Global Cybersecurity Voyage: Jessica's Journey of Leadership and Evolution of the Modern CISO Artwork

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Welcome to Inclusive Cyber: Unlocking Innovation in Cybersecurity, your front-row seat to understand how a diverse mix of voices is not just necessary but essential to defend our most sensitive computer networks and personal data. I’m your host Danny Magallanes, and through my podcast, we shine a spotlight on the heroes and the trailblazers from every corner of society who are redefining the Cultural Renaissance frontier. Every episode is a step toward a cyber community that's as varied as it is united, where everyone has the keys to unlock their potential and the power to protect our digital world. Join us on this journey, where every listen, every share, and every dialogue inches us closer to this new reality

All Episodes

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Global Cybersecurity Voyage: Jessica's Journey of Leadership and Evolution of the Modern CISO

April 22, 2024 • Danny Magallanes • Season 1 • Episode 20

In this episode of "Inclusive Cyber," Jessica, a seasoned cybersecurity leader and CEO of her consulting firm, PurePoint International, shares her personal journey, highlighting her early inspirations from popular culture, supportive educational experiences, and the significance of diversity and representation in her career path. She discusses her professional growth in cybersecurity, emphasizing the value of mentorship and leadership in developing her skills and advancing in the field. The conversation also touches on the impact of generative AI on cybersecurity, with Jessica advocating for the strategic use of AI to enhance productivity while ensuring data protection. Throughout the interview, Jessica provides insights into the evolving role of CISOs and how businesses can leverage cybersecurity strategies effectively.

Show Notes:
LinkedIn Profile - https://www.linkedin.com/in/jessica-a-robinson-she-her-22740311/
PurePoint International - https://purepoint-international.com/

Books
How to Measure Anything in Cybersecurity Risk by Douglas Hubbard - https://www.amazon.com/How-Measure-Anything-Cybersecurity-Risk-dp-1119892309/dp/1119892309/

Support the show

Support the Channel - Click the bell to have notifications, like & subscribe!
Buy Me Coffee - https://shorturl.at/jKMSX
Social Media – Follow us on:
TikTok
Facebook - https://www.facebook.com/profile.php?id=61554884934328
Instagram - https://www.instagram.com/inclusivecyberpodcast/
Audio:
Spotify - https://open.spotify.com/show/6HNQQVKvsCRo2J095Kyc8G
Apple - https://podcasts.apple.com/us/podcast/inclusive-cyber-unlocking-dei-in-cybersecurity/id1686041111
Website - https://www.buzzsprout.com/2183707
Amazon - https://music.amazon.com/podcasts/594cca7a-726d-43fe-b94e-36291566e9d8/inclusive-cyber-unlocking-dei-in-cybersecurityMusic: Music by Cryptochronica and Worlds Apart featuring Vtizzel; Song: Gunz Blazin' Music: Used with permission: Artist: Thunderwolf X Words Apart, Song: Cybernetix...

IC Mission: Welcome to inclusive cyber your front row seat to understand how a diverse mix of voices is not just necessary, but essential to protect our most sensitive computer networks and personal data. I'm your host, Danny magallanes, and through my podcast, we shine the spotlight on the heroes and trailblazers from every corner of society who are redefining the diversity, equity, and inclusion frontier. Every episode is a step towards a cyber community that's as varied as it is united, where everyone has the keys to unlock their potential. And the power to protect our digital world. Join us on this journey where every listen, every share, every dialogue inches us closer to this new reality.

Danny: Jessica, good morning or good afternoon. I don't know where you're at, but I appreciate you joining me on the show today.

Jessica: Yes. Well, it's a pleasure to be here. It's good evening for me as I'm across the Atlantic, but it is a beautiful evening here. So it's wonderful to be with you. So thank you.

Danny: Awesome. So I just want to provide a background where we initially met, and I really like talking about how I meet my guests because it's all about networking.

