Embark on a captivating odyssey through the world of IT and security with Russell, who takes us from his early days of computer curiosity to becoming a maverick in the tech field. With a narrative that underscores the power of following one's passion, Russell's tale is a testament to the notion that sometimes, the best education comes from hands-on experience and a relentless drive for knowledge rather than the traditional academic route. His story is not just inspiring but serves as a beacon for anyone at a career crossroads, showcasing the transformative potential of diving into what you love, full-time.
Prepare to have your mind expanded as we tackle the once-daunting domain of risk assessment, now revolutionized by the advent of machine learning. Russell shares how natural language processing is changing the game, turning compliance document analysis from a chore into a streamlined process. This conversation is a deep dive into the evolution of skepticism into necessity within the field, and a look at how overcoming language barriers is paramount in implementing security controls internationally. It's a blend of tech talk and practical insight, perfect for anyone intrigued by the intersection of cutting-edge technology and business operations.
Lastly, we lace up our skates and draw fascinating parallels between the grit of pro athletes and tech professionals. From discussing the hustle required in both arenas to the balancing act of personal and professional life in a startup environment, this episode is a playbook for success in the fast-paced world of technology. We also touch on why investing in oneself is the ultimate safeguard in an unpredictable job market. Whether you're a startup maven or a seasoned tech veteran, this episode is packed with strategies and stories to fuel your next big move.
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, russell?
00:00:01
It's great to finally get you on the podcast.
00:00:03
I feel like we've been planning this thing for I mean what
00:00:07
seems like at least six, seven months now at this point.
00:00:11
Speaker 2: Yeah, thanks, joe, glad to be here, glad we could
00:00:13
make it happen and, yeah, excited to have a conversation.
00:00:19
Speaker 1: Yeah, absolutely Well , russell, why don't we start
00:00:23
with what interested you in IT or security that brought you
00:00:27
down this path?
00:00:28
Right, I start everyone off there, not only to hear your
00:00:34
story, but there's also a lot of people that are listening to
00:00:37
this podcast that maybe want to get into IT or maybe want to get
00:00:43
into security and maybe they're doing a career change or they
00:00:46
don't really know how to do that right, and I feel like it's
00:00:49
always helpful for people to hear someone else's story and
00:00:52
maybe they can relate to your story and hear like, hey, if
00:00:56
this guy did it, maybe it's possible for me, and that's that
00:00:59
little spark that some people need.
00:01:01
So what's your background with that?
00:01:05
Speaker 2: Well, I'd be flattered to hear if I'm
00:01:07
inspiring anyone in that way.
00:01:10
But regardless, I always feel like I draw from a personal
00:01:17
curiosity and interest and I think that anybody should follow
00:01:21
that to whatever degree and if it's IT or technology in general
00:01:26
, definitely foster that in any way you can.
00:01:30
So I was introduced to computers at a young age through
00:01:36
my father who had a job in telecommunications and I think
00:01:43
he was personally interested in the personal computer and the
00:01:47
evolution of a processor and memory and applications.
00:01:51
He was not into software, he wasn't writing software, but
00:01:57
kind of a tinkerer, craftsman at heart and hobbyist, which I
00:02:03
think I inherited largely.
00:02:06
And I think my first foray into IT was networking between
00:02:16
systems on a local area network for the purposes of multiplayer
00:02:21
gaming.
00:02:22
So I recall trying to connect to computers to play games like
00:02:33
Doom or Doom 2.
00:02:36
And I remember this moment where I played this game and you
00:02:43
could see another character in the game.
00:02:46
So normally you're playing this first person, All you see is
00:02:52
your character's kind of like field of view and the other
00:02:57
characters are all procedural or not procedural.
00:03:02
At the time you know part of the game's software but not
00:03:07
other people playing Right.
00:03:08
And that moment of multiplayer games with a friend in the same
00:03:14
room but on a different computer kind of just really ignited the
00:03:20
passion for technology for me overall, and so that evolved to
00:03:26
learning more about networking, learning more about software and
00:03:30
computers in general and fast forward, let's say, five-ish
00:03:40
years.
00:03:41
I was trying to write web pages for people to make money and I
00:03:46
had an early entrepreneurial spirit, I'll say so.
00:03:49
I was mowing lawns and washing cars, but also writing HTML and
00:03:57
JavaScript and stuff for folks to make money.
00:04:01
And fast forward another few years, I'm working for a large,
00:04:10
let's say like Fortune 500 company as an IT support person
00:04:17
or application support person.
00:04:18
So I had managed to find a career or job, full-time job
00:04:22
doing that, focusing on networking and application
00:04:25
support.
00:04:25
And my first introduction to security as a profession was
00:04:35
after that in a deep network or deep packet inspection and
00:04:41
intrusion detection and in a security operation center.
00:04:44
So I think, to go back to your question again, I would suggest
00:04:54
that you just follow your own interests and curiosity Like,
00:04:57
why are you curious or interested in IT, Right, Is
00:05:00
there a particular technology?
00:05:01
And follow that thread as far as you can, Because if you're
00:05:05
happy and you're interested in and you're doing what you like.
00:05:11
You can probably find a way to make money doing it right.
00:05:15
Speaker 1: Yeah, it's a good point and it sounds like your
00:05:18
background is actually pretty similar to my own.
00:05:22
One of the earliest memories I have with my dad is actually
00:05:26
sitting on his lap and I'm just typing on the keyboard not
00:05:30
typing, I'm just pushing buttons , but it was a lot of fun for me
00:05:34
to do that and I see something come up on the screen and it's
00:05:39
like, oh, I'm doing something and same thing.
00:05:45
He had a career in telecom and computers was more of a hobby
00:05:50
that he was trying to learn and figure out and whatnot.
00:05:52
And it's really interesting.
00:05:56
And thinking back as well, I always had a bit of an
00:06:02
entrepreneurial spirit, right.
00:06:04
I was kind of always trying to look for creative ways of making
00:06:10
money and taking myself to that next level.
00:06:15
And when I got to college I actually didn't even study
00:06:19
computers.
