Debbi’s Road to CISO: Leadership Lessons from a Cybersecurity Expert Artwork

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Welcome to Inclusive Cyber: Unlocking Innovation in Cybersecurity, your front-row seat to understand how a diverse mix of voices is not just necessary but essential to defend our most sensitive computer networks and personal data. I’m your host Danny Magallanes, and through my podcast, we shine a spotlight on the heroes and the trailblazers from every corner of society who are redefining the Cultural Renaissance frontier. Every episode is a step toward a cyber community that's as varied as it is united, where everyone has the keys to unlock their potential and the power to protect our digital world. Join us on this journey, where every listen, every share, and every dialogue inches us closer to this new reality

All Episodes

Inclusive Cyber: Unlocking Innovation in Cybersecurity

Debbi’s Road to CISO: Leadership Lessons from a Cybersecurity Expert

September 09, 2024 • Season 2 • Episode 3

Join us in this engaging conversation with Debbi, an executive strategist with a remarkable career in cybersecurity. Debbi shares her journey from starting in IT without a degree to becoming a CISO at two multinational companies and the state of Colorado. She discusses the importance of mentorship, the challenges of leadership, and the value of continuous learning. Discover insights on navigating the transition from individual contributor to leadership, the critical role of influence in a CISO's success, and how to effectively use generative AI in cybersecurity. Whether you're aspiring to a career in cybersecurity or looking to hone your leadership skills, this episode is packed with valuable advice and personal stories that will inspire and inform. Don’t miss this insightful discussion that delves into the heart of cybersecurity leadership and the evolving landscape of technology.

#inclusivecyber #cybersecurity #cybercommunity #cyberleaders

------------
SHOW NOTES:

DEBBI'S LINKEDIN - https://www.linkedin.com/in/deborah-blyth/
BOOKS - The 21 Irrefutable Laws of Leadership: Follow Them and People Will Follow You by John C Maxwell - https://www.amazon.com/21-Irrefutable-Laws-Leadership-Follow/dp/1400236169/

--------------
SUPPORT THE SHOW
Support the Channel - Click the bell to have notifications, like & subscribe! Buy Me Coffee - https://shorturl.at/jKMSX
Social Media – Follow us on:
TikTok
Facebook - https://www.facebook.com/profile.php?id=61554884934328
Instagram - https://www.instagram.com/inclusivecyberpodcast/
Audio: Spotify - https://open.spotify.com/show/6HNQQVKvsCRo2J095Kyc8G Apple - https://podcasts.apple.com/us/podcast/inclusive-cyber-unlocking-dei-in-cybersecurity/id1686041111 Website - https://www.buzzsprout.com/2183707 Amazon - https://music.amazon.com/podcasts/594cca7a-726d-43fe-b94e-36291566e9d8/inclusive-cyber-unlocking-dei-in-cybersecurity
Music: Used with permission: Artist: Thunderwolf X Words Apart, Song: Cybernetix

Support the show

Support the Channel - Click the bell to have notifications, like & subscribe!
Buy Me Coffee - https://shorturl.at/jKMSX
Social Media – Follow us on:
TikTok
Facebook - https://www.facebook.com/profile.php?id=61554884934328
Instagram - https://www.instagram.com/inclusivecyberpodcast/
Audio:
Spotify - https://open.spotify.com/show/6HNQQVKvsCRo2J095Kyc8G
Apple - https://podcasts.apple.com/us/podcast/inclusive-cyber-unlocking-dei-in-cybersecurity/id1686041111
Website - https://www.buzzsprout.com/2183707
Amazon - https://music.amazon.com/podcasts/594cca7a-726d-43fe-b94e-36291566e9d8/inclusive-cyber-unlocking-dei-in-cybersecurityMusic: Music by Cryptochronica and Worlds Apart featuring Vtizzel; Song: Gunz Blazin' Music: Used with permission: Artist: Thunderwolf X Words Apart, Song: Cybernetix...