And where we met last year was at a women in cyber. WiCyS event here in Denver, in my hometown. I really loved your story and wanted to have that opportunity to share that with my audience. Super excited to really get started. So with that being said, can you provide kind of a quick background of who Jessica is for the audience?

Jessica: I'll share a brief, a short background that really kind of talks a bit about kind of where I am now, who I am now. I am a cybersecurity leader. I work as a consulting CISO. So I work with a number of different companies in many different and unique ways. I've been doing this for over a decade, um, in this particular type of work.

And I've had the company for, oh gosh, close to like 13 years now. It's been a lot of fun. It allows me to work with companies of different sizes. I am extremely passionate about the cybersecurity community. And so I've been involved in OWASP years ago, recently, and still, I'm of course, a member of WiCyS. I love WiCyS.

Have been involved in a number of formal and informal communities, not only cybersecurity, but larger security community and continuing to not only information share, but also to grow the work that we do and specifically to grow the variety of people that we see within the industry.

Danny: Appreciate that background. And I know we're going to be talking about. Your company and your entrepreneurship, but I want to go back further, if you can talk about, I guess, your passion about cybersecurity, where did that originally come from and how did that transition to corporate America, if you did, uh, initially go there.

Jessica: The story that I share quite often, let's be honest. That I think a lot of people can relate to is I remember watching War Games as a child and I saw that movie and was like, Oh my goodness, I want to be Matthew Broderick in War Games. So that was kind of this initial thing, but I was this huge Nancy Drew fan. So I remember in my eighth grade year, I read all the Nancy Drew books in our school library and those were like over 40 books.

Um, and then I went on to the Hardy Boys and then I, but I just, I love this idea of this woman. Going in and solving problems for people, helping people. So growing up, I had this intersection of being a hacker and also this inner with aligned with this vision of Nancy Drew. I'll share that my mom was really supportive of this.

She put me into a STEM program around that time and that was really cool. And I think what was really nice too, specifically, was that it was with people that looked like me. And so that for me was very encouraging because to see people who looked like me doing this type of work, I had the opportunity to go to Purdue University for engineering camp, and to see other kids that looked like me that were also interested in that was really great.

Fast forward, I go to undergrad and I'm all set to start. I was a double major in computer science and law and security. You know, let's just say that experience was very challenging for me in multiple ways. I didn't really, in that experience, didn't see a lot of people that looked like me. It was, for me, it was a very different experience.

And in the end, I didn't get, um, that major in computer science, but that passion for me, um, was still there and it stayed with me for a really long time. And what was very, very clear was this calling that I had for security. I knew that was something that I was going to do from a very young age, that for me was always there.

And then, um, I, uh, went to grad school and I developed a passion for international affairs that continued in grad school, where I focused on security and intelligence studies and my master's was in public and international affairs. And I also received an East Asian study certificate, where I had the opportunity to study in China.

And so I then really took a lot of that experience and then went into the corporate world. And though at a lot of, at that time, a lot of that, a lot of what I felt I had learned didn't feel as transferable. And I think what I really gained in those first nearly 10 years in corporate was really learning what it meant to be a leader and particularly what it meant to be a security leader.

Um, what it meant to respond to important incidents and what it meant to be able to lead others and yourself in those types of incidents. And for that, I will always be grateful because it was really there where I really started to grow into more of the person that I am today.

Danny: I love that background, Jessica. I just want to pull a couple of, uh, nuggets that you mentioned. I think the first one is representation, right? Where in one kind of environment, you did have that representation and then flip it to a different environment. You didn't have it. And it's just probably more of a comment. I'm seeing a lot of people struggling with this, right?

You know, minorities that they don't see themselves pursuing whatever career. It doesn't have to be it or cybersecurity, but I definitely agree with you. Thank you for painting that picture about representation that it really does matter. In whatever field we, you know, we want to pursue eventually in our careers.

