Inclusive Cyber: Unlocking Innovation in Cybersecurity

From IT to Cybersecurity: Richea Perry’s Story of Curiosity and Growth

Danny Magallanes Season 1 Episode 26

Share episode

In this episode, we sit down with Richea Perry to explore his incredible journey from a curious student to a leading professional in cybersecurity and GRC (Governance, Risk, and Compliance). 🌟

Discover the key differences Richea experienced between the educational and corporate worlds and learn why communication is crucial for success in cybersecurity. Hear how Richea strategically pivoted to GRC during the pandemic and understand the real value behind certifications and practical training.

Richea shares invaluable tips on building strong professional networks, offers must-know advice for advancing your career through personal branding, and recommends books that have shaped his professional journey.

Join us for an episode packed with insights, practical advice, and inspiration. Whether you're just starting out or looking to pivot in your career, Richea's story will motivate you to take the next step. Hit play and get inspired! 🎧✨

👉 Don't forget to like, comment, and subscribe for more inspiring stories!

#Cybersecurity #GRC #CareerDevelopment #Networking #Podcast #inspirational 

------------------------
Show Notes

Books: 

The 7 Habits of Highly Effective People - https://www.amazon.com/Habits-Highly-Effective-People-Powerful/dp/0743269519

How to Win Friends and Influence People - https://www.amazon.com/How-Win-Friends-Influence-People/dp/1982171456/

LinkedIn Profile: https://www.linkedin.com/in/richea-perry-78049135/
Courses: https://linktr.ee/richeaperry/shop
CyberJA Youtube: https://www.youtube.com/channel/UC8dJy4kfoOVyGt-nI1zPATQ

Support the show

Support the Channel - Click the bell to have notifications, like & subscribe!
Buy Me Coffee - https://shorturl.at/jKMSX
Social Media – Follow us on:
TikTok
Facebook - https://www.facebook.com/profile.php?id=61554884934328
Instagram - https://www.instagram.com/inclusivecyberpodcast/
Audio:
Spotify - https://open.spotify.com/show/6HNQQVKvsCRo2J095Kyc8G
Apple - https://podcasts.apple.com/us/podcast/inclusive-cyber-unlocking-dei-in-cybersecurity/id1686041111
Website - https://www.buzzsprout.com/2183707
Amazon - https://music.amazon.com/podcasts/594cca7a-726d-43fe-b94e-36291566e9d8/inclusive-cyber-unlocking-dei-in-cybersecurityMusic: Music by Cryptochronica and Worlds Apart featuring Vtizzel; Song: Gunz Blazin' Music: Used with permission: Artist: Thunderwolf X Words Apart, Song: Cybernetix...


IC Mission
---

[00:00:00] IC Mission: Welcome to inclusive cyber your front row seat to understand how a diverse mix of voices is not just necessary, but essential to protect our most sensitive computer networks and personal data. I'm your host, Danny Magallanes, and through my podcast, we shine the spotlight on the heroes and trailblazers from every corner of society who are redefining the diversity, equity, and inclusion frontier. Every episode is a step towards a cyber community that's as varied as it is united, where everyone has the keys to unlock their potential. And the power to protect our digital world. Join us on this journey where every listen, every share, every dialogue inches us closer to this new reality. 


Introductions
---

[00:01:02] Danny: Richea welcome to Inclusive Cyber. How's it going today? 

[00:01:06] Richea: Hi, Danny. Definitely a real pleasure looking forward to having this conversation with you. I'm excited about being invited to be a guest on the Inclusive Cyber podcast, which has been doing tremendously well, in terms of adding value to the cybersecurity community.

[00:01:23] Danny: I appreciate that feedback. So I definitely want to go into your background and you're doing a lot of posts on, on LinkedIn. You have a lot of great insights on your background in cybersecurity. So let's go ahead and start off with just overall background for the audience. 


Background
---

[00:01:41] Richea: Okay. That's a very interesting question as it relates to backbone. Cause very importantly, at times we look at the destination, but really do not understand the journey. So that's, that's a very important question. Um, so as it relates to my journey, I have not always been a cyber security or GRC professional. Interesting enough, my journey into where I am currently at started way back, I would say back in the days of high school. I was always interested in the technical areas in terms of wanting to become an architect.