00:06:20
I thought IT was extremely boring.
00:06:23
I thought to myself like if I'm stuck at a desk every single
00:06:29
day for my whole career, that sounds like a miserable career.
00:06:34
It sounds like a miserable existence.
00:06:36
I hope that never happens.
00:06:38
And here I am in security and I love it.
00:06:41
It's like how the tables have turned on me.
00:06:46
But right before you got that first job, did you go to college
00:06:50
?
00:06:50
Did you study computers at all?
00:06:52
Speaker 2: Yeah.
00:06:52
So I went to school for business initially to follow
00:06:57
that kind of more general entrepreneurial avenue and I
00:07:03
planned on using kind of my experience kind of as a
00:07:06
freelance IT web developer, software developer, to kind of
00:07:12
sustain that but not necessarily take it into a career.
00:07:15
And I dropped out of school when I realized that I could
00:07:23
probably do that full time and I first focused on Linux
00:07:29
administration, actually primarily on Red Hat and an
00:07:34
RHCSA certification, but I was writing software in Python and
00:07:41
basically at some point I just did some mental math on how much
00:07:48
money I could make this year versus spend on college and I
00:07:53
haven't gone to school since.
00:07:55
I often think about what I would study if I went back to
00:07:58
school and I don't think it would be a computer science
00:08:04
degree to this day.
00:08:06
I think it might be nursing or something, just something that
00:08:10
would be really interesting to learn.
00:08:13
I think that there's one of the interesting things about the
00:08:18
security industry is the kind of the heterogeneous nature of
00:08:26
folks background that are in it.
00:08:29
So you have folks who are computer science but a lot of
00:08:36
folks come in from different angles to make security or the
00:08:40
industry their career.
00:08:42
Now there's obviously lots of different focus areas, and I
00:08:47
think that one of the challenges with security is actually
00:08:51
developing a sane curriculum.
00:08:53
It would have been time for it to be relevant.
00:08:57
So this is largely a problem with academia in general, but I
00:09:03
think it's just much more difficult with technology to
00:09:08
develop a curriculum that makes sense for someone going out into
00:09:12
the workforce, and so that hands-on experience is just so
00:09:17
much more relevant but also valuable to folks.
00:09:22
And now I'm largely part of my role today is hiring.
00:09:26
So I'm looking at I'm looking at it through a different lens,
00:09:32
trying to find the best people to help solve certain problems,
00:09:37
and I do look at academic history in some degree, but but
00:09:45
it's certainly not something that can be looked at in a
00:09:48
vacuum.
00:09:49
I think your personal experience, motivation,
00:09:55
intelligence and other things apart from just a degree, is
00:09:59
really what we're looking for, and I would just say that
00:10:09
hands-on experience and a passion for the problem is just
00:10:13
so much more valuable than some certificate or degree, though I
00:10:23
do certainly appreciate the first principles and the pursuit
00:10:30
of academic excellence.
00:10:31
We're obviously standing on a lot of shoulders that came from
00:10:36
that.
00:10:38
Speaker 1: Yeah, it's a balance.
00:10:40
I take it from the approach of let's check as many boxes as I
00:10:49
possibly can to get through HR, because this is the thing right.
00:10:57
The hiring manager yeah, they weigh the degree and
00:11:02
certifications and experience properly.
00:11:04
Where experience matters a whole lot, the certifications
00:11:09
solidify that or say, yeah, he does probably have this
00:11:13
experience, and the same thing with the degree to some extent,
00:11:17
depending on where you go and the program and all that sort of
00:11:20
stuff.
00:11:21
But it's about getting through that HR screening.
00:11:25
That probably doesn't exist at smaller companies, but for the
00:11:31
majority of companies you still have to get through that
00:11:34
checkbox.
00:11:35
So I always recommend that people take a broad approach to
00:11:39
this.
00:11:40
It's not one for sure method of getting yourself in the door.
00:11:45
It's really more about you being passionate and you diving
00:11:50
in and you becoming more well rounded on paper at least, at
00:11:56
least on paper and, of course, having those technical skills to
00:12:01
back it up to really be successful and get in the door
00:12:04
and get that job.
00:12:06
Speaker 2: Yeah, yeah, I feel like I kind of breeze past where
00:12:13
I might normally kind of say what I'm up to now and kind of
00:12:18
qualify my opinion.
00:12:22
So first of all, like I founded a company a few years ago we're
00:12:29
called VISA Trust.
00:12:31
We're in the security industry, we focus on third party risk
00:12:34
management and we're essentially bringing artificial
00:12:41
intelligence and natural language processing into a
00:12:46
product or platform that aims to help businesses understand the
00:12:51
risk of doing business with one another, and we primarily look
00:12:55
at the language within artifacts or documents, websites to
00:13:03
derive information about the strength of a business's
00:13:07
security program and whether or not it's been attested in high
00:13:10
assurance or third party audits other places that might be
00:13:15
relevant and get people out of the business of reading
00:13:17
questionnaires and SOC2 reports.
00:13:24
And founding that company, I think is kind of right along the
00:13:28
same trajectory of entrepreneurial spirit.
00:13:31
And also, if you start a company, you don't necessarily
00:13:38
have to go through HR, so it might be one of the only options
00:13:43
in some cases for me, but I found it to be very rewarding.
00:13:50
Now we have a bunch of customers, we have an amazing
00:13:55
team and, in the age of large language models and generative
00:14:00
AI, I feel like we're very fortunate.
00:14:05
There's definitely a degree of luck here being in the position
00:14:10
that we are now trying to solve this problem with the technology
00:14:14
.
00:14:14
That really makes a lot of sense doing it.
00:14:18
Speaker 1: When did you start the company?
00:14:22
Speaker 2: So Paul and I, as co-founders, technically created
00:14:26
a business entity and filed for patents for the network and the
00:14:31
system of interacting with businesses deriving risk
00:14:37
exchanging data in 2016.
00:14:41
And we left our full-time jobs in 2020 to dedicate full-time to
00:14:50
the product and the company.
00:14:52
So, depending on how you look at it, we founded the company in
00:14:58
2016, but went to work, so to speak, at the company in 2020.
