Cybersecurity Burnout

Cybersecurity Burnout

Why are cybersecurity professionals burning out? What’s the dynamic of the job, the pressures being put on them, that causes the best to leave? And this industry can’t afford to lose its best talent.

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Bozidar Spirovski (@spirovskib), CISO, Blue dot.

Got feedback? Join the conversation on LinkedIn.

Huge thanks to our sponsor, HYAS

“Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected?

This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks.

Don’t just react, take your security back with HYAS. Visit HYAS.com

Full transcript

[David Spark] Why are cyber security professionals burning out? What’s the dynamic of the job, the pressure being put on them, that causes the best to leave? And this industry can’t afford to lose its best talent.

[Voiceover] You’re listening to Defense in Depth.

[David Spark] Welcome to Defense in Depth. My name is David Spark. I’m the producer of the CISO Series. And guess what? We have a special guest for you today. Our guest cohost, Shawn Bowen, CISO of World Fuel Services. Shawn, thank you so much for joining today.

[Shawn Bowen] Oh, thanks for having me, David. I’m excited about this one.

[David Spark] You’re going to hear a lot more of Shawn and our guest in just a second. Our sponsor for today’s episode is HYAS.com. They offer some cyber security solutions and technology that actually detects and mitigates risks before they actually happen. Deal with your problems before they really actually become problems. Kind of some minority report thing going on there. Anyways, more about HYAS later in the show. Shawn, you brought our guest to my attention because of a Reddit post and also an article he wrote on Medium about burnout. Now, I think he provided the best summary of the problem, saying that burnout happens when you’re operating under bad culture combined with unreasonable expectations. That seemed to be the perfect storm to drive someone away from your company and potentially cyber security all together. Have you seen this yourself?

[Shawn Bowen] Yeah, absolutely. I think there’s…culture is… I don’t want to say broken, but we have such diverse needs of culture, and we have a lot of people look at security very much as security, which means yeses and nos, and very binary set versus a risk culture of managing within the gray space. Naturally we want to get it as close to black as possible, whereas the operations side or the business side wants to get us as close to white. So, there’s a natural I don’t want to say hostility but a natural friction that happens. When you’re doing that every day, it kind of takes a grind on people, and you have a culture that creates that as a welcoming opportunity, not an us versus them mentality.

[David Spark] That is also a really good way of putting it as well. I’m glad I invited you.

[Shawn Bowen] Thank you.

[David Spark] Well, let me introduce to our audience the person you introduced to me. The person who wrote this article on Medium about burnout… Obviously we will have a link to it on the blogpost for this episode. But it really drove a lot of conversation, and I posted it up on LinkedIn. It got well over 35 shares. I don’t think I’ve ever posted anything that’s gotten that many shares. Thrilled to have him on. It is the CISO of Blue dot, Bozidar Spirovski. Bozidar, thank you so much for joining us.

[Bozidar Spirovski] Thanks for having me, David. Glad to meet you. Both of you, David. Shawn, I would like to thank you for finding my article and for pointing it to David. I was quite surprised by all the feedback that I got.

Why is this happening?

3:01.292

[David Spark] Mark Eggleston, who’s the CISO over at CSC, said, “Burnout is real, and this always on, always in need profession stacked with an onslaught of meetings forces us to be extremely efficient if we’re going to have any strategic and maturation objectives accomplished.” Travis F. over at Capital One said, “I think certain areas of cyber are more prone to burnout than others.” He specifics SOC and forensics are a couple that come to mind. So, both Mark and Travis here are just kind of adding on to what Bozidar said in his article, what you just said in the intro. That here is the way it happens. What more can you add to…? It just seems like there’s so many things getting piled on, and everyone sort of has a different viewpoint of how burnout begins for them. Shawn?

[Shawn Bowen] Yeah. No, I think it’s fueled by passion. I think naturally everyone is passionate about their careers. I think some people have jobs. They just show up, get a paycheck, get home. They don’t care about it. And then there’s people that really are passionate about their careers. I know myself, when I was a teenager, I could not be pulled away from a computer. And then once I got into security, I can’t pull myself away from learning something new. It’s such a diverse and intriguing field that my retirement is doing security. That’s my plan. I love this stuff. And so when you’re so tied and passionate to what you’re doing every day it makes it very difficult because other people, they care about security… They might not care about it as much as we do or else they would be in my career. And so you kind of take it personal, and you kind of harvest that inside when people don’t do what you think is the best thing to do. We need to let go a little bit, and I think that will help.