The other thing too, and I want to kind of shelve this, but I know we didn't really talk about it, but just leadership in general, I know in my previous growth mindset episode, I talk about eight qualities of a successful leader. It comes from Harvard business review, but definitely want to get into that.

to that as well. But I really love your background, your passion about technology. I'm also with you about, I started as electrical engineering at UT, University of Texas, but I think it was too much six street and partying that really prevented that. So as you were going through corporate America, did you have any role models?

Because it seems like One of your first role models, which I would argue it comes from the house, right? From the family. So outside of family, did you have any role models or people that helped you navigate school and then into corporate America?

Jessica: I was very grateful to work with some incredible people in corporate America that helped me to really understand, um, what it meant to be a leader.

I think, That's kind of funny, and we all are leaders, right? In our own way and with our own community of people. Um, but I didn't really truly understood what that meant until I was there. What I was really grateful for was the belief that they had in me and that they instilled in me and my capability to be able to contribute to the environment.

So I felt that there were so many people there that I feel like I can name, but there is one person in particular who just the way that he led completely blew me away. And I remember one particular moment where the team, my boss, and this gentleman believed in me enough where they were putting me through promotional interviews.

And it was this experience of she's young, but she's got something. We think that she could do this. But I We'll see. Yes, let's do this. And it was extremely exciting. And then I went through promotional, I went through a first round of promotional interviews, went up, went great. Second round didn't go so well.

And I remember coming back from that and receiving the feedback and really kind of feeling devastated. And it was because this was also one of my first experiences of not just me handling that privately, but a lot of my peers knew what happened because it was part of the culture to kind of know who was going through.

But I think also because I was relatively young, it was kind of known who was going through this experience. I was talking to my mentor at the time. And one of the things he said to me was you should set an appointment to meet with Josh. Who was our, who was his boss and my boss's boss. And so I set a meeting with him and I remember when I went to see him.

see him, his assistant set the meeting for two hours. So that was the first thing. And I remember when she set the meeting for two hours, right. Cause I reached out to her to set the meeting and I, my first thought was, what am I going to talk to this man about for two hours? Right. And I was so nervous going to the meeting.

Uh, but then once I was there and he got me a cup of tea and he got his coffee and we sat down and he said, Jessica, I, I. Schedule this meeting because I want you to know that nothing has changed. I want you to know that I 100 percent support you and that I just want this to be an opportunity for you to share any questions that you have or what's going on within you, but nothing has changed and we look forward to seeing you continue to grow and succeed.

And I remember at that moment, I looked at him and I said, that is the type of leader I want to be. Like I just was, I was just completely floored and was overwhelmed by his approach. The whole experience was very disarming. It's amazing when you have someone like that who is a role model for you, but also is a mentor and that can help you, um, within your career.

And then of course the key then is to, if that's the leader you want to be is to live up to that.

Danny: I think it's extremely powerful because a lot of people might not experience Good, true leaders like that. People have managers, people are managers, and there might be a leader on their title, but titles don't make leaders, right?

I really love the safe space that it seems that this leader and this mentor provided you, um, because I think right now, and just talking to a lot of people in primarily cybersecurity industry, there's this fear, right? Of talking to your managers, and maybe it's a fear of being let go, being laid off for whatever reason.

But I think developing those relationships and mentors, I think, is key and how we. to, to build up our career. So no, thank you for, for sharing that story. Kind of transitioning out of your career and mentors, the biggest news elephant for the past, maybe what a year and a half now, so generative artificial intelligence, my two questions would be. What are your thoughts on Gen AI and how are your clients interpreting, uh, if it's a good thing or a bad thing?

Jessica: I guess my thoughts are, I mean, overall, I think it's a good thing. We, we're going to see progress when it comes to technology overall. And I think that's good. We need that. Although it's popular now, this has been something that's been happening for decades.

And to know that there's been progress where really this, there are tools that are developed that can help people to be better and do better in terms of Work and productivity in terms of our everyday work life. I think that's great. And if they can also help us in our personal life, then that's also great as well.

