Defense in Depth: Retaining Cyber Talent

If you could do one thing to retain your staff what would it be?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Liam Connolly, CISO, Seek. and our guest Ben Sapiro (@ironfog), head of technology risk and CISO, Canada Life.

Got feedback? Join the conversation on LinkedIn.

Huge thanks to our podcast sponsor, RevCult

On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.

Full Transcript

David Spark

If you could do one thing to retain your staff, what would it be?

Voiceover

You’re listening to Defense in Depth.

David Spark

Welcome to Defense in Depth. My name is, David Spark, I am the producer of the CISO series, and joining me for a special guest co-host opportunity, all the way from Brisbane, Australia, is Liam Connoly, the CISO for Seek. Liam, thank you so much for joining us.

Liam Connoly

Hey, David, great to be here.

David Spark

Awesome, alright. I’m going to have a question for you in just a second but first, I want to mention our sponsor for today’s episode and that is, RevCult. And I will say, if you are running a Salesforce environment, and you are struggling with Salesforce security, which you probably are, if you’re running Salesforce, you’ll be interested in what they have to say in the middle of the show, so, stay tuned for that. And we thank, RevCult, for sponsoring us. But let’s go onto the topic here. Now, the question I teased everyone with at the very beginning of the show was asked actually by, Kris Rides of Tiro Security. And his answer to this question of what do you do to retain your staff, he says, is listen. That’s good advice and, Liam, we’re going to get into a lot of advice in this show, but I want to ask, what are the forces you feel that pull employees away from a security team?

Liam Connoly

Yeah, this is a really interesting question. I would break this down into two factors, you have your external factors, those which you don’t have much control over, such as employees having career ambitions, starting their own companies, moving overseas where you don’t have a presence, or taking a role at a dream company or a more advanced role that your organization can’t offer. Then there’s the ones that are the internal factors and this is where the traditional wisdom would point to the adage of people don’t quit companies, they quit managers. Just don’t get me wrong, if you’re a manager today in today’s highly competitive marketplace for top talent and your primary style is micro-management with a stick, you’re probably going to have a challenge in this time. But we’re seeing less and less of this with companies understanding the impact that bad managers can have with addressing it. Where management in the greater extent executive leadership often fails, the areas of offering career progression, competitive compensation, recognition, professional investment and so forth. These aren’t factors that a direct manager has control of necessarily, but more the executive leadership of the organization can have that impact and make these a priority. I think the goal is to establish a connection with your team or colleagues, creating that space of psychological safety, making it undisputed that you have their best interest at heart, a clear understanding of what their career aspirations are. This can help you ensure that individuals are thinking about making that career move to the next challenge, to another company, you’re not caught off guard, you’re not stuck with a gut punch of surprise to you, and that you’ve done everything you can to foster that growth. This is also where you can help them be successful in their next endeavor and provide guidance on a new opportunity to help them continue to succeed.

David Spark

All awesome advice and, by the way, we’re going to hit a lot of the stuff you just said. For those of you who don’t know, by the way, Liam’s company, Seek, is an online job board. You have a lot of insight into this because you’re dealing with this all the time, people who come to you usually are either opening up new positions or somebody has left. So, this is something you deal with the all the time and get insight on. Yes, Liam?

Liam Connoly

Yeah, absolutely. This topic is probably the number one topic that I have people ask me about and, right now, in Australia and I’ve seen this in the US as well, we’re seeing record ad volume for new jobs. People are leaving organizations at rates we haven’t seen in a long time. For Seek, we’re seeing record volumes in the 20 year history of the company.

David Spark

So, it’s good for you, bad for everybody else, pretty much?

Liam Connoly

Yeah, it’s going to be challenging for teams with a lot of people leaving and a lot of vacancies opening up.

David Spark

All right. Let’s jump right into this and I want to introduce our guest, who I’ve had on this show before. He is excellent and I’m so thrilled he’s able to come back, it is the now new, Head of Technology Risk and CISO over at Canada Life, Ben Sapiro. Ben, thank you so much for joining us.

Ben Sapiro

Thanks David for having me on again. Liam, good to meet you.

What are the complaints?