00:15:08
Speaker 1: Yeah, I asked that because LLMs and AI it's
00:15:15
everywhere now and so it's really easy for people to kind
00:15:20
of hop on that bandwagon.
00:15:21
But you forming it in 2016 shows that you had that
00:15:27
innovative idea long before people were really thinking
00:15:31
about AI or LLMs and how it will impact their lives or anything
00:15:35
like that, and I think you're approaching this from kind of a
00:15:41
common sense approach, almost right.
00:15:45
Maybe the worst part of my job is dealing with compliance
00:15:50
standards and trying to identify risk of third parties and stuff
00:15:56
like that.
00:15:56
It's just terrible.
00:15:58
I don't want to do that, but it's a part of it.
00:16:01
I have to do it, I have to deal with it, and it sounds like
00:16:06
you're approaching that from a new area, a new way, with
00:16:13
involving this cutting-edge technology that's able to assist
00:16:18
us in actually getting through it in a much more efficient way.
00:16:21
Speaker 2: Yeah.
00:16:22
So the idea evolved from personal experience and you know
00:16:30
colonize kind of mandate at a company we were working at to
00:16:34
essentially get a grip on third-party risk and, being
00:16:40
technical, we were addressing kind of like a largely people
00:16:45
and process problem at the time.
00:16:47
It still remains that way in a lot of organizations.
00:16:50
But you have your questionnaire and you have a process of
00:16:56
sending that to your third parties and then waiting for
00:16:59
them to answer it and then making sense of that answer or
00:17:02
collection of answers.
00:17:03
But also, like you mentioned, the compliance problem of you
00:17:08
know at the time there were less but still many, many different
00:17:12
compliance frameworks that people might adhere to in some
00:17:15
way or have a certificate or some artifact to prove that they
00:17:21
did adhere to it.
00:17:22
So the job was sending emails, reading questionnaires, reading
00:17:28
compliance reports right, and workflow around sending emails
00:17:35
is a problem that can be solved with kind of existing web
00:17:40
application technology very easily.
00:17:42
But reading documents and understanding language,
00:17:46
referencing material from some corpus of you know known
00:17:52
industry frameworks, mapping that to an assurance level and
00:17:57
having it, you know, culminate into a risk assessment, you know
00:18:02
that seemed to be rather novel, but in particular the affluence
00:18:07
of natural language processing was clear at that time and I
00:18:12
feel like the technology has kind of evolved, obviously,
00:18:16
since all you need is attention or the papers that support it,
00:18:20
and then you know, inform things like generative, pre-trained
00:18:26
transformative models.
00:18:29
But at the time I was dealing with anomaly detection and
00:18:34
machine learning models in the Security Operations Center since
00:18:36
.
00:18:36
So, like you know, tell me, you have all you have this gigantic
00:18:41
amount of data, network traffic data.
00:18:43
Tell me if something is different that might be
00:18:47
interesting for me to look at.
00:18:48
Not just that matches some heuristic rule, right, and the
00:18:55
promise of machine learning back then was still largely that
00:19:04
unrealized in a business application.
00:19:06
For that reason, a lot of people looked at it like snake
00:19:10
oil.
00:19:11
In 2020, even when we founded the company, a lot of people
00:19:16
were skeptical about machine learning and artificial
00:19:20
intelligence ability to predict or help with this process.
00:19:23
I think, fast forward to today.
00:19:25
It's amazing.
00:19:26
People are like well, of course , of course, you use machine
00:19:31
learning to query and return insights from unstructured
00:19:36
language.
00:19:37
It's like a business imperative to adopt this technology in
00:19:45
those use cases.
00:19:46
I think we're well positioned to take advantage of the core
00:19:49
technology that we have already.
00:19:50
On top of that, but yeah, it's been our philosophy since day
00:20:00
one that it is, at its core, a natural language process problem
00:20:05
.
00:20:05
Making sense of language very quickly is the primary task as a
00:20:14
third-party risk professional.
00:20:15
Looking at a compliance report, what is the standard?
00:20:18
Tell me whether this document is better than another or it
00:20:25
substantiates the existence of a mature security program
00:20:29
differently than another.
00:20:30
Machine learning and large language models now are very
00:20:38
well suited to help with that.
00:20:42
Speaker 1: Yeah, it's a fascinating area I was actually
00:20:46
thinking about this just the other day of how complex English
00:20:52
is as a language and then how much more complex Mandarin is
00:20:59
and Russian and all those languages.
00:21:02
I think about that because I remember when I was going
00:21:05
through school, I took Spanish a couple of years in high school
00:21:11
and then I also took a few semesters of it in college.
00:21:14
By the time I got to college doing Spanish, I absolutely
00:21:17
hated Spanish.
00:21:18
I just the sentence structure just didn't make much sense to
00:21:24
me.
00:21:25
I think I was a bit burnt out on it, to be honest.
00:21:29
So I switched it up and I went with German, not because I
00:21:32
thought that it would be easier in any way or anything like that
00:21:36
.
00:21:36
I just needed something different.
00:21:39
And German made a whole lot more sense to me because you have
00:21:46
the exact same sentence structure in German as you do in
00:21:50
English, because English is a Germanic language, right, and so
00:21:55
that whole part of it made a lot of sense to me, and the fact
00:22:00
that you could have an entire sentence in a block of like 26
00:22:04
characters.
00:22:04
That looks like one word, and then learning how to be like oh
00:22:08
no, there's like five words in that thing.
00:22:10
You know it's just pronounced this way, right Learning that
00:22:15
was a lot more fun and easier for me.
00:22:18
But you know, looking back and looking at the different
00:22:22
languages, they're all unique, they're all very different and
00:22:26
complex in their own ways, and so it'll be.
00:22:29
I think it'll be really interesting to see you know
00:22:32
where a solution like this will go, really anything that has to
00:22:36
look at language and make an assessment where it'll go.
00:22:40
Once you start venturing out into other languages, you know
00:22:44
like what's that learning curve?