I think that there are valid concerns out there around how AI is used and in what settings and for what purposes, and just ensuring that there's the right governance and diligence over it. I wrote a post last year that said, you know, Uh, and I'm still sticking by it that I know I'm excited for what's going on.

I'm still in my process of doing research because I feel like again, depending on how AI is used, it can affect different communities in different ways. And so outside of it being a tool that can really help us with work. Um, and I think it's important for all of us to be aware of that because, um, any computer thinking for itself is really also only as strong as the human that's putting a data into that input.

So I think that should make anyone, you know, wanting to ask more questions to be able to better understand how AI is being utilized. Separate from that, the way that my clients are looking at it, it's all about innate business enable, enablement. Right. Which I think is great and I think is exciting. So, um, all the different ways that I think that a I can better support productivity can be that kind of assistant for someone.

And when they're working through a project or or whatever, I think is very exciting as long as it's done in a way where data can be protected. Um, which is, you know, a primary thing, of course, for businesses. So I think there's a lot of excitement, but it's just ensuring that there's a lot of protection in place as well for any intellectual property.

Danny: I appreciate your perspective on that. If somebody came to you and asked you, um, scared of losing my job to gen AI, and let's just say they're in cybersecurity, any aspect of cyber, how would you respond to them?

Jessica: I would say this is a beautiful opportunity to learn a new skill set and to be able to find a way to work with AI. The thing about us in security and cybersecurity is we're continuous learners. Um, one of the things that I've committed to long ago is just because I'm a security practitioner doesn't mean that that's the only thing I study. Actually, it's studying a lot of the things outside of security is what makes me a better security practitioner.

I really would encourage people to really think about how could AI be a tool that can help them to be a better security practitioner and overall a better kind of more of a contributor in whatever workplace that they're in.

Danny: I really like learning outside of your own profession. Right? One thing that I do, I read a lot of books. One thing that I just recently read, put a LinkedIn post is creativity Inc. So it's the history of Pixar and just talks about. I mean, I love Disney. I love Pixar just in the company. So it was a real treat, but it's also a business book and talking about how they built Pixar and having that candor having that leadership.

I definitely tell other people as well, or people that I meet that get out of your space, whether that's it, whether that's finance, legal, et cetera, explore other. Aspects of life because they might help you address any challenges that you might have in your own unique work role. Another question in regards to Gen AI from a small business perspective, we're seeing major corporations invest. You know, millions and maybe even billions into incorporating Gen AI and kind of selling it as a as a product and or service. But what about the small businesses that are out there that don't have enough resources? How can they embrace and leverage this, uh, new technology?

Jessica: Well, I think for a lot of small businesses out there, I think too, it's an opportunity to learn. I think that with using Gen, uh, with Gen AI, there's a way to probably run a small business in a way that is easier, could run it a bit faster by using some of these tools out there. But of course, you have to A, Look for this information. You have to be willing to learn it. Um, and I think that there is a way that costs in terms of the cost of running the business could actually be lowered by using a I tools.

So again, I would say that instead of it being something that we're looking at and kind of wanting to push back on or go away from, I would say, how can you how can we flip that and think differently about it and go? Okay. How can I actually run my business more efficiently by using a I? Look at it from that perspective, and then you can actually start thinking about it. Okay. How can I use this in the services that I provide?

Danny: That definitely makes sense. So I like to transition into your business. Can you provide kind of quick overview of what products and services that your business does?

Jessica: Yeah, you know, I would say that our signature service, particularly over the past 10 years, has been CISO as a service, and, um, that has been something that, um, was interesting when we first started doing that, because it wasn't a thing, and so we spent a lot, really about a good three years kind of through speaking and educating people about it and why there would even be a need to have something like this, particularly when MSSPs were really so big.

Why would we need, you know, um, CISO to be out and available for companies when you have an M. MSSP and so it's for even for the security and if she went, it came to something like that, there was a long learning curve. So let alone thinking about something that, and that's just in the industry itself and thinking about why this could be valuable.