[00:00:00] Danny: You're listening to Inclusive Cyber with Danny Magallanes. Are you curious about how professionals, both young and seasoned, in and out of cybersecurity discover their passion, overcome challenges, and make a lasting impact? Then Inclusive Cyber is a podcast for you. Join us on a journey to learn from guests with diverse backgrounds and experiences. As they share their wisdom and practical advice to help us tackle our biggest challenges inside cybersecurity. Tune in twice a month as we chat with inspiring individuals who are either making a significant impact or just starting their careers. We also delve into the latest stories on leadership, strategic thinking, cultural renaissance, team management, and much more via our growth mindset episodes. Hope you join us on this journey.

Key Points
---

[00:00:56] Debbi: I really did fall in love with cyber security at that point and realized that I would spend the rest of my career doing that.

First of all, there are plenty of entry level jobs that don't require degrees. I started in technology without a degree. I started directly out of high school.

It really opened my eyes to the fact that When you're the chief information security officer, it's not just security that you're responsible for. As part of the executive leadership team, you are making decisions across the organization.

You really do have to care about your people. I had to remind myself every single day that I was there for them. I was there to make their jobs easier.

Introduction
---

[00:01:38] Danny: Debbie, how's it going today?

[00:01:49] Debbi: Very good. How are you?

[00:01:52] Danny: I am great. I'm really looking forward to this conversation. I know we met at the Rocky Mountain Information Security Conference. I don't know if there is a acronym RMISC. I don't know what, uh, what the locals, is that the official name?

R A M I

[00:02:08] Debbi: S C. Yeah.

[00:02:10] Danny: So funny story. It was 10 p. m. Monday night that I signed up for that conference, which started Tuesday. It was just an amazing time. I got to listen to great speakers and essentially started this conversation with you. I attended your talk on leadership in crisis, which was amazing. And I know we'll touch upon that throughout this conversation. But with that being said, I want to give you the floor to give a quick overview of your amazing career so far.

Debbi's Background
---

[00:02:45] Debbi: Sure. All right. Well, thank you for that. Um, so right now I am an executive strategist with CrowdStrike, which is sort of the culmination of a lengthy career in IT and mainly cybersecurity leadership. My dad got me started in, uh, technology when I was in junior high or something. He brought home a computer to give me something to do over the summer. And this was long before computers in homes were a normal thing. So he brought one home from work and he bought me a basic programming book and then when he got home from work, he would help me to debug and troubleshoot and get my programs running.

It kind of kicked off in me an interest in IT. After graduation, I got into a company where I felt like I had my foot in the door in a really good company. Where I could move around a little bit and learn different aspects of technology and find my way into what it was that I wanted to do. I found my way into the Unix department where I was a Unix system administrator and I discovered a love of security while in that role.

Um, and so from there I moved into the security organization and found myself in a leadership position. I started to pursue that with a little bit more vigor, I guess, wanting to be a leader. Ended up going back to college at some point to get a degree, because up until this point I hadn't had a degree.

And started to pursue the role of CISO. And I was a CISO in two different multinational companies before I came to the state of Colorado. And I was the CISO for the state of Colorado. And that was my last role before joining CrowdStrikes. When you and I met, I was talking about a cybersecurity incident that I experienced when I was CISO for the state of Colorado.

[00:04:45] Danny: Thank you for that, Debbie, just an amazing career. So I want to kind of start at the beginning. You had mentioned that your father brought a computer home. So I'm kind of curious, what type of computer?

First Computer in the Home
---

[00:04:57] Debbi: Yeah, it was a compact portable. So compact portable was just this huge monstrosity of a computer, but it did have a handle on it.

He traveled with it. It was pretty cool because you could snap off the keyboard on the front and lay it down. And then there was a little green screen that was sort of your monitor and it had. Two floppy disk drives as well. It was quite the monstrosity heavy computer, but he did travel with it, compact, portable.

[00:05:29] Danny: Yeah, I actually do remember seeing pictures of that in a magazine. And the reason I asked, because very similar, uh, when I was growing up, my brother was able to convince my mom to buy a Tandy 1000 from Radio Shack. It didn't have a handle, but it was an amazing kind of magical tool at the time. And who knew that fast forward, that it was going to change kind of society for the betterment.

