No Secret Squirrels: Sean Zadig, Chief Paranoid

Show Notes

Have you ever just wondered why so many security teams are shrouded in opacity?! Us, too. 

That’s why we’re launching a podcast. So you can get the opportunity to know the Paranoids more deeply. And learn what we’re about, what our mission is, and why we love doing what we do.

Listen in to this inaugural episode to: 

• Meet our CISO, Sean Zadig: 1:22 
• Hear about our seven operating, principles: 6:27   
• Learn more about the Paranoids history and our organizational pillars: 13:42
• Discover why you should come join us (cough: theparanoids.com): 25.20

Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)

Guest: Sean Zadig (Chief Information Security Officer)

Chapters

• 1:22: Meet Sean Zadig, Chief Paranoid
• 3:56: Who are the Paranoids?!
• 6:31: Our Seven Principals
• 13:51: Operational Pillars
• 18:05: Our History
• 21:14: Plans for the Future
• 25:19: We're Hiring!

Transcript

Shawn Thomas: 0:17

Hey everybody. And welcome to the very first episode of the Paranoid's Podcast. I am one of your hosts, Sean Thomas. I work here and I run the SOC and I am here with my friend, Steven Asifo. Steven, tell everybody about yourself.

Steven Asifo: 0:30

Hello everybody. My name is Steven Asifo. I am a leader within our governance, risk and compliance organization. And it's a pleasure to be here with you all for our very first Paranoid's Podcast.

Shawn Thomas: 0:40

Oh, I’m so excited. So a bunch of you might be asking, why are we doing a podcast? Right. Well, I mean, first off, kind of everybody's doing a podcast these days, but more than that, we kinda have this unique set of expertise in building security at scale, but we take this approach of pretty intense empathy and active collaboration to do it. We really thought that getting together and some of those stories and influencing the conversation around how to do information security in an adaptable and interesting, and maybe thinking a little bit out of the box kinda way was a really good idea. So hopefully all of you enjoy this, but with us, we thought it would be really prudent to have our first guest be our very own CISO Zadig. Mr Zadig, introduce yourself.

Sean Zadig: 1:22

Hello, Asifo and Shawn. I am also Sean, Sean Zadig. I am the CISO or the chief information security officer, and chief paranoid for Yahoo.

Shawn Thomas: 1:37

All right. So give us a little bit of background of you. Where do you come from? What brought you here? You know, why do you want to be here and what, what have you done?

Sean Zadig: 1:46

So, okay, so I've actually been with Yahoo for, for seven years now. I joined back in 2014 and actually joined to, to build and run,, w hat was, what we call our e-crimes team, which yo u c an maybe talk about a bit later ar e o n., but bef o re joining Yahoo, I a ctually was at Google doing, cy b e r crime inve stigations and then spent seven years with the us go ve rnment working as a federal agent for NASA, their computer crime division, which is basically.

Shawn Thomas: 2:20

I'm still so jealous of that, cuz it's so deliciously, no nerdy.

Sean Zadig: 2:24

Yeah. I mean, you know, it's, it's about as nerdy as a job as you can get in federal law enforcement

Steven Asifo: 2:29

And now it's like the coolest, you know, street wear cuz they just let NASA logos on everything. So you should feel pretty cool.

Sean Zadig: 2:35

I still have some NASA gear I can, I can bust out, I guess, but yeah, so I've been, you know, been here for seven years and it's, it's been quite a run. It's really been a special experience.

Steven Asifo: 2:53

So what brought you to the Paranoids from your stint at Google or what I guess attracted you to this opportunity?

Sean Zadig: 3:01

Yeah, so I was really excited about joining what I saw as kind of a scrappy team you know, the Paranoids were, were really, you know, they were well known in industry and with a ton of rich history., bu t you know, the y we re also like, I mean, coming from Google. Google was a great place. I learned a lot, but it was also like it was a big place and there was, you know, there was a lot of people who did a lot of things there and you know, the re I was, I really wanted to join somewhere that was sort of an underdog in a way. And you know, Yahoo, I think at the time was kind of that and I was excited about the opportunity to co me and build something brand new out of whole cloth th a t didn't exist before. And so made the jump and really never looked back

Steven Asifo: 3:45

And we are very happy to have you here for it. So I think what's coming next on everyone's mind if you are not familiar with this podcast that you're listening to is who are the Paranoids?