00:22:45
Like what is, what's the different sources that it has to
00:22:49
pull from to actually learn what it needs to learn.
00:22:52
Have you explored that at all, or are you still trying to kind
00:22:57
of master the English side of it ?
00:23:00
Speaker 2: Well, I think, you know, similar to kind of other
00:23:05
other problems, it's helpful to kind of abstract and maybe
00:23:12
identify a reasonable like single language, so to speak.
00:23:18
So, in a lot of ways, you know, like, like mathematical notation
00:23:24
might be, you know, recognized across different languages the
00:23:33
product, and I think the way that we address this space is to
00:23:40
use technologies that are strong at translating other
00:23:46
languages to a common language that the product can then
00:23:50
interpret.
00:23:51
And so, for that reason, what we do is we translate from foreign
00:23:56
languages into English always, and then we provide, you know,
00:24:02
instantiation of controls through that.
00:24:05
So we rely on the accuracy of translation, you know,
00:24:09
translation models and our ability to translate to English
00:24:15
correctly first, right, but that a similar problem exists around
00:24:22
control frameworks and compliance, right, the there
00:24:28
really is no unique security question or control outside of
00:24:33
the ones that are being, you know, added, let's say, for
00:24:39
machine learning or artificial intelligence risk.
00:24:42
Now, it's very uncommon to see a question that hasn't been
00:24:47
asked before, right, they're all just slightly different.
00:24:50
They all relate to the same control, though, or set of
00:24:55
controls, and so what we do is we translate to a risk model
00:25:03
that recognizes those controls but then appreciates that they
00:25:06
might exist as a control within different frameworks as well and
00:25:12
allow you to understand okay, this is the AICPA trust services
00:25:18
criteria for background checks, whatever the ID is, but it also
00:25:25
maps to the ISO 27001 control for background checks and you
00:25:33
know, nist and CSA or whatever the other frameworks are right.
00:25:38
But again, similar to how we translate to English, we look
00:25:43
for that control itself rather than some specific instance of
00:25:50
that in a language or something right.
00:25:53
Speaker 1: Yeah, that makes sense.
00:25:55
That probably cuts it down.
00:25:58
You know significantly of the learning period that you have to
00:26:01
have with that.
00:26:02
I also focus on how it works and everything.
00:26:09
Speaker 2: I also focused on German as my foreign language in
00:26:13
school for similar reasons, finding that it was just easier
00:26:19
to learn, given its similar kind of structure.
00:26:23
Right, and I certainly appreciate that.
00:26:30
Speaker 1: Going into it.
00:26:30
I thought it was going to be a lot more difficult than it
00:26:33
actually was, but I love going to Germany you know, have you
00:26:39
ever been to Germany?
00:26:40
Speaker 2: I have not.
00:26:40
No, no, I'd love to.
00:26:46
I haven't been to Europe actually.
00:26:48
Speaker 1: Oh, really Okay, yeah , yeah.
00:26:51
I've been to Germany too many times.
00:26:52
I need to go to other places.
00:26:54
I think this year I'm forcing myself to go to London and I'm
00:26:58
using the Bears game as an excuse to go to London.
00:27:00
So it's like see like the Bears are going, I have to have to go
00:27:04
support the team, you know.
00:27:05
Speaker 2: Yeah, you know that's one thing about Chicago that I
00:27:08
really miss is the strong kind of identity and culture of like
00:27:18
appreciation of Chicago that was just so obvious everywhere you
00:27:22
went.
00:27:22
I mean, obviously it's hard to live in Chicago, so if you do
00:27:27
live there it's probably for good reason, right, and you like
00:27:32
it.
00:27:32
But the sports, the sports fandom, I think, remains kind of
00:27:38
unparalleled in a lot of ways.
00:27:40
So are you a fan of other Chicago teams Besides the Bears?
00:27:48
Speaker 1: Oh yeah, yeah, Pretty much all of them.
00:27:49
Yeah, bears, bulls, blackhawks my wife converted me several
00:27:56
years ago from a Sox fan to a Cubs fan.
00:27:59
You know really just about all of them and I go to a lot of
00:28:05
games a year.
00:28:06
You know, like I've kind of put a hold on it since I got a
00:28:09
10-month-old.
00:28:09
You know I want to have too much fun without the wife
00:28:12
because then she'll get a little jealous and whatnot.
00:28:16
But yeah, I mean I love the sports.
00:28:20
It's, you know, it's interesting , right, because my generation,
00:28:25
I mean we, grew up with one of the greatest dynasties in
00:28:29
basketball ever, right.
00:28:31
So we're used to we kind of grew up being used to that like
00:28:36
level of performance, you know, and we, you know, grew up with
00:28:42
our baseball teams just basically forever being terrible
00:28:45
, you know, like not even close to being competitive, you know.
00:28:51
And then we get like these one or two years tied together where
00:28:54
it's like, oh, we're the best, you know.
00:28:56
And so it's always interesting being a Chicago sports fan,
00:29:03
especially like for the Bears, you know, like the Bears is just
00:29:07
the most frustrating, you know, topic for me, because it's just
00:29:12
like we could be so much better if we just had, you know a
00:29:18
different owner.
00:29:19
You know, at this point we've changed out all the other pieces
00:29:22
.
00:29:22
We need to change out that owner and see what we could
00:29:25
actually do.
00:29:26
I have you.
00:29:30
Have you been into sports or what's your?
00:29:33
What's your sports city, if you have one.
00:29:36
Speaker 2: I, I feel like I appreciate a, an amazing game,
00:29:45
an amazing team overall, and so I find myself kind of enjoying
00:29:50
all sports.
00:29:51
I was, was and remain kind of a pretty big Blackhawks fan
00:29:59
During the time that I lived in Chicago.
00:30:01
Would you know, kind of the same time, that they were doing
00:30:05
really well the kind of the age of Kane and Taves and their
00:30:10
streak.
00:30:11
I grew up, I grew up playing all sorts of sports but but
00:30:19
mostly played tennis and ironically, I don't really
00:30:25
follow that much.
