Ever wondered how security professionals sell internally and find the perfect solutions for their organization? Join us as we discuss the art of vetting out solutions that fit the environment and connecting with top players in the space. Learn from my experience about the significance of building a strong network, leveraging both your internal and external connections, and how to approach your direct manager to check if there's already a project in play.
Managing three clouds with a small team while keeping up with development work and responding to fires might sound impossible, but we've got you covered. In this episode, we explore the importance of a low lift solution that can be managed by one person and discuss how selecting a less well-known option saved our team time and effort. Hear about the benefits of taking ownership of a project, gaining invaluable experience and knowledge, and becoming a recognized figure in your environment. Don't miss this opportunity to level up your security game!
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
1
00:00:01
Speaker 1: How's it going?
00:00:01
everyone, and welcome back to another security unfiltered
00:00:05
mentorship episode.
00:00:07
So today we are going to be talking about something or a
00:00:12
topic that I'm very familiar with.
00:00:16
It really helps you separate yourself from the crowd.
00:00:20
It separates you from everyone else at the company honestly
00:00:24
separates you from everyone else in the industry if you do it
00:00:28
right, and what that is is selling internally at your
00:00:34
company.
00:00:35
So what do I mean by that?
00:00:36
What is it right?
00:00:39
You know, as a security professional and I do post my
00:00:44
title on LinkedIn and everything like that I don't post the
00:00:46
company.
00:00:47
If I did post the company, i would probably be getting a lot
00:00:52
more messages than I already get .
00:00:54
But you know, just with the title, i get a lot of vendors
00:01:01
reaching out trying to sell me everything that you can imagine
00:01:05
for a security product Tools that are very well known, tools
00:01:09
that are not very well known.
00:01:11
A lot of the times, vendors are guessing at what we may need in
00:01:16
the environment and they're just kind of throwing a dart at
00:01:20
a dart board and seeing what sticks, what doesn't and going
00:01:25
from there.
00:01:25
So what does this have to tie in with it?
00:01:30
You know, really it's difficult sometimes to weed through all
00:01:40
the random products that are out there And I am lucky enough to
00:01:48
have a network with, you know ARKON, which is a partner
00:01:53
reseller for a lot of different companies that does the vetting
00:01:58
of these.
00:01:58
You know solutions on the market gives me a rundown on
00:02:02
what you know may fit best within the environment And from
00:02:09
there, you know, i'm able to make my own assessment.
00:02:12
But I think we should even take a few steps back right.
00:02:19
As a security person in the environment, you know the
00:02:22
environment better than most.
00:02:23
Obviously you know your first 30, 60, 90 days at a company.
00:02:28
You're not going to know the environment that well, but you
00:02:32
will eventually, and when you do you can start looking at the
00:02:36
environment as a whole, start picking apart and seeing.
00:02:40
You know, maybe there's a solution that's up for renewal
00:02:44
that doesn't really do a great job, and maybe you know of
00:02:48
another solution on the market that could be a fit that could
00:02:52
actually help the environment and whatnot.
00:02:54
Or maybe you're lacking a tool completely.
00:02:57
Maybe you have a you know, web application firewall gap in your
00:03:03
environment and you need to fill that gap with the right
00:03:06
tool that really fits your environment perfectly.
00:03:10
So taking that need and then potentially reaching out to your
00:03:17
network or even reaching out to the top players in the area.
00:03:21
You know, a quick Google search will tell you.
00:03:24
You know all the time, every time, you know who is the big
00:03:29
players in the space.
00:03:31
Just say you know web application firewalls, for
00:03:35
instance.
00:03:35
Right, cloudflare, fastly, akamai, you know, these are
00:03:41
almost household names right in security.
00:03:43
Everyone knows who they are.
00:03:46
But let's say that you're looking for a WAF right, what
00:03:51
would I do to sell this internally?
00:03:53
So the very first thing, i need to actually talk to someone I
00:03:56
cloudflare, just using that as an example.
00:04:01
Right, i would need to talk to someone at cloudflare.
00:04:05
I would probably need to talk to someone that knows the
00:04:08
solution and the offering really well, which could be my, you
00:04:13
know, leveraging my, my own network that I've already built
00:04:16
up through Arkhan, or talking to other people that I know that
00:04:21
already own the product and talking about.
00:04:24
You know the ins and outs of the solution, right, so I can
00:04:27
figure out if it works best for my environment before I ever
00:04:30
even get on the first call.
00:04:32
So then you know, i'm getting on this call right with the,
00:04:36
with the vendor, whichever vendor that might be, and I'm
00:04:40
presenting them a problem in the environment.
00:04:42
And you know, to be completely honest, this is just me, right,
00:04:47
there isn't anyone else on the call.
00:04:49
No one else in my organization at this point knows that I'm
00:04:53
doing any sort of thing like this.
00:04:55
Right, it's not like it's being heavily publicized, you know.
00:05:02
And so I'm getting on the call by myself and I'm talking to the
00:05:05
vendor, right, and they're probably going to go through
00:05:08
some slides, show me different things, ask me if I think that
00:05:12
it could work in the environment .
00:05:13
I'll give my feedback And then it's time to actually start
00:05:20
selling internally.
00:05:22
So how do you do this?
00:05:24
You know, earlier out of my career I thought this was fairly
00:05:27
difficult.
00:05:27
But you know, earlier in the year I did talk about building a
00:05:34
network, building a bombproof network, i think there's,
00:05:38
there's two parts to it.
00:05:39
There may even be a third episode That's about building a
00:05:43
network.
00:05:43
That wasn't, you know, in that same title, whatnot.
00:05:46
But you should already have a network at this point.
00:05:50
When you're selling something internally, you need to be
00:05:53
leveraging your network.
00:05:54
You need to be leveraging your internal network at the company.
00:05:57
You need to be leveraging your external network at other
00:06:00
companies You know and key people that you actually trust
00:06:06
With.
00:06:06
You know the sort of knowledge, right, like, do I actually
00:06:09
trust their expertise in application, web application
00:06:13
viral, right?
00:06:14
That is definitely something to keep in mind and always be
00:06:19
aware of.
00:06:19
So, with that said, you know where do we go from here, and so
00:06:26
it really does kind of vary With where you go from here.
00:06:32
You know, you, you would probably want to, you know,
00:06:35
bring it up to your direct manager first, obviously, and
00:06:40
say, hey, you know, we have a gap in this area.
00:06:42
Is there a project at play that I don't know about, that you
00:06:46
know is coming up, or anything like that.
00:06:48
If they say, no, great, maybe it's an opportunity to start a
00:06:52
project and Get this thing kicked off and maybe you can own
00:06:56
it because you identified the gap first, or maybe you're the
00:07:00
one that brought it to their attention first and You should
00:07:04
have some ownership in it.