Sean Zadig: 3:55

So there's two answers, right? Well, the first answer, the stock, the sort of like organizational answer, we are the information security team for Yahoo. That's what we do. But I think what makes us special makes us actually Paranoid is that we, you know, w e, we have a really sort of unique way of looking at things. We, we bring a certain sense of humanity and humility, I think to the security mission of protecting hundreds of millions of users all over the world. and I think, you know, we're a very special place with a lot of, you know, professional, highly motivated and passionate people, who really is, that's what makes us the paranoids is the people we protect and the people, you know, who are, who, w ho w ork w ith u s.

Shawn Thomas: 4:42

So let's dive into that a little bit, the mission, right? You know, what really are the Paranoids here for? What is it that we do and why do we exist?

Sean Zadig: 4:52

So we do, you know, in, in some ways we do what, what most security teams do we protect data and, you know, for us, the, the, the kind of businesses that we operate in, we protect a n ber of different types. So that's, you know, employee data, it's your data, it's my data., it's also our corporate data. So intellectual property, you know, partnerships and,,, y o u know, cons er data is really the third part is cons er data. And that's really the sort of critical part ar t fo r me, it's the hundreds of mill io ns of users around the world who use our, our mai l s ervices, who interact with our, you know, our, ou r j ou rna listic outlets,, and, yo u know, protecting their data and from the adversaries who really bring them harm, who want to, who wa nn a d o a lot of harm to them is really kind of what gets me up in the morning every da y., a nd so, you know, we actually have a,, a s o rt of a tagline, I guess, within the paranoid that we, we talk about,, i nt ernally at,, e v er y monthly, all hands, we, we, we sort of spread to our,, i n t er nal stakeholders and, you know, we, we t ell ourselves and we tell our, o ur pa rtn ers that we use this place on the internet. We have a really, you know, significant place in the i nternet, in our, i n i nt er net history, but we're here to fight for our users. And, you know, specifically for those users who are being targeted, who are abused and who are vulnerable, and we use that place on the internet to make sure, sure that, you know, we're meeting everybody's needs, including theirs and protecting them from the adversaries who wanna do them harm. And, you know, in fact, we have these sort of principles that we believe in. And the first principle we have seven principles total. The first principle that we highlight at every all hands is that we face dedicated h an adversaries. And so, you know, e very d ay there's, there's people around the world who they might wear a uniform, t hey, you know, they might show up to work in an office and their job is to break into the, you know, the email accounts, the, t he servers, the things that we build and offer t o our users around the world. T here's a obviously break into that a nd t o s teal information and t o harm people. And so we a re here, we remind ourselves that, you know, those adversaries are dedicated. T hey're people,, w ho have missions who have motivations, you know, they might have good days. Th ey m ight have bad days., but you know, and all of our actions, we try to remind ourselves that it's not just bits and bite s fly ing around the internet, that the re are people behind the attacks that we face and the more we know about them and what motivates them and how we can deter them or disrupt them the better.

Shawn Thomas: 7:29

So you totally, can't say we have seven principles and then only give one. Okay. So I think you gotta share a little bit more, I think you're probably right.

Steven Asifo: 7:36

Share. Share.

Sean Zadig: 7:37

All right. Okay. So there's a few others., t h e, th e, the second is that we accept no risk ownership. What does that mean? It's not our job to accept risk for the business. We help the business understand the risks that they carry with the things that they do. We, we m ake sure that they contextualize it. They can, you know, mitigate it,, and manage it in a, i n a, i n a r easonable way, but it's not our job to say, yep, we accept that risk for you., th e t hird is that we understand, you know, speaking of ris ks, we understand both the value and the risks and the data that we have, and it's risky to hold data, especially to hold data you don't need and should, you know, get rid of. And so we need to make sure that, you know, we, we hav e the right balance of what do we keep and what do we not wanna even interact with at all?, t he fourth is that we believe that outcomes are primary. So we're not just a bunch of, you know, passionate and motivated security professionals, but we're of f d oing our own things in o ur own silos. Like we really are driving toward a n ber of outcomes that are, t hat are really aligned with the bu siness that we, we support. And so that includes like trust is an outcome. And, you know, how do the things that we do increase the trust that our users have,, i n, in o ur, in o ur brands and our platforms., I lik e that principle

Shawn Thomas: 8:53

Because it's kind of like,

Steven Asifo: 8:55

We don't tell people to get braces, just to wear braces. We're focusing on the outcome. You know, we telling, for example, the business to wear braces, cu z w e wa nna h ave straight teeth like that is an outcome or support dental hygiene.