00:30:26
But yeah, I think, like I love, I love watching hockey, I love
00:30:32
watching, you know, any, any game that's like competitive and
00:30:36
I love seeing, like you know, the, the human Kind of
00:30:43
performance, the, the pinnacle of any kind of like hard work
00:30:51
from an individual, the dedication, right, I mean to
00:30:54
think about how much work goes into To becoming a professional
00:31:00
athlete overall.
00:31:01
So I, you know, I'll watch someone doing the mile sprint or
00:31:05
, you know, playing table tennis or whatever, and it's just, I'm
00:31:10
just fascinated by human accomplishment like that.
00:31:13
But nothing beats a good yeah to Jagger goal celebration In
00:31:22
the United Center.
00:31:23
So so that's still my top.
00:31:26
Speaker 1: Those are.
00:31:26
Those are so much fun.
00:31:28
Like I love hockey, you know, unfortunately, like well, I
00:31:33
guess now it's not unfortunately , but like I try to get into the
00:31:37
season but I don't have a whole lot of time to spare, you know,
00:31:39
so, typically, like right now is when I start to kind of get
00:31:44
back into hockey because football is ending, so that's my
00:31:48
, you know, my, primary sports fix right, and the bulls are
00:31:51
terrible.
00:31:51
So now it's like okay, I can focus more on hockey that I want
00:31:57
to be, you know, more into.
00:31:58
Yeah, and the closest I've ever sat at a Blackhawks game was
00:32:03
probably like second row and I learned real quick you can't
00:32:07
bang on the glass anymore.
00:32:08
So that's that.
00:32:10
That was fantastic, but you know it was.
00:32:14
It's a great experience and seeing, you know, these, these
00:32:18
guys, move around the ice and shoot the puck, like that.
00:32:21
I mean the, the hand-eye coordination that you have to
00:32:24
have, the agility, the speed, the strength, yeah, um, I mean
00:32:28
it's just it's really impressive .
00:32:30
Yeah, um, because you know, when I, when I grab a hockey
00:32:34
stick and I try, and you know, shoot the puck right, like it's
00:32:39
terrible, yeah, you know it's going like what?
00:32:41
Maybe five miles an hour on a good day.
00:32:43
You know for me like I can't imagine.
00:32:47
You know the amount of hours and practice that they put into
00:32:51
it.
00:32:51
You know, even even just growing up, do you have?
00:32:55
Speaker 2: a?
00:32:55
Do you have a similar appreciation for you know people
00:33:01
in the security or the technology kind of space?
00:33:04
Like I think there's a there's, you know you might see somebody
00:33:10
and think that looks pretty easy, like I could shoot the
00:33:15
puck like that, or is there, is there kind of like a?
00:33:18
Is there an analogous phenomenon like that in the in
00:33:25
IT for you, um, yeah, yeah.
00:33:28
Speaker 1: Yeah, yeah, absolutely.
00:33:30
You know, I, I it's interesting , I haven't tied the two
00:33:35
together in that way, but I do have that same reaction.
00:33:38
You know, I, I, I talked to a lot of people on this podcast.
00:33:42
That's probably the biggest benefit of of this podcast is
00:33:46
networking and talking to so many different people.
00:33:48
And you know I'm I'm constantly blown away by the expertise of
00:33:54
my guests.
00:33:56
You know, I was talking to someone a couple of weeks ago
00:34:00
about quantum, quantum computing , quantum security, and they
00:34:07
were talking about how, you know , they're using crystals to
00:34:11
create this quantum connection and secure communications and
00:34:13
things like that.
00:34:14
Right, and that's, that's a level.
00:34:15
That's, that's a level that I'll probably never reach, you
00:34:20
know, and that is something that takes so many hours to get into
00:34:26
and to actually like wrap your head around it and figure it out
00:34:30
.
00:34:30
You know, like you have to appreciate that kind of work.
00:34:33
And then I talked to people that hack airplanes while
00:34:36
they're on the plane.
00:34:37
You know, like that that's a that's a totally different you
00:34:43
know world than what I want to be on.
00:34:45
And you know, this person goes to Defconn and it's like, hey,
00:34:49
what, what flight are you on again, so I can make sure I
00:34:52
don't book that flight you know like, because if this guy gets a
00:34:56
little too bored he's going to start hacking this airplane, and
00:34:59
I don't want to be on that.
00:35:00
Speaker 2: Yeah, yeah, no, I feel like that.
00:35:04
I feel the same.
00:35:05
You know, it's very easy.
00:35:07
It's easy to.
00:35:08
It's easy to kind of be inspired and then take on a
00:35:14
challenge after being being inspired and only to realize
00:35:18
that it's there's a lot of work ahead of you to be, you know,
00:35:24
proficient to the same degree as that person, right?
00:35:27
Uh, yeah, I feel like my, my position.
00:35:33
Speaker 1: Do you?
00:35:35
Speaker 2: go ahead.
00:35:36
Speaker 1: Oh no, no continue.
00:35:37
I think you were going to answer my question anyways.
00:35:40
Speaker 2: I feel like the the startup founder role kind of
00:35:45
favors, uh favors someone who's interested in learning a lot, um
00:35:54
and uh is comfortable kind of switching, switching hats, so to
00:36:00
speak, and letting go of, of, kind of Maybe, some pressure
00:36:07
that's self-imposed to become the the perfect expert at one
00:36:13
particular kind of focus area, and finding those people and and
00:36:21
bringing them together right and and enabling them, um, so
00:36:27
that I feel like that's kind of a unique and uh and especially
00:36:33
rewarding challenge for me is, like you know, find finding the
00:36:36
right people who are smarter than me, uh, to solve, to solve
00:36:42
a problem right, yeah, that is, um, that's the challenging part
00:36:48
at that level is finding the right people.
00:36:50
Speaker 1: You know, I always hear about, like, how important
00:36:53
that is, especially when you're, when you're a small company.
00:36:55
You know, because you, you can't, you can't spare the time
00:37:02
of training.
00:37:03
You know another new person every three, four, five months.
00:37:05
You need them to be there to actually, you know, build this
00:37:09
thing and solve these problems and really grow with the company
00:37:14
and whatnot.