[David Spark] Oh.

[Shawn Bowen] [Laughs] Yeah.

[David Spark] I know. And we’ve addressed this long ago, but it’s worth bringing up again. It can kind of go both ways. You know the individual who finds a vulnerability and then starts screaming, “Fire,” when it’s like, “Okay, you found a vulnerability. Calm down. Let’s see what the issue is. Is it really a risk for us?” But then they have this attitude of stop everything, fix this now just because they found the vulnerability. You’ve run into this, yes, Shawn?

[Shawn Bowen] Oh, absolutely. Yeah, there’s a little bit of that ownership. But also we look at… Like I said, we talk about binary set. Do you lock your door every night before you go to bed? Well, I think that depends on where you live because you calculate the threat. The likeliness of that vulnerability being exploited. I think that the education… We focus heavily on teaching people how to do security, how to lockdown the house, how to lockdown the building, how to lockdown the IT asset. The reality is you have to leave some doors open. You have to leave some windows unlocked. A perfectly secure place has no entry and no exits. But we have to balance that.

[David Spark] It’s also useless.

[Shawn Bowen] Yeah, exactly. So, you have to find that balance. We don’t teach that.

[David Spark] Bozidar, I want to go back to the thing that I quoted you saying – that it’s a combination of bad culture and unreasonable expectations. I think those kind of go hand in hand there. They’re not actually two separate things, are they?

[Bozidar Spirovski] Well, they are really two separate things. Bad culture can exist even without unreasonable expectations. But usually unreasonable expectations are combined with bad culture. Now, one example that I can give you about that culture was about a CEO that apparently walked into or is regularly walking into the meeting with the security people, so their respective security council, asking who should be fired today. And that type of culture, that type of expectation of the…

[Crosstalk 00:06:52]

[David Spark] “Who’s going to be fired today?”

[Laughter]

[Bozidar Spirovski] Yeah. So, somebody must have screwed up. Somebody is going to be fired. That is the very definition of a bad culture.

[David Spark] Yeah, that’s a bad culture.

[Shawn Bowen] I would find his favorite employee and wait for that person to slip up.

[Laughter]

[Bozidar Spirovski] Really, I can share. But this does happen obviously. That is on the side of bad culture. If we go into unreasonable expectations, what Shawn said about the white and black type of expectation, I have had a situation where a board member have asked me, “Are we secure?” Yes or no question. It’s never a yes or no question.

[David Spark] It’s a trick question is what it is.

[Bozidar Spirovski] Yeah. So, my best answer was, “I can tell you that we are reasonably aware that we are going to be hacked in the future.” That was my best answer at that moment.

[David Spark] They didn’t like that answer, my guess is.

[Bozidar Spirovski] I didn’t get any feedback. I guess that’s feedback in itself. So, what I would like to emphasize here… I think Gary Hayslip had an article a couple of I think years ago where he listed a full, very nice list of things that are cause of this pressure type of thing that we’re feeling. And I’m going to just selected some here which really resonate with me. We must be 100% right. The security theater, which is a terrible frustration in itself. When you come to the management team, to the CTO, to whoever is responsible and you propose something and they tell you, “But why don’t you create sort of a [Inaudible 00:08:36] village around this?

A theater so to say.” As Shawn said, we are very much invested in doing good work, in doing security properly. And that type of security theater frustrates people immensely. So, that’s another thing that definitely kills us. And finally everyone is an expert in our job. I had a colleague in a previous company, like chief of product, that was going around asking people, “Please listen to Bozidar. We hired him because he’s the security expert. Don’t try to be the security expert.” Because everybody was trying to be debating how this is not good enough, or this shouldn’t be that scary, etc. As Shawn said, it’s a risk balance debate, and we can be owning this too much maybe sometimes, this issue that we want to fix it immediately.

Where are we falling short?

9:30.475

[David Spark] Terence K. of iSecurityGuru says, “It takes considerable investment in resources to keep an organization secure. But unfortunately, with meager amount of resources and budget deployed, an eventual cybersecurity breach is a foregone conclusion. No wonder cybersecurity staffs are burning out!” And Neal O’Farrell of Think Security First! said, “Sad that after more than a decade talking about this we’re still doing very little. A headline is no substitute for a solution.” So, most of this says burnout is, “We’re not making any headway here.” And honestly today practically every security team is like, “Oh, yeah, we’re going to get hit. It’s going to happen.” Before it was like, “Oh, I think we can prevent this,” but I don’t think that feeling exists anymore. Does it, Shawn?