Sean Zadig: 9:07

Yeah. I love it. That's great. I'm gonna steal that in the next, all hands,

Steven Asifo: 9:10

go for it.

Sean Zadig: 9:11

But yeah, so that's, that's an, that's an example. Other ones might be growth so that the company, you know, wants to grow and we want to help enable it to grow., b ut we wanna do it in a secure way., an other one is cyber risk, so we're gonna reduce the cyber risk that we carry as a company. So those are outcomes that we, you know, are really sort of striving toward,, a nd, and foc using our efforts around,, t h re e more, three more principles., we als o believe, and thi s o ne actually, I really love that people and pro ces s are more powerful than technology. And so it's not, there's no easy button, you can't buy a thing that's gonna secure,, Yah o o, s ecure the internet, you know, it's, it's, it takes time. You have to invest in people, you have to build robust, repeatable process. That's what gets you, you know, in a be tter place in the long run than just buying a, a flas h y tool,, from a ve ndor who's, you know, hitting you up on LinkedIn.

Shawn Thomas: 10:04

I really hope a lot of people listen to you talk about this because this is such a big thing across the industry overall. And I just see a bunch of security folks, even ones that I've worked with in the past being like, yes, yes, yes, yes.

Sean Zadig: 10:16

Yeah. It's I mean, I I've, I've been guilty of this right. I like, oh yeah, I'm gonna buy this thing. It's gonna solve everything. And it does not. It does. It definitely does not., o kay. Two more principles.

Steven Asifo: 10:27

Let's do it.

Sean Zadig: 10:28

The sixth principle is we measure then act based on data. So we does that mean, it means no gut feelings. If, if we're gonna gonna do a thing, it needs to be informed by data. We need to have, you know, we can actually back that up with, with proof and not just say, oh, we think this is the right thing to do. Let's, let's give it a try., i n fact, you know, the paranoid are so well kn own f or data internally inside the company that a lot of other teams come to us to as k t o help them diagnose their own problems, because we are just known as a place where we keep all the logs and we know how to interpret it. And we sometimes find problems in p roducts before the actual product teams do.

Steven Asifo: 11:07

Paranoia as a service.

Shawn Thomas: 11:09

I can think of so many examples of that to bust into potentially as this podcast continues. Cuz you're, you're absolutely right.

Sean Zadig: 11:17

So one more, the last one, I think this one actually for me personally, is really super,, important and critical and it's why we,

Steven Asifo: 11:24

Would you get a tattooed on yourself?

Sean Zadig: 11:26

I I, yeah. Let's, we'll leave that for another podcast., o k ay.

Steven Asifo: 11:29

Okay. Okay. Okay.

Sean Zadig: 11:30

So it's, we demonstrate the highest professional ethics and look, we're, you know, we're a, a security team at one of the largest internet companies in the world. And by the nature of our job, we have to have access to sensitive systems, sensitive data., a nd we need to be good stewards of that. We need to set the example that the rest of t he company follows and we need to, you know, be above reproach in every way. And even we don't even wa nt t o c reate the impression of some sort of conflict of interest or something. So we need to make sure in every, you know, in, in our professional dealings an d o ur personal dealings, we have the highest ethical standards that we hold ourselves to< a ffirmative> a nd those are the se ven p rinciples,

Steven Asifo: 12:15

The seven principles that the Paranoids live by. And those are very,, h ow would I say,, lo fty to some organizations to think about having principles that lead the or ganizations, som e ju st wak e up an d say, Hey, we're it security. Let's go out an d do that. So how do the Paranoids organize around those sev en pr inciples? Is it just like 10 people in a broom closet saying, look, I'll take principle one, two and three. I, I guess how, h ow do th e Pa ranoids break dow n to support that mission and vi sion

Shawn Thomas: 12:44

First off, you know, for a fact, cuz you work here that there are several broom closets.

Steven Asifo: 12:48

Okay. There is.