00:04:28:13

David Spark

Maril Vernon of Zoom said, “My leader constantly asks “any blocks? Anything I can assist with to make your life easier?” And I swear to goodness it is the best thing he does for us because, as minute or major as it is, he’s there to get in the weeds with us.” And Chris O’Connell of Base Mindset, quote, “Open oneself up a bit and share some of your own challenges to relate, build rapport and understanding.” Liam, is it as simple as what both Maril and Chris said? Just relate to them your own troubles but, more importantly, ask what issues they are having and just get in the weeds? Does that help, or do they just go, “Yeah, everything’s fine, whatever.”

Liam Connoly

Yeah, absolutely. I love this question. I use this one a lot. During my one on ones I always ask that question of, “What can I do to make your life easier?” That was actually something I learned from a Google Ventures talk on running meetings that don’t suck. It stuck with me ever since I saw it. It’s one of the videos I use when new employees start, I have them watch when they join. These two comments really come down to genuine trust which is developed over time by being open, honest, demonstrating vulnerability, connecting with people on a human level.

David Spark

What are the kinds of answers that your employees say to you, when you say, “What are you blocks? How can I help?”

Liam Connoly

Yeah, things people are blocked on it’s usually politics in the company, certain challenges or the other thing is what are the career aspirations that they have? Trying to build that into every one on one conversation, making sure that Seek takes a very proactive approach to employee development, retaining talent, really trying to make it the best place that somebody’s worked at. Sometimes it just might be helping them with a challenge that they’re working on, a skill set that’s outside their comfort zone, since we start to see real growth happening. This really can be the difference between hiring somebody for six months and having almost no impact, or benefit to your program, or hiring them for six years and having that massive uplift and having someone you can probably work with again in the future.

David Spark

Ben, do you run into this yourself and do you ask the simple, “How can I help?” and is it usually politics issues like, “I can’t get this person to respond to me”?

Ben Sapiro

Yes, I characterize it mostly as people issues. It’s relationships and so on and I think that it starts first with building that trust with people. This is great advice from both Maril and from Chris which is be open and ask those questions, but if you’re going to ask the question of, “What are you dealing with? What’s a challenge for you?” you’ve got to have a high ask execute ratio. If I ask the question and somebody comes to me and says, “Well, duh, duh, duh, is causing me a problem.” And it might not be Machiavellian in any way, it might just be people have different priorities, but you actually then have to demonstrate that you’ve asked the question and execute through that journey with them and give them guidance.

David Spark

That’s a good point.

Ben Sapiro

But you’ve also got to recognize that people have different styles. Early on in my career and this, unfortunately, is a bit of a gendered thing that I engaged in, I was presented with a problem by one of my female team members. She shared with me and I went and did something about it, but that wasn’t what she wanted, she just wanted somebody to talk to. So, you have to calibrate to the person you’re talking with and it’s not necessarily a gender thing, that was on me, is understand when–

David Spark

So, do you ask, “Would you like me to talk to this person that you’re having the issue?”

Ben Sapiro

Exactly. “Thank you for sharing with me. How can I help you best through this?”, and it might just be, “Hey, I need some advice,” or, “Can you tell me how you would have addressed this situation?”. Or it might be, “No, I’m escalating to you as my boss to please deal with this because I’m at my wits end,” or some variation of that one.

David Spark

But it could be like, “I don’t want you to step in, I want to deal with it but what’s the best way to handle it?”

Ben Sapiro

Right, and that’s important about making sure that people have their own agency, that they know that you’re there to help them, but you’re not taking away any of their own ability to execute. I think, for people especially in our profession, having that control of their own agency is absolutely important about their longevity as an employee ’cause they understand they can steer their ship. The other thing I’d also say on Chris’ note is, if we’re going to share, be calibrated in your sharing, this isn’t a dumping session where you’re over-exposing. You want to share just enough for rapport but it really has to be about the other person, you’re not there to dump on other people. Be thoughtful about how you do that, but I like both of those ideas very much.

Who really cares?

