00:03:38
innovative research in the two to five year horizon, so sort of

00:03:41
with current hardware, hardware that's about to come out,

00:03:43
what's interesting and novel that you could do with that,

00:03:46
what new use cases are emerging now that we could take advantage

00:03:48
of.

00:03:48
And she wanted to do this cross multiple domains And she said,

00:03:52
steve, would you like to do this for cybersecurity?

00:03:56
Speaker 1: And I mean like I said I get to play like a CTO

00:03:58
with Intel's VC budget.

00:03:59
Speaker 2: I'm good with that, and so for nine years I ran

00:04:02
security pathfinding where we looked at innovative, innovative

00:04:06
cyber security use cases that can either leverage hardware to

00:04:09
be more efficient or to get better security, or to use new

00:04:12
hardware features in interesting ways to accomplish

00:04:15
cybersecurity goals.

00:04:16
And it was an exciting time And we did a lot of innovation

00:04:20
around malware detection, agent protection, being able to do

00:04:24
cloud security and virtualization security using

00:04:26
hardware as a root of trust, and that led me to really expand my

00:04:33
horizons beyond just cyber security to the broader set of

00:04:35
technologies that Intel plays in .

00:04:39
And in 2013, intel was going to focus on, put a renewed focus

00:04:43
onto the federal government from a technology domain, not just

00:04:45
from a sales or enabling domain and was going to stand up a

00:04:47
capability And I was tapped to lead the technology team for the

00:04:54
federal market, be the federal CTO for Intel, and so I jumped

00:04:57
on board with that and have been doing that now for about nine

00:04:59
years, and it really allows me to continue to do interesting,

00:05:03
innovative stuff with cybersecurity, but also now with

00:05:05
AI, with high performance computing, with cloud, with

00:05:08
everything that the federal government is challenged with

00:05:12
and that Intel and our technology and our ecosystem can

00:05:14
help support.

00:05:15
So got there through a weavey path to get to to IAM today.

00:05:20
But I think the key thing is that back in the day, just the

00:05:25
opportunity to go off and cause trouble in the security space is

00:05:29
always what keeps me interested , wow.

00:05:33
Speaker 1: I mean, there's so much to unpack there.

00:05:34
You know, going from a potential like med school

00:05:40
student to IT, specifically security, do you think that

00:05:44
there's any you know related skills that you may have gained

00:05:52
in your studies to prepare for med school, to be the doctor,

00:05:55
that are like translatable in IT ?

00:05:56
Is there any?

00:05:56
I mean, i honestly I don't know .

00:05:58
So I think that's a good thing.

00:06:00
I mean, let's look at it from a couple perspectives.

00:06:05
Speaker 2: So there's the.

00:06:05
There's one answer which has less to do with biology and more

00:06:07
to do with.

00:06:08
I'm not a CS major in my background And I think what

00:06:12
that's afforded me throughout my career is sort of two key

00:06:15
things.

00:06:15
Number one I'm not been predisposite predisposite to

00:06:21
doing something a certain way, like I haven't been trained.

00:06:22
Well, that's the only way you got to do it.

00:06:23
So it opens the door to out of the you know the art of the

00:06:26
public.

00:06:26
So it opens the door to out of the art of the possible.

00:06:31
You know you haven't been beaten into submission by your

00:06:34
professors that this is how you code, or this is how signals

00:06:36
work, or this is how data flows, and so you think differently

00:06:41
and you bring a different or more diverse perspective to

00:06:43
problem solving And or, as some of my her text user joking,

00:06:48
you're not smart enough to know that that's the wrong way to do

00:06:50
it.

00:06:50
But what's interesting is that you and I've used this

00:06:56
throughout my career of my teams , of building diverse teams from

00:06:59
various backgrounds, because really that's how you solve

00:07:01
those big carry problems is thinking outside the box.

00:07:04
And that's not just well, you've got a smart architect who

00:07:06
can think differently.

00:07:07
It's coming from different backgrounds, coming from

00:07:09
different experiences, you look at problems differently, and I

00:07:13
think for the from the bio specifically, especially on the

00:07:16
research side, but even in the diagnostic side, those that

00:07:19
problem solving, that sort of there's a challenge here.

00:07:22
We're trying to cure a disease or understand how a system works

00:07:25
, and that's a lot of the same mental processes you do when

00:07:28
you're when you're a cybersecurity person.

00:07:30
You want to see how a network falls apart or how to get in

00:07:33
through the, you know, see where the seams are.

00:07:35
It's like looking at a biological system or a disease

00:07:39
vector or how a drug works within the systems.

00:07:42
You have to understand the system and understand where it

00:07:44
breaks in the case of a disease or a cancer, and then you are so

00:07:48
looking at how is this drug going to interact with that

00:07:50
system.

00:07:50
So a lot of the same mental sort of leaps and hoops that you

00:07:54
go through are similar between those two domains.

00:07:56
There's been multiple folks that have written over the years

00:08:00
around.

00:08:00
You know, can you treat a network like biological system?

00:08:03
And I think there's been some innovative research about, you

00:08:06
know, looking at how viruses propagate through bodies versus

00:08:09
how they propagate through networks and drawing co-rollers

00:08:12
there.

00:08:12
But I think more practically it's the thought process of

00:08:16
seeing how things fail is really how good cybersecurity people

00:08:20
approach the world.

00:08:22
Speaker 1: Yeah, i, you know that makes a lot of sense And I

00:08:26
always recommend it to people because, you know, i talked to

00:08:30
some people that are more junior in their career.

00:08:32
They're trying to get into IT or security, and you know

00:08:36
they're worried about failing, they're worried about kind of

00:08:40
pressing the envelope right, and I mean I always go back to when

00:08:46
I started, right, when I accidentally dropped a database

00:08:49
of a company, of our product, of a company's, and was like, oh

00:08:54
okay, now I have to troubleshoot and figure out how to restore

00:08:58
this thing from postgres logs, and I've been on the job for six

00:09:02
months so I'm probably fired.

00:09:03
You know, like I'm already fired.

00:09:05
They're just milking me for the last bit of time.

00:09:08
You know like it's.

00:09:09
It's those times, though, that you learn the most.

00:09:13
You know, like I learned.

00:09:14
I learned so much more than postgres than I ever wanted to

00:09:18
learn, you know, and I actually find it interesting.

00:09:21
I understand the syntax now, i understand how it operates and

00:09:25
whatnot, and so I find it interesting.

00:09:27
But it's like I didn't go into that job to learn about postgres

00:09:32
or Linux or anything like that.

00:09:33
I went into it with an open mind and I learned all that I

00:09:38
could and I made a lot of mistakes along the way, and

00:09:41
that's really when you learn.

00:09:43
Speaker 2: Yeah, we.

00:09:44
The key is to fail forward.

00:09:45
It's not to let not let your failures get in your way, but

00:09:48
actually learn from them.

00:09:49
Try not to make the same mistake more than once.

00:09:52
But I, you know, if I think about my startups, you know much

00:09:56
of what we were doing was trying something and never been

00:09:58
done before.

00:09:59
And there are lots of ideas that never you know, that made

00:10:02
it into code, that never got compiled, never got into the

00:10:05
product because they just didn't work, they were inefficient,

00:10:08
they were flat out broken.