Sean Zadig: 12:50

, s o how do we organize around those principles?, I m ean we need to make sure that everything we do actually flows from them and that we're staying true to them in, in a ll the work we do. And so that includes, you know, our strategy and how we plan work and how we make sure that, that all the things that we do tie into that strategy., yo u k now, really every, every project we do,, ev e r y, you know, new feature, we roll out for one of our amazing open source tools., you k now, everything we do has to align to those principles and we can't ever violate them. And I think, you know, every time we tell ourselves,, you k n o w, internally,, we, we p r es e nt o ur, you know, sort of overview of us externally. We highlight those principles to say, this i s what sets us apart. This is what we believe in. And this is, yeah, this is what makes us special in a way.,

Shawn Thomas: 13:42

So how is that made up kind of on a, on a physical sense, right? Like how are we structured? How does that work to meet these, these pillars of success?

Sean Zadig: 13:51

You said, pillars, look, let's look at that. So we, so we're too, I might have mentioned earlier, we have 200 Paranoids,, a ll around the world who, you know, who are the security team of Yahoo and we're o rganized in to b asically we call five pillars., and so, you know, the first one is actually,, k i nd of my pillar, it's the Office of th e CISO. It' s the, it' s the team of people who, you k now, who do our work planning, our s tra tegy,, o u r, o u r b ud get,, the s tu ff that really isn't is crit ical for keeping us running,, day t o d ay., w e ha ve, w e call a Cyber Resilience pillar and they a re focusin g o n,, basical l y m aking sure that we are creating resilient applications and infrastructure. So it's the products that, that are launched by Yahoo and AOL and all of our other brands,, making s u r e t hat their, you kno w, pr oduct security, application security,, that we, y o u k now, aren't launching things with vulnerabilities., we're ensuring that our servers, our containers, our VMs are all, you know, patched are all,, ha ndled,, y ou know, at the appropriate level, we're detecting vulnerabilities as they arise., th ere' s, you know, just b uild ing in,, re s i li ent enterprise systems as well. So all the things that our emp loy ees en inte ra ctive every d ay, m a ke sure that those things are secure. Super critical., the t hir d pillar was what we call Cyber Defense. And actually that's my background when I joined the company was sort of in that sort of, that sort of field and the Cyber Defense team,, you k n o w, sounds like, kind of sounds like what it is they're defending,, agains t ad versaries you. So that includes,, you kno w sor t of day-to-day operations, like our security operations center, incident response team,, threat in t e ll igence tools and, and systems., it also incl ude s,, you know, th e tea ms that, that focus o n ou r cons ers and what, you know, who's attacking them. So our e-crimes team that's disrupting adversaries,, who are, you know, organized criminal groups and who are trying to make money off of, or abuse or hurt our, o ur,, o ur users. We also have a,,, a n A PT team, or we call our Advanced Cyber Threats Team. And so they're looking at, you know, nation states like gove rnment backed to ad ve rsaries who are t arg eting our users for reall y nefa rious purposes., and w e Insider Threat team that looks to, you know, that honors, that last principle of the highest professional ethics to make sure that, you know, all of our employees are doing what's right, and what's best for our cons ers at all times., two m ore pillars, we have our Governance, Risk and compliance pillar GRC. And so, you know,, Asifo a ct ually, you, you, you run the risk team,,

Steven Asifo: 16:35

GRC, GRC,

Sean Zadig: 16:35

it's it's,, and, you know, w e a, as we sort of move into these new markets potentially under Apollo, like that sort of compliance aspect, the C i n GRC is gonna be really important i n making sure that, you know, we comply with,, wi th the various international regulations and you frameworks that we need to, to op erate under., a nd then finally we have something that's really exciting, an d I'm sure you're gonna feature,, in fut ure po dcasts as well, but our Proactive Engineering team. And that includes both our, our re d team,, a s well as what we call Behavioral Engineering that focuses on using behavioral science techniques to change the behavior of employees and cons ers, to get them into a better place,, a s we ll as a in-house engineering team, software engineering team that builds the tools,, th a t, that no t ju st the Par ano ids use, but our entire company uses to help move things toward like zero trust and,, and o th er sort of really key security concepts.