And during that process, I actually at the reaching to the end of my high school journey, then looking forward to go to university. Then I applied for two institutions, two colleges, universities, one for, um, architecture, one for information technology. And I was looking forward to getting into architecture.

But for some reason, I would say it's the plan of God that the institution that I was looking forward to give me a call back, they did not. And I found myself in a IT program that was, I would say, very new at that point in time. We're talking about management information system. And that's where my journey actually started in terms of being introduced to IT.

Computer systems, network, operating systems, programming, that overall comprehensive introduction to this world of information technology. So during my time there, attending this institution, I always admired the network administrators or the lab technicians, as they would say back then. In terms of there were, I consider these people very super smart at that point in time.

I mean, going back to the days of the DOS prompt and the blue screen of death and the um, X amount of PDs and floppy drives to do an installation of an operating system. Windows 98 compared to now when it is just so easy repairing various errors within operating system. I used to see these guys pulling apart, looking at the computer structures, the processors, the ARIA components.

And I was saying that, whoa, somewhat technical. It's almost similar to. Architecture, but architecture in a different sense. We're not talking about building, but rather computer architecture, building systems from the ground up. And I was saying that, whoa, that's something that I definitely want to get myself into and while attending, I used to be like, what they would say, a pest to the lab technicians, the administrators.

But then I always used to be that prying eyes over their shoulders. Curiosity. What is it that you're doing? What are they? coding, what instructions are there entering into their systems. And for some reason, there were a little bit skeptic or not wanting me to see the, you know, top secret of what they are doing.

It would fear that I would maybe try to hack their system. So that level of curiosity, they eventually developed a level of trust in me in terms of giving me very small task around that the environment, their labs to say, Hey, install an application on a system or to help them to do whatever it is. So I always immerse myself into learning and knowing more about that application of what I was learning at that point in time, plus gaining that practical experience.

So that alignment tells me now to better appreciate. And understand computer systems and how they work. And not only that, but whole it is that they actually provide a level of service that are required by the organization institution to function during the virus operation that they are services that they had to provide at that point in time.

This in of itself now actually gave me an opportunity to be employed. So streamed enough because of this curiosity, everyone became aware and accustomed to. My reputation then and opening us there at the institution right after I completed my, um, associate degree at the time when it was just only an associate degree program.

An opening was there for a computer lab technician, and I was the one that was selected because of my aptitude and always wanting to find out and to learn more. So they gave me an opportunity to be a lab technician. I immersed myself. I began learning about every single thing that I could get my hands on as it relates to computer systems, network administration, and I started out with my very first certification as it was a CompTIA A plus.

At that point in time, which gave me a more comprehensive understanding of operating systems, security, physical component. And from that, I was able to build my journey into roles of becoming a network administrator in a different organization into becoming a systems administrator, further moving into becoming a information systems manager.

And finally, now in the space of cybersecurity, particularly GRC, and there are a number of other things in between that, but I really, that's as we go along. 

[00:07:11] Danny: Richea, what really resonates with me is your curiosity, right? And looking at how two different professions, architecture and information security are kind of aligned or have a lot of similar kind of challenges.

And you approached it. Um, uniquely, but just that curiosity to ask questions, to peer behind their backs, and eventually you gain their trust. So they can give you the goods, if you will, when it comes to what they were doing and how they were doing it, that's an amazing story. And you being a leader in our industry, I really love that journey because it really helps to understand.

Transitioning professionals and new people coming into this industry. So thank you for that background. One question I wanted to ask you when you're going through that phase, did you have any mentors or what I'm really noticing now is sponsors to really advance your career? 


Mentors
---

[00:08:18] Richea: Mentorship from my perspective, was not something that was, I would call it formal as we have it today.

So I, I never had direct mentors or sponsors particularly, but I had, I would say pockets or snippets of people here and there that would always be providing various advice in terms of their experience to say, okay, then. Based on your skillset, um, why not do X or Y? But I really never had a particular mentor to create a direct path for me to say, look, if you want to become, for example, a cybersecurity professional or an information technology architect, then these are the steps one, two, three.