00:10:09
But you tried it and you learned from the experience And

00:10:12
really the really fun nuggets are where you did something

00:10:14
because it worked And it wasn't the reason.

00:10:16
But then later you come back and realize well, that decision

00:10:19
has actually enabled you to a whole bunch of other things.

00:10:23
One of my early startups we were looking at how to better secure

00:10:26
mainframes and be able to provide sort of end to end

00:10:29
encryption and end to end authentication From an edge

00:10:33
component, you know, from a client if you go all the way to

00:10:35
the back end using PKI.

00:10:38
And it was a challenge And we figured out some ways to do it

00:10:41
And we were using some really totally new protocols, something

00:10:44
called SOAP and WISDL and XML to help transfer the data

00:10:48
between the systems in a common format, and that was because it

00:10:51
was efficient, it was easy, fast forward.

00:10:53
You know, a year later and we're working with our customers

00:10:56
and they're having trouble getting data off those systems

00:10:59
And they want to be able to do it in a more web friendly kind

00:11:02
of way And like well, we already have a SOAP server running

00:11:05
there.

00:11:05
We actually have already accomplished that goal.

00:11:07
It takes a little bit of coding on the back end to automate a

00:11:11
couple of the clicks And we actually were able to provide a

00:11:14
wholly new solution to be able to do, you know, sort of getting

00:11:17
at data that was already on the mainframe, because we'd already

00:11:19
created that tunnel For a completely different use.

00:11:20
And that's where sometimes your mistakes or your interesting

00:11:26
tries actually come back to pay you in dividends much later on.

00:11:32
Speaker 1: Yeah, that's a really good point.

00:11:33
You know, in my career I've had the fortunate or unfortunate

00:11:38
opportunity to run into the most random issues with basically

00:11:41
every product I touch, stuff that just boggles the developers

00:11:45
that created it, right.

00:11:47
But I learned early on always take notes, right, take notes on

00:11:53
every single thing, and later on, you know, nine times out of

00:11:58
the 10, it actually, you know, helps me, because I may not have

00:12:02
the best memory right, like I can't recall, things that I

00:12:05
don't take an effort to, i don't know kind of like solidify in

00:12:10
my mind somehow, and writing it down always solidifies it for me

00:12:14
, so it's easier for me to recall.

00:12:15
And so you know, after I would go through an issue, there'd be

00:12:20
like an after action report and I have to I have to, you know,

00:12:23
go through and describe exactly what I did, why I did it, what

00:12:29
the outcome was, and I had the best troubleshooting guides out

00:12:32
of everyone at the company eventually, and eventually

00:12:35
everyone just used mine because it was so much better than even,

00:12:38
like, the developers troubleshooting guide You know

00:12:41
you talked about, you know, early on in your career when

00:12:47
really the industry was just getting started.

00:12:51
So that sounds like an extremely exciting time to me, and also I

00:12:58
mean more exciting, a little bit of a nervous time, i guess.

00:13:03
right, because you may not know what will succeed and what will

00:13:05
blow up.

00:13:06
You know, and did you feel like at that time that you could

00:13:10
basically, just, you know, throw a stone and hit water?

00:13:13
and now you're, you know, in a successful startup that you

00:13:17
created, you know, two weeks ago or something like that?

00:13:19
like, was it that kind of environment or is it different?

00:13:24
Speaker 2: So it's interesting that we look at it back now and

00:13:28
say, oh, some of those things were so easy.

00:13:30
And I joke that our my second startup.

00:13:35
I had the idea on an international plane ride.

00:13:37
I was coming back from an overseas trip And you know when

00:13:42
you're stuck in a seat and this is the early days.

00:13:44
You didn't have the ability to have a laptop on a plane back

00:13:47
then And you know, all you can do is think.

00:13:50
And so I had this interesting idea.

00:13:51
I landed, i called my mentor, i called one of my partners and I

00:13:55
said, hey, i've got this idea.

00:13:56
What do you think?

00:13:57
And from the point of having that idea and jotting it down,

00:14:01
jet lagged in my you know, at my home to having money in the

00:14:06
bank and are off to the races was two months.

00:14:09
I mean literally from idea to funding was two months.

00:14:12
That was the beauty of the 90s.

00:14:14
So it was a lot easier And all we had, you know, i did it with

00:14:17
like two pieces of paper and a set of bios And that was all

00:14:19
it's got.

00:14:21
Now it takes a lot to go from that initial seed round to

00:14:24
actually executing a product and getting it into market, but I

00:14:28
think one of the things that was interesting about the early

00:14:32
days different from now is that you didn't have as much noise.

00:14:35
You know it was a smaller industry.

00:14:37
There weren't you know when you would come out with an idea.

00:14:40
That was maybe one or two competitors.

00:14:42
If you start to get real successful, you could get to

00:14:45
five competitors.

00:14:46
Now there's like a thousand people doing all the same thing

00:14:48
you're doing.

00:14:49
So it was it's.

00:14:50
Back then it was much easier to get your message out.

00:14:52
The flip side problem is that you had a high barrier in it in

00:14:57
the CIO or the precursor, you know, the director of

00:15:00
architecture, because they didn't have a CIO back then

00:15:02
Oftentimes to convince them they needed your technology.

00:15:05
It was a lot less understanding of the cyber threat or of what

00:15:09
the technology was going to do to the architecture, And so we

00:15:12
had a lot more education we had to do about the problems to

00:15:15
convince them that they needed our widget or the jure that was

00:15:18
going to solve their big problems that they didn't know

00:15:19
they had yet.

00:15:20
So it was a balance of we had to convince people that there

00:15:24
was a problem.

00:15:25
We knew there was, but at the same time I didn't have to.

00:15:28
You know, try to separate what I was doing for 50 other things

00:15:31
that were sounded like they were doing the same way.

00:15:32
So there was a balance there.

00:15:34
I do remember some funny stories about early conversations on

00:15:38
cybersecurity with VCs because while IT people could basically

00:15:43
understand the idea of firewalling and authentication

00:15:45
and some of the cybersecurity principles, unless that VC had

00:15:48
already invested in a security company, they were completely

00:15:51
unaware of what that meant.

00:15:52
And it just I remember there was one VC didn't want to give

00:15:56
me his business card because you'd heard I had done hacking

00:15:58
as a kid And like that made him scared of me.

00:16:00
And I'm like I'm totally not threatening, it's just something

00:16:04
you know.

00:16:05
The lot of education and what we did back then is we went with

00:16:08
very visual demos.

00:16:09
So and it's something I still hold on to today that people do

00:16:13
better when you show them a visualization of what's going on

00:16:16
.

00:16:16
A lot of demos today where you see a little peak in the poor

00:16:19
man's benchmark and like, yes, look, we can do this and we can

00:16:21
do it 20 times faster.

00:16:22
It doesn't tell me what you're doing, it just tells me you're

00:16:24
doing it faster.

00:16:25
Or we can, you know, spin up a thousand nodes, but what do you

00:16:29
actually see, see a blinking light on a screen.

00:16:31
I find that for the end customer, when you can sort of

00:16:34
make it tangible for them what does it mean to me?