00:07:05
You know, and it from there it's about it's not necessarily
00:07:10
about playing internal politics, okay, which it could come off
00:07:18
as sounding like that.
00:07:19
How I do it.
00:07:21
I'm very, very open, very honest .
00:07:25
You know, and You got to approach it from a place of
00:07:31
you're doing a fact-finding mission, right, you're just
00:07:35
trying to figure out what's going on in the environment.
00:07:37
You think that there's an issue in one place Maybe you
00:07:41
confirmed it with the architects Before you even talk to your
00:07:45
manager and be like, hey, is this what I'm seeing, because
00:07:48
this is what it looks like to me , you know, or is there
00:07:51
something else going on here that I don't know about?
00:07:53
Doing those things will prepare you to actually sell it
00:08:00
internally to your management, because your management will
00:08:04
then have to go and pitch it, you know, upwards to the CISO at
00:08:09
some point, get approval for the funding.
00:08:11
You know, do the project and that whole thing right.
00:08:14
But let's talk about why do this?
00:08:18
why even, why even go out of your way and try and do this?
00:08:24
You know, and this has been, this has been difficult for me
00:08:29
at times, i'll be honest, because I have sold products
00:08:35
internally before at companies that would greatly help That
00:08:41
company, that environment, several teams within the company
00:08:44
.
00:08:44
You know I've sold it properly.
00:08:48
I've sold it to the CISO, the CIO, my manager, right, it
00:08:55
really just came down to one person Denying it because they
00:09:00
didn't want to admit that their solution that they chose 10
00:09:03
years ago Was not working to the standard that the organization
00:09:08
needed.
00:09:08
And so You know this can be a very disappointing process,
00:09:14
right, because you're gonna put a lot of time into it.
00:09:16
You're gonna put a lot of effort into it, you're gonna
00:09:19
learn a whole lot more about the product than you ever would
00:09:22
have before.
00:09:23
But you do this because it separates you from everyone else
00:09:29
.
00:09:29
You know, just plain and simple , not everyone is going to be
00:09:34
looking at the security stack as a whole and saying what areas
00:09:39
are we lacking in, what areas can we fill?
00:09:42
What's the best solution to fill that gap?
00:09:45
And that last question is probably actually the most
00:09:50
difficult, you know.
00:09:52
I'll give you an example.
00:09:53
At A previous role, i was looking at a cloud security
00:09:57
platform management solution Fantastic, long name, right And
00:10:04
so I was looking at all the different top tier solutions on
00:10:08
the market at that time, and at that time, the company that I
00:10:13
was at was in the big three clouds They were in AWS, azure
00:10:17
and GCP and so we greatly needed This tool, because there was
00:10:23
only two people that was responsible for the security of
00:10:26
three clouds, and if anyone you know knows anything about cloud
00:10:30
security One club, learning one cloud is like learning a
00:10:35
different language, because they literally use different words
00:10:37
for everything The the different words will do different things
00:10:42
across platforms, right.
00:10:42
So you may have, you know one word that sounds similar, you
00:10:49
know, to Azure, right, but they're doing two totally
00:10:53
different things, and so you're literally stuck learning three
00:10:58
different languages And learning the infrastructure, learning
00:11:03
how things are configured, how things are done differently in
00:11:06
each cloud, the nuances between each cloud Um, it's a headache,
00:11:12
it's, it's tough, it's actually really hard.
00:11:15
I do not recommend it.
00:11:18
And so we really needed this solution, because there's only
00:11:21
two of us, and so we evaluated all the top solutions for
00:11:26
probably four weeks.
00:11:27
That's just.
00:11:28
You know all of the solutions, probably three or four solutions
00:11:32
for four weeks.
00:11:33
At the end of the fifth week, we would probably choose a
00:11:37
winner of the POC and whatnot, and so one of the deciding
00:11:45
factors in me choosing the right product was our team size.
00:11:52
Like I said, we're, we were a team of two, right, and so we
00:11:57
needed a product that wouldn't inundate us with a whole bunch
00:12:00
of alerts that will never get through.
00:12:02
We also don't need something that will take, you know, six,
00:12:07
eight, 12 months to set up.
00:12:10
We just don't have that time.
00:12:12
You know, we are a lean and mean team that works, you know,
00:12:17
through issues and problems very rapidly.
00:12:20
We need to be very agile not to reference the agile framework,
00:12:26
because that's just give give people a headache on here, right
00:12:30
?
00:12:30
But you know it's a different work environment when there's
00:12:38
two people managing three clouds and you're just responding to
00:12:41
fire after fire, putting things out, resolving issues,
00:12:45
configuring things correctly, trying to catch up with the
00:12:49
development work, ensuring that everyone is developing properly
00:12:53
and not putting things in the wrong place, making sure that
00:12:57
you know everything is set up and configured how it should be.
00:13:00
While doing that, you can't be deploying a tool, and so you
00:13:06
really.
00:13:06
We really needed a very low lift solution that could be run by
00:13:13
one person if needed, right, that wouldn't produce a huge
00:13:19
amount of alerts.
00:13:19
So that means that there has to be some sort of internal logic
00:13:24
to that.
00:13:25
You know, alerting mechanism and the solution that prevents
00:13:29
it from inundating you with alerts, right, and so we we
00:13:35
ended up choosing a solution that was up and coming.
00:13:41
You know it's a less well known solution, for sure, and we
00:13:46
chose that solution because we are a team of two And it took
00:13:50
precisely 30 minutes to set up and deploy the solution.
00:13:56
And on top of that, and, by the way, we had about 50 different
00:14:02
AWS accounts And we only, you know, took us about 30 minutes
00:14:08
to set up all of AWS, which is insane, because if you look at
00:14:13
other solutions like dome nine or cloud guard, as it's referred
00:14:17
to, as now those solutions, those solutions take a very long
00:14:25
time.
00:14:25
Most of my POC probably 90% of my POC time for cloud guard and
00:14:35
these other, you know, larger solutions was setting it up.
00:14:41
You know, another, another area that I thought was key was that
00:14:46
there was extremely little configuration that was needed
00:14:50
And it didn't generate a huge amount of alerts.
00:14:53
It only told me about the stuff that I really need to pay
00:14:55
attention to in the environment, and that was extremely
00:14:58
important, right?
00:14:59
Because, like I said, we're a team of two And so we need to
00:15:05
literally get an alert, know that it is a valid alert, that
00:15:09
it's something that we should be paying attention to, react to
00:15:12
it and move on.
00:15:13
That's that's really.