[Shawn Bowen] Yeah, I actually don’t really like the comment by Neal. I understand where it’s coming from, but I think we’ve done a tremendous amount. If you really sit down and think about where we were let’s say ten years ago…

[David Spark] I think he’s talking about the burnout question. I think security has come a long way.

[Shawn Bowen] Yeah. No, I agree. I think even the burnout piece… I think it’s more visible now because we have significantly more security staff, and security incidents are more common. But I don’t think the CISO being fired, which used to be the case four years ago… Any incident, CISO is fired. Don’t even bother going into the office that day. You know you’re fired. That was kind of accepted. I don’t think that’s the case now. I think as people understand what the threat is, and what the risk…and that it’s just going to happen, I think there’s a lot more support. I think that there’s still that frustration which causes the burnout, but I think the escalation of burnout is comparable to the amount of burnout that’s happening in tech in general just because so much digital transformation and technology transformation. I do think that we’ve missed the mark on some things. I agree with that.

I think that HR doesn’t understand us for the most part, and external people don’t really understand the security. It’s kind of a new profession in the sense of how do you apply the psychology of the people who are doing the job. I think it’s… I do not think that we are police officers, or law enforcement, or fire fighters that have type of stress in our life but relative to some of the other segments in the business we have a different stress load that I don’t think that we compensate in the normal average company. I think there are some companies that understand it. And I think that giving training and focusing on some tabletop…some off of the keyboard stuff kind of helps reduce that a little bit. I think good companies are starting to realize that, but I think there is still burnout. Same problems from a decade ago, so it’s not completely wrong. But I do think that we’ve done quite a bit.

[David Spark] So, Bozidar, I want to go to this one comment Terence K. said, which was, “Cyber security breach is a foregone conclusion.” Could that be the contributor to burnout? Everyone is like, “It’s going to happen one day. Is it today?”

[Bozidar Spirovski] I don’t think so. For security people, it is what it is. It’s really about… As I wrote in my article, it’s more about our job is not stopping the company from following and guaranteeing that. It’s helping the company pick itself up quickly, dust itself off, and continue moving. So, that type of mindset is I would say something that security, as Shawn said… We have come a long way. It’s not that we’re just there to worry. We are there to educate. We are there to manage together with the rest of the organization. So, we are okay within ourselves in terms of security of how we expect things to work. What we are not okay with, there are still parts of the organization that don’t apply the same logic. And I think Shawn mentioned HR. I’m going to mention legal. I’m constantly reading contracts towards customers that literally demand my phone number and my ongoing availability 24/7 to every single random customer. So, that type of unreasonable expectation of magic being done still exists, whether it’s just for liability protection or something else I can’t comment. But I think that from there, we perceive a lot more pressure than just…

[David Spark] That’s an interesting thing. The contracts themselves are putting on the unreasonable demands, too.

[Bozidar Spirovski] Yeah.

[David Spark] It’s not just internal, it’s your customers that are doing it, too.

[Bozidar Spirovski] Yeah. It is a liability thing for somebody maybe or risk management for somebody else, but it is still unreasonable. People, let’s side down on both side of the tracks, supplier and customer, and discuss what is reasonable. Because I am quite certain that in that same customer, their security people have the same discussion. It’s not black and white. It can’t be. Personally I need to sleep. We have gone a long way in terms of awareness, in terms of support. The organizations today help a lot. The organizations that I work today are much, much better at supporting. I can just commend my organization, how it’s supporting me. Sometimes even they say, “Stop and think, and don’t burn yourself out,” literally. But there are still aspects of the broader organization that need that education and understanding. How quickly we will get there, I’m not certain. I’m not betting on the next two years, especially with legal.

Sponsor – HYAS

15:09.390

[Steve Prentice] One of the chief goals of cyber security is to remember to watch for threats, obviously. But threats are not always going to be where you expect them to be. David Ratner is CEO of HYAS InfoSec, and his company focuses on a highly significant sector that is prone to being overlooked.