And so, for me, it's really been about continuing to develop. This work in a way where we also are helping people and thinking about how to do this in a way that really that really not only supports their business, but it's done in a way that helps to really create integrity and set a higher standard in the industry.

So, whether people are offering now, what are called a vCISO service or fractional CISO service, all of that fits within the realm of this, this concept of CISO as a service at the time, we called it outsourced CISO. Um, there are so many different ways and through the work of doing this, we've, uh, done, um, DPO as a service, BISO as a service, you know, we've done the fractional, the V, the CISO full time in an organization, so we've done all aspects of it and it's been really great.

Um, and so now, um, what we're really focused on is continuing to set the standard around excellence for this, but also being, but doing CISO advisory. And so now we've been working with CISOs and helping them to think about how they continue to grow and mature their cyber security program. Working with senior management and organizations in doing that as well.

And working with, um, with cybersecurity teams and, and from a, from a different perspective and, and really thinking about how best to support them. So, and a lot of this is just happening organically, but we've been able, because we've worked in a, you know, internationally and globally and nationally within the U S and because we've worked with a number of different regulations and a number of different roles.

We have built kind of a unique, uh, way of working and a skill set that allows us and to quickly go into organizations and, um, and help to support or, uh, leaders, uh, security leaders where they are. And so that's, for me has actually been a lot of fun. Um, and actually quite rewarding to be able to do that type of work.

And it continues to, for me, allow for a lot of fun and creativity and innovation, which is. It's been important for me in this work.

Danny: I love the, the support that you mentioned for the senior executives and companies, specifically chief information security officers. I've read the fractional CISOs, the V CISOs and the entire ecosystem of that. I've read both pros and cons and, um, haven't really dove too in depth into that. So I guess one question that just came to mind. So then when you go to a company, is there already an established CISO and then the vCISO or the fractional CISO is an advisor to help them just another voice to say, Hey, you might want to do this. You might want to do that. Is that a good way of looking at it?

Jessica: Um, that's not how I would say it's been traditionally. Um, I would say if you're a CISO entity capacity, then you're a CISO. In that you're a CISO, you're in, you're in an organization. And one of the things that I, when I speak a lot about this, um, and I've been, uh, when I had a talk last year at RSA, um, and, uh, have one again this year at RSA and other conferences, when I talk about this, I explain it this way, that the way that I look at these roles are you have like a vCISO, so a virtual CISO, a virtual CISO is someone who is in this particular role and they are not an FTE.

And they also are not on premise most of the time, they may go to a location, but they're not on premise most of the time, but for the most part, they're fulfilling a lot of what a CISO would do, they're just doing it virtually. And of course, I've seen companies now have what they would call FTE, so full time employee virtual CISOs.

I'm curious to know more how they would kind of describe that, but probably just because it's virtual and not on premise. So somewhat similar, but this would be someone who's in a consultant role. You have your fractional, your fractional is what I would describe as someone who, um, they're not someone who's kind of, they're not necessarily a virtual CISO where they're still kind of fulfilling basically all the functions of a CISO.

CISO, but the CISO, you know, building the cybersecurity program, ensuring the cybersecurity program, they're just not on premise. The fractional is they're not fulfilling all of those key things, but they are looking into go, okay what is the most important thing that this organization needs? And they're providing that for, but there could be a multiple of reasons for why an organization would not want to, you know, kind of have more of a full time CISO.

Uh, even a consultant, just someone who could be there to help, help them, uh, help them do some of the most important things that they need. So very much a risk based approach in terms of how they are looking at cybersecurity in the business. Um, and then you have, uh, you know, your CISO, right? So your CISO would be someone who's FT in the business and, uh, they have benefits and all of the things that come with it.