00:15:15
It's it's pretty key, you know, and all of the other solutions
00:15:21
that we looked at, that we, you know, talk to or whatnot, all of
00:15:26
them basically said that we would need a team of four to run
00:15:29
their solution And it would take, on average, 12 to 18
00:15:33
months to fully configure the solution.
00:15:35
And once it's fully configured, you're probably going to have a
00:15:40
whole bunch of alerts that you now have to figure out how to
00:15:45
weed through and create a whole bunch of custom rules for, and
00:15:49
from there you're going to be doing tweaking and tuning for
00:15:53
the rest of the lifetime of that solution in your environment.
00:15:56
That's that's really what it is right For these other solutions
00:16:03
right.
00:16:03
And so at bigger companies, that's not a problem at all,
00:16:06
because they'll have a whole team of people you know eight,
00:16:10
10, 12 people working on this one tool, doing this one thing,
00:16:16
and so they can absolutely do it , they can absolutely manage
00:16:21
that solution with ease.
00:16:22
But for my given situation, there was no way, no way at all
00:16:28
that we could have done that.
00:16:29
It would have taken us four years to get the thing fully
00:16:33
configured I mean literally, because it's just two people.
00:16:35
And so that's how we made our decision to go with this other,
00:16:41
less known solution that ended up being a better solution.
00:16:44
Now why do I take you through all of that right?
00:16:51
It shows you how it sets you apart.
00:16:57
You know, immediately I took ownership of this problem in our
00:17:01
environment.
00:17:02
It wasn't my responsibility to really take ownership of it, but
00:17:06
I took ownership of it.
00:17:07
Right, because I'm the cloud security person.
00:17:10
We don't have a management tool for the cloud.
00:17:12
We need a unified platform for it, we need a project for it,
00:17:18
and so I immediately owned this entire process.
00:17:21
I brought it up to my management, my management and
00:17:24
myself brought it up to the CISO .
00:17:26
The CISO approved, we got a budget for it, we're off to the
00:17:31
races.
00:17:32
All of that is taking initiative.
00:17:36
I identified the, the lacking area in the environment, and,
00:17:43
and then I took ownership.
00:17:44
I didn't just identify the area and then point a finger and say
00:17:49
, hey, someone else should take care of this.
00:17:51
I identified a gap and then I said, hey, i'm taking this over.
00:17:57
If it's approved like, i own it , i run it, i'll choose everyone
00:18:02
for the POC and we'll make a decision as a team, you know.
00:18:06
So it shows taking initiative, it shows taking ownership, and
00:18:13
Once we get through those two things, you're also going to
00:18:16
gain a whole lot of experience, a whole lot of knowledge and,
00:18:22
you know, maybe even more importantly, you're gonna become
00:18:25
more well known within the environment Because you're gonna
00:18:31
be working with a lot of different people.
00:18:34
Your manager and their manager will likely refer to you now in
00:18:39
other, you know, executive level meetings and calls, because
00:18:43
they're saying like, hey, we have this new project, you need
00:18:46
to get ready.
00:18:46
You need to, you know, get your teams ready for it.
00:18:49
This is the point of contact and they're gonna bring up your
00:18:51
name.
00:18:52
So that is just something that you should absolutely, you know,
00:18:57
keep in mind and whatnot, like when you're you're doing this,
00:19:01
right, because you're gonna get more well known within the
00:19:03
environment And that is only going to help you.
00:19:05
As long as you use that, that notoriety correctly, it'll
00:19:11
definitely benefit you.
00:19:13
So, you know, all of these things combined really work to
00:19:22
set you apart.
00:19:23
You know, and That that's key, right, because you need to be
00:19:27
able to set yourself apart from everyone else in your
00:19:31
environment.
00:19:31
You know, it's not enough to set yourself apart from everyone
00:19:36
else when you're applying for a job, right, you absolutely have
00:19:38
to do that, because why?
00:19:39
Why hire, you know, a cookie cutter Person that you can hire,
00:19:46
you know, 10 other people and get the same results?
00:19:47
right?
00:19:48
The reason why you would hire someone is because they provide
00:19:53
something that the rest of the candidates don't.
00:19:55
And this Same exact thing works internally at companies.
00:20:02
The next time that there's a promotion available, the next
00:20:08
time that You know.
00:20:09
Let's just say you want to get promoted to be an architect,
00:20:12
right, and now the opportunity is available.
00:20:15
You have a really good case as to why you should be getting
00:20:18
that job right.
00:20:20
Because you took initiative, you took ownership.
00:20:22
You analyze the environment, saw that there is a gap, made
00:20:27
the right call on the solution, deployed the solution and then,
00:20:31
even you know, provided support, training to the rest of the
00:20:35
organization, provided documentation.
00:20:37
You had to sell it to your manager, to his manager and or
00:20:43
their manager, and to the CISO, whoever that might be.
00:20:46
Maybe you even had to go a step further and sell it to the CIO.
00:20:51
Maybe you had to go a step further and create the slides
00:20:56
for your CISO to sell it to the board, because maybe you know
00:21:00
your company has a requirement If it costs X amount of dollars,
00:21:04
you have to get board approval and all this other stuff right.
00:21:08
And You know your job is Not just to point the finger and say
00:21:15
, hey, we have a problem here.
00:21:16
Your job in this situation is to take full ownership and See
00:21:22
it through to the end.
00:21:24
You know when I was choosing this CSPM solution towards the
00:21:30
end of the process, when I was actually, you know, choose.
00:21:34
When I chose the solution, when we were pitching it and it got
00:21:37
approved, my CISO was going to have to present slides on it to
00:21:42
the board.
00:21:42
So the first thing that I did was I actually offered to put
00:21:46
the slides together for him.
00:21:48
Now, these slides, i mean, i've never had to present to a board
00:21:52
before.
00:21:52
I've never had to create slides for the board before.
00:21:55
I have no clue what I'm doing, but I used all of my internal
00:22:00
resources to get the job done And after about 20 revisions of
00:22:07
this slide deck I mean I'm not even kidding you It took
00:22:11
probably three or four weeks to get these slides done, not that
00:22:15
they weren't done already, but you know, it's literally 20
00:22:19
revisions, like I'm, it's not even an overstatement.
00:22:22
But after 20 revisions, we were finally comfortable enough to
00:22:28
give it to our CISO to present to the board.
00:22:33
And with all of that, though, it just shows you right, like in
00:22:37
this situation, i took an, i took the initiative, i took
00:22:39
ownership, i saw it through end to end.
00:22:42
That's the big piece, right?
00:22:45
Not everyone can say that they did that.
00:22:48
Not everyone on the market can say that they identified a gap.