00:16:36
and show them, and so we would actually lug around demos

00:16:39
showing you know, here's the attack, here's our thing,

00:16:41
detecting it or here's our thing , blocking the actual attack.

00:16:44
Making it real is really what it would have helped in those

00:16:47
early days, because they didn't have the understanding or they

00:16:51
didn't know that they had that problem.

00:16:52
And there were great examples where we had one of my startups,

00:16:56
a symptom.

00:16:57
We had built a.

00:16:58
We had an application firewall, one of the very first web

00:17:01
application firewalls.

00:17:02
We built a scanning tool to basically show that you had

00:17:05
vulnerabilities.

00:17:06
That's why you needed the firewall.

00:17:07
So we created a little tool that would scan your website and

00:17:10
identify all the little places where you had cross-site

00:17:12
scripting and SQL injection and actually could demonstrate it

00:17:15
for you to prove that you really did need that application

00:17:18
firewall.

00:17:18
What would happen over the course of that company is the

00:17:21
interesting thing.

00:17:22
That scanning tool became the most valuable asset.

00:17:24
The firewall was important, but it actually wasn't the thing

00:17:28
that blew up.

00:17:28
The scanning tool became the powerful tool because it allowed

00:17:32
auditors to show their internal business units.

00:17:34
You've got these issues and I can prove it.

00:17:36
It allowed the quality people that beat up on the developer

00:17:39
the developers be able to fix it because they can identify it.

00:17:41
So that was the game changer was having something that could

00:17:45
show the problem, and then the thing that actually fixed the

00:17:48
problem became almost less of an importance, even though we know

00:17:51
in security it's equally important.

00:17:52
But it wasn't the visual ah-ha, i have that problem.

00:17:57
Speaker 1: Huh, that's really interesting, going from a place

00:18:01
that you're trying to sell one thing and this minor tool that

00:18:07
probably took someone like what two hours to code or something

00:18:10
like that.

00:18:10
I mean, that's not extraordinarily difficult to do.

00:18:14
I'm a pretty poor coder, but I can probably clump that together

00:18:19
.

00:18:19
That is very interesting.

00:18:23
Yeah, i will say that scanning web apps.

00:18:27
Speaker 2: Back in those days, though, you think it was easy,

00:18:29
but we have to remember how completely horrible web

00:18:31
programming was back then and how everyone made it So having

00:18:35
something that could crawl without crashing actually took

00:18:37
some real coding.

00:18:38
The first tool took a couple of minutes, but back then the crazy

00:18:42
stuff you'd see people do in HTML like that.

00:18:44
it was wild west in the early 2000s, so I will say that it

00:18:48
took some good engineering to build that, to be a quality

00:18:51
scalper.

00:18:51
But yeah, the tool originally was a side project by one of our

00:18:55
chief architects.

00:18:57
Speaker 1: That's really interesting.

00:18:59
I guess I've been so removed from the early 2000s that I mean

00:19:04
I never noticed it.

00:19:05
I guess I wasn't thinking I was going to go into IT in the

00:19:11
early 2000s.

00:19:12
I was more preoccupied with playing with my other friends in

00:19:16
fifth grade and whatnot.

00:19:18
You talked about that.

00:19:23
You were on the plane, you wrote down this idea and you

00:19:26
called up your mentors.

00:19:27
So how did you find mentors?

00:19:30
How did you even just identify the mentors in your life that

00:19:36
you would be able to bounce ideas off of and trust and gain

00:19:40
their respect and whatnot?

00:19:41
That's maybe the biggest question that I get the most

00:19:45
often.

00:19:46
That is difficult to answer because there's so many

00:19:49
different avenues to doing it.

00:19:50
But actually doing it is the hard part.

00:19:55
Speaker 2: So I would say that I wish there was a one shot

00:19:58
approach of here's how you get good mentors.

00:20:00
I can tell you a couple of ways I came to the people that I

00:20:03
treat as my mentor.

00:20:03
So in the case of my early mentors, like Bruce Schneier, he

00:20:07
had written the Bible, applied cryptography and, on the advice

00:20:12
of one of my business partners, he said well, why don't you

00:20:14
reach out to him and see if he's willing to answer some

00:20:17
questions?

00:20:17
And so I did.

00:20:19
I emailed him and I said, hey, bruce, i have some of these

00:20:21
ideas.

00:20:22
I loved reading your book, would like to talk to you more.

00:20:24
And he responded and we became friends and he came on, went on

00:20:31
to help mentor me across two of my companies and is still a

00:20:34
valuable friend and colleague, and some of it is just taking

00:20:39
the gumption and reaching out and not being there to say, oh,

00:20:42
i love your stuff, you're awesome, but really to ask

00:20:44
intelligent questions, because the smart people like to be

00:20:49
query, like to answer smart questions, like to be challenged

00:20:51
, like to have problems with, sink their teeth into as well,

00:20:55
and so being able to reach out to people that you're looking

00:20:58
for mentorship from and treat them like they're not up on a

00:21:01
pedestal, they put on their pants the same way we do every

00:21:05
morning.

00:21:06
But they are.

00:21:07
They really are smart people And I live by.

00:21:11
Surround yourself with people smarter than yourself and listen

00:21:13
.

00:21:13
So one is definitely being proactive.

00:21:17
Reach out also, leverage the network.

00:21:19
So being able to from from from Bruce, being able to reach out

00:21:23
and understand and talk to his peers and hear from them, and

00:21:26
you know, and create relationships And it's a lot of

00:21:28
it is the soft skill of creating relationships.

00:21:31
And then the others.

00:21:33
The other side of the mentor is is, i would say, two things.

00:21:35
One, as you're going through your career, there will be

00:21:37
bosses, or oftentimes you know, bosses of bosses that you will

00:21:40
interact with.

00:21:41
Build relationships with those people, because the people got

00:21:44
into those positions because they knew what they were doing

00:21:47
And they're, they are looking to , just like we are.

00:21:49
You know, i am in other senior leaders to mentor the next

00:21:51
generation.

00:21:52
And so, again, as you interact with people within your own

00:21:55
company, you know, reach out to the, to the senior leadership,

00:21:59
get on their radar, create your relationship, have asked them to

00:22:03
mentor you and you'll find, more often than not, they're

00:22:05
more than happy to do so.

00:22:06
And then the last piece of advice is go, you know, think

00:22:10
outside the box on your mentors.

00:22:12
I have probably too many cybersecurity mentors over the

00:22:15
years, or people I would go to who are the super Uber smart

00:22:18
cybersecurity experts in their domains, but the mentors that

00:22:21
have also been a key factor have been the business people,

00:22:24
salespeople, marketing experts that I, that I, you know, that

00:22:28
make me a better, more rounded person in my career.

00:22:32
You can be an absolute, unbelievable top security

00:22:35
architect, but what makes you a successful startup or successful

00:22:39
business person, a successful executive, is having that more

00:22:42
round, rounded focus and people in my life.

00:22:45
You know my VP of marketing at Sanctum, diane Freeman, has been

00:22:48
a key mentor for me through, you know, long beyond the

00:22:51
company after after we exited Sanctum.

00:22:54
And again, a marketing person I mean just an exquisitely smart

00:22:58
marketing person and knows how to communicate whether it be

00:23:02
technologies or our interesting ideas to different audiences.