00:08:58:01

David Spark

Brian Sandenaw of MongoDB, said, quote, “Invest in me”. Something you talked about, Liam, so I’m going to toss to your first on this. He goes on and says, “Assisting me in developing my skills and keeping current keeps me relevant and fulfilled; certifications, training, coaching in my soft skills, advice on building my leadership abilities have all built amazing loyalty and motivation in me.” Would you say you’ve seen the same, Liam?

Liam Connoly

Yes. Absolutely. This is where I think it really pays to play this on one’s strengths and develop their skills. I’ve spoken to a lot of security professionals about this one and, given how fast this industry changes, how much there is to learn, investment in professional development is always one of the key areas.

David Spark

Can I just throw the common blockade that I’ve heard on this, and I just want to hear your answer to it is, “Oh, but if I invest in them, then they’re going to go and leave to somebody else, and I’ve just wasted all this money investing in them.” How do you respond to that?

Liam Connoly

Yeah, yeah. For that one, this is where you can start to use metrics on the financial impact of losing key talent. When you factor in the cost for recruiting, on-boarding, loss of productivity and, really, the morale impact of the team when a trusted colleague leaves due a lack of professional investment. It can be between one and two thirds of the cost of the individual’s annual salary. This makes the argument for heavily investing in your team’s development an easy choice. You get a more skilled team member, who’s more likely to stay, they’re willing to share their skills that they have developed with their colleagues and this is probably the most important thing to me, your organization becomes known as an organization that really invests in people and becomes a destination for top talent. When people join we have them complete the Clifton Strengths Assessment and, more often than not, you see learner as one of the top five Clifton Strengths. This was definitely true for me, it’s number one, and I can recall working in organizations where I would ask things like, “Hey, would you be willing to support me if I go to DEF CON,” and it was, “No.” “Would you be willing to give me that Thursday and Friday off.” “No.” “Okay, so I’m going to take vacation time, go to DEF CON, I’ll pay for it myself, I’ll pay for the travel”. But then I’d come back and then my leadership team would say, “What were the things that you learned. I want you to do a talk for the organization, raise the highlights and so forth.” It was positive for me now to look back, ’cause that’s really what’s driven me to take a high level of interest in growing talent and growing professionals. Just those pain points that I went through have been really beneficial. One other thing that I’ve found to be useful with this is, when you have somebody on your team, what you can do is have them write what they want their resume to look like on the day that they leave and use that as a guide to track how they’re progressing. Update it on a regular basis, so part of this might be a desire to build professional, or personal brand externally by presenting at conferences, running training sessions and so forth, which is awesome ’cause they’re giving back to the community, which is something that more and more people need to do. That’s how we all got to where we are today. But it’s really having the ability to foster those soft skills, the presentation coaching, the public speaking and so forth, not just the technical things but really what’s going to make this whole person a better security practitioner.

David Spark

All right, let me jump to you, Ben. Ben, I know you wanted to jump in when I made the comment about, “Hey, what happens when I train them and they leave me.” And your response to that is, adding to what Liam said, which, by the way, excellent answer.

Ben Sapiro

But what if you don’t train them and they stay, that’s the big thing, right? This is a dynamic profession. Every day some new technology comes up with a new thing, the business goes, “Hey, we want to get onto Salesforce or this thing or that thing,” whatever it is and you’re going, “Great, does anybody in my team understand how the secure Salesforce or the thing, whatever it might be?”. Well, no. Okay. “What if we train somebody?” What if we understood the business’s needs sufficiently in advance, we could train somebody up, so when the business came to us and said, “Hey, we’re doing a thing, can you security people please weigh in?”, “Sure, no problem.” Somebody that I work with has this expression that, teams don’t rise to the occasion, they fall to the level of their training. If we don’t invest in our people, when we encounter dynamic situations, be they new technology or be it a breach or some other anomalist event, people will fall back on what they know. In order to continue to safeguard the enterprise, if we don’t continue to progress people’s skills, they will not be able to succeed in the next dynamic situation. If we’re hiring for the last fight that we fought, then we’re not going to be ready for the next one. We have to take these people that we hired for the last fight and then we advance them so they’re ready for the next thing that comes up in front of us. It’s absolutely important to keep that skill sharp, otherwise you don’t have a cyber security team.