Yeah. So I definitely love that story. One other thing that reminded me when you said that your father brought it home so you can learn to code. Um, I ended up getting a book of basics.

And I think it was like 200 lines. I started typing everything and hit enter. Nothing happened. I'm like, what's going on?

So I had to go all the way back, look at line 10, line 20, line 30, and there were a couple of errors that I fat fingered something wrong. Hit enter. And then the screen just showed fireworks and thinking to myself at the time, I'm like, see it? All this work for fireworks? Yeah. Oh my gosh. So what I ended up doing is just opening up, turning on my Nintendo entertainment system.

I'm like, that's better. Cause I just have to hit a couple of buttons. Fascinate how technology has evolved. You learn on this computer, you're super inquisitive. You have your dad teaching you how to code, how to ask questions. Is it safe to say that your dad was your initial mentor to get into IT and eventually cybersecurity?

First Mentor
---

[00:07:08] Debbi: Yeah, absolutely. I think about that time and I think about my dad in the business world in technology probably only worked with men. Yet, it didn't occur to him that his daughter at home wouldn't be able to do this. He was definitely my first mentor, bringing home the computer, getting me started, and then spending time in the evenings with me troubleshooting and debugging, and just encouraging me.

I mean, there wasn't ever anything that I didn't think that I couldn't do. Because he was always pushing from behind.

[00:07:41] Danny: It's always, uh, fortunate that we have parents that really care and kind of teach us. Yeah. A lot of people, unfortunately, don't have those situations. It's amazing that, uh, you had that opportunity.

And, uh, your father teaching you, our best and first mentors in life is our parents. So then walk me through, you learned this and then you said you got your first Unix uh, position.

[00:08:04] Debbi: Yeah.

[00:08:05] Danny: So walk me through that phase of your life and then how it morphed into cybersecurity.

Debbi's First IT Roles
---

[00:08:11] Debbi: Yeah. Good question. I was working in this company and it was essentially, it was the computer department for United Airlines.

It was called Travelport. I had a lot of different jobs there. I started out as a mainframe tape operator, then I worked with the automation team, which was helping the mainframe essentially recover from faults that it would experience. And then, um, ended up in the Unix system administration team and was sort of taking a lot of Unix system administrator courses, trying to get proficient there.

after a series of firewall outages. The network team said, Hey, we've been rebuilding these firewalls and we've discovered their Unix systems. And so they just sort of threw them over the fence into our team and said, you guys manage them. I ended up sort of catching those and saying, okay, well I, I'm going to manage them.

So that day I thought firewalls sound kind of important and it seems like I should know something about these. And so on the way home from work that day, I stopped by the bookstore, which was soft pro books. So this was a while ago. I bought every book they had on firewalls, which was two. I brought those home and started reading them.

And the more that I learned about firewalls, the more it sort of ignited a passion in me for security. I was really spending a lot of time focusing on the firewalls. So tuning them and configuring them and making sure that they were hardened. Sort of ignoring the rest of my job. Eventually I went to the director of the information security department and said, Hey, I'm managing these firewalls, which turns out are actually security devices.

And I'm doing this in another organization. Seems like I should be part of your team. And he fully agreed and created a position for me in that team so that I could sort of bring the firewalls and that security could be centralized within his organization. So. I moved into that team in the year 2000, started to focus on learning as much as I could about information security, and even pursued a couple of certifications.

I really did fall in love with cybersecurity at that point. And realize that I would spend the rest of my career doing that, that I was not going to be moving around anymore. That's where I want to be.

[00:10:33] Danny: Just a couple of things that really strike me based on that story is your curiosity to continuous learn about, in this case, firewalls, go to the bookstore and picking up the only two books on that.

And then also having kind of the big picture that, Hey, I think this is a bigger aspect of the overall security within, I would say, a nascent industry, early 2000s. As you're also telling that story, uh, Debbie, I'm curious, what were the major things that you dealt with from a day to day? Was it more configuration issues or what type of threats were you seeing in the early 2000s?