And, um, and again, there could be very little that's different from a virtual CISO and not, and you know, a regular CISO. Just, you know, depending on how that role is structured. Um, and so, and I've done all of these things. I've been, I've been on prem with a company, but been contract. So just not having the full benefits, but fully on prem there every single day, Monday through Friday, on the weekend, whatever is needed, whatever, you know, for the role.

This is all evolving in terms of the different ways to look at it. And a lot of it is structured based off the needs of the business. And that's I think why also, you know, there can be a lot of benefit in having this role.

It just depends again on the business. And the truth is we live in a world where we know every business in some way should be focusing on cybersecurity. It doesn't matter how small or how large you are, but the truth is not every business can hire a full time CISO, nor should they. Right. They just stay there.

They may not have the risk for it. They most likely may not have the budget for it. Um, and so, you know, everyone shouldn't have to try and solve this problem in the same way. And so just, you know, and so it's important for businesses to have latitude and options and resources out there that can really help them to, you know, To grow their business in a secure way for them to have their needs met from a security standpoint and for people that are willing to work with them and the way that they need it instead of having an industry, try to force them into a way of doing something that doesn't work.

Danny: Thank you for educating me on that, because that's something again, I read about understood it, but I didn't know how it was leveraged in practice. If that makes sense. So, so thank you for that. What other services? Does your company in, I don't think you mentioned your company name, by the way.

Jessica: Oh, yeah. So my company is called PurePoint International. We're based in the US, but we, um, work in, um, and worked with a number of organizations and companies across the world. Um, you know, it's, so our, we do a number of different things. I think for, particularly for the, um, You know, for this audience and for the industry, that CISO service has been our primary thing.

Everything that we do is within the package of the CISO service. And same with now the advisory, even the even the any CISO work that we do now is under the umbrella of CISO advisory. We have done a lot of work, excuse me, with nonprofits and supporting a lot of the things that they need. We've done a lot of work.

With, uh, with, uh, even individuals, particularly high profile individuals, uh, in the U. S. and around the world to support their needs. Um, and that is a whole separate bucket of work, uh, which is quite amazing and we're quite proud of the work that we've done there to be able to support them and to do it in a very unique way that fits our values and all so forth.

for why the business exists the way that it does to, to meet that need. Everything that we do kind of evolves around kind of having a core service offering that really, um, supports those two primary markets, one being businesses, um, in particular, larger businesses and that they, uh, for some of the things in the support that they may need, and then the, and then some Smaller businesses, as well as, you know, again, some of these very unique circumstances, um, for individuals and, um, uh, around the world that you need that need very specific and very unique support.

Danny: Curious to know if the challenges when clients come to you and, are trying to procure your services. Are the challenges different compared to here in the U. S. and outside of the U. S. or are they different?

Jessica: Well, it depends on what the situation is, but if we take a financial services company that's looking at market entry into the United States, right? And so they're looking to expand their business into the United States. So They're interested in understanding the landscape from a regulatory standpoint in the United States. They're interested in understanding what they have to think about from security standpoint. Just the way any company in the U.

S. We need to be thinking about, let's say, entry into Europe or you know anything like that, and so in some cases, they you know, In some cases, there, there are, there are differences. Um, there's no doubt. I mean, every organization is different and they have to be treated as such. I think that's the key thing, um, to try and bucket ties any organization or generalize.

I think that that would be a huge mistake. The key thing is understanding what their needs are and then addressing it. But there are many, many commonalities. It's just. Being able to really support them where they are, um, and helping them with what they need most. And a lot of times where we find there's clear commonality is, you know, if they need something around the space of having a strong security leader in their business to help them think about cybersecurity strategy, then that's the commonality. But when you start to look underneath that, that's where there could be a lot of, a lot of different changes and a lot of differences within the business itself.

Danny: Yeah, no, everything makes sense there. I'm going to kind of pivot outside of the business and entrepreneurship. So, um, I guess, you know, with this podcast is trying to give back, right.