Sponsor – RevCult

00:14:00:07

Steve Prentice

Salesforce is a major cloud computing platform that provides vital services to organizations all over the world. A platform this size needs to work with specialists who can help ensure that Salesforce customers enjoy a secure and reliable service. That’s where RevCult comes in, the world’s leading provider of Salesforce security and governance solutions. Here is CRO, Brian Olearczyk.

Brian Olearczyk

Today we are exclusive to Salesforce, so we’ve been in the Salesforce ecosystem for the last ten years, as an organization. Having a deep understanding of how Salesforce is structured and used, and the broad capabilities of the platform has been a key impetus to address the risk concerns within Salesforce.

Steve Prentice

This leads RevCult to work with two main drivers; the first is the types of customers it serves on behalf of Salesforce.

Brian Olearczyk

Regulated industries have mission critical systems like Salesforce that are being managed and, when you have regulatory oversight, when you have highly sensitive data, the regulatory environment certainly is a driver for companies to say, “Well, what are we doing in Salesforce and how do we ensure that we’re mitigating risk or aligning to our compliance requirements?” I’d say the second big driver, from an infosec standpoint, is just impact of brand and risk of breach. So, for large brands or consumer good organizations, there certainly is a driver to make sure that there isn’t a risk service within Salesforce that is unmitigated, that’s not managed differently. Those tend to be the types of organizations we work with; healthcare, financial services on the regulated side, public companies, or large consumer brands, on the non-regulated side.

Steve Prentice

For more information, visit RevCult.com.

Why are they behaving this way?

00:15:44:03

David Spark

Lori Barfield at ShellCon RaiseMe Event said, quote, “As long as a job is meeting someone’s personal needs, such as financial or logistical, there is nothing more important than good team chemistry for keeping employees from going to competitors. For me, the best way to create good team chemistry is to make sure people are doing challenging work and that contribution is being appreciated.” So focusing on those last words; challenging work and contribution’s being appreciated. I remember, years ago, I did interviews for one of your competitors of Seek, Liam, and I was surprised that money, out of maybe 20 people I spoke to, came up two times. It was challenging work and being appreciated is the key thing. Ben, do you see the same and, if so, how do you make sure that happens?

Ben Sapiro

Oh, absolutely. Everybody’s got a clip level. My dad has this expression he says, “Money doesn’t make you happy, but it makes living in misery a hell of a lot easier.” You want to get money to the point where it’s not a dissatisfier anymore. Maybe your organization has the strategy that says we’re going to pay top of market, maybe it’s at the 25th percentile, give or take, but you’ve got to pay people enough so that no longer becomes the driving force in the conversation. Then, it comes to the challenging work, the independence of the agency that they have over themselves. I think it’s important to recognize that different people have different ideas about what challenging work is. For me, if you said to me that my job was to, I don’t know, do firewall provisioning day in and day out with rules and that, that would sound ghastly to me. I’d want to automate the living daylights out of that and, no thank you but, for other people that might be the job that they want. So, when you think about challenging work you’re going to have to tune it to what that person wants and what they see their long term career arc look like. But, I agree, absolutely by making sure that people are challenged then that’s fantastic. The second part about the contribution; this is one of the easiest things ever, just say, “Thank you.” Not in some flashy way, but authentically. “Hey, I appreciate the effort you did, and I’m going to give you visibility to other people to know that I appreciate what you did.” I’ll tell you, I just started a new job recently and I did something, my boss copied the president of the company and said, “Thank you,” and that’s fantastic and it was easy for her to do.

David Spark

And it’s that simple move that means a huge amount, right?

Ben Sapiro

Exactly. It doesn’t have to be flashy gestures, it’s not expensive. It’s an easy way to tell people that you care and it also gives them this visibility further up the organization to say, “Hey, I’m thankful for the person and what they did for me.” It’s not about if you’re a leader, you’re not the person that has to take the credit anymore, it’s about showing that your team is great. These are all good things to do in terms of telling people they’re valued and helping them be retained.

David Spark

Liam, I throw this one to you as well. How do you make sure they’re getting challenging work and being appreciated?