That you need to be doing. I never had that influence. However, I must say that there have been various. people in terms of co workers, friends, family members would have been there to give me various insights about moving forward with my career journey. So, oh, I would look at it as a race to mentorship. 

[00:09:25] Danny: I think that's a great distinction that you pointed out, because I think I'm in the same boat. I didn't have an official mentor. And I think nowadays there's a lot of programs within companies and in your respective employers, and even out with different organizations that these have this quote in quote formal mentorship programs to help guide whoever's interested in our industry, which you mentioned that there wasn't anything formal.

But just your curiosity, asking questions and say, Hey, what, what are you doing there? Or why did you do that? And at the end of the day, the individuals that you asked them answering you and said, well, I did this because. We don't want to let traffic in, uh, for whatever reason. Right. When you got into the industry, so you initially started with networking administrator, how did you, I guess, traverse into that leadership position? How long did it take? Uh, what positions were available for you that you took advantage of that opportunity? 


Leadership Journey - Business vs Education Sectors
---

[00:10:30] Richea: I was really still actually getting into network administration. Moving from working in an educational institution. I was actually thrown into what I would say the corporate setting. Which was far more different from actually being in an educational institution in terms of the, we're not talking no longer about, uh, just an organization in terms of education, in terms of providing services to educators, as well as students.

I'm not in a business environment where the objectives are different. In terms of the expectations, the KPIs, the business objectives, and all of this was a different, I would say a different environment altogether for me. This is where I know I had to step up my game in terms of leadership, responsibility, trying to understand that we are no longer dealing with just a matter of systems and security.

We are now talking about alignment of operating an environment that has multiple systems that need to be functioning. help the organization to meet its financial and other objectives. I would say helped me to take on an overall 360 degree approach, different mindset as it relates to what I was as a professional.

Now I had to now be digging deeper in terms of my knowledge base. How do I interact? How do I communicate with various stakeholders within an organization which we know have a different mindset. Enough itself. My very first role as a computer lab technician actually prepared me for moving into that role as it lay the foundation of dealing with people, understanding the fundamental principles of cyber security and networking operating systems.

So this role that I went into surprisingly enough, when I actually got that very first corporate role, I thought I was going to be working with a group or a team boss. Um, other, I think you're the professionals and just to find out when I got into that organization, very big organization, I was the one that was responsible for being the help desk.

I was responsible for IOT systems. I was responsible for working with a plethora of different systems, database administrations that I was thrown into the deep, that level of responsibility. helped me to build my career in terms of taking on all of those different learning areas. And by doing this over a period of time, it actually helped me to really find out where my passion was and where I wanted to go.

That's how I actually moved into that role. And if I should go a little bit further, I've been spending a number of years in that role as being an system administrator. Then An opportunity, strangely enough, talking about the power of networking and influence in terms of being a person of value in the organization.

This job opportunity came as a result of networking. Someone was in a conversation and there was a new company that was being built at that point in time within the hotel industry, and they wanted an information systems manager and someone was able to make that connection based on my work ethic to say.

This is someone that is fitting for your organization. And that is how I stepped into my, I would say my very first senior role in terms of being responsible for entire operation within that organization of managing their information systems and their overall operation from a security and also from an IT governance perspective.


Communication is Key
---

[00:14:17] Danny: You made another great point in regards to the goals or overall mission when you're in the education side versus corporate side. Obviously the latter is about making money, right? And that distinction is very similar to what I experienced when I was in government. In government, it's, you know, protect the people, protect the infrastructure and our way of life.

But then when you leave government, the mission, it's totally different. It's all about money, but it's that distinction that, like you said, you had the insight to really make that distinction. Okay. Now it's a little bit different. The other thing that I really liked is that you mentioned it's about communication, working with different people and being able to talk about cyber.

That's another distinction that we don't have in our industry. We get to talk about technical stuff, which I get it's important when you're talking to business folks that don't understand all that technical jargon. There's going to be that miscommunication. And again, that affects our industry in the long run.