[David Ratner] A lot of people have talked about the need for protective DNS on the corporate network. And in fact CISA and the NSA published a memo in ’21 talking about how people need to get protective DNS services. What a lot of people don’t realize though is how important that is and how critical that is on the production side of the network as well. And historically people have focused on the corporate network for employees, their devices, business systems. And people have largely ignored the production side of the house – the revenue generating side of the business. Your servers, your databases, everything that generates money for the company. And increasingly, bad actors are exploiting that and getting into that production network, stealing data, and staying there undetected for months if not years.

[Steve Prentice] This has made HYAS stand out in the marketplace as a provider of security services. David puts it like this…

[David Ratner] HYAS is unique in that we provide protective DNS solutions not just for the corporate network, but HYAS also uniquely provides protective DNS for the production side of the environment as well where no one else is doing this today.

[Steve Prentice] For more information visit HYAS.com. That’s HYAS.com.

What should we be measuring?

16:45.701

[David Spark] Robert Turner of BISSELL Homecare said, “What does your organization want? That’s reality. Either you can work within those constraints, or you can’t. Either you can align your expectations with that reality or find another organization/career that better aligns.” And Frederick Carlson, who’s the CISO of Bureau of Economic Analysis at the US Department of Commerce said, “We have a training and communication crises in the field. In retention, in expression of the value of cyber security, and in pipelining new skillsets into the field. There are not enough people, and there really isn’t enough credible people to train the people.” So, both these cases, it comes down kind of to the individuals deciding what they want and also the environment to train the individuals to be able to kind of withstand the pressure of this environment. What do you think of that, Bozidar?

[Bozidar Spirovski] I would take a different take on these two comments.

[David Spark] Sure.

[Bozidar Spirovski] Because what Robert Turner mentioned about what does your organization want really resonates with me. It’s about the organization understanding that cyber security works in the gray area and understanding and actually being able to vocalize, to declare what their expectation is. This is not something that is always available. Some organizations are much better at it. Other organizations and managers within organizations need to learn this in order to have that conversation properly with the security people. And on the second comment that was there about…from Frederick Carlson, it’s quite a gloomy comment I would say. But the communication, and understanding, and mutual training is very important. And all these things about whether we understand each other and whether we know what we want… Literally today I watched a video on TikTok from a gentleman called Stephen Sifo [Phonetic 00:18:56]. It was a small joke type of video about hiring in cyber security and hiring a junior cyber security person with ten years plus experience. And then Stephen at the end of the video says, “It’s time to sell drugs.” So, it’s easier to start selling drugs than to communicate to these people sometimes. So, it’s about mutual understanding, but it’s really about educating the organization to give you back the proper message. “This is our expectation. This is where we want to be.”

[David Spark] Shawn?

[Shawn Bowen] Yeah, I don’t disagree with any of the comments. I think they all touch on an aspect of it. I do like parts of Frederick’s comment about training. Again, I think I mentioned earlier, we teach people the certifications, whatever. You learn the security aspect of it, and then you enter into the business world, and you’re being asked to make a business decision, not security decision. And we haven’t set people up for that. And we also shield them. We shield the technicians and the engineers from interfacing with that and having to think about it. We just want you to just go do your job and go secure it and build it to this standard or whatever it may be. And then we have a gap as they move…if they want to become a CISO, or deputy CISO, or director, or something along those lines. And they’ve been living security their whole life and not managing risk.

And so they kind of get stopped from a career progression piece a little bit until they learn that. And so it’s a little bit late… So, that’s how I read his message about training is we teach them… Your final test is to secure an asset, not to make a risk decision based off of business. You don’t learn that inherently. And so I think there’s a little bit of that. Your question to start off the segment is what should we be measuring, which is an interesting take that each leader kind of has to balance. I personally try to measure my training and my leave of my people. How many hours have you spent training, doing something? Whether that’s on one of our paid training programs or via some free training programs that we’ve outlined. We have obviously our minimum standard, but we have, “Here’s a list of things to see what you do.”

This summer I’m running a challenge among the whole IT organization, like an IQ testing challenge on five different segments. And so I want to bring that fun aspect into the training. Then also how much leave have you taken throughout the year? Not did you take all of your leave sometime in the year, but when? Are you taking it by quarter and stuff like that to kind of help that burnout? And so those are some non-direct measurements that I think help give people a break. And just an hour or two ago, I sent a message to one of my reports who replied to an email while on PTO. I said, “Don’t reply to the email on PTO. You got it. You have to check out. You can’t halfway check out.”

No one said it could be easy.