Liam Connoly

Yeah, these are really great points that Ben made. I really like the idea of thanking people, just doing the little things. It’s something that comes up quite a bit. When we ran a retro, when I first joined Seek, and it gave me an opportunity to look at the culture I’m surveying, but also, just talk to the team and understand what’s working well, what’s not working. One of those things that came out was; there’s not enough recognition for the good work that’s being done. So, I use that as a driver for making it priority and continue to drive that when anybody in the company has shared something with the team; this person’s been awesome to work with, and make sure that I highlight that in team meetings. Really emphasizing that this is the brand that we want to build.

David Spark

By the way, what do they say back to you? When you recognize them, do they say, “Oh, thank you for acknowledging.” What’s the feedback you get from that?

Liam Connoly

There’s not a whole lot of feedback necessarily, it’s just more of people feel validated in the work that they’re doing. You can see it in their body language, more than what they’re saying; a sense of pride, a sense of ownership. It ties back to this concept of team and I think this is probably one of the most important things to talk about because this is a huge area where you do lose a lot of team members if you have a team that’s toxic. There’s a lot of books on this topic. If you think about it, what’s the best team you’ve ever worked on? On a scale of one to ten, your ten team, there’s likely a core set of virtues that everyone subscribed to on that team. It’s probably a non-competitive nature, a team that challenged ideas, but didn’t necessarily challenge each other directly. One where you have highly skilled team members, willing to share information, you’re continuously learning. The books that have been written on this, such as, “The Ideal Team Player,” by Patrick Lencioni, talked about those and they created these virtues of those people are hungry, humble and smart, and smart as in people smart, that emotional intelligence. This is where as a manager of the team, you really have to make this a top priority, by willing to have the difficult conversations with those team members that aren’t upholding those core principles, or virtues, that are critical to the team’s success. Team members need to know that they’re accountable and if they do put in the effort, this can be an amazing experience. If they don’t put in the effort, it’s going to be a pain, it’s going to be a challenge for them to be successful in this team because it’s one of those things. I’ve seen it many, many times, where bringing in one or two bad team members, just starts to rot the team from the inside out, and then you start losing some of your top talent. It’s one of those areas that really, really have to focus on driving that as important.

Who really cares?

00:21:36:14

David Spark

Douglas Andrews said, quote, “Empower, encourage new ideas and cultivate those free thinkers.” You’ve teased a lot of this in what you said, Liam, at the end of that last segment. Sharan Aujla of TD said, quote, “Listen to their concerns, provide them with different tasks if they ask, as there is always work to be done in other departments or within, inputs they may have and give them recognition if it’s beneficial. Never betray their trust, and just create 

a fun, positive work environment. Happy employees equals retention, equals productivity.” I’ll start with you, Ben, on this. This sums up on everything we’ve been saying, right here, especially Sharan’s response. How much of a fun environment can you create and have you figured out ways to do that?

Ben Sapiro

I think there’s a place for fun and there’s a place for serious work, but they’re both a core part of the team. Everybody can be heads down and delivering on things and then, when it’s time to put down the tools, that’s when the team can socialize, and every team’s got their own different dynamics. Some will have fun as part of what they do, but I don’t think this is something that can be forced. I think this is something that is emerging from the team learning about each other, the norming, storming, forming of all team dynamics. At some point, people start gelling and they stop necessarily talking about the deliverable, although that’s still part of what they talk about, and they’ll start talking about their lives with each other and they’ll share. You as a leader can certainly create situations for that where you’re just chatting, and getting along, especially, in the wonderful age that we’re in today now where everybody’s Team-sing, or Zooming for their stand up in the morning, whatever it might be, you can create that space within the meeting for just letting people chat to each other. I remember, as a very young manager, funnily enough, living in Melbourne and we’d have a team meeting. The team would be shooting the breeze before, going on and on about chatting about stuff and, here I was, the manager, hard charging and, “no, we’ve got client deliverables” and “we’ve got to do things” and I was shutting that conversation down. You don’t necessarily have to do something as the leader of the team, but you do have to make the space for it, you do have to create the environments that allow for socialization, occasionally it’s doing fun things, but not trying to force the agenda. Then that is that nice feedback loop into the work where people get to know each other better, they learn to empathize with each other, and, ultimately, that is that fly wheel it spins faster and faster as they get better gelled. Now, to Liam’s point though, you’ve got to prune the toxic elements, and you’ve got to do it in a humane way. You don’t want to hire people that all have the same group think as you, you don’t need 15 people that look exactly alike and think exactly alike, that kills off diversity. On the other side, if you’re hiring somebody that doesn’t actually gel with the team well and you can’t make it work, then be cautious of the team’s culture, defensive of it, guard against it and professionally, and humanely, exit those people, otherwise you risk the culture. To quote Mark [Andreson], I think I’m quoting him, “Culture eats everything for lunch.” So, if you get that right then, beautiful, but it is an organic thing, not something you can force, it’s gentle nurturing along the way.