You mentioned something else I'm kind of forgetting now, but I appreciate your insight on how you traversed and how you got into. That leadership position. One thing, did you try any other aspects of cybersecurity or, cause I think you started with a lot of wearing multiple hats, getting tossed in the deep end, like you said, doing all these different things. Where did you find your passion or how did you navigate towards GRC that you're currently doing now? 


GRC Transition - Learning Opportunitites
---

[00:16:06] Richea: The reality is that prior to 2020. If you ask me what GRC was, I would not be able to describe or tell you exactly what GRC is. And strange enough, I have been involved in GRC over these years in terms of policies, procedures, compliance, all of these things.

But from a formal perspective, I never really understand what GRC was until 2020 when I lost my job, which was a very critical or pivotal role. In my career path. So know that I was actually home. I had to find a way in terms of pivoting to find out what can I do? How can I get my foot back within the industry?

Or how can I actually We might say so valuable that I'm also able to work from home during a pandemic. And I started delving into the various platforms during that point in time, during COVID. There were so many platforms that were offering various free opportunities to learn. We're talking about Coursera, Udemy, various platforms.

So I immersed myself for hours in terms of. Building my skillset, learnings, if there's a certification, CISSP, CISM, CISA, the overall content of knowledge that was required, I immerse myself into it. So I went into various, for example, I would say certification pass in terms of the training packages that were offered during COVID for free.

And I immerse myself, learn as much as I could. And at the end of it all, I was saying like, no, I cannot allow my system to be overwhelmed. There ought to be a path, there ought to be something or area that I can actually do effective and efficiently. So I recognize that I've been spending a number of years doing technical stuff, firewall servers, routers, switches.

I no longer wanted to do this anymore. This is not something that I was interested in anymore. I wanted to now be able to be in a position to help and to guide and to administer and to help organizations to establish and build good corporate governance structures as related to cybersecurity management and all of these things.

So GRC Innofitive actually is where I actually found my passion in terms of, I reached out on LinkedIn and there was a number of influence, people that were able to say, GRC is a good space. This is what you need to learn. And as a result of this, I started deep diving into GRC to build my skillsets and learning.

And I recognize this is where my passion is at this point in time. Will it change into the future? I don't know. Do not know where that goes, but I will see what happened. But for now, I love this space in terms of the value that I can use it to add to organizations. 

[00:18:58] Danny: I've been learning more about GRC in recent years. And for me personally, my initial reaction to it, it wasn't too exciting. Ah, dealing with regulation compliant. I don't want to deal with that. I just read somewhere online, I think it might've been LinkedIn that GRC is the foundation for cybersecurity. If you would've asked me that three years ago, I'm like, no, not the foundation.

But now it is the bedrock. And I would argue a lot of businesses out there, maybe even governments, they just throw a couple of people doing that, but it's all about policies and policies dictate what you need to be doing in your respective organization. If you don't have those policies. You know, going to shady websites, using your cell phone, BYOD.

If there's no policies to make that distinction, whether it's logical controls or just building that awareness, you're increasing your attack surface, if that makes sense. I'm doing a lot of studying as well. So that's all in my head about that governance, the policy, the board of directors, et cetera. So I think that's great insight that we need to advocate more on because everybody wants to be a pen tester, right?

In cybersecurity. I want to be a hacker. Right, right. And I, I even went, I went, uh, I gave a talk here locally in Denver. And when I told everybody what I did, they're like, Oh, that's the fun stuff. I'm like, no, but GRC is the more important stuff. If we don't have GRC, we don't have all the fun stuff that everybody says I do.

But no, I appreciate that insight. Another question that I want to get to, you talked about certifications. And I know you're posting a lot of great quality content on LinkedIn. When people come to you and say, Hey, I want to get into cybersecurity and let's just say they have a unique route. When they ask, do I go the education route or the certification? What do you typically tell them? Or does it depend? 