00:23:06
And that ability to learn how to communicate and also how to

00:23:09
you know to give talks in a consistent way, how to tell

00:23:13
stories, and she's helped me considerably to be a better or

00:23:18
more effective person in my career by understanding those

00:23:21
tenants, and so it's the diversity of mentors is equally

00:23:24
important to having really good mentors within your domain,

00:23:27
because ultimately, those soft skills are how we are successful

00:23:30
.

00:23:30
Longterm VCs aren't going to, you know.

00:23:33
Don't invest in technologies, they invest in people.

00:23:38
And so they want to know, are you going to be successful?

00:23:40
with whatever weird widget you're coming up with, they only

00:23:43
extend a little bit of they're looking at.

00:23:44
Are you the kind of person that can be successful?

00:23:49
Speaker 1: Yeah, i think Warren Buffett talks about that a lot

00:23:53
is how you know he doesn't.

00:23:56
He looks at the company overall, but the deciding factor is

00:23:59
actually the leadership of the company And if he thinks that

00:24:03
they'll be able to be successful , if they'll, you know, still

00:24:06
work his heart after they after you know he gives them this

00:24:09
money and will they still strive for the same greatness.

00:24:14
You know, like even it's interesting.

00:24:17
You know where life takes you and what skills you learn along

00:24:20
the way, like even just with this podcast, i've had to learn

00:24:24
so much more about marketing and conversation skills and soft

00:24:28
skills And I ever thought, going into it, that I would need to

00:24:33
know.

00:24:33
You know, i I don't know why I didn't think that I would need

00:24:37
to know how to market my podcast , but I do, you know, and now

00:24:43
I'm learning right, and it's something not related to IT at

00:24:46
all, but I'm figuring out how to , you know, get new interesting

00:24:51
guests on like yourself that add value to the podcast and add

00:24:55
value to my audience, which it's been an interesting ride.

00:25:00
You know you never know where something is going to take you

00:25:02
until you go down that road.

00:25:04
Speaker 2: Absolutely.

00:25:04
And then how does that, how does that skill you've learned

00:25:07
for your podcast now translate into you, into, you know,

00:25:10
potentially, i'll say, a day job in IT?

00:25:11
better communications with management across business units

00:25:15
can get view the need.

00:25:17
I mean, one of the really cool use cases I've heard is CISOs

00:25:21
that you know, that.

00:25:22
You know we learned how to better market and communicate or

00:25:25
took training.

00:25:26
We actually went out and was proactive, took training on it

00:25:29
communicate better to the board and to the executive team.

00:25:32
And what that really boils down to is when they're trying to

00:25:34
describe a risk or threat that they need to mitigate.

00:25:36
If you just come in and say, oh , we're going to get attacked

00:25:38
and it's this kind of risk, you're going right over their

00:25:41
heads.

00:25:41
But when they could communicate quickly what they find and the

00:25:44
numbers bear this out, they get better.

00:25:46
You know more and more sustained budget because they're

00:25:50
communicated in a term that the board understands.

00:25:52
It's around business risk, about brand risk.

00:25:54
It's about being able to do things.

00:25:56
You know cost efficiencies that will pay it over time.

00:25:59
It's a different language than I've got 12 new.

00:26:02
You know 12 new data breaches that may be happening.

00:26:05
I've stopped 16 non-petschas on the door.

00:26:07
Like that, information doesn't communicate to a board, and so

00:26:10
those soft skills actually help their day job and actually makes

00:26:14
them more successful in getting bigger pieces of the budget or

00:26:17
making sure they're sustained, funding things along those lines

00:26:19
that are actually crucial to the CISO's job.

00:26:24
Speaker 1: Yeah, it's an overlooked skill that when I was

00:26:28
getting into security, you know , i never even thought about

00:26:30
that right.

00:26:30
And then you have that one right CISO that you know is a

00:26:35
little bit more open than most other CISOs because they want to

00:26:40
like kind of foster that development, which is always

00:26:44
very much appreciated, and they start, you know, kind of showing

00:26:48
you the soft skills, they show you how to do it and they demand

00:26:52
it in the meetings that you're in with them.

00:26:54
If you're presenting something, you know this is how you should

00:26:57
be presenting to executives.

00:26:59
This is the template that you use.

00:27:00
This is, you know, the mentality that you have to have

00:27:03
with it.

00:27:03
It's something totally different that is not taught,

00:27:07
you know, with a technical skillset or anything like that.

00:27:10
It's more of, i mean, i view it more as hands on right, like I

00:27:13
need to put a boardroom to sleep before I know how to entertain

00:27:16
one.

00:27:16
That's at least my mentality with it.

00:27:19
Okay, so you've had a fantastic you know career and whatnot.

00:27:24
Let's fast forward a little bit to Intel.

00:27:26
So Intel, you know, obviously one of the largest companies in

00:27:30
the world.

00:27:30
I am sure that Intel has its own unique challenges with just

00:27:37
merely being that size, you know , with just having the market

00:27:42
space even that it has, you know it seems to be extremely

00:27:46
competitive.

00:27:46
and you know I'll be full disclosure here.

00:27:50
I think I've only I've only bought Intel CPUs right.

00:27:55
I built computers but I don't, like, i don't, dive into the

00:27:59
nitty gritty of these CPUs.

00:28:01
I watch Linus Tech Tips, i see what's going on there and he'll

00:28:05
tell me which Intel CPU to buy right And I just go buy it like

00:28:09
every three to five years and I build my computer.

00:28:11
But really the space is so much more competitive than that

00:28:17
because you have AMD and they're doing performance potentially

00:28:21
in a different way And Intel is focusing on performance in a

00:28:24
different way from that and they're marketing and gearing

00:28:27
their products slightly differently.

00:28:29
but it has to cover a broad range of of spaces.

00:28:32
You know, when you got acquired by Intel and you were

00:28:38
considering staying on, what were you?

00:28:41
what were you thinking through at that time?

00:28:43
What were the areas that you were thinking through of if you

00:28:47
wanted to stay on and whatnot.

00:28:51
Speaker 2: So you asked a really good question about what was

00:28:53
the opportunity, and I have to tell you, like, coming from the

00:28:56
software security space, intel was not the place I thought I

00:28:59
was going to end up.

00:28:59
You know it's a hardware company.

00:29:01
What do they know about?

00:29:01
you know software security, but then once you got on, you know

00:29:05
behind the curtain, if you will, and you looked at it.

00:29:07
one of the things that I thought was interesting and it's

00:29:10
even more so today is that even though Intel is known for the

00:29:14
chips and where you have chips, you know when it says Intel

00:29:15
inside, we are inside everything from the laptops to the network

00:29:18
, to the cloud, to the H5, performance computing and

00:29:20
everything in between.

00:29:21
There's a lot of software that runs on top of those chips

00:29:24
that's developed by or enabled by Intel.

00:29:26
Commercial software and open source software that runs on

00:29:30
Intel runs best when code that Intel developed is delivered to

00:29:34
those companies or into those ecosystems, and so we produce a

00:29:37
lot of software, and so when it comes to security capabilities

00:29:40
that are in the hardware, we do a lot of that enabling we

00:29:42
actually build a lot of the connectors for securing

00:29:46
commercial and open source software running on Intel

00:29:48
platforms.