David Spark

Any tricks to culture, Liam, that you have seen to create this fun, happy employee environment where they’re retained and productive?

Liam Connoly

Yeah, the culture challenge is an interesting one because it takes anywhere from three to ten years to change a company’s total culture. You can do this faster with certain teams, it really comes down to who you’re bringing into the team, how you structure the team, and how have you built out that level of trust and that vulnerability. Letting people get a sense of who individuals are at a human level, not just as a superficial professional level. We do this every Friday, every Friday we have team drinks over Zoom. Our offices are starting to open up again, so it’s getting easier. After 12 months of hiring a bunch of people I’ve never met in person, it was fantastic to fly down to Melbourne a few weeks back, and actually get a chance to meet people face to face and actually see their feet, go out for a drink, have dinner, lunches and so forth. Why I think this one is so hard is that nothing worth doing is ever truly easy, but this really is the best part of the role. The positive impact you can have on somebody’s career, your quality of life, that stuff is priceless. It does require ongoing commitment from leadership, from the management team, to continuously evolve. As a leader, this is something you have to continuously hone your skills in. Building up your skills around empathetic listening, or listening with intent. Putting in the long hours to develop employee centric career development, so taking a UX approach to, how do we ensure that the program we’re building is one that employees, and team members, really feel listened to, and it really provides an opportunity for growth. Then it’s not all about just sending people to expensive training, or conferences and stuff like that, but it’s really about creating those on the job training opportunities, or learning opportunities; cross-skilling, pairing people up with other individuals on the team, and then creating that whole-heartedly catered to the individual’s unique challenges. I’ve tried to do this with every employee. Each employee’s got a unique career development plan, there’s not a one-size fits all approach. It’s really making sure that you take the time to understand that individual, especially for your top talent, but understand what their individual needs are.

Close

00:27:15:21

David Spark

Excellent, Liam and, thank you, Ben. We have come to the portion of the show where I ask you, what was your favorite quote and why? And I will start with you, Liam, since you’re my co-host. Which was your favorite quote and why?

Liam Connoly

The one that jumped out to me when I first heard you say it was from Maril, and this was the, “My leader constantly asks any blocks, anything I can assist with to make your life easier?” Again, this is one of the questions that I’ve been using ever since I watched that video, and it’s pretty impressive how much of an impact that has on people when they first hear it. If they’ve never worked for somebody who’s asked that question before, it’s like this shock of, “Wow.”

David Spark

By the way, how surprised are you with the answers, too? When you ask that, do you think, “Oh, I didn’t know that was going on.” Do you have those moments?

Liam Connoly

Honestly, what I usually get back is, “My life’s really good, what can I do to help you?” My team’s always ask me, what can they do to help me out. I think part of that just becomes, I operate as a human shield, if you will, for deflecting and preventing my team from being impacted by any politics or bureaucracy that’s happening within the organization, making sure that they’re in a good place. But I think they can see that can have a toll on me, they’re always saying that, “everything’s really good, the training’s awesome, I’m learning a lot”. I do a lot with pushing people outside their comfort zone with learning. If I’ve got a really seasoned red teamer, I’ve sent them to courses on reverse engineering malware and really pushing them outside their comfort zone. Usually, it’s not a lot of questions of, “I’m really struggling with this or that,” it’s more, “What can I do to help you?”

David Spark

Excellent. All right, Ben, to you, your favorite quote and why?