Talking to leaders like yourself who have all this valuable experience and to give back to the community, whoever wants to transition into cyber or who is, you You know, still in school and I always get this question. How do I get into cybersecurity? So based on your experience, what is. An answer that you would give somebody, whether they're transitioning professional or a student just about to graduate,

Jessica: you know, I would say that probably one of the best things that you can do is join an industry organization and start to get to know people there. Um, I do think that despite some of the, you know, even how hard I know it's a tough job market for many people in cyber security, but I still believe relationships matter. And it's through relationships that people can find their, their entry into into the jobs that they're looking for. And so I think that's a really key thing.

The reason why I also think that that's important is because it allows people to get to know you. And if you're someone who's coming out of college, or you're someone who is transitioning from another industry, it could be important for you to meet people that that may be doing some of the things that you want to do. And so you can start to understand what are those skill sets that are going to be really important, not only for you to develop, but for you to think about as you're going in and thinking about what you specifically want to do. Um, I would say the second thing is really take the time to learn about the industry.

There is a, there was a great article out there, uh, I think cyber security ventures put out that list. That was a couple of years ago now, but they listed by 50 different job roles and cyber security. Um, and so I think that article is, that's an article I always send out to people to say, look. Cyber security is a very, there's a lot to choose from.

So know what it is that you want to do. Because just to say, I want to be in cyber security, that's kind of like, okay, well, what, what do you want to do? So, you could talk to 5, 10, 20, 50 different people, they could all be doing different things. So know what it is that you want to do and then spend time learning that.

What I'll say is everyone learns differently. Um, and so I don't think there's any one way to learn a role. I think the most important thing is how you demonstrate the knowledge that you have and how you can demonstrate competency in that role. But there are a number of different ways to learn. So just be dedicated to learning what it is that you want to do. And so that way, when you're in an interview, you can really demonstrate how you can practically use that information and experience to be able to support the goals of the cyber security program and the goals of the organization.

Danny: Yeah, it's funny that you mentioned when people come up to me and say, I want to be in cyber security. I'm like, what exactly? Just cyber. I'm like, okay, the analogy that I use, it's like telling me that you want to join the medical profession. That's great. But the medical profession is massive. What do you want to do? Do you want to be a surgeon? Do you want to be an anesthesiologist? And the hundreds and thousands of different roles are so really understanding, um, what they want to do.

And I would love to get that article too, and kind of put that in the show notes as well, because I keep on getting that. You know, from LinkedIn messages, help me get into cyber. I'm like, I'll do what I can, but I need a little bit more than that. Yeah. The other thing I wanted to ask you, um, Is something that's been on my mind.

So going a little off script here, but it revolves around leaders. I'm seeing a lot of posts about, you know, what makes a good leader. And I know in my previous kind of solo episode where I just read primarily from Harvard Business Review, that publication and online resource is just amazing with great articles and studies.

But for you, what makes a good leader? What are some of the qualities and or traits, um, that you've experienced, uh, in your life?

Jessica: Yeah, well, I shared, um, the story earlier about the mentor that supported me, um, through my experience when I was working in the corporate world and how he, his, the leadership that he demonstrated helped me to even deeper what, you know, The deeper, the understanding of leadership and what that meant and really inspired me to, to want to be the best leader that I could possibly be. And, um, I think that as I continue to grow and learn and get older, you know, through this process and where I am now, um, I, there's no doubt that I think that a great leader is someone who is a great listener. Um, and, and when they're listening, it's also understanding that not everything requires a response.

Um, particularly not at that moment, and that takes discernment, and I do think that takes experience. Um, so that's something that's been really important, um, that I continue to learn and integrate. Um, the other thing that I would say is being a great leader for me is really understanding that it is not about you, meaning it's not about me.

So as I am working with organizations if it is always about, you know, well, one, it's about the goals of the cybersecurity program itself. But it's also about for those key primary stakeholders who are the ones that have made the decision to bring me into the business. It's really about supporting their ultimate goals.