00:37:15
You know, yeah, and that's the uh, that's a, it's a interesting
00:37:21
, challenging problem that you don't really face.
00:37:24
You know, outside of the startup program and you know, to an
00:37:26
extent, I, I personally, I kind of miss that startup world.
00:37:30
You know, because you can wear as many different hats as you
00:37:34
want, you can try as many different things that you want.
00:37:38
You know, like there's no one holding you back telling you no,
00:37:41
I need you to focus on.
00:37:43
You know this one thing, um, and it's that it's that faster
00:37:48
pace environment, that smaller company, that that I miss.
00:37:52
You know, like now I work at a giant company that employs over
00:37:56
650 people worldwide.
00:37:57
I mean, I know, I know what like 10 people.
00:38:00
You know 10, 12 people maybe at most.
00:38:04
You know I know the people that I need to know to get my job
00:38:07
done, but there's no way I'll ever know everyone that works at
00:38:09
the company and there's also probably no way that I'll ever,
00:38:15
you know, move up in the company , right?
00:38:17
So, like it's, it's different, different problems, different
00:38:22
challenges.
00:38:22
Um, and it's uh, it's interesting, yeah, yeah, I mean
00:38:29
to the same portion of the audience that might be
00:38:31
interested in.
00:38:37
Speaker 2: You know, uh, re recount a personal experience
00:38:39
getting into IT, you know, aimed at trying to guide their own
00:38:42
search for the company, and I would say that trying to guide
00:38:46
their own search for a career, I would say that, you know, being
00:38:52
a being at a startup can be extremely rewarding for a lot of
00:38:57
reasons.
00:38:57
Um, there's obviously, there's obviously, you know, a trade off
00:39:01
and stability between a startup and a 650 person company,
00:39:08
right, uh, but the trade off also includes an opportunity to
00:39:13
learn all sorts of things that you wouldn't, wouldn't
00:39:16
necessarily have an opportunity to learn, but also is actually
00:39:20
discouraged from being learned for.
00:39:23
Responsible for, right, um, and , and yeah, I think, like, if
00:39:31
you're the kind of, if you're the kind of, that's a good oh, I
00:39:35
was going to say you know that that's a.
00:39:38
Speaker 1: That's a great point that you bring up.
00:39:41
I didn't mean to cut you off, I apologize for that, um, but you
00:39:48
know it's a.
00:39:48
It's a great point that you bring up that ability to learn.
00:39:52
You know so many different new things and I just think about my
00:39:57
own experience when I was at a small company.
00:39:59
You know, I had never really worked with Linux before, and at
00:40:04
this small company our product was built on Linux.
00:40:06
So guess what?
00:40:08
I got really good at learning Linux and learning the ins and
00:40:13
outs of this operating system, all from a, from a terminal.
00:40:16
You know, we didn't even have a GUI, right, um.
00:40:20
And then, you know, I took it a step further and I had to learn
00:40:23
SE, linux and learn vulnerability management for
00:40:25
Linux and use only open source software for vulnerability
00:40:29
management, cause the company is a small business, we don't have
00:40:32
money for Nessus or Tenable or or a QALUS.
00:40:36
You know something like that, right, you got to figure it out
00:40:38
with zero budget.
00:40:39
Yeah, um, oh.
00:40:40
And it absolutely needs to be done because we have to meet
00:40:44
these compliance requirements for the federal government,
00:40:46
because we're going, you know, on site and oh, did I mention
00:40:50
you're going on site to some of these facilities that you know
00:40:54
are in the middle of nowhere, in the middle of some mountain.
00:40:58
You know, and you, you're alone, you can't use your cell phone,
00:41:01
you only have to have.
00:41:02
You know what's on a piece of paper, right, you've learned it
00:41:08
so well.
00:41:09
In that situation, you know, by the time, by the time I was
00:41:13
going on site for these federal agencies, I was doing what's
00:41:16
called like double blind or triple blind troubleshooting,
00:41:19
where you can't see the screen, you can't get any log files, you
00:41:23
can't get any screenshots, they can't send you the error code,
00:41:26
they have to read it to you.
00:41:27
And there's someone that's on the other end of the phone that
00:41:31
doesn't know Linux, they don't know anything about the terminal
00:41:34
and you have to learn and you have to literally spell out the
00:41:37
commands and when, sometimes, when you say space, he types out
00:41:40
space and not hit the space bar .
00:41:42
You know like that's the level that you're dealing with.
00:41:46
Speaker 2: Reminds me of the where is, where is the any key?
00:41:50
Uh, in response to the press, any key?
00:41:57
But yeah, I, I, I think that one of the most salient kind of
00:42:04
um, uh, yeah, it's when you're at a small company.
00:42:11
You're very much close to the business problem and
00:42:18
understanding that you know what you might be responsible for
00:42:24
doing really impacts the company and how, I think is one of the
00:42:30
one of the especially rewarding aspects there.
00:42:33
It's not only that you're responsible for it or that it's
00:42:35
different and you have to learn, but when you do it, you're
00:42:39
accomplishing something meaningful to the business.
00:42:42
It's much more obvious what that is right.
00:42:44
And when you're at a much bigger company, you might have
00:42:47
some KPIs or metrics that you're following, but those projects
00:42:55
and things that you're doing are hard to see as valuable, right.
00:43:01
But that trade-off translates to pressure that if you don't
00:43:10
succeed, right, the company won't exist, right, or there's.
00:43:15
You're definitely much more responsible for its success,
00:43:19
right.
00:43:19
So there's a lot of pressure, yeah, which I find very, very
00:43:27
rewarding as well.
00:43:29
Speaker 1: Yeah, there's definitely a lot of pressure
00:43:33
with that as well.
00:43:34
That you know you can't lose the customer.
00:43:40
You know if they have a recommendation you kind of have
00:43:44
to take it.
00:43:44
You kind of have to, you know, work towards building that in
00:43:48
and I actually, you know, I remember going on site for a
00:43:54
federal agency for the very first time and in my preparation
00:43:58
of going, the person that was in charge of the project
00:44:00
beforehand they're like, they told me, they warned me, you
00:44:04
know.