Ben Sapiro

Lori Barfield’s from ShellCon, “As long as a job is meeting somebody’s 

personal needs then the rest is all about the culture, about the team, and the chemistry.” Absolutely, and I think that’s key. You’ve got to be mindful of the dissatisfiers that can cause people to leave. They’re easy and obvious ones, remember Maslow’s hierarchy of needs for those that did business school, or psychology.

David Spark

And, actually, what Liam opened the show with.

Ben Sapiro

Exactly. The discovery of what’s beyond the financial and logistical and making sure the team works, that’s just an exercise in listening. Liam, rightly said, it’s not an easy journey, that nothing worth doing is easy, but I don’t think this is one that requires six years of Harvard to get right. You just have to sit there as a leader, as a boss, a supervisor, whatever you call yourself and go, “It’s not about me anymore. I’ve climbed to the rank of CISO, or whatever the particular title is, it’s about my people, and so I don’t have to put myself first. I have to trust that my boss above me will look after me, my job is to look after the people that support me and so let me not make it about me, let me make it about them.” Then, if you truly believe that and you can put them first, you just listen, they’ll give you feedback, for sure, and you’ll tune, and when they see you tuning on that, they’ll give you more feedback until you get it right.

Liam Connoly

That’s actually a really good point, and one that I was going to mention. It really comes down to this concept of serving leadership. There’s the concepts of leaders eat last, and this whole podcast we’re talking about right now centers around that, that people first centric approach, to really, as Ben mentioned, putting your team first.

David Spark

Excellent. All right, as I close up our show, I want to thank our sponsor, RevCult. If you’ve got Salesforce in your environment then you should be taking a look at them, check them out at, RevCult, R-E-V-C-U-L-T dot com. I want to thank my guest co-host, Liam Connoly, all the way from Brisbane, Australia, and also, Ben Sapiro, CISO of Canada Life. I let you both have a last word. Liam, you first, Ben, you get the final word. Any final thoughts and I always ask, are you hiring?

Liam Connoly

Yeah, thanks, David. Ben, it was great doing this podcast with you, very international with Canada, US and Australia.

David Spark

Oh, yeah, I don’t think we’ve done three countries, that’s a good point. I think this is the first time on a CISO series show we’ve done three completely different countries; Canada, Australia and the US.

Ben Sapiro

All founded by the same monarchy, just pointing that out.

David Spark

All right, Liam, go ahead.

Liam Connoly

Yeah, so with this one I just want to send a huge thanks to my team. Absolutely. They’re the reason I get out of bed in the morning, they’re the reason I do this job. It’s their professional growth. It’s their development and they are my ten out of ten team that I’ve worked with. They’ve been fantastic to work with and, yeah, I could not do this job without them. We are hiring, so, we are hiring right now for several roles, mobile pen testings, security influencer, security intelligence.

David Spark

Do they have to be Australia based?

Liam Connoly

I also have APAC, I’ve got an APAC role. It could be Singapore or [UNSURE OF NAME] but yeah, Australia’s–

David Spark

Nothing US?

Liam Connoly

Not yet. I’m still working on that one.

David Spark

Trust me, we have a good portion of Australian listeners, not to worry, we do. All right, Ben, any last words and are you hiring?

Ben Sapiro

Well, if my team is listening, I’m about six weeks into the role, so still getting to know them. I’m not there yet in understanding what they need but I’m hoping they’re going to give me the time to get to know them enough so we can go on this journey together. At the same time, we are also hiring. Right now, we’re an early build up, so we’re bringing in contractors. If you’re into data loss prevention, or, if you’re a senior security or technology risk advisor, these are the sorts of folks we want. I think, in about a month, to two months time, we’re going to be starting to post some bigger role, check it out on Linkedin, we’ll be pushing it there. If you’re based anywhere in Canada, definitely love to have you on the team, keep an eye open please.

David Spark

Excellent. Thank you, Ben. Thank you, Liam. Thank you, audience. We greatly appreciate your contributions, as always, and listening to, Defense in Depth.

Voiceover

We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site: CISOSeries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@Cisoseries.com. Thank you for listening to Defense in Depth.

David Spark
David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.