00:29:48
So what I found was there was a lot of interesting

00:29:51
opportunities to be able to leverage security in a novel way

00:29:55
.

00:29:55
And I think you know, looking back on one of the very first

00:29:59
projects I worked on at Intel after the acquisition and I'll

00:30:04
give you a comparison So Sanctum , which was probably one of my

00:30:06
most successful startups, we had half of Fortune 5, of the

00:30:10
Fortune 1000 companies using our product, which is a big success

00:30:13
.

00:30:13
That's a key indicator Half of Fortune 1000 and mid 2000 using

00:30:17
your products at scale.

00:30:20
The first technology I worked on at Intel went to 40 million

00:30:23
PCs.

00:30:24
I mean, at the end of the day, it was the impact you can have

00:30:30
in a large company.

00:30:31
Now, in any large company there's bureaucracy and process

00:30:35
and procedures that you don't typically find in a nimble

00:30:38
startup.

00:30:38
but the scale and impact, the ability to affect actually the

00:30:42
day-to-day lives of the populace or to make businesses

00:30:46
successful, that was one of the things that kept me.

00:30:48
that's kept me at Intel even to this day the scale and impact

00:30:51
you can have by doing the thing you do with that specialty area

00:30:55
and where it ends up, because you are supporting millions and

00:30:58
millions of PCs, servers, clouds , all running on Intel.

00:31:03
I think that you talk about the highly competitive environment.

00:31:06
One of the things that makes Intel somewhat unique in the

00:31:08
hardware space is that, unlike some of the competitors and I'll

00:31:11
pick on, let's say, the GPU market they just do GPUs.

00:31:14
They're really good at certain aspects of GPU.

00:31:16
They're looking at that kind of workload across every step,

00:31:21
from the client to the cloud and everywhere between.

00:31:22
Sometimes a GPU, like our max GPUs, is the right answer.

00:31:26
Sometimes it's not, and you don't have to force fit it into

00:31:29
a GPU to make it work.

00:31:30
there You can provide different hardware architectures.

00:31:34
maybe an FPGA, maybe an accelerator would be the right

00:31:38
choice.

00:31:39
When I look at Intel and how we approach the problem, we look at

00:31:42
it more holistically and you can look across a heterogeneous

00:31:46
architecture of capabilities.

00:31:47
From a security person's perspective, there's a lot of

00:31:51
opportunity to innovate in a variety of areas.

00:31:53
Am I solving a problem of an embedded system that's a skate

00:31:57
of control on a factory floor which is its own set of OT

00:32:01
problems, or am I looking at something that how do I protect

00:32:05
secure transactions at scale for high-speed trading?

00:32:07
These are the kinds of questions that you ask when you

00:32:11
work at a company in it, because our stuff is in both of those

00:32:13
kinds of systems.

00:32:14
I think one of the things that makes Intel somewhat interesting

00:32:17
from even other big players in the market whether you're a

00:32:20
cloud provider or an operating system vendor or even OEMs is

00:32:24
that, other than, like you said, some of the hardware vendors,

00:32:26
we're really not competing with our channel.

00:32:29
At the end of the day, when I talk to a customer and I talk

00:32:32
about what their problems are, i'm agnostic to what OEM they go

00:32:36
with.

00:32:36
I'm agnostic to what cloud provider they end up choosing.

00:32:39
Some will be more advanced than others, but at the end of the

00:32:42
day, they're all running on Intel.

00:32:44
My job is not to push one or the other.

00:32:46
How can I help you in customer In my case now the federal

00:32:50
government how can I make you more efficient?

00:32:52
How can I secure your data better with the technologies

00:32:56
that are at our disposal through the channel?

00:32:58
It provides a much more interesting conversation that I

00:33:02
find thinking back to my old days and startups, where I had

00:33:05
really good relationships with CIOs and CISOs but at the end of

00:33:08
the day, i was still trying to sell my software package.

00:33:12
Now I have these kind of relationships with the CISOs and

00:33:15
I'm not trying to really sell them anything.

00:33:17
I want them to remember that Intel was there, but they're

00:33:20
going to buy their stuff from whichever vendor is their vendor

00:33:24
of choice.

00:33:24
It's a much different kind of conversation, which I find

00:33:27
fascinating.

00:33:28
Speaker 1: Wow, that is.

00:33:31
I mean.

00:33:32
Once again, there's a lot to unpack there.

00:33:34
It's also very interesting, i found, when you said that

00:33:42
they're not necessarily at least Intel is not necessarily

00:33:46
competing with other competitors in the space.

00:33:49
They have their own space, they have their own designated

00:33:55
purpose that fits millions of devices.

00:33:58
As a security professional, i just come from the mentality of

00:34:07
I want my work to mean something .

00:34:09
I want my work to have an impact on someone.

00:34:11
I guess that may sound like I don't know self-serving or

00:34:16
something like that, but that's just my mentality.

00:34:20
I want it to mean something.

00:34:22
That must have been a very eye-opening situation When you

00:34:30
created that thing and now, all of a sudden it's in 40 million

00:34:34
devices all over the planet, protecting them in different

00:34:38
ways, that these people probably never even thought of.

00:34:41
Speaker 2: It is.

00:34:41
Again, it goes to what you were talking about.

00:34:44
From a cybersecurity professional, whatever area of

00:34:47
cybersecurity in, i look at it as sort of two things that drive

00:34:50
us as security people.

00:34:52
Number one give me a hard challenge.

00:34:54
I like to get my teeth into hard challenges, whether it's

00:34:57
how to hack a system, how to protect a system from a hack,

00:34:59
how to solve a problem.

00:35:01
We're all problem solvers.

00:35:02
We want to present it with a unique hard challenge that we

00:35:05
can go solve.

00:35:06
We're problem solvers.

00:35:09
The other part is you want your work to matter.

00:35:11
You want there to be an outcome , whether that outcome is you've

00:35:14
protected a whole industry or, if you're on the offensive side,

00:35:18
you discovered the next big hack that everyone's talking

00:35:21
about.

00:35:21
You got a new item that shows up in the Wasp Top 10.

00:35:25
For that.

00:35:26
You want to have an impact so that you know the work you're

00:35:29
doing matters.

00:35:29
I think those two things are some of the key drivers.

00:35:32
You look at cybersecurity professionals, whether in IT or

00:35:34
in the vendor space, or in academic research or other kinds

00:35:38
of areas.

00:35:38
It's those two things.

00:35:40
Go give me a hard, juicy problem and let me know that it

00:35:43
makes a difference to whatever their constituency that I'm

00:35:47
targeting.

00:35:47
That's what drives a lot of IT people.

00:35:50
When you look inside corporate IT, especially in IT security,

00:35:55
good CISOs help their organization understand why it

00:35:59
matters.

00:35:59
A lot of times people, if you're doing firewall

00:36:02
administration, it can feel like I see blinking lights every day

00:36:05
.

00:36:05
I'm updating a rule here.

00:36:07
Why does it matter?

00:36:08
What I find is really good CIS organizations communicate down,

00:36:13
not just up, that same dashboard .

00:36:15
They're showing the board about how good they are.