00:22:52
Explain what the gap was, why it stood out to you why it made
00:22:57
sense to prioritize that that risk to the environment over
00:23:03
other risks to the environment.
00:23:04
What were other risks?
00:23:07
And then going through this entire process, right, of
00:23:11
learning the technology, selling it internally to the right
00:23:14
people at the right time And that is key being able to
00:23:18
actually sell that solution to the right people at the right
00:23:21
time.
00:23:21
You know I'll give you an example, right?
00:23:26
So when I was trying to sell this CSPM solution internally
00:23:31
that I had chosen through the POC, you know part of it was
00:23:38
actually selling it to my CISO.
00:23:39
So I chose the solution, my manager agreed with it, his
00:23:44
manager agreed with it, and then it was time for the CISO And my
00:23:51
manager's manager basically had to gauge if my CISO was in the
00:23:56
right mindset or the right mood to be able to handle a
00:24:00
discussion like that.
00:24:01
And so the meeting actually got delayed one or two times
00:24:06
because he just wasn't in a good space that day, right, and they
00:24:10
didn't want to kill the project because he was having an off
00:24:13
day.
00:24:13
And you know I had put in a lot of work already into this thing
00:24:19
.
00:24:19
So timing is everything Right.
00:24:24
And then you also being able to sell it internally, hey, why do
00:24:27
we need the solution?
00:24:28
Right?
00:24:29
What was the gap that I saw?
00:24:30
Because these people probably saw it as well, already knew
00:24:34
about it.
00:24:34
What were the solutions?
00:24:36
What was the criteria that I was basing everything off of?
00:24:39
And then what was the final results?
00:24:42
Right, like, there's a lot of different classes out there.
00:24:45
Probably there's a whole lot of different articles about how to
00:24:48
talk to executives and whatnot.
00:24:49
I have learned keeping it short , simple and sweet is probably
00:24:56
the best route that you should take.
00:24:58
I think my presentation to the CISO was under 10 slides And I
00:25:04
think it was my like.
00:25:06
My actual presenting of the solutions was probably done in
00:25:11
15 minutes, like, at most, probably 15 minutes, and then
00:25:16
the rest of the time.
00:25:17
You know, we discussed it, we discussed next steps and
00:25:20
everything else like that.
00:25:23
Now, just because it gets through that CISO approval
00:25:27
doesn't mean that your job is done, right?
00:25:29
I said end to end ownership of this entire process.
00:25:33
So now you're going to get experience with negotiating
00:25:39
quotes, negotiating with the vendor, learning how to actually
00:25:43
do that, learning when to push back, what areas to push back on
00:25:47
, how to actually get the real numbers from these vendors, and
00:25:51
things like that.
00:25:52
That's experience that you're not going to get, other than
00:25:55
doing it.
00:25:55
You know, like, that's something that you know is
00:26:01
definitely an art form, almost right, of how to negotiate
00:26:07
someone down a million dollars, right, um, you know, i'll give
00:26:12
you an example One of the quotes that we got for this CSPM
00:26:16
solution I think the first quote was like 1.4 million dollars.
00:26:22
We negotiated them down to like over a million dollar discount,
00:26:28
right, um.
00:26:29
Well, when I say we, i actually say me.
00:26:33
Um, i was able to actually get them down, you know, a
00:26:37
considerable amount, so that it fit within our budget.
00:26:41
Um, because we greatly, desperately, needed a solution
00:26:45
in the environment and this other solution, you know, was
00:26:48
just the right solution for our environment.
00:26:52
Um, and so you're going to get experience with that as well,
00:26:56
and you're going to get experience in probably 10 other
00:26:59
different ways that I'm not even mentioning right now.
00:27:02
You're going to learn how to talk to executives.
00:27:04
You're going to learn how to present to executives.
00:27:06
You're going to learn the ins and outs of the process.
00:27:11
You know, every company has a different procurement process.
00:27:14
It has different timeframes with it and different people
00:27:18
need to be engaged, different teams need to be engaged at
00:27:21
different times.
00:27:22
Um, all these different things, right, and you don't learn any
00:27:27
of that unless you actually do it and go through it, you know.
00:27:32
So, again, you know doing something like this choosing a
00:27:35
solution, identifying that gap and choosing a solution and then
00:27:38
selling it internally and saying, hey, you know, i want
00:27:41
some time or your approval to look at this, this solution, a
00:27:45
little bit further and going from there right And owning it,
00:27:50
taking that ownership.
00:27:51
You know, i recommend everyone that reads the book extreme
00:27:55
ownership by Jaco Willink.
00:27:57
Um, it's a fantastic book and it really shows you that there's
00:28:04
very few excuses out there.
00:28:06
Whether you succeed or fail is all up to you.
00:28:09
Whether you are successful is complete, is almost completely
00:28:14
in your hands.
00:28:14
You should have, you know, foreseen different things.
00:28:17
You should have adjusted different things, and he really
00:28:20
goes through it.
00:28:22
Um, agnazium, to make sure that the readers understand.
00:28:26
You know the roles and responsibilities that someone
00:28:29
may have and what they can do within those roles, and you know
00:28:34
times to push the boundaries and things like that.
00:28:37
Right, all of those things, all those skills that you learn,
00:28:41
although all those soft skills are extremely valuable and
00:28:45
they're not going to just pay off in the workplace, right, in
00:28:49
the office, right, it's going to pay off in a lot of different
00:28:52
areas of life.
00:28:53
You know you're going to learn how to negotiate the price of a
00:28:58
home down more, right.
00:29:00
You're going to learn how to negotiate the price of a car
00:29:04
down more.
00:29:04
You're going to learn how to, you know, take initiative in
00:29:10
different relationships and different areas of your life.
00:29:13
You know, and that's what everything really comes down to,
00:29:17
right, where you spend your time, where you spend your
00:29:20
effort.
00:29:20
You know that is where your life is going to go and grow.
00:29:25
So with that, you know, i really appreciate you guys hanging in
00:29:29
there.
00:29:29
I completely actually forgot that last week that I didn't
00:29:35
have an episode lined up for the mentorship side of things, so I
00:29:40
really apologize for that Quick note.
00:29:43
You know I definitely have some major updates and upgrades
00:29:48
coming to the Patreon.
00:29:49
I think it's going to be really great.
00:29:51
It's really going to build a community around setting goals,
00:29:56
achieving those goals and growing, you know, in our
00:30:00
careers together.
00:30:00
So with that, guys, i appreciate you listening and
00:30:05
I'll see you on the next episode .
Speaker 1: How's it going?
00:00:01
everyone, and welcome back to another security unfiltered
00:00:05
mentorship episode.