Steven Asifo: 17:36

All right. It sounds like then, thank you very much for going to each of those, because I think when people hear the paranoid, you don't know just the, the breath that everything gets covered. And I think with all this structure, it sounds like there's a significant amount of history behind all this. And it's partially one of the reasons why I joined the organization is because you hear about the, the Paranoids and how long it's been around. So can you dive into, you know, what is the history of the Paranoids, how long ago did it, did

Sean Zadig: 18:03

It start? Yeah, so the paranoids as, as a brand, as an entity is been around for, I think over 20 years, definitely before my time, 20, 20 years, I mean, Yahoo is a 25 plus year old company, AOL. Yeah. Who's who is also part of our portfolio. And, you know, our family is a 35 year old company, so there's a lot of history,, t hat, you know, that comes with these an d f rankly, a lot of us responsibility,, th at comes with these brands., s o y eah, it's a, yo u know, 20, 20 plus year old,, b r a nd where a lot of people get their start,, as p a ra noid and then go on to ot he r t hings within the security industry., and I thi nk we're, we're known as an incubat or of talent. We bring in people, you know, really interesting, diverse,, you kn o w, different backgrounds. We get them excited about the, the, the, t he,, th e are a th ey focus on. We get, we really basically build them to experts and then many of them launch and they go off and they, you know, they start companies, they go into leadership roles at, you know, major security and, and,,, i nternet companies., an d, you know, it's really great to sor t of lo ok back and see who's gone where and what they've done. And so couple examples here,, y ou know, I'm the CISO so I'm going name a few CISOs first, but there's many others as well. So Bob Lord, my,, f o r me r CISO,, wh o,, wen t on from Yahoo to become the CISO of the DNC democratic national committee,, and w h o, you know, played a big role in the, in t he re ce nt 2020 U.S. Presidential elections., Alex St amo s,, w ent on f ro m Yahoo to become the CISO of Face book.,, Chris Ni ms,, is who was a c tu a ll y my pre decessor, he who went on,, t o C apital O n e a nd is now a, you know, engineering leader of a huge portion of, of the capital on e engineering team., but we also hav e, you know, individuals too, not, not just CISO s, wh o, who go on t o rea ll y a mazi ng th ings. And so I'm thinking for example, of,, somebody, you k n ow, we used t o r e fer to as CNH name is Christopher Har r el l. And he, I think a, you know, decade plus at, at Yahoo, and t he n we nt on to become the VP o f e ngineering at Yubico that makes Y ubiKey s,, very important t o fa ctor,, authenti ca t ion to o l s, Vido,

Shawn Thomas: 20:24

, I m e an, it's a, it's a long list at the end of the day. Right?

Steven Asifo: 20:28

Shout out all the Paranoids.

Shawn Thomas: 20:28

We function so much there. Yeah. Obvious we can't name everybody. Right. But shout out to everybody who ever was a paranoid. We have a, we have a saying.

Steven Asifo: 20:36

All Paranoid al ni.

Shawn Thomas: 20:38

Yeah. We have a saying internally. Once a Paranoid, always a paranoid. And I think that's, that's really important as we talk about this stuff, but I digress. We talk about the past, we talk about where we are. Now we gotta talk a little bit about the future.

Steven Asifo: 20:51

The future!

Shawn Thomas: 20:53

Mr. Zadig, you know, what are you most excited about? We've been through a lot, you know, Yahoo to Oath to Verizon Media back to Yahoo, you know, the Paranoids have changed and grown and expanded their portfolio and all these things have happened. And we're in a real serious change moment right now, as we come back into Yahu, what are you really excited about in all that

Sean Zadig: 21:12

That. So I'm excited that the Paranoids remain the Paranoids that we honor sort of the history, right. And, you know, there's, there's a reason we're called the Paranoids. And I like to say we are paranoid, so our users don't have to be we're paranoid for'em. We think about the threats. We think about the adversaries. We think about how to defend against them, how to disrupt them every day, day in and day out. And so our users don't have to worry about those things. They can come to our platforms, they can interact, they can do whatever it is they wanna do, and not have to be thinking about security all the time in the back of their mind. So, you know, we take that mental burden, that load off of them., b ut I'm also excited about what's ahead of us. And there's so much, you know, new opportunities,, un der our new leadership, our new management,, w her e we're gonna be moving into some new,, s o m e new industries that we've actually never played in before. And so for us as security professionals, we get to expand in ways that, you know, it might be a little uncomfortable, but also we're gonna really sort of stretch us. And, and, and at the end of it, we're gonna be, you know, much more, better rounded and,, more experienced professionals. So I think there's a lot o f, a lot of growth ahead of us. And, you know, I, like I said, I've been here for seven years. I actually joined as an individual contributor. I joined as not a manager. I just joined, you know, a person. And through my seven years here, I've been able to, because of the big changes that have happened at the company and within the Paranoids, I've been able to sort of grow and expand and, you know, really learn a lot of new stuff. And,, yo u know, I wouldn't be the CIS O he re today, if it wasn't for all that change that we went through. So I think it's really, the re's a lot of exciting change ahead of us. I'm really excited for the Paranoids that we did go. W e ge t to go through this together.