Certification vs Education Route - Find You Passion
---

[00:21:13] Richea: Well, I think the response is always a depend. However, I normally have a more strategic approach as it relates to deciding how to proceed in cybersecurity. And I always try to look at a self assessment in terms of. Where are you now in terms of your skillset, in terms of your passion, in terms of what actually drives you as an individual?

Is this something that you love? Do you understand what it is that you're getting into in terms of cybersecurity? Are you willing to invest the necessary time to develop your skillset as it relates to cybersecurity? I would say depending on where you're at, it might be, for example. If you are fortunate enough, I would say that you are transitioning right from university, possibly a community college into university, then I would say continue on that trajectory in terms of getting possibly your traditional degrees and then getting your certification.

However, I've actually met or also interviewed people who were navigating their way in terms of moving from, for example, in military, Into becoming an Uber driver and then moving into cybersecurity. So it's a different scenario. This individual, for example, was able to go directly into certifications and he uses practical experience and bring that to the organization.

This might not work for someone else. So it all depends on where you are at and what is applicable at that point in time. Then I would say, go for that. So based on where you're at, then we create that path. That's how I normally treat with these situations. Look at where you are now in terms of your age, in terms of whether or not you have a family, whether or not you. Um, the overall objectives. So all of these factors, I would say determine which path is best at that point in time. 

[00:23:11] Danny: I really love you mentioned family because a lot of people don't really take that into account. It's a lifelong learning. It's a lot of stuff in cybersecurity. I'm actually studying for the CISSP. My brain is about to burst. There's just a lot of information out there and knowing what you want, what you're passionate about, what your drive is a good way to, to start. One thing that I've been seeing a lot of, and I'm trying different things for Inclusive Cyber doing different videos, but I'm seeing a lot of influencers on social media talking about, you can make so much money in cybersecurity.

Their thumbnails on YouTube, it's them making faces and has his six figure number and then money in the background. And I just shake my head. It's like, no. And I don't want to be judgmental. I don't want to throw hate out into the world. There's too much of that already. So I just want to educate. Hey, you know, It's not like this can it make you wealthy, maybe, but that's right off the bat.

It's not going to work that way. Right? You need to put the time, you need to put the blood, sweat, and tears. Another thing that you said is network. Being able to communicate and build your network to showcase your feel set and your passion. So one question out of that, how do you build networks? How do you build, if you're new to the industry, how do they start building networks within our profession?


Building Networks Through Value
---

[00:24:55] Richea: Well, that's also an interesting question as well. I would say like attract, meaning that if you're a person of value, then you will also attract various people of value. So do not have that mentality or that attitude of wanting to reach out to people or to connect with people. And when I look at your profile, When I look at your activities, when I look at your poll, there is nothing to show for it.

What are you going to be connecting with? What value can you add to someone in terms of the overall growth? It can't be a case of you wanting to absorb other people's energy while you're not giving back likewise. So the first thing that you want to do is actually make yourself a person of value in terms of your overall profile, the various activities that you're involved in.

Make your presence known. So by doing this, then you ultimately will have people that reach out to you. People want to be in your space. That's pretty much, I would say, make yourself attractable in terms of building your network. So that is what I have basically been doing over these few years in terms of building my network.

I no longer, in terms of trying to find people to connect with, people want to connect with me because of the work on the value, the various DMs I get on a regular basis that I'm happy for what you have actually posted, I'm happy for the podcast, I'm happy for the mentorship and the various courses that you have developed.

So you have to spend that time to invest and to develop yourself. If you really want to create a network of value in terms of connecting with similar minded people who can actually enhance your growth and development. 

[00:26:45] Danny: But how do you do that when you have no experience? Because you and I have a lot of background experience and value that we can bring. And now start putting that into video, podcast, blogs, LinkedIn posts. So we have a lot of information that we can write about, but what if they don't? Because I do the same thing. Somebody reaches out to me. I looked at their LinkedIn profile and it's empty, but I also look, okay, are they student? Well, okay. And maybe that explains it. But if they don't have experience, how do they, how do they get started? Showcase that value that they bring. 