00:00:07
So today we are going to be talking about something or a
00:00:12
topic that I'm very familiar with.
00:00:16
It really helps you separate yourself from the crowd.
00:00:20
It separates you from everyone else at the company honestly
00:00:24
separates you from everyone else in the industry if you do it
00:00:28
right, and what that is is selling internally at your
00:00:34
company.
00:00:35
So what do I mean by that?
00:00:36
What is it right?
00:00:39
You know, as a security professional and I do post my
00:00:44
title on LinkedIn and everything like that I don't post the
00:00:46
company.
00:00:47
If I did post the company, i would probably be getting a lot
00:00:52
more messages than I already get .
00:00:54
But you know, just with the title, i get a lot of vendors
00:01:01
reaching out trying to sell me everything that you can imagine
00:01:05
for a security product Tools that are very well known, tools
00:01:09
that are not very well known.
00:01:11
A lot of the times, vendors are guessing at what we may need in
00:01:16
the environment and they're just kind of throwing a dart at
00:01:20
a dart board and seeing what sticks, what doesn't and going
00:01:25
from there.
00:01:25
So what does this have to tie in with it?
00:01:30
You know, really it's difficult sometimes to weed through all
00:01:40
the random products that are out there And I am lucky enough to
00:01:48
have a network with, you know ARKON, which is a partner
00:01:53
reseller for a lot of different companies that does the vetting
00:01:58
of these.
00:01:58
You know solutions on the market gives me a rundown on
00:02:02
what you know may fit best within the environment And from
00:02:09
there, you know, i'm able to make my own assessment.
00:02:12
But I think we should even take a few steps back right.
00:02:19
As a security person in the environment, you know the
00:02:22
environment better than most.
00:02:23
Obviously you know your first 30, 60, 90 days at a company.
00:02:28
You're not going to know the environment that well, but you
00:02:32
will eventually, and when you do you can start looking at the
00:02:36
environment as a whole, start picking apart and seeing.
00:02:40
You know, maybe there's a solution that's up for renewal
00:02:44
that doesn't really do a great job, and maybe you know of
00:02:48
another solution on the market that could be a fit that could
00:02:52
actually help the environment and whatnot.
00:02:54
Or maybe you're lacking a tool completely.
00:02:57
Maybe you have a you know, web application firewall gap in your
00:03:03
environment and you need to fill that gap with the right
00:03:06
tool that really fits your environment perfectly.
00:03:10
So taking that need and then potentially reaching out to your
00:03:17
network or even reaching out to the top players in the area.
00:03:21
You know, a quick Google search will tell you.
00:03:24
You know all the time, every time, you know who is the big
00:03:29
players in the space.
00:03:31
Just say you know web application firewalls, for
00:03:35
instance.
00:03:35
Right, cloudflare, fastly, akamai, you know, these are
00:03:41
almost household names right in security.
00:03:43
Everyone knows who they are.
00:03:46
But let's say that you're looking for a WAF right, what
00:03:51
would I do to sell this internally?
00:03:53
So the very first thing, i need to actually talk to someone I
00:03:56
cloudflare, just using that as an example.
00:04:01
Right, i would need to talk to someone at cloudflare.
00:04:05
I would probably need to talk to someone that knows the
00:04:08
solution and the offering really well, which could be my, you
00:04:13
know, leveraging my, my own network that I've already built
00:04:16
up through Arkhan, or talking to other people that I know that
00:04:21
already own the product and talking about.
00:04:24
You know the ins and outs of the solution, right, so I can
00:04:27
figure out if it works best for my environment before I ever
00:04:30
even get on the first call.
00:04:32
So then you know, i'm getting on this call right with the,
00:04:36
with the vendor, whichever vendor that might be, and I'm
00:04:40
presenting them a problem in the environment.
00:04:42
And you know, to be completely honest, this is just me, right,
00:04:47
there isn't anyone else on the call.
00:04:49
No one else in my organization at this point knows that I'm
00:04:53
doing any sort of thing like this.
00:04:55
Right, it's not like it's being heavily publicized, you know.
00:05:02
And so I'm getting on the call by myself and I'm talking to the
00:05:05
vendor, right, and they're probably going to go through
00:05:08
some slides, show me different things, ask me if I think that
00:05:12
it could work in the environment .
00:05:13
I'll give my feedback And then it's time to actually start
00:05:20
selling internally.
00:05:22
So how do you do this?
00:05:24
You know, earlier out of my career I thought this was fairly
00:05:27
difficult.
00:05:27
But you know, earlier in the year I did talk about building a
00:05:34
network, building a bombproof network, i think there's,
00:05:38
there's two parts to it.
00:05:39
There may even be a third episode That's about building a
00:05:43
network.
00:05:43
That wasn't, you know, in that same title, whatnot.
00:05:46
But you should already have a network at this point.
00:05:50
When you're selling something internally, you need to be
00:05:53
leveraging your network.
00:05:54
You need to be leveraging your internal network at the company.
00:05:57
You need to be leveraging your external network at other
00:06:00
companies You know and key people that you actually trust
00:06:06
With.
00:06:06
You know the sort of knowledge, right, like, do I actually
00:06:09
trust their expertise in application, web application
00:06:13
viral, right?
00:06:14
That is definitely something to keep in mind and always be
00:06:19
aware of.
00:06:19
So, with that said, you know where do we go from here, and so
00:06:26
it really does kind of vary With where you go from here.
00:06:32
You know, you, you would probably want to, you know,
00:06:35
bring it up to your direct manager first, obviously, and
00:06:40
say, hey, you know, we have a gap in this area.
00:06:42
Is there a project at play that I don't know about, that you
00:06:46
know is coming up, or anything like that.
00:06:48
If they say, no, great, maybe it's an opportunity to start a
00:06:52
project and Get this thing kicked off and maybe you can own
00:06:56
it because you identified the gap first, or maybe you're the
00:07:00
one that brought it to their attention first and You should
00:07:04
have some ownership in it.
00:07:05
You know, and it from there it's about it's not necessarily
00:07:10
about playing internal politics, okay, which it could come off
00:07:18
as sounding like that.
00:07:19
How I do it.
00:07:21
I'm very, very open, very honest .
00:07:25
You know, and You got to approach it from a place of
00:07:31
you're doing a fact-finding mission, right, you're just
00:07:35
trying to figure out what's going on in the environment.
00:07:37
You think that there's an issue in one place Maybe you
00:07:41
confirmed it with the architects Before you even talk to your
00:07:45
manager and be like, hey, is this what I'm seeing, because
00:07:48
this is what it looks like to me , you know, or is there
00:07:51
something else going on here that I don't know about?