Steven Asifo: 22:53

That's amazing. And thank you. That's also what makes me very excited about continuing to be a Paranoid and as we continue to go into our future, another thing that makes me excited is all the great things about having the paranoids brand. I know when we go to conferences, we have swag, t-shirts our,, key logo that we put everywhere. So people will come up and ask us at t he conferences like, Hey, are you guys like selling something or a service? Like, n o, we're just like a dope security team. Come join us. So can we expect more external engagement from the paranoids underneath, you know, Yahoo and,, m anagement?

Sean Zadig: 23:28

Oh, heck yes. Yes. We're gonna have a lot. All right. Yes. This like, so it's very

Shawn Thomas: 23:33

Serious. We got a heck there. Like, that's, that's

Sean Zadig: 23:35

A big that's right. That's right. So I'm, I'm trying to abide by the, you know, the no swearing rule, but no,, w e're gonna have a lot more engagement. So already the Paranoids are known as a highly collaborative team. We ar e, we have a really good presence at a lot of major, you know, industry events. We are routinely at BS ides,, pr esenting cool stuff. We're at, you know, at the blue team village at DEFCON,, w e'r e at the digital crimes consorti or unde rg round economy conferences., the, you know, cr ime I'm again st children conferences. Like we, we have a lot of,, reach, I think. And I think, you know, if you look at over the past two years,, we hav e 20 0 Paranoids and over the past two years, 30% of them have actually gone and spoken at conferences have, have been o n pa nels, have submitted papers. So, you know, we have a history of,, of, o f contribution to the community because really, I think we all see this as t he kind of rising,, r ising tide lifting all the boats metaphor, right? If, if we can share what we know, if we can get other people in industry, you know, to where we are and to move past where we a re, like, we all benefit. We can learn from them, they can learn from us and we can sort of fight these common adversaries together. And,, I think that's really, that's something that kin d of se ts us apart. Like we, we don't treat the innovations and the knowledge we gain as a competitive advantage. We wan t to sh are that. And so, yes, I want actually to have more external engagement, I wan t to, I wanna get that 30% n ber to at least 50%. And,, y e ah, I'm excited about of th at. So look, I, I' m actually gonna flip this around a little bit. I wanna ask you, you both a question,, y o u wa nt to do w ha t I know I'm, I' m t hrowing you for a loop. So look, we are hiring as you know, and we're hiring for a n ber of roles. What is it about the paranoids that gets you? Like, wh y, w hy should people come? Why should they come join us a CFO? I'm go nn a a s k you to go first.

Steven Asifo: 25:32

All right. I, I think for myself, and this is what I tell individuals that either currently are here or when recruiting is that I have the amazing opportunity or perspective individuals have the opportunity to work with people that care, which is really big thing for me, because especially in a demanding field, like information security or just in the corporate world in general, it is rare to come across a group of individuals that care not just about the work that they do, but also sharing information with other individuals. Very rarely do I find myself in,, meetings with individuals who kind of just say l ike, Hey, look, I know this, you gotta go on your own. Everyone's very collaborative here and that, o h, opens up a lot of opportunities to just get involved in learning about,, h ow we can really chase that mission. Some of those seven principles that you sh ared. I mean, yes, I I'm a leader within the GRC organization, but right now we're doing the first ev er p aranoid podcast. Li ke I, that was not on th e, my job description, but I, again, we're here talking about co n l ike how do we influence th e c ulture of in formation s ecurity based on all the cool things th at w e are doing the paranoid. So that is probably one of the biggest things for me. And just all the other things that you can get involved in within the company and within the paranoid. So I think I'll then as k m y co-host