00:36:17
This week, the team that actually helped build it number

00:36:20
one sees the same dashboard.

00:36:21
More importantly, oftentimes they get brought along to the

00:36:24
board to see the outcome.

00:36:26
When you present here.

00:36:29
Here's how many active exploits we blocked today.

00:36:32
Here's the team that did it.

00:36:33
That's how you connected us.

00:36:35
Even inside corporate America, where you're trying to, your day

00:36:39
job is to keep the systems running and keep the bad guys

00:36:43
out.

00:36:43
Sure to the folks that it matters to helps them realize

00:36:47
the impact.

00:36:48
I think that really good CISOs recognize that they need to

00:36:53
highlight the teams and communicate in both directions

00:36:56
Because, exactly like I said, it needs to matter, because that's

00:36:59
what gets us up in the morning.

00:37:02
Speaker 1: Right.

00:37:02
I think some of what you discuss, or what we discussed

00:37:08
throughout this entire conversation, is thought

00:37:10
leadership and how that can really shift an organization,

00:37:16
shift your mindset and work for you or against you.

00:37:21
I guess Can we talk a little bit about what thought

00:37:25
leadership is and how it can impact and really drive your

00:37:30
career in a positive way, because I feel like that is a

00:37:34
underrated skill, almost as someone that is not in senior

00:37:39
management or anything like that , you're still an individual

00:37:44
contributor.

00:37:45
How do you get to that next level?

00:37:48
How do you get the skill sets?

00:37:50
I think a part of that is thought leadership being able to

00:37:53
form these revolutionary ideas or even just simple ideas of

00:37:59
what to change, how to change it and leading people through it.

00:38:03
Can we talk a little bit about that?

00:38:05
Speaker 2: Absolutely.

00:38:06
Thought leadership can come in a variety of forms.

00:38:08
Looking for opportunities to provide thought leadership Again

00:38:13
, some of it's going to depend on the organization.

00:38:14
Some of the organizations are okay with people presenting

00:38:17
papers at conferences.

00:38:18
Others aren't.

00:38:20
Depending on where you are and what you're doing, there are

00:38:23
lots of different kinds of opportunities for thought

00:38:24
leadership.

00:38:25
One easy way is most companies have what they call brown bag

00:38:29
sessions or training sessions.

00:38:32
Trying to speak to be the person who talks about the security

00:38:37
topic to Jura, or be the one to say hey, what's this large

00:38:40
language model thing everyone's talking about, talking about it

00:38:43
even within the organization.

00:38:45
Then you become the go-to person that they say they knew

00:38:48
what they were talking about.

00:38:49
I want to go to them for more information.

00:38:50
You're building micro thought leadership in the company.

00:38:53
The first step is just going out and doing it, having an

00:38:58
opportunity to talk, having something to say.

00:39:01
And again, you don't have to be the absolute expert in

00:39:05
something to start talking about it.

00:39:07
You need to be conversing in it .

00:39:09
Your job isn't to be the number one guru on the planet in that

00:39:12
particular area.

00:39:13
Your job is to help educate the rest of your team or an

00:39:16
audience on something they may not be as familiar with A

00:39:20
thought leader isn't about being the guru.

00:39:21
The thought leader is being an educator.

00:39:23
Not really an educator is a thought leader.

00:39:26
When you do that, it gives you the opportunity to push the

00:39:32
conversation.

00:39:33
So let's say you're giving a training or giving a brown bag

00:39:37
on a particular topic.

00:39:38
It is also the opportunity for you to put out there hey, i have

00:39:41
these really interesting ideas about how we use language

00:39:43
language models to maybe optimize IT processes.

00:39:46
Now that gives you a forum to start to push the boundaries And

00:39:49
so finding opportunities to get your message out there.

00:39:52
But it starts with A going off and giving the talk and having a

00:39:57
message And it takes work.

00:39:59
It's not something that happens by accident, but you'll find

00:40:01
there's lots of opportunities to do.

00:40:04
I was one of the things that I was doing recently.

00:40:06
I was looking for to help some of the company customers

00:40:09
understand how the semiconductor process works.

00:40:11
I was looking at some of our trainings that we have for our

00:40:14
own employees.

00:40:14
What I found was interesting is there was one name that kept

00:40:17
showing up on a variety of these early sort of one-to-one level

00:40:20
trainings, and so I reached out to the guy and I said are you

00:40:23
still doing trainings, like, yeah, they bring me out every

00:40:25
once in a while to go train whole new developers and

00:40:28
partners that are trying to learn about our processes.

00:40:30
So, even though his day job is building SOCs or whatever he's

00:40:34
doing, he's still the thought leader for how to train people

00:40:39
on sort of the manufacturing process, and so he's become the

00:40:42
SME just because he has the content out there and you can go

00:40:45
to it and you can see it, and so there's a lot of

00:40:48
opportunities to do thought leadership If you do work in an

00:40:50
environment where they're okay with you publishing papers.

00:40:52
Go speak at conferences, join associations and go to their

00:40:57
events and then become a speaker .

00:40:59
Today there's a lot of organizations you can remember,

00:41:02
but some good ones for cybersecurity, like SANS, isaca,

00:41:06
on the audit side of the camp, there's a variety of these

00:41:09
organizations.

00:41:10
They hold regular conferences.

00:41:11
They do call for papers, go off and speak.

00:41:13
One of the environments that I think is really fascinating is

00:41:19
there's conferences now, like a conference for defense and a

00:41:23
couple others, where there's a whole track called like the

00:41:25
Practitioner's Track and it's a track of IT professionals for IT

00:41:30
professionals, and they're not there to talk.

00:41:32
You are not allowed to talk about a hack that you came up

00:41:34
with.

00:41:34
It's not about the cool hack that you're, it's you're coming

00:41:38
in and say here are the best practices that we found worked.

00:41:40
And it could be something like how do I scale identity

00:41:43
management to remote workers?

00:41:44
Or how did I deploy a secure microservice?

00:41:48
What did you do in your environment and help train your

00:41:51
peers so everyone gets better at it?

00:41:54
And so what is your motivation?

00:41:55
sharing That thought leadership is about your day job.

00:41:57
It's not you have to come up with some exquisite new idea.

00:42:00
It's sharing of best practices and that thought.

00:42:02
Those conferences foster that kind of thought leadership.

00:42:05
So I guess the answer to your question is get out there and

00:42:08
start speaking, find opportunities to get your

00:42:11
message out there, record a podcast, put out a paper into an

00:42:16
article, speak at conferences, attend conferences and talk to

00:42:21
people, and then do it both externally and internally.

00:42:25
I mean, i can't stress enough Internal thought leadership is

00:42:28
almost as important, if not more important, than external

00:42:30
thought leadership, because external thought leadership,

00:42:33
like brand management, is about increasing your brand for you or

00:42:35
your company, but internal is how you advance your career, get

00:42:38
on the radars of a more diverse set and more senior folks by

00:42:42
being the one that they go to for information.

00:42:47
Speaker 1: Yeah, that's a very good point.

00:42:49
Something that I recently learned was you don't have to be

00:42:55
the world's foremost expert in a topic to discuss it.

00:42:59
You really just need to be able to captivate an audience.

00:43:01
I always thought that I would have to be I don't know 10

00:43:08
levels above.