00:44:04
They said oh, you know, they always ask for this thing and
00:44:08
we're never going to build it in to our product, right.
00:44:11
And they told me the background of it and everything, but they
00:44:14
told it from our side of it.
00:44:16
You know why we weren't going to do it and whatnot.
00:44:20
Well, I got on site and the first thing that I asked the
00:44:23
customer was well, tell me about why you want it.
00:44:26
You know, like what's the story behind you getting this feature,
00:44:30
this functionality?
00:44:31
You know, because internally, we don't see any value in it.
00:44:34
Right, but you obviously see a value in it, but we don't know
00:44:38
what that is.
00:44:38
And they told me, you know it was quite literally a life or
00:44:44
death situation that they had encountered at this facility,
00:44:49
and this feature functionality would provide, would have
00:44:52
provided them with precise information of where they needed
00:44:57
to send first responders in this situation, and without that
00:45:01
, you know, it turned into a much bigger or deal than what it
00:45:04
needed to be, and so they were looking for a solution and so
00:45:10
once I got, once I got that information, once I understood
00:45:14
that and I was able to bring it back, you know, then within a
00:45:18
week or two we had that functionality and I was back out
00:45:21
there, you know, updating their products so that we could get
00:45:24
them that new functionality Right.
00:45:26
And it's like you would never experience that at a large
00:45:31
company.
00:45:31
Yeah, you never.
00:45:32
You would never experience that .
00:45:34
There's like what?
00:45:35
Maybe two or three roles at that company that would that
00:45:39
would experience that.
00:45:41
Speaker 2: But you know, at the at a small company I'm one of a
00:45:43
team of like 10 or 12, that any one of us could have been on
00:45:47
site to go and experience that, you know yeah, yeah, the
00:45:51
connection between the customer and the value and the product,
00:45:57
that super tight feedback loop and being involved directly, as
00:46:03
is something that I think is is just very, very rewarding at a
00:46:10
startup and available at a startup Right.
00:46:13
Speaker 1: Do you ever?
00:46:14
Do you ever miss working the nine to five, or do you just
00:46:18
enjoy doing the startup?
00:46:21
Speaker 2: You know, I have, I have three kids and I've worked
00:46:27
at large companies, right, I've worked at a few stable nine to
00:46:32
fives, and I think that there are moments where I miss, I miss
00:46:38
the work-life separation in a certain way, but for the most
00:46:48
part for yeah, it's, it's, it's very infrequent that that
00:46:52
happens, I think for me, I I even, even when I was working
00:46:57
for those large companies, I was , I was thinking about work, I
00:47:02
was thinking about my own professional development and
00:47:06
learning and and the, the, the kind of personal interest being
00:47:14
close to my, my career, led me to be working constantly anyway,
00:47:19
right.
00:47:22
And so now I feel like it's rewarding, because when I think
00:47:24
about problems at work, making progress is is much more
00:47:28
meaningfully rewarding, you know , because a lot of times you
00:47:34
might spend, you might spend a lot of time thinking about a
00:47:36
problem or learning something, and it's not necessarily within
00:47:41
your role or responsibility at the company to use those skills
00:47:45
or present new ideas, right.
00:47:49
So it felt like that was wasted time almost in some cases.
00:47:55
But you know, I think I think it's very rare, but sometimes,
00:48:03
sometimes I do, you know.
00:48:07
Speaker 1: I do.
00:48:08
Speaker 2: Yeah, I do.
00:48:09
I do recognize that, especially nowadays.
00:48:12
You know, even before this was before kind of our time, so to
00:48:17
speak.
00:48:18
You know the the recognition and appreciation of employees at
00:48:24
large companies has been has changed a lot.
00:48:27
You know, at the end of the day , even if it's a 650 person
00:48:32
company, if there's a reduction in force, you're going to find
00:48:36
out that.
00:48:37
You know, on Monday morning or whatever, you're going to have
00:48:41
the pink slip right and and I do think that you know, you work
00:48:53
to live right, and so you just just kind of remembering that
00:48:59
across both even my, I consider this my life's work and passion,
00:49:03
but it's still a job right, and I still have a family and I
00:49:07
still have my health and other things to worry about outside of
00:49:10
work.
00:49:11
Speaker 1: Yeah, you know I always tell people right to
00:49:16
really protect, protect your time, protect your, protect your
00:49:21
home time, your, your work-life balance, not because you
00:49:26
shouldn't work hard at your job you shouldn't, you know, love
00:49:31
your job or anything like that but because there's other things
00:49:36
that are more important than you know.
00:49:39
Just your job, right?
00:49:40
Like you know, now that I have a kid, I mean it would be such a
00:49:51
hard sell to have to go into the office, not out of
00:49:56
convenience but out.
00:49:58
Of.
00:49:58
You know me being able to hear my kids' first words, seeing
00:50:02
them take their first step.
00:50:03
You know like being there when they wake up, being there when
00:50:07
they get out of school, you know like that sort of stuff is so
00:50:12
irreplaceable and I I personally I did not share that with my
00:50:18
parents growing up, you know.
00:50:20
And so now I get to have that and it's like, man, you'd have
00:50:26
to pay me so much money that it's not even feasible.
00:50:30
You know like it's.
00:50:32
It's not and you know I always tell people to also, you know,
00:50:39
work on your own skills and develop yourself outside of your
00:50:43
your nine to five.
00:50:45
You know like, literally at five, turn off your laptop, turn
00:50:48
off the notification for those work apps and maybe study for a
00:50:53
certification, maybe learn a new skill, maybe you know.
00:50:56
If you haven't touched Linux, maybe pick up Linux and learn
00:50:59
Linux, right?
00:51:00
Yeah, the reason is you know really what you said, right, if
00:51:04
there's layoffs, you could be one of them, and it's not
00:51:07
personal, it's just your name came up on a list that's tied to
00:51:11
a, to a cost to the company that they have to eliminate.
00:51:14
And you know, no matter what you do at that company, no
00:51:18
matter, you know what your role is.