00:07:53
Doing those things will prepare you to actually sell it
00:08:00
internally to your management, because your management will
00:08:04
then have to go and pitch it, you know, upwards to the CISO at
00:08:09
some point, get approval for the funding.
00:08:11
You know, do the project and that whole thing right.
00:08:14
But let's talk about why do this?
00:08:18
why even, why even go out of your way and try and do this?
00:08:24
You know, and this has been, this has been difficult for me
00:08:29
at times, i'll be honest, because I have sold products
00:08:35
internally before at companies that would greatly help That
00:08:41
company, that environment, several teams within the company
00:08:44
.
00:08:44
You know I've sold it properly.
00:08:48
I've sold it to the CISO, the CIO, my manager, right, it
00:08:55
really just came down to one person Denying it because they
00:09:00
didn't want to admit that their solution that they chose 10
00:09:03
years ago Was not working to the standard that the organization
00:09:08
needed.
00:09:08
And so You know this can be a very disappointing process,
00:09:14
right, because you're gonna put a lot of time into it.
00:09:16
You're gonna put a lot of effort into it, you're gonna
00:09:19
learn a whole lot more about the product than you ever would
00:09:22
have before.
00:09:23
But you do this because it separates you from everyone else
00:09:29
.
00:09:29
You know, just plain and simple , not everyone is going to be
00:09:34
looking at the security stack as a whole and saying what areas
00:09:39
are we lacking in, what areas can we fill?
00:09:42
What's the best solution to fill that gap?
00:09:45
And that last question is probably actually the most
00:09:50
difficult, you know.
00:09:52
I'll give you an example.
00:09:53
At A previous role, i was looking at a cloud security
00:09:57
platform management solution Fantastic, long name, right And
00:10:04
so I was looking at all the different top tier solutions on
00:10:08
the market at that time, and at that time, the company that I
00:10:13
was at was in the big three clouds They were in AWS, azure
00:10:17
and GCP and so we greatly needed This tool, because there was
00:10:23
only two people that was responsible for the security of
00:10:26
three clouds, and if anyone you know knows anything about cloud
00:10:30
security One club, learning one cloud is like learning a
00:10:35
different language, because they literally use different words
00:10:37
for everything The the different words will do different things
00:10:42
across platforms, right.
00:10:42
So you may have, you know one word that sounds similar, you
00:10:49
know, to Azure, right, but they're doing two totally
00:10:53
different things, and so you're literally stuck learning three
00:10:58
different languages And learning the infrastructure, learning
00:11:03
how things are configured, how things are done differently in
00:11:06
each cloud, the nuances between each cloud Um, it's a headache,
00:11:12
it's, it's tough, it's actually really hard.
00:11:15
I do not recommend it.
00:11:18
And so we really needed this solution, because there's only
00:11:21
two of us, and so we evaluated all the top solutions for
00:11:26
probably four weeks.
00:11:27
That's just.
00:11:28
You know all of the solutions, probably three or four solutions
00:11:32
for four weeks.
00:11:33
At the end of the fifth week, we would probably choose a
00:11:37
winner of the POC and whatnot, and so one of the deciding
00:11:45
factors in me choosing the right product was our team size.
00:11:52
Like I said, we're, we were a team of two, right, and so we
00:11:57
needed a product that wouldn't inundate us with a whole bunch
00:12:00
of alerts that will never get through.
00:12:02
We also don't need something that will take, you know, six,
00:12:07
eight, 12 months to set up.
00:12:10
We just don't have that time.
00:12:12
You know, we are a lean and mean team that works, you know,
00:12:17
through issues and problems very rapidly.
00:12:20
We need to be very agile not to reference the agile framework,
00:12:26
because that's just give give people a headache on here, right
00:12:30
?
00:12:30
But you know it's a different work environment when there's
00:12:38
two people managing three clouds and you're just responding to
00:12:41
fire after fire, putting things out, resolving issues,
00:12:45
configuring things correctly, trying to catch up with the
00:12:49
development work, ensuring that everyone is developing properly
00:12:53
and not putting things in the wrong place, making sure that
00:12:57
you know everything is set up and configured how it should be.
00:13:00
While doing that, you can't be deploying a tool, and so you
00:13:06
really.
00:13:06
We really needed a very low lift solution that could be run by
00:13:13
one person if needed, right, that wouldn't produce a huge
00:13:19
amount of alerts.
00:13:19
So that means that there has to be some sort of internal logic
00:13:24
to that.
00:13:25
You know, alerting mechanism and the solution that prevents
00:13:29
it from inundating you with alerts, right, and so we we
00:13:35
ended up choosing a solution that was up and coming.
00:13:41
You know it's a less well known solution, for sure, and we
00:13:46
chose that solution because we are a team of two And it took
00:13:50
precisely 30 minutes to set up and deploy the solution.
00:13:56
And on top of that, and, by the way, we had about 50 different
00:14:02
AWS accounts And we only, you know, took us about 30 minutes
00:14:08
to set up all of AWS, which is insane, because if you look at
00:14:13
other solutions like dome nine or cloud guard, as it's referred
00:14:17
to, as now those solutions, those solutions take a very long
00:14:25
time.
00:14:25
Most of my POC probably 90% of my POC time for cloud guard and
00:14:35
these other, you know, larger solutions was setting it up.
00:14:41
You know, another, another area that I thought was key was that
00:14:46
there was extremely little configuration that was needed
00:14:50
And it didn't generate a huge amount of alerts.
00:14:53
It only told me about the stuff that I really need to pay
00:14:55
attention to in the environment, and that was extremely
00:14:58
important, right?
00:14:59
Because, like I said, we're a team of two And so we need to
00:15:05
literally get an alert, know that it is a valid alert, that
00:15:09
it's something that we should be paying attention to, react to
00:15:12
it and move on.
00:15:13
That's that's really.
00:15:15
It's it's pretty key, you know, and all of the other solutions
00:15:21
that we looked at, that we, you know, talk to or whatnot, all of
00:15:26
them basically said that we would need a team of four to run
00:15:29
their solution And it would take, on average, 12 to 18
00:15:33
months to fully configure the solution.
00:15:35
And once it's fully configured, you're probably going to have a
00:15:40
whole bunch of alerts that you now have to figure out how to
00:15:45
weed through and create a whole bunch of custom rules for, and
00:15:49
from there you're going to be doing tweaking and tuning for
00:15:53
the rest of the lifetime of that solution in your environment.
00:15:56
That's that's really what it is right For these other solutions
00:16:03
right.
00:16:03
And so at bigger companies, that's not a problem at all,
00:16:06
because they'll have a whole team of people you know eight,
00:16:10
10, 12 people working on this one tool, doing this one thing,
00:16:16
and so they can absolutely do it , they can absolutely manage
00:16:21
that solution with ease.