Early Threats
---

[00:11:15] Debbi: Yeah, so we were definitely seeing a lot of threats being thrown at the firewall. So I wouldn't say it was very sophisticated, but it was constantly probing the firewall to see what ports were open, to see if there were vulnerabilities exposed.

For me, part of the issue that I was discovering is that we hadn't been doing a very good job of configuring the rule sets on the firewalls. And so I really needed to go in and tighten some of that. But fortunately back in those days, the threats weren't as prolific as they are right now. Our misconfigurations were not discovered before I had an opportunity to discover and tighten them up.

So we didn't have any hacking in from the internet that actually occurred during that time. It certainly could have based on how we were configured.

[00:12:08] Danny: Now that's overall fascinating. So. You talk to this leader, they create a position for you. What were the next steps that you took in this new position that was created for you?

A Reluctant Manager
---

[00:12:19] Debbi: Yeah, it was a lot of fun because he really wanted me to be very proficient in network security. And so he started sending me to Cisco classes. He lobbied to get me access to the Cisco devices in our environment. It was just a ton of fun where I was just learning constantly. Yeah. Absolutely. A lot of that was also on my own time.

I mean, he was sending me to classes, he was getting me access, but I was going home and studying and reading and doing as much as I could do because it was just. So much fun, and I was just so interested. Eventually, he left the organization, and we were leaderless for a while. So it was just, you know, me and my peers, and I thought, man, this is working really well.

We have great relationships. We don't need a boss. And one day One day, um, they were, they called a company All Hands in the Denver area and brought us all into this room and they were kind of showing the org chart up on the screens. And I saw myself as manager of the information security team. I walked up to my boss later and I said, gosh, I thought I saw myself as manager of the team up there.

Is there something you want to talk to me about? Is that an interim position? And he said, Oh yeah. I meant to tell you we've promoted you. I was really upset because I saw myself staying on the technical track. I wanted to be very hands on. I wanted to be technical. I enjoyed that aspect of my job. I did not want to be a leader.

And so I found myself in a position where I was sort of a reluctant manager. I don't think I was really even equipped for that. I think quite honestly, I think I was the only female on the team. And so I probably looked like I was the most organized and I don't think that was the case at all. It took me a while to sort of mature into that role.

I think those first couple of years. I was just part of an amazing team who each of us wanted each of us to succeed. And so we worked really well together as a team. They were really filling in a lot of the gaps for me where I had deficits. That's how I found myself in a leadership role there.

[00:14:35] Danny: So one thing that really resonates with me is kind of you understanding what you wanted to do, right?

Individual contributor, getting your hands dirty, doing the work, and I think you're cognizant that in the leadership position, you're no longer doing that or as much. Now you have to manage people, which is a whole different mindset. How do you, in your experience, not only in this situation, but how do you handle reluctant leaders or potential leaders that just want to do the, the work, or even on the flip side, the ones that want to be leaders but maybe are not fully baked? How do you handle that?

You Need a Different Mindset to be a Leader
---

[00:15:23] Debbi: That's really tough because when you take that step from being sort of an individual contributor, hands on technical person to finding yourself in a leadership position, that's really, really hard. And you really have to, you have to wrap your mind around it and you have to prioritize people at that point.

It really did take me a while. When I sort of started to develop a knack for it and really started to realize that I could help people and I could help them be a better version of the technologists that they were, and I could help them to be a better communicator and a better storyteller and all of those things.

And when I started to sort of. Develop a little bit of interest and passion for leadership. I actually, I started to think about, am I going to try to find a way to take a, take a step back and be an individual contributor, hands on technical person again, or do I kind of like this leadership thing and do I want to embrace that going forward?

At that point, CISO someday, a chief information security officer. I started to realize if I really want to be competitive in that leadership type of a position, I would need to go back to college and get a degree. I enrolled in college and started working on a degree. I found myself in a leadership class and I just really enjoyed it and it sort of opened my eyes as to some possibilities and maybe even some capabilities that I had that I hadn't thought about.