21:40.864

[David Spark] Laurie Kenley of Microsoft said, “Also keep in mind that we don’t have to be on the frontlines all the time. It’s okay to move into consulting or go to a vendor, or even rotate out into risk or IT for a while. I had to learn to rest. It’s a long game.” And Fady Makar of ComfortDelGro said, “The question is how to get back on track if it derailed you or how to determine the signs before it consumes you.” So, really good points here. I’m going to start with you, Shawn. The first point is you can stay in cyber security, and you can just not be in a high pressure environment. Or, B, if it does happen to you, how do you get back on track? And either of these situations have you dealt with or have you seen others deal with it, and what have they done?

[Shawn Bowen] So, I’ll poke fun at those that are listening because I’m sure there’s quite a few vendors and consulting. Don’t do that. You don’t need to go to the dark side that quick in your careers. Toughen it out a little bit. No, agreed. Yeah, there’s definitely I won’t say lighter loads but different loads in the career where you’re still helping…

[David Spark] By the way, vendors have a different kind of pressure. There’s the pressure of the business to succeed.

[Bozidar Spirovski] We don’t call it security pressure though. We call it the sales pressure.

[David Spark] Yeah.

[Shawn Bowen] Yeah. But that’s why I say it’s different. It’s not less. It’s just different. I think that’s good. It’s just like working out in the gym. You can’t do the same workout over, and over, and over. You have to kind of cover the whole body. And so same type of concept. I also think it helps people. I think for us, my requirement for my interns or my new grads is they spend their first year covering all my segments from GRC, to security engineering, to the SOC because I want them to be exposed to that. It makes you better overall wherever you end up. So, I think it’s a good move to move around regardless. I promise you if your goal is career progression… Some people, their goal is not. They love what they do, and they’re going to do it for the rest of their career. But if your goal is to move up the ladder, you have to treat it like a lattice and move laterally before you move vertically. You will be significantly more prepared for that position when you do that. The second piece of how to get back when derailed… I’m going to steal it because I know Bozidar is probably going to mention this. In his article, his blog post, he talks…you have to find someone to vent to.

[David Spark] We hear this a lot. Slack channels have become very popular venting spaces.

[Shawn Bowen] It is. I’ll admit, one of my coworkers, Rich Lister [Phonetic 00:24:21]… I work with two great peers. Josh and Rich. And I remember Rich, when I first started, he was nice to his people. I’m in a meeting, and I’m going, “They screwed up.” In my head, I’m like, “I’m burning…” I’m getting more angry than I would have been. But then later as I got to know him and we became closer coworkers and colleagues, I found out that he was just as frustrated as I was. But once I felt that we were on the same page, now we vent together when there’s something going on. And I have that with my team. My SOC lead, Brad. Same type of thing. I said, “Just go outside, hit a tree for a little bit, something. Just take that frustration out, and then come back in, and let’s talk about it before you…” Nothing is that pressing that you can’t wait.

[David Spark] All right. Bozidar, I’m throwing this to you. You’re going to close this out. I want to talk about this venting aspect. Or not necessarily just venting but the different constructive ways of dealing with this. Is it switching careers, getting out for a while, taking a vacation, venting? What are the successful ways of dealing with this?

[Bozidar Spirovski] So, long game and short game I would say approaches here. The short game approach or the short view approach is do something for yourself. So, pick up a physical exercise type of hobby. Personally, I cycle every single day for about 50 K. So, that helps a lot. Helped me a lot. But that is not a remedy for a long-term issue. Because even if you are loaded up on endorphins, that doesn’t really help the long-term pressure. Focus on your family. Go for walks with your family. Talk to them. Pick up a hobby. All these things are nice and help in the short-term. However in the long-term, what I have found to be a successful approach is to change the context. Yes, as Shawn mentioned, every single organizational part has its own pressures and its own dramas. And personally I have immense respect for people… I don’t know if you would agree with this. Bank tellers. People that work in the bank, that work with people. Those are probably the most stressed people in the world apart from security because everybody is yelling at them. Money is missing or something is wrong or whatever, and everybody is yelling at them. I would never like to be in that position. But changing contexts – if you’re in SOC, go towards potentially forensics or go towards penetration testing, or change maybe to GRC, to governance, or to compliance for a little while. You don’t have to go out of the field, but you need to change your focus. You need to change the conversation, and that helps a lot. It helps you reset.