00:16:22
But for my given situation, there was no way, no way at all
00:16:28
that we could have done that.
00:16:29
It would have taken us four years to get the thing fully
00:16:33
configured I mean literally, because it's just two people.
00:16:35
And so that's how we made our decision to go with this other,
00:16:41
less known solution that ended up being a better solution.
00:16:44
Now why do I take you through all of that right?
00:16:51
It shows you how it sets you apart.
00:16:57
You know, immediately I took ownership of this problem in our
00:17:01
environment.
00:17:02
It wasn't my responsibility to really take ownership of it, but
00:17:06
I took ownership of it.
00:17:07
Right, because I'm the cloud security person.
00:17:10
We don't have a management tool for the cloud.
00:17:12
We need a unified platform for it, we need a project for it,
00:17:18
and so I immediately owned this entire process.
00:17:21
I brought it up to my management, my management and
00:17:24
myself brought it up to the CISO .
00:17:26
The CISO approved, we got a budget for it, we're off to the
00:17:31
races.
00:17:32
All of that is taking initiative.
00:17:36
I identified the, the lacking area in the environment, and,
00:17:43
and then I took ownership.
00:17:44
I didn't just identify the area and then point a finger and say
00:17:49
, hey, someone else should take care of this.
00:17:51
I identified a gap and then I said, hey, i'm taking this over.
00:17:57
If it's approved like, i own it , i run it, i'll choose everyone
00:18:02
for the POC and we'll make a decision as a team, you know.
00:18:06
So it shows taking initiative, it shows taking ownership, and
00:18:13
Once we get through those two things, you're also going to
00:18:16
gain a whole lot of experience, a whole lot of knowledge and,
00:18:22
you know, maybe even more importantly, you're gonna become
00:18:25
more well known within the environment Because you're gonna
00:18:31
be working with a lot of different people.
00:18:34
Your manager and their manager will likely refer to you now in
00:18:39
other, you know, executive level meetings and calls, because
00:18:43
they're saying like, hey, we have this new project, you need
00:18:46
to get ready.
00:18:46
You need to, you know, get your teams ready for it.
00:18:49
This is the point of contact and they're gonna bring up your
00:18:51
name.
00:18:52
So that is just something that you should absolutely, you know,
00:18:57
keep in mind and whatnot, like when you're you're doing this,
00:19:01
right, because you're gonna get more well known within the
00:19:03
environment And that is only going to help you.
00:19:05
As long as you use that, that notoriety correctly, it'll
00:19:11
definitely benefit you.
00:19:13
So, you know, all of these things combined really work to
00:19:22
set you apart.
00:19:23
You know, and That that's key, right, because you need to be
00:19:27
able to set yourself apart from everyone else in your
00:19:31
environment.
00:19:31
You know, it's not enough to set yourself apart from everyone
00:19:36
else when you're applying for a job, right, you absolutely have
00:19:38
to do that, because why?
00:19:39
Why hire, you know, a cookie cutter Person that you can hire,
00:19:46
you know, 10 other people and get the same results?
00:19:47
right?
00:19:48
The reason why you would hire someone is because they provide
00:19:53
something that the rest of the candidates don't.
00:19:55
And this Same exact thing works internally at companies.
00:20:02
The next time that there's a promotion available, the next
00:20:08
time that You know.
00:20:09
Let's just say you want to get promoted to be an architect,
00:20:12
right, and now the opportunity is available.
00:20:15
You have a really good case as to why you should be getting
00:20:18
that job right.
00:20:20
Because you took initiative, you took ownership.
00:20:22
You analyze the environment, saw that there is a gap, made
00:20:27
the right call on the solution, deployed the solution and then,
00:20:31
even you know, provided support, training to the rest of the
00:20:35
organization, provided documentation.
00:20:37
You had to sell it to your manager, to his manager and or
00:20:43
their manager, and to the CISO, whoever that might be.
00:20:46
Maybe you even had to go a step further and sell it to the CIO.
00:20:51
Maybe you had to go a step further and create the slides
00:20:56
for your CISO to sell it to the board, because maybe you know
00:21:00
your company has a requirement If it costs X amount of dollars,
00:21:04
you have to get board approval and all this other stuff right.
00:21:08
And You know your job is Not just to point the finger and say
00:21:15
, hey, we have a problem here.
00:21:16
Your job in this situation is to take full ownership and See
00:21:22
it through to the end.
00:21:24
You know when I was choosing this CSPM solution towards the
00:21:30
end of the process, when I was actually, you know, choose.
00:21:34
When I chose the solution, when we were pitching it and it got
00:21:37
approved, my CISO was going to have to present slides on it to
00:21:42
the board.
00:21:42
So the first thing that I did was I actually offered to put
00:21:46
the slides together for him.
00:21:48
Now, these slides, i mean, i've never had to present to a board
00:21:52
before.
00:21:52
I've never had to create slides for the board before.
00:21:55
I have no clue what I'm doing, but I used all of my internal
00:22:00
resources to get the job done And after about 20 revisions of
00:22:07
this slide deck I mean I'm not even kidding you It took
00:22:11
probably three or four weeks to get these slides done, not that
00:22:15
they weren't done already, but you know, it's literally 20
00:22:19
revisions, like I'm, it's not even an overstatement.
00:22:22
But after 20 revisions, we were finally comfortable enough to
00:22:28
give it to our CISO to present to the board.
00:22:33
And with all of that, though, it just shows you right, like in
00:22:37
this situation, i took an, i took the initiative, i took
00:22:39
ownership, i saw it through end to end.
00:22:42
That's the big piece, right?
00:22:45
Not everyone can say that they did that.
00:22:48
Not everyone on the market can say that they identified a gap.
00:22:52
Explain what the gap was, why it stood out to you why it made
00:22:57
sense to prioritize that that risk to the environment over
00:23:03
other risks to the environment.
00:23:04
What were other risks?
00:23:07
And then going through this entire process, right, of
00:23:11
learning the technology, selling it internally to the right
00:23:14
people at the right time And that is key being able to
00:23:18
actually sell that solution to the right people at the right
00:23:21
time.
00:23:21
You know I'll give you an example, right?
00:23:26
So when I was trying to sell this CSPM solution internally
00:23:31
that I had chosen through the POC, you know part of it was
00:23:38
actually selling it to my CISO.
00:23:39
So I chose the solution, my manager agreed with it, his
00:23:44
manager agreed with it, and then it was time for the CISO And my
00:23:51
manager's manager basically had to gauge if my CISO was in the
00:23:56
right mindset or the right mood to be able to handle a
00:24:00
discussion like that.