I ended up taking a few leadership classes and It was sort of then that I, I kind of redirected myself. I said, I really need to focus on leadership. It's not as much about the technical stuff anymore. It really is about how can I empower the people that I'm working with for leaders who are leading people.

And you're seeing some sparks in some people who have those leadership capabilities, maybe enroll them in a class and see what sticks. And then for those people that you're trying to develop, or maybe they're trying to self select. You really have to have those conversations about here's what leadership really means.

You will no longer have your hands on keyboard on the firewall anymore. You really need to be paying attention to the people on your team. It's kind of a decision point that you're either going to move that way or you're not.

[00:17:47] Danny: I think you mentioned the key thing, right? It's about communication and having candor with, you know, a lot of people. We don't want to create conflict. I think that's just human nature. We always want to be agreeable, but it's, um, I think you also, during our pre calls, you mentioned tough love, providing that honest assessment to say, you know what, I don't think you're ready. But if you're hearts in it. Let's get you ready.

It's helping the individual as opposed to just like, yeah, you're never going to be a leader. Right. Just don't think about that. Right. And deflating them. And now there's going to be animosity and all, all these negative things there. But one other thing too, that really strikes me is just your humbleness, right?

I think from my experience, the reluctant managers or the reluctant leaders are the best ones because. They kind of do a self assessment of what they're lacking. And now it's not about themselves. It's about other people. Just based on my experience, uh, the best ones have been, uh, those reluctant leaders.

So I'm definitely going to start using that phrase. Debbie, during this time, so in the work environment, obviously at home, your mentor was your dad. Did you have any mentors or even sponsors during this time? Yeah,

Other Mentors
---

[00:19:13] Debbi: so, um, I had good and bad bosses and I learned from all of them, but I did have some tremendous bosses. I can think of a couple of examples.

One of them, I was getting ready to do my first presentation ever. I was a nervous wreck and he kind of looked at me and he said, I don't understand why you're nervous. He said, Debbie, you'd know more about this subject. than anybody in the room. He goes, just go in there and enlighten them. And that just really, it helped me to sort of reframe it and just really helped take that nervous quality out of it.

It was like, Oh, okay. It's not a presentation that I'm going to give. It's educating people on how to look at this subject. That was very helpful. I had another boss one time who was asking me to make a decision and it was a hard decision. We were going through layoffs in the company. I just sort of went into his office and said, we can't afford to lose anybody.

We don't have enough people in our group as it is. This isn't a decision that I'm prepared to make. Quite honestly, in my mind, I was thinking, I'm a junior manager, I'm a first level manager, and I don't think I'm even at a level that should even be required to make this decision. He looked at me and he said, Debbie, we are taking a 10 percent cut across the company that will affect every department, every organizations, yours is not exempt.

You can either make this decision yourself, which is what I would encourage you to do, This decision will be made for you by someone else, and you may not like the outcome. And so I really appreciated when we, when you talk about tough love, that's what that was. I really appreciated him coming to me and saying, this is going to be done, period.

Either you can do it yourself or we're going to do it for you. It empowered me in a way that, you know, it's hard, but every time you're empowered like that, it gives you a little bit of confidence that those hard things, you can do those too. Eventually, I moved to a different company where my boss was a female, and part of the reason that I moved to that company was because of her.

I just saw her as, oh my gosh, she had everything on the ball, she was so smart, she garnered respect when she walked into a room. I was probably a little too timid to say to her, Hey, I need some mentorship. Would you mentor me? But instead it was like, I looked for opportunities to spend time with her. I paid attention to the way she phrased things.

I paid attention to the way she stated things. And I really tried to mimic her while she was never really a formal mentor. She was definitely a mentor. And. I just learned so much from her and I just felt so fortunate to have had an opportunity to spend so much time with her.

[00:22:01] Danny: Did you, uh, ultimately tell her that, uh, you learned a lot from her?