00:43:09
Where I am, no one's going to listen to me because I'm not

00:43:12
coding Intel CPUs, i'm not breaking into their protected

00:43:16
memory and whatnot, like I'm not doing those things.

00:43:20
And I went to this talk at Defcon a couple years ago and

00:43:23
this guy was talking about how he was reverse engineering Intel

00:43:27
CPUs and breaking into the secured memory and stuff, and I

00:43:32
mean 95% of what he said just went right over my head.

00:43:37
I mean it's like my God.

00:43:41
I was more captivated by the way that he was able to engage

00:43:46
us in a way that was interesting .

00:43:48
It made me wonder what was coming next, what his purpose

00:43:52
was behind it and everything like that.

00:43:54
And I feel like too often as individuals, we get too much in

00:44:00
our head and we think, oh, i'm not ready for that, i'm not

00:44:04
smart enough for that, i don't know enough for that, it's going

00:44:07
to take me 10 years to get there, when every single time

00:44:11
that I have thought that I was wrong Every single time that I

00:44:16
thought that I'll tell you what this podcast I sort of started a

00:44:21
year before I actually did.

00:44:23
I thought about it for a whole year.

00:44:25
I tried to plan it all out, kind of think it through in my

00:44:29
head.

00:44:29
I couldn't think of a logo at all.

00:44:31
Actually, there's a reason why my logo changed a year in is

00:44:35
because, like, oh okay, that's what I want.

00:44:36
There's so many different facets to it, but I was already

00:44:44
in the place where I should have been having a podcast.

00:44:47
It would have probably propelled my career forward with

00:44:51
having that thought leadership space.

00:44:54
Because now I get interesting opportunities based on just my

00:44:59
ideas, because I'll have an interesting guest like yourself.

00:45:02
Come on and we'll just talk about different aspects and I'll

00:45:06
talk about how I think and how you think and how you think

00:45:10
through problems and how I do.

00:45:11
And that gives these other executives and whatnot the

00:45:16
chance to hear about me or kind of inadvertently interview me

00:45:22
without interviewing me.

00:45:23
And I have the job before I even interview.

00:45:27
It's like a side phone call.

00:45:29
It's like, hey, do you want this or do you not?

00:45:31
Which is something I never thought of.

00:45:34
I never thought that that would happen.

00:45:35
I never thought that that would come from this podcast.

00:45:37
I figured, if I have 10 downloads a month, man, i'm

00:45:42
cooking.

00:45:42
And then I hit that almost immediately.

00:45:46
It just blew me away.

00:45:48
It's like, man, i should have been doing this a year ago.

00:45:52
Speaker 2: People are looking for good information.

00:45:53
And I think one other thing I've been very stick lab out

00:45:57
throughout my career and a lot of good speakers are Like I said

00:46:00
, you don't have to be the guru.

00:46:01
You stand on the shoulders of others, give credit.

00:46:06
So when I quote, when I show a vulnerability or an attack or a

00:46:09
defensive measure, i absolutely make sure you quote the people

00:46:13
that you're leveraging and that you're using, and so it's about

00:46:16
some of it is about making sure you give the proper assertion at

00:46:20
the station to those that you are borrowing from or that

00:46:22
you're leveraging, but also it's about creating that community.

00:46:26
You find that if I'm quoting his work, he's quoting my work

00:46:29
and you start to see yours, and again, it helps build that

00:46:32
thought leadership.

00:46:32
But it's the right way to go about it, because if you've got

00:46:35
an idea that's built on other people's ideas, make sure to

00:46:38
give them the credit as well, and it builds the whole

00:46:41
community.

00:46:41
The idea is we're a community, we're building ourselves

00:46:44
together.

00:46:45
Speaker 1: Yeah, that's a very good point.

00:46:47
You know, whenever I use someone else's work or material,

00:46:51
i don't want to be the one that's called out to speak about

00:46:54
it, right, and so I always make sure that I call out like, hey,

00:46:58
i got all of this from this exact resource, from this person

00:47:02
.

00:47:02
You know, it's like almost like a research paper citation,

00:47:06
right Like at the bottom of my work.

00:47:07
It's like this is exactly where I got it.

00:47:09
I am not that smart.

00:47:10
Do not trust in me to you know, explain this at length, or

00:47:14
anything like that.

00:47:16
So, steve, you know we went 48 minutes now and we haven't even

00:47:21
talked about your role at Intel.

00:47:22
Right, with some of my guests we get into this mode where we

00:47:27
just go down these rabbit holes and we forget, you know, what we

00:47:33
originally set out to talk about.

00:47:35
So can you talk to me a little bit about what it's like to be

00:47:39
the CTO of the federal side of the business for Intel?

00:47:43
Because I would assume, just working with the federal

00:47:46
government myself earlier on in my career, that's probably

00:47:49
extremely interesting And it's probably even a it's probably

00:47:54
even a interesting set of people that you have to look for just

00:47:57
for that kind of job.

00:47:58
Because it's not.

00:47:59
It's not something for everyone .

00:48:00
There's a lot of people out there that think that they're,

00:48:03
that they want that life and that they want to be on those

00:48:06
those cool sites and those calls and everything like that, but

00:48:09
it's totally different than what you would think.

00:48:13
Speaker 2: So it's an interesting conversation around

00:48:15
what it, what it might.

00:48:16
My job is And I would say it really falls into three camps.

00:48:19
A large amount of my job is working with those government

00:48:23
customers to help them understand both today's

00:48:25
technology, future technology and how it fits into their

00:48:29
mission or enterprise needs.

00:48:30
How can we help them solve their problems with technology

00:48:33
available today.

00:48:33
So you know, speaking government speak about the

00:48:36
government's mission from an architectural technology

00:48:38
perspective.

00:48:39
The other half of my role is turning around the other

00:48:41
direction and being able to translate government speak back

00:48:43
into Intel speak so that our developers and business units

00:48:46
can build the features and capabilities that the

00:48:47
government's going to need to meet their mission.

00:48:50
Enterprise And the two way communicator is where a large

00:48:53
majority of my job is and being and helping to apply both

00:48:57
directions.

00:48:57
And then the third part is the being able to do interesting,

00:49:01
interesting innovations And so driving.

00:49:03
You know, sometimes you define here's the problem the

00:49:05
technology isn't there today.

00:49:07
We may get it in five years when the next chip comes out.

00:49:09
But what innovations can we do today?

00:49:11
What can we solve or what can we apply from what's currently

00:49:14
available and advance the art today and do innovative projects

00:49:18
, innovative technology to meet mission need, and so that's.

00:49:21
I think that's the three aspects of my job that you know,

00:49:24
and it's really what makes it interesting.

00:49:25
Exciting is that you're talking to.

00:49:27
You know a variety of different topic areas.

00:49:29
You can be talking IoT, hpc the government itself is a really

00:49:33
interesting vertical in its own right, unlike you know financial

00:49:36
services, which have a common set of of of.

00:49:39
You know enterprise applications and missions and capabilities

00:49:43
across the financial services, such as cash management.

00:49:46
You know certain kind of logging, certain kind of

00:49:48
transaction processing.

00:49:49
Healthcare has got its own.