Show Value with Limited Experience
---

[00:27:28] Richea: Well, I would say one of the very easiest ways, typical example with you and I, the way we actually met, if we think about it, I strongly recommend sign up for podcast sessions, sign up for webinars, sign up for whatever free, maybe various communities that you can get yourself into among people.

And by doing this, then you're able to build small gradual relationships. And by building these small gradient relationships, then people are able to pour into you and you're able to take snippets or nuggets of information and turn them into experienced. Try to get yourself among people. Once you get yourself among people, then you will begin to develop that level of confidence and courage of actually moving forward. So if you do not have experience. seek experience, seek alignments. Who can I connect with? And I have a connected with so many people who really do not have any experience.

And I am able to say, look, this is all your profile needs to be looking, not to say that I have the most perfect profile in terms of structure and all of these things, but at least these are people that you can actually look at. And once you begin to change your overall appearance and branding, then that transcend into the level of connections that you can make that will help to develop. The experiences that you will need to move, um, along in your career. Though challenging it might be at times. 

[00:29:01] Danny: I think that's perfect advice. So thank you for sharing that. I know you recently put a training program together. I would love to, to hear more about that. Where can we find it? What is it about?


Various Cybersecurity Training Modules
---

[00:29:15] Richea: I have a number of training courses that I've actually developed You're on a number of platforms. One of the very popular one is actually on Udemy. I've actually developed my last course, very important, one that has to do with practical zero trust implementation. That's the very current course that I've released recently.

That practical zero trust implementation. So we are now taking, and that's one of my approaches with all of my courses. I use my experience, moving away from the theory to practical. Uh, And that's one of the thing that has been helping people hands on holistic approach by actually giving people the opportunity to actually build Zero Trust into an environment, into a virtual environment.

This is how you actually take the theory and you can actually apply it to the business in terms of helping the organization to meet its business objectives from a practical perspective. So, by using this you're then able to add all of these items to your resume to say, I know the steps and principles, theoretical and practical, to implement Zero Trust.

in an organization. I also understand best practices associated with various technologies and procedures and processing in cybersecurity. And I've done a number of courses talking about deep faith defense, practical compliance management, practical assessment for cybersecurity and GRC professionals. So all of these are looking at practical application of theoretical knowledge.

Create that environment so that they can actually take the theory, use it practically. That's how I normally try to help people as it relates to my courses. 


Book Recommendations
---

[00:31:04] Danny: I think a lot of people just look at that theory and they've never had that experience to actually implement it into whatever environment that they've been currently working at or previously.

I could definitely go into more in depth into these courses, but we'll make sure to share the course links on the show notes. Books teach us so many different things and it's always being that continuous learner, whether it's technical stuff or something I refer to as popcorn books, just entertainment books, just to read any books that, uh, that you would recommend to the audience that you're currently reading?

[00:31:44] Richea: I would say one of those books, a number of books that actually I have written, and that constantly resonates with me, how to win friends and influence others as it relates to leadership, management, dealing with people. That is a book written by John C. Maxwell. There's also one that has to do with being a go giver, serving people.

For me, relationship comes first in terms of building and working with people. When you're able to work with people, regardless of whatever role you're assigned in an organization, I think that was one of my strong. Abilities over these years. It doesn't matter who you are. Respect. It doesn't matter who you are.

I see you as somebody of value to that organization, regardless of your rank. That was able to call on anyone at any point in time to get anything basically done in that organization, to get support for what it is that I need to do. So that's very important in terms of how do you represent yourself among people.

Another important book, and that has to do with the 7 habits of highly effective people, that's very important. To make you very effective in an organization. So these are some that I would recommend. So as we released the developing and building your career. 


Closing
---

[00:32:56] Danny: Those are excellent books. We'll make sure again, to have those in the show notes with that. I want to thank you for your time. I know your workday is ending, but I really love this conversation. Maybe in the future, we could be in person and kind of record for each other's podcasts. I think that would be an awesome goal if we can do that in the coming year. 

Sure 

[00:33:18] Richea: was definitely a pleasure for me. I enjoyed the conversation and the work that you have been doing and the value that we can also add back to the community in terms of enhancing and building other upcoming cyber security professionals.