[00:22:06] Debbi: Yeah. Absolutely. Absolutely. She had a lot of strong leaders who worked for her as well. And so I felt very honored to be included in her, on her leadership team. I learned a ton from my peers as well as from her directly.

[00:22:21] Danny: No matter what, uh, stage we're in our career and in life, it's always learning from other people.

So I definitely love that. So now I guess the, the last part of your career being a CISO, how did you approach that the first, uh, let's say the first year on the job?

How to Approach being a CISO
---

[00:22:41] Debbi: When I came to state of Colorado as the chief information security officer, I had actually done that role in two different companies, but they didn't call it that at that time.

So this was my first, like, now I've got the title. It really opened my eyes to the fact that when you're the chief information security officer, it's not just security that you're responsible for. As part of the executive leadership team, you are making decisions across the organization, and you're expected to come with ideas and input across the organization, not just for security.

One of the things that I'll say, well, maybe two of the things that were the most surprising was in that role, nobody really cares anymore if you're good at security or not. That is not the primary thing that they hired you for. They hired you for leadership, for strategy, for bigger thinking, and Also, for your ability to influence because you're never going to have enough authority to make stuff get done.

And if you had to use your authority to make stuff get done, people will find ways to work around you and they'll find ways to delay it and they'll find ways to make sure it doesn't happen the way that you want it to happen. You really have to use influence. That was maybe the first and second most interesting things to me was that my role was so much bigger than security.

Um, and that even with all that authority, it was really influence that I needed to use more than anything else.

[00:24:17] Danny: I appreciate you sharing that. That's something that I never really thought about when you become a CISO. Not that I have any inclination of being a CISO in the current day and age. I think, uh, I would, uh, have more gray hairs than I already have, but it's that influence part that I never really thought about because now it's almost, uh, maybe, maybe I'm putting too much into it, but you're kind of playing politics a little, maybe, Hey, if you give a little here, I'll give a little here and finding a common ground that you're not going to win all the battle.

You're not going to win all the argument. But in this case, it's kind of a give and take relationship, uh, as opposed to, you know, winner take all. Appreciate that insight. What about also business acumen? I would think, because like you mentioned, it's not only about security. Now it's about. The entire organization.

You need a Business Mindset
---

[00:25:13] Debbi: Yeah, absolutely. And especially when you're talking with other leaders within the organization, other department head, they don't care how much you know about security. They don't want to hear how BCP IP works. They want to know that you care about their business. And so they want you to demonstrate to them how much you care about their business.

And once you show that you understand their business and you understand what it is that keeps them up at night and you care about that. Then you can come together a little bit better, match your priorities a little bit. When I talked to departments heads and I would say, what is it that worries you the most?

And they would say, Oh, it's this particular business function. This is our bread and butter. This is what we do. And so then when I sort of peeled that apart, what are you reliant upon to make sure that gets done? There were always systems involved. And so when I could say, okay, so these systems, they must be up.

They must be running at all times, at all costs. Then we could talk about things that could happen to those systems that would make them not available, for example, or things that would happen that could potentially corrupt the data, um, or expose the data. And then they were listening to me. But if I tried to start there, they wouldn't make that leap of how critical and how reliant they were on that system. We needed to get there together.

[00:26:36] Danny: I guess my next follow up question, along with this CISO talk that we're having. What advice would you give to a brand new CISO going into, let's say medium to a large organization?

Advice for new CISOs
---

[00:26:48] Debbi: Yeah, so the first thing to do really is to get to know your stakeholders. So, go and talk to other department heads, sit down and talk to your peers, start to create those relationships.

Relationships are absolutely key. You've got to understand what is important to each of these individuals, what keeps them up at night, what worries them, because that's going to frame your viewpoint as you interact with them, and help you to sort of frame discussions about cybersecurity in terms That they will now relate to.

But yeah, I would say to any brand new CISO relationships are the most critical thing, and you've got to start building those on day one. The people who interviewed you for your positions, they are automatically stakeholders. And so they voted for you. They gave you a vote of confidence so you can include them in your stakeholders.