Closing

27:16.213

[David Spark] Excellent point to land on. Thank you so much, Bozidar. Thank you very much, Shawn. Now, we have come to the point in the show where I’m going to ask you which quotes were your favorite, and why. And I’m going to start with you, Bozidar. Which quote here was your favorite, and why?

[Bozidar Spirovski] I would go with Microsoft’s Laurie Kenley. And just the final part of her statement, “It’s a long game.” As I said, don’t give up. Don’t just drop the ball. “[Beeps] this, I’m leaving.”  Do something else. It’s a good career to have, and it is a very… I would say it’s a lovely career. It intersects technology and business. And it’s a very rare pairing of the two. But you need to stay within it. It’s the long game that counts in order to progress, in order to make value from it. So, don’t give up. That’s the best that I can propose today.

[David Spark] All right, Shawn, your favorite quote, and why?

[Shawn Bowen] Well, obviously [Inaudible 00:28:06] Bozidar’s blog post. That’s how we got here. But I would take parts of Frederick Carlson’s because I think training in general is not so much tied to the burnout as much as just overall I think that there needs to be better training of our folks to prepare them for success. I think that will have a secondary effect on reducing burnout. But I do think that that’s something that we collectively need to revolutionize.

[David Spark] Excellent point. All right. Thank you so much, Shawn. Thank you very much, Bozidar. I’m going to let you both have a final comment. Bozidar, you get the very last comment here. And the question I ask all my guests and I’ll be asking you, Shawn, as well – are you hiring? So, make sure you’ve got an answer for that. But first I want to thank our sponsor for today, and that’s HYAS. Thank you, HYAS, so, so much for sponsoring this episode of the podcast. We greatly appreciate having you on as a brand new sponsor. They offer cyber security solutions and technology that detects and mitigates risk before they actually happen. Kind of the time you want to deal with them. Not when you actually see them. More at HYAS.com. All right, Shawn, any last thoughts, and are you hiring?

[Shawn Bowen] Well, I’ll start with first, thanks, Bozidar, for your post. I recommend everyone go out and read both his Medium post and his Reddit post.

[David Spark] We’ll have links to both.

[Shawn Bowen] His Reddit post was a little bit more raw, which is what I really appreciated. And then he was recommended to post a blog, and he did. A lot more thorough there. I took them and posted it in my team Slack channel the day I read it. I told everyone on my team, “You need to read this and be paired up with your people and watch out for your own teammates to make sure that they’re not stressing out as well because I don’t want to lose any one of them.” So, I think it’s been a great topic, and I really appreciate your contributions to the community on there.

[Bozidar Spirovski] Thanks.

[Shawn Bowen] As for am I hiring, absolutely. I will tell people out there that are listening or joining any of the Super Cyber Fridays, whatever it is, I have hired a few people.

[David Spark] A few people? I knew of one.

[Shawn Bowen] Yes. I got a couple. Because of advertising that I’m hiring. So, yes, we are still hiring. We’re looking for some security engineers to round out our security engineering team. So, if you’re looking to join a team that’s about having fun and training, hit me up or follow me on LinkedIn.

[David Spark] Shawn, excellent. All right, Bozidar, any last thoughts on this, and are you hiring?

[Bozidar Spirovski] Again, I would like to thank both of you for having me, for finding this topic interesting, and for actually supporting this conversation that I would definitely like to have throughout the industry. So, my final message to everybody – it’s a great place to work, cyber security. It’s a great place to learn. Be on the lookout for any opportunity to integrate both business and technology whenever you’re working in cyber security. So, don’t just get stuck into code. Code is important. There are a lot of things that happen in code. But always consider the human factor and the business factor. Other than that, you’re just really stressing out.

[David Spark] I like it. Thank you very much. Oh, and by the way, are you hiring? I’m sorry. Are you hiring?

[Bozidar Spirovski] We had an internship to drive this year. That’s past, so it’s completed. Next year I’ll be coming back I hope to this podcast and to this conversation, and we can talk again about hiring.

[David Spark] Okay. Excellent. Thank you very much, Bozidar Spirovski, who is the CISO over at Blue dot, my cohost, Shawn Bowen, who is the CISO over at World Fuel Services. And like I’ve said many times before and I truly mean it, we greatly appreciate your contributions and listening to Defense in Depth.

[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cyber security. This show thrives on your contributions. Please write a review. Leave a comment on LinkedIn or on our site, CISOseries.com, where you’ll also see plenty of ways to participate including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.