00:51:20
You know you, you are expendable to a certain degree.
00:51:23
You know like, you are replaceable to an extent and the
00:51:28
company will absolutely cut that cost because the company,
00:51:30
at the end of the day, has to survive no matter what, and so
00:51:35
it doesn't make much sense for you to put in 80, 90, 100 hour
00:51:39
weeks into a nine to five.
00:51:41
That will let you go, you know, at the drop of a hat.
00:51:44
Yeah, I learned that the hard way.
00:51:47
I wasn't, I wasn't laid off, but I was working, you know, 80
00:51:53
hours a week, every single week, for an entire year, to find out
00:51:58
that I wasn't getting a raise, find out I wasn't getting a
00:52:01
bonus, that there was no money at the end of the tunnel for me
00:52:05
that I was told that there would be, you know, and it's like
00:52:08
okay, this is never going to happen again.
00:52:11
This is, this is a 40 hour work week, you know type of thing,
00:52:17
and I'm going to develop myself on the side, I'm going to start
00:52:19
a podcast, I'm going to start doing consulting for companies
00:52:23
and stuff like that.
00:52:24
You know, like having things on the side, and you know,
00:52:28
recently I just thought of you know kind of a new slogan that
00:52:33
makes a lot of sense is one income, is one too close to zero
00:52:37
?
00:52:37
Yeah, you know, like you should have these other, these other,
00:52:42
you know things going on right to supplement other things and
00:52:46
whatnot.
00:52:46
Speaker 2: Yeah, yeah, I mean, if the 40 hours you're spending
00:52:51
outside of your 40 hour work week are are uniquely beneficial
00:53:00
for your day job alone and that company alone, you know, you
00:53:04
should definitely rethink how you're spending that time.
00:53:07
I think it's.
00:53:09
It's, it's definitely better to kind of treat those hours
00:53:14
outside of work as maybe coincidentally, beneficial to
00:53:18
your current job, but definitely as a personal and professional
00:53:23
development opportunity, right?
00:53:25
How?
00:53:26
How is this going to look in an interview?
00:53:29
Or my next, my next line on my resume?
00:53:33
And is it skills that are translatable to other companies
00:53:38
and jobs that I I foresee, as you know, ideal for my own
00:53:45
career path?
00:53:46
Right?
00:53:46
So that's the cert.
00:53:48
You know, if the cert is specific to your company and not
00:53:52
applicable to any other technology or software or
00:53:55
whatever, maybe think about a more broadly applicable
00:54:00
certificate or or or something you know, right, like like Linux
00:54:05
generally, or security, rather than those like corporate
00:54:10
specific certificates or something.
00:54:13
Right, I don't know how to, how to describe it.
00:54:16
I always, I always described it as kind of the knowledge being
00:54:25
kind of driven into a mountain of which is just more difficult
00:54:30
to escape from if you're outside of that company.
00:54:33
So the company being the mountain and your own
00:54:35
specialization being deepened inside of there, in some tunnel
00:54:40
system that you just cannot escape from.
00:54:42
So you leave that company and you're interviewing it another
00:54:45
and this person's like.
00:54:47
I have no idea what technology or software or skill you're
00:54:53
talking about, even though you spent however long learning the
00:54:57
ins and outs of it.
00:54:58
Right, it's not applicable here .
00:54:59
So trying to stay valuable outside that one company.
00:55:09
Speaker 1: Yeah, absolutely, that's what I tell a lot of
00:55:13
people.
00:55:13
I feel like they view getting these different skills or
00:55:21
certifications or whatever it is .
00:55:23
They can easily get caught up and viewing it in terms of oh,
00:55:29
how does this benefit my current company or my current job or
00:55:34
anything like that?
00:55:35
You should be thinking much more into the future, much more
00:55:39
a brown.
00:55:40
What if all of this ends?
00:55:42
What if this goes wrong?
00:55:45
You should have those other skills, you should understand
00:55:47
the other components and maybe it tangentially makes you better
00:55:53
at your job, maybe it does right, like for myself, I want
00:55:59
to get into management, right, and so now I'm trying to pick up
00:56:03
all these new skills of project management and things like that
00:56:08
to make myself more competitive , to develop myself.
00:56:12
And, yes, it does benefit my day job.
00:56:15
Right, definitely benefits me there.
00:56:18
But I'm thinking ahead.
00:56:20
I'm trying to think towards what do I want to do next and
00:56:24
try to build those skills up now while I can.
00:56:26
Well, russell, unfortunately we're at the end of our time
00:56:34
here and I mean I had a fantastic conversation.
00:56:37
I absolutely want to have you back on.
00:56:39
I think that this conversation went down quite a few rabbit
00:56:45
holes that we could spend another two, three hours going
00:56:48
through.
00:56:49
But, russell, before I let you go, how about you tell my
00:56:54
audience where they could find you, where they could find your
00:56:57
company if they wanted to reach out and learn more?
00:57:01
Speaker 2: So visatrustcom, that's V-I-S-O-T-R-U-S-T and you
00:57:07
can find me quite easily at Russell Sherman.
00:57:10
And yeah, we're especially interested in bringing on folks
00:57:17
at the company in the security B2B SaaS space.
00:57:21
Particularly on my team, I'm looking for folks who are strong
00:57:26
, product-minded developers and technologists in the large
00:57:32
language model and artificial intelligence space.
00:57:35
I really appreciate it as well.
00:57:37
It was a great conversation.
00:57:38
It's always amazing to meet someone else in the industry, so
00:57:45
to speak, and find out about that background and how it might
00:57:49
differ or be the same, because it's truly amazing how different
00:57:56
backgrounds arrive in the same industry and security.
00:57:59
So it was my pleasure.
00:58:03
Speaker 1: Yeah, definitely.
00:58:04
It's always a fascinating conversation to hear everyone's
00:58:08
story, so I'm glad that everyone could hear your story and
00:58:14
probably even a little bit more of my own.
00:58:17
Well, with that, thanks everyone.
00:58:20
I hope you enjoyed this episode .