Sean Zadig: 26:44

Sean Thomas. I,

Shawn Thomas: 26:45

Well, what, why should people join the paranoid? See a CIFO took the good one, but that's okay. I've got others., a bsolutely. I mean, nail on the head 100% like the empathy and the care that ex ists h ere, but I'm gonna expand on that a little bit. I'm gonna talk about the impact that you have and yo u, you touched it a little bit with paranoid podcast and all that. Like those are not things that were in my job description two an d a h alf years ago, I got brought in t o, to b uild and build up a security operations function and, an d k ind of improve a security operations function. And in that time I have done that. I have gotten to take serious part in b ehavioral engineering stuff. I've gotten to work closely with red. I've gotten to af fect p olicy at the company I've gotten to af fect s ecurity controls that we put in place. I've gotten to affect how we do some bug bounty stuff. I've gotten to have so much effect in the teams that work within the cyber defense org, any other org, like I'm gonna, I'm gonna pull from something that, that SADAG said earlier, being scrappy has its benefits. We have less silos. We have less, we are structured, but we are structured in a way that lets smart people be smart people and lets people who wanna learn, learn new things that they're interested in learning without having a, oh no, you can't go over there. That's not your place. Like you can't touch that. That's not for you. It's very much a ideas when at the end of the day and everybody gets to have a lot of impact in building that mission as opposed to that mission comes down and you're stuck with what you have. And I mean, it's such a cool thing to do. Like I, I've had an interesting and storied career from, you know, ICS to directorships and I get to do more here as a, as a manager or leader than I've gotta do it. Most of these other places just because we're structured that way, which is awesome with that said though, it's time for a double flip, double flip. I'm gonna drop it right back to, to you, Mr. ZZA. Why do you think people should join the paranoid?

Sean Zadig: 28:40

So I don't know how to top those two. Those, those are really good., I guess I have, I ha ve, I h a ve a co c ouple thoughts. Th e f irst is that the paranoid are a r eally interesting group of p eople. We have like people from very different and, an d r eally varied backgrounds. So as an example, you know, we have, we have security researchers. We have former hackers., we have reporters,, a ct ually our chief of staff is a f ormer television producer. And then we have people from, you know, long enf orcement like myself, military intelligence, like there's just really a bunch of different people who come together under one common mission. And I think that's, you know, that's, that's really exciting,, c u z y ou get to benefit from those experiences. And you know, we intentionally try to hire people who have really interesting backgrounds and who don't come from traditional, you know, computer science or which, by the way, that's, that' s my b ack crown comp uter science,, m a j or and nothing wrong with that. But still like we wanna also make sure we get people who can bring us different perspectives., y ou know, in that vein though, like we're also, I think as an organization, we don't do what a lot of security teams do. We don't default to the like secret squirrel, like, you know, military slash intelligence mentality of, you know, you can't know our stuff and we're gonna be si lo a n d w e're not gonna share. So we're very open. We're collaborative internally, not just within,, wi thin the security team, but within the company. And so, you know, we share knowledge like what happened in a security and we'll share that,, h ow do we get, you know, get people to adopt last pass or o ther types of tools. We'll, you know, we'll, we' ll work really closely with people across the company to get them there., we hav e a really collaborative culture. And in fact, today I met with our,, the C EO's new chief of staff., and he w as like, Hey, paranoid. Like I just saw onboarding video. That was great. I loved how you brought all these different executives together and, you know, had a really funny and engaging video on a really serious topic. And I think we have a certain sense of h or,, and a s e nse of fun. In addition to like the serious stuff we deal with every day,

Shawn Thomas: 30:38

That was such a good double flip. And with that, it takes us to the end of the very first paranoid podcast. But before we do, I have some thank yous and some kind of setup for later, first off, thank you to my wonderful co-host Mr. Steven Asifo and our first guest, Mr. Sean Zadig, it was an absolute blast getting to do this with both of you. Thank you. You, anybody who watches this and I mean, we are all just looking so forward to bringing more content and doing more of these and just sharing some of the things that we do. And lastly, because they never get a shout out anywhere else. Huge shout out to our producers, Mr. Sean Sposito and Mr. Jeff Larson who are feeding us notes and helping us do this and really bringing this along and like helping us be the best versions of ourselves.

Steven Asifo: 31:25

Couldn't do this without them.

Shawn Thomas: 31:27

Exactly. So with that, thank you all again. And we look forward to seeing you soon

Steven Asifo: 31:35

And, as always, stay Paranoid!