Um, um, and we have agreed on what those goals are, which is why that I'm there to help deliver them. So. Those two, those things are extremely important. The delivery of the cybersecurity program itself and the delivery of their goals. Um, and I think that that's important, whether you're a contract or you're an FTE, understanding that and integrating that in a way where you are, you can look at a situation with hardly any ego is, I think, extremely important.

Um, the third thing is. When you, um, it is about making, for me, particularly at this point, it is around making, um, everyone around me better. If I'm not doing that, then that helps me to go, okay, how can I do something better? And that for me is extremely important because again, at the end of the day, it's, it's still about serving that program and it's about serving those stakeholders.

Uh, and so at, you know, and so for me, those are three extremely important things and. And when doing them, I think at the highest level, it is not, you know, which is what I strive to do for where I am in my growth is it continues to challenge me. It continues to push me. It continues to help me be better.

There's a lot that goes along with all of those things. That's kind of like, those are like, 3 things at the tip of an iceberg where there's so much underneath around. How would it means to even do all of those things to do those three things? Um, but for me, it's exciting and it's what keeps me coming back to this work.

I've talked to a number of people and, um, and I've read, I repost around people that are leaving the CISO role and people that aren't happy in the CISO role. One of the things I talk about is finding those things that are greater than the work itself that pull you forward.

That could help with the all that could help that when you're working exactly, you're working towards something much greater than the daily work itself, you know, and all of those challenges that go along with the daily work and for me, these things are that. Which I think is why I feel like I have been able to do this for a long time.

And from again, many, you know, particularly in the early days, it's different when you're not an FTE. So right, it's not like you have a salary, you're just kind of learning as you go, right? I mean, you're either delivering for a company or you're not delivering. So it's a, it's very, very different in that way.

So for me it's been very, Interesting in that way, but I think also why I've been able to have this level of longevity, um, and still in here doing it, but again, looking to do it at a continue to do it at a different capacity of now supporting other CEOs and supporting senior management and helping them navigate these different challenges that they experience.

Danny: I think Jessica, that's just a powerful in a very authentic message, uh, when it comes to leadership. So I really thank you for. For your perspective on that, because I think everybody is striving to, well, maybe not everybody, but, um, the ones that really want to make a difference and make an impact to the people around them, um, are really striving to, to be the best leader that they can be.

So I know we're coming up in closing and I always ask this of all my guests, what books are you consuming, uh, as of late? If there is an opportunity to actually sit down and read, I know it's really hard to, to balance work and family and all of that, but, uh, any books that you would like to share?

Jessica: Yeah, sure. Let me pull something up real quick. Um, as I just don't want to get the title wrong. So that's, but again, I, you know, I am someone who's always looking to, to grow, um, and, uh, One of the books that I have had and have not read, okay, Douglas Hubbard, How to Measure Anything in Cybersecurity Risk.

So I had the title, I just wanted to make sure I had the author's name right. Again, it's one of those things where we always are continuing to grow and grow, and I feel at the end of the day, as cybersecurity leaders, I think that we all have so much to contribute. The beautiful thing is, is that we're all part of a community and we have the opportunity to learn from each other.

And so I, um, and so I look forward to diving further into this, into his book to also, you know, to continue to grow the way that I look at cyber risk, because it's such an important piece, obviously, of, of the work of, uh, of. So, you know, the cyber security leader and continue to expand and broaden it. And, um, and for me, it's something that I feel that I am good at, but I also know that there's so much more to learn and so much more to grow.

And so, and I'm always looking to go, okay, how can I continue to push the edges of what I've done in the past? And just continue to learn.

Danny: Yeah, I'll make sure to, to put that in the show notes and add it to the ever growing inclusive cyber library that, uh, that I'm creating. Um, but with that, Jessica, I thank you for your time, your wisdom, your knowledge, your experience. I know the audience is going to get a lot of value from that and wish you success and continued success. And we'll talk soon.

Jessica: Sounds great. Thank you so much. It's wonderful to be here with you.