00:24:01
And so the meeting actually got delayed one or two times
00:24:06
because he just wasn't in a good space that day, right, and they
00:24:10
didn't want to kill the project because he was having an off
00:24:13
day.
00:24:13
And you know I had put in a lot of work already into this thing
00:24:19
.
00:24:19
So timing is everything Right.
00:24:24
And then you also being able to sell it internally, hey, why do
00:24:27
we need the solution?
00:24:28
Right?
00:24:29
What was the gap that I saw?
00:24:30
Because these people probably saw it as well, already knew
00:24:34
about it.
00:24:34
What were the solutions?
00:24:36
What was the criteria that I was basing everything off of?
00:24:39
And then what was the final results?
00:24:42
Right, like, there's a lot of different classes out there.
00:24:45
Probably there's a whole lot of different articles about how to
00:24:48
talk to executives and whatnot.
00:24:49
I have learned keeping it short , simple and sweet is probably
00:24:56
the best route that you should take.
00:24:58
I think my presentation to the CISO was under 10 slides And I
00:25:04
think it was my like.
00:25:06
My actual presenting of the solutions was probably done in
00:25:11
15 minutes, like, at most, probably 15 minutes, and then
00:25:16
the rest of the time.
00:25:17
You know, we discussed it, we discussed next steps and
00:25:20
everything else like that.
00:25:23
Now, just because it gets through that CISO approval
00:25:27
doesn't mean that your job is done, right?
00:25:29
I said end to end ownership of this entire process.
00:25:33
So now you're going to get experience with negotiating
00:25:39
quotes, negotiating with the vendor, learning how to actually
00:25:43
do that, learning when to push back, what areas to push back on
00:25:47
, how to actually get the real numbers from these vendors, and
00:25:51
things like that.
00:25:52
That's experience that you're not going to get, other than
00:25:55
doing it.
00:25:55
You know, like, that's something that you know is
00:26:01
definitely an art form, almost right, of how to negotiate
00:26:07
someone down a million dollars, right, um, you know, i'll give
00:26:12
you an example One of the quotes that we got for this CSPM
00:26:16
solution I think the first quote was like 1.4 million dollars.
00:26:22
We negotiated them down to like over a million dollar discount,
00:26:28
right, um.
00:26:29
Well, when I say we, i actually say me.
00:26:33
Um, i was able to actually get them down, you know, a
00:26:37
considerable amount, so that it fit within our budget.
00:26:41
Um, because we greatly, desperately, needed a solution
00:26:45
in the environment and this other solution, you know, was
00:26:48
just the right solution for our environment.
00:26:52
Um, and so you're going to get experience with that as well,
00:26:56
and you're going to get experience in probably 10 other
00:26:59
different ways that I'm not even mentioning right now.
00:27:02
You're going to learn how to talk to executives.
00:27:04
You're going to learn how to present to executives.
00:27:06
You're going to learn the ins and outs of the process.
00:27:11
You know, every company has a different procurement process.
00:27:14
It has different timeframes with it and different people
00:27:18
need to be engaged, different teams need to be engaged at
00:27:21
different times.
00:27:22
Um, all these different things, right, and you don't learn any
00:27:27
of that unless you actually do it and go through it, you know.
00:27:32
So, again, you know doing something like this choosing a
00:27:35
solution, identifying that gap and choosing a solution and then
00:27:38
selling it internally and saying, hey, you know, i want
00:27:41
some time or your approval to look at this, this solution, a
00:27:45
little bit further and going from there right And owning it,
00:27:50
taking that ownership.
00:27:51
You know, i recommend everyone that reads the book extreme
00:27:55
ownership by Jaco Willink.
00:27:57
Um, it's a fantastic book and it really shows you that there's
00:28:04
very few excuses out there.
00:28:06
Whether you succeed or fail is all up to you.
00:28:09
Whether you are successful is complete, is almost completely
00:28:14
in your hands.
00:28:14
You should have, you know, foreseen different things.
00:28:17
You should have adjusted different things, and he really
00:28:20
goes through it.
00:28:22
Um, agnazium, to make sure that the readers understand.
00:28:26
You know the roles and responsibilities that someone
00:28:29
may have and what they can do within those roles, and you know
00:28:34
times to push the boundaries and things like that.
00:28:37
Right, all of those things, all those skills that you learn,
00:28:41
although all those soft skills are extremely valuable and
00:28:45
they're not going to just pay off in the workplace, right, in
00:28:49
the office, right, it's going to pay off in a lot of different
00:28:52
areas of life.
00:28:53
You know you're going to learn how to negotiate the price of a
00:28:58
home down more, right.
00:29:00
You're going to learn how to negotiate the price of a car
00:29:04
down more.
00:29:04
You're going to learn how to, you know, take initiative in
00:29:10
different relationships and different areas of your life.
00:29:13
You know, and that's what everything really comes down to,
00:29:17
right, where you spend your time, where you spend your
00:29:20
effort.
00:29:20
You know that is where your life is going to go and grow.
00:29:25
So with that, you know, i really appreciate you guys hanging in
00:29:29
there.
00:29:29
I completely actually forgot that last week that I didn't
00:29:35
have an episode lined up for the mentorship side of things, so I
00:29:40
really apologize for that Quick note.
00:29:43
You know I definitely have some major updates and upgrades
00:29:48
coming to the Patreon.
00:29:49
I think it's going to be really great.
00:29:51
It's really going to build a community around setting goals,
00:29:56
achieving those goals and growing, you know, in our
00:30:00
careers together.
00:30:00
So with that, guys, i appreciate you listening and
00:30:05
I'll see you on the next episode .
Related Episodes
Taking a Tech Memory Lane Walk with Trey Guinn from Cloudflare
Are you ready to have your technological horizons broadened? We've got Trey Guinn, an expert from Cloudflare, here to give you a grand tour of his tech journey. He'll take you from his humble beginnings building computers at the mall, through his time working in data centers in New Zealan...
Insights on Self-Employment and Cyber Threats from Boom Supersonic's CISO Chris Roberts
You've heard of Boom Supersonic, right? Let's journey into the mind of its CISO, Chris Roberts, our most sought-after guest yet. His tales of transitioning to self-employment, battling the IRS, and the challenges of running his own company are nothing short of enlightening. This episode n...
Steve's Inspiring Shift from Med-School to Cybersecurity
From med-school to cybersecurity, our special guest Steve traverses a journey that's anything but typical. Coming out of an unexpected turn of events, Steve found himself immersed in the tech world, and his fascinating stories are testament to the rollercoaster ride that ensued. Uncover how, a...