00:49:51
What you find in the vertical is it's a macrocosm of all of

00:49:54
them.

00:49:54
You want to talk financial services.

00:49:56
You know CMS, medicaid, medicare and IRS do billions of

00:50:00
dollars of transactions.

00:50:00
We want to talk healthcare.

00:50:02
The VA is the world's largest health insurer and health

00:50:05
provider.

00:50:05
We're going to talk logistics.

00:50:07
Dla Defense Logistics Agency, you know, gets things where they

00:50:11
need to be on a global scale.

00:50:12
So they have, you know, a representative of almost every

00:50:16
vertical within the federal government, and so it really

00:50:20
affords you to see the broader industry in the, in the, in the

00:50:23
boundary of the government, of the government agencies, and the

00:50:26
other thing is the government has the scale that many of these

00:50:29
, others don't.

00:50:29
So the sheer volume of data that's number of systems, the

00:50:32
number of people in you know, in the case of the VA, how many

00:50:35
veterans are being serviced by the VA?

00:50:37
you know something like 16 million people.

00:50:39
That's the scale and scope presents really interesting

00:50:42
challenges of how do you take a technology and scale it and make

00:50:45
it stable and operationalize it and get the efficiencies and

00:50:49
tuning you need, secure it, because it is, you know, the

00:50:52
adversaries are absolutely after the federal government, and so

00:50:54
it's those kind of big problems that you get in the government

00:50:57
and the variety and diversity of those problems that makes it

00:50:59
exciting as a market to focus on .

00:51:02
And what you do then is and this is really the reason for

00:51:05
Intel federal existing is taking commercial capabilities and

00:51:10
federalizing them for the government.

00:51:11
So taking what's done in commercial let's say 80% and

00:51:14
making it work for government that 20% needed for government

00:51:17
but also looking at government use cases, building things there

00:51:20
that then can be commercialized to the broader industry.

00:51:22
If we solve it for the US government, well, it will work

00:51:24
for everyone else, and so that is.

00:51:27
I think that's what we know.

00:51:28
The reason why that's it's an interesting place to be at Intel

00:51:32
is because we are servicing both of those sides of the camp.

00:51:37
Speaker 1: Hmm, yeah, something you mentioned was being a

00:51:40
two-way communicator, being able to translate the customer's

00:51:43
needs into you know what the company needs to do to address

00:51:48
them.

00:51:48
And I encountered this very early on in my career when I

00:51:54
when I led federal contracts and you know government contracts

00:51:59
that we had, because you know, i was basically the only one at

00:52:04
the company authorized to speak to these people just on the

00:52:08
phone You know, let's throw out in person, just on the phone, i

00:52:12
was the only one authorized to speak to them.

00:52:13
How I got approval, i have no clues, 23 year old kid, you know

00:52:18
, fresh out of college, and I'm the one at this company that has

00:52:21
approval.

00:52:21
And I found out there was a lot of friction, you know there was

00:52:29
a friction between what the what our customer wanted and

00:52:32
what our company thought that they wanted or needed.

00:52:35
And so then there was a.

00:52:38
There was a, i guess, a dispersed effort in creating

00:52:42
things that they thought that basically the developers and my

00:52:47
executives at the company thought that the federal

00:52:50
government wanted and would need versus what the federal

00:52:54
government actually wanted.

00:52:55
And I would have to translate you know these needs into real

00:53:00
world examples of saying like Hey, this situation happened on

00:53:03
this base And because this other system failed them, they didn't

00:53:09
know where this emergency was happening.

00:53:11
They had no clue of where it was happening, and so now they

00:53:14
have to clear, you know, a thousand acres of land to

00:53:19
actually ensure that the threat is eliminated and the base is

00:53:24
secure.

00:53:24
And once you know, once you kind of find out or figure out

00:53:29
that that's a part of it that's probably 50% of what I have to

00:53:33
do The world becomes a lot easier.

00:53:35
But now it's even more difficult because now the

00:53:39
customer, the federal government , you know, is expecting,

00:53:43
they're expecting that higher level of service.

00:53:45
They're no longer expecting the friction and I'm absorbing all

00:53:48
the friction And it's.

00:53:50
It's an interesting world, for sure, because they have they

00:53:53
have some of the most unique use cases for technology that I've

00:53:57
ever seen.

00:53:57
I mean, i, i went to one facility and I had four, four

00:54:02
buildings.

00:54:02
They were all connected before very distinct structures, and so

00:54:08
I was like, okay, it's just normal, normal building.

00:54:10
You know, they got a lot of people working here, obviously.

00:54:13
So I go in and maybe the third time that I'm there it's finally

00:54:19
discussed like why there's different sections of the

00:54:22
building and why I'm locked down to one section.

00:54:26
And they said it's because they purchase entirely separate tech

00:54:32
stacks per environments of the building and they physically

00:54:35
separate it in the building And then they also, you know,

00:54:39
logically separated technology wise.

00:54:41
And so if Cisco ends up having a you know critical

00:54:46
vulnerability, they just shut off that whole side of the

00:54:49
building.

00:54:49
They shut it off and they're like okay, go home, like, do

00:54:52
something else until we patch this.

00:54:54
And then they, they fire up the whole other side of the

00:54:57
building and they just kind of switch over that traffic to

00:55:00
these other systems.

00:55:01
And I'm that completely blew my mind.

00:55:04
It still has me thinking right even to this day, because it's

00:55:08
just like where else would you ever see that?

00:55:11
You would never see that anywhere else.

00:55:12
It's so unique.

00:55:15
Speaker 2: Exactly, and so they do have unique use cases.

00:55:18
But then when you think about it, when you look, they're

00:55:20
sometimes a vanguard for what you find out in the in the

00:55:24
commercial space.

00:55:24
So something like that sounds really weird.

00:55:26
Today you know in one model, but then you start thinking

00:55:29
about, you know ITOT, separation of having operational

00:55:31
environments, that's Skated Controls separated from IT

00:55:34
controls and having that diversity.

00:55:35
Well, now something that starts to make sense in those kind of

00:55:38
unique environments.

00:55:38
You can see that oftentimes the government it may be a crazy

00:55:41
reason, they did it, but what you did there will have that

00:55:45
ability in other places.

00:55:47
Speaker 1: Yeah, absolutely.

00:55:48
Well, steve, you know we're coming up to the end of our time

00:55:51
here, unfortunately, and I mean I'll just have to have you back

00:55:55
on Like I had such a good conversation.

00:55:57
But before I let you go, how about you tell my audience you

00:56:01
know where they could find you and potentially you know if

00:56:04
there's a separate Intel federal website or something that they

00:56:07
could go to to learn more?

00:56:08
Speaker 2: Absolutely, And thank you for having me today.

00:56:10
Joe, Best place to reach me is on LinkedIn.

00:56:12
It's S O R R I N So LinkedIncom slash.

00:56:15
You know, soren?

00:56:16
And then if you want to learn more about Intel in the public

00:56:20
sector, Intelcom slash public sector, our Intelcom slash

00:56:24
federal will get you there.

00:56:26
Speaker 1: Awesome.

00:56:26
Well, thanks, Steve.

00:56:27
I really do appreciate you coming on and I hope everyone

00:56:30
listening enjoyed this episode.