You can talk to them, you can get their input, and they're going to want you to succeed. There are people that you definitely need to, uh, create a close relationship with as well.

[00:27:53] Danny: Yeah, it definitely makes sense. So I'm going to transition to two questions, but the first one is, The phrase or the word of the millennium, generative artificial intelligence, gen AI. Yeah. Based on your experience, good, bad for society at large, and good or bad for security, kind of macro, micro level.

Generative AI (GenAI)
---

[00:28:17] Debbi: Yeah. I'll start with security. We've seen two things. We've seen generative AI being used by threat actors, the adversaries who are trying to attack us. They're using it in a couple of different ways.

They're creating their malicious code and tools. They're also using it to create better social engineering campaigns. So better phishing campaigns with better, better verbiage, better use of the English language, all of that. But it also is having great effects for cybersecurity practitioners as well. In that artificial intelligence.

Can compare alerts in your environment to much larger datasets and make decisions on bubbling up those alerts that you need to be looking at and really drawing your attention to the right things. So artificial intelligence in cyber security is a must. It really makes security analysts much better at their jobs.

I will say in society, very similarly, we can use it for bad, we can use it for good, right? Students can use it to write their term papers, that's probably not a good use of it. But using it to come up with ideas, saying, I'd love to write a paper that is some sort of a historical paper that is on an interesting precedent that happened last century.

Query it and come up with ideas of things that you could maybe then go do some research on. Um, so using it for brainstorming I think is a great use of it. I've used it to help make, um, an email. I needed to write an email to someone who doesn't speak English as a native language, and I don't speak their language as a native language, but I wanted to be able to communicate and I wanted it to be, you know, elegant.

I didn't want it to be clunky. Um, I wanted this person to understand what I was saying. And so I used generative AI. I said, here's what I would write. You say it in this language. And then I cut and pasted, um, used it as well in a panel discussion. And I wrote my own version of what I thought might draw people to my panel.

And then I thought, well, that really sounds pretty lame. I uploaded it to generative AI and added a few more things. Like I want this to be for executives and I want to discuss some of these topics. And I want, and wrote something that sounded phenomenal. And I said, I would go to that session. I mean, I think there are good and bad uses.

We as a society and we as whatever kind of practitioner we are, we just need to make sure that we're using it in a way. That makes us better at our job, that we can be more efficient, we can be more productive, we can be better at it. People who, you know, the workers of the future are gonna, that's exactly what they're gonna do. They're gonna use it to be better at the jobs that they've got.

[00:31:06] Danny: Yeah, I've heard a term, I guess phrased this way, that artificial intelligence will augment our intelligence, not replace it. But I think now there's just a lot of fear, uncertainty, and doubt that they're going to replace our jobs. I think certain jobs will eventually eliminate it, not eliminate it overnight.

It just kind of blew me away when I play around with it as well. I remember one instance where I asked it to summarize, I think it was the U. S. government's national cybersecurity strategy that came out.

[00:31:41] Debbi: Yes.

[00:31:42] Danny: And it said that it couldn't do it because it was in the future. So I'm like, Oh my God, it was kind of giving me attitude, you know, I had my kids telling me no about something early that morning.

And now this, this thing, this computer telling me the same thing, I'm like, well, what date do you think it is? And then it said, I don't have access to that latest information. My date ends here. So I told it the date, therefore it's not in the future. So summarize this document and it apologized. I, I'll make a note of it.

Thank you for the day and time, and you're correct. It's not in the future. Here's the summary. Wow. And it just left me, I'm just like, oh my God. Having this conversation. It's definitely phenomenal technology that, super excited, uh, what the future holds as well. And then you also. Oh, go ahead.

GenAI is not Infallible
---

[00:32:35] Debbi: Oh, I was just going to say, you bring up a good point, which is that it's not infallible.

The information that it brings you back is only good as the information it was able to query. And so it still requires people using critical thinking skills. It still requires people doing independent research. It still requires all of that knowledge that humans bring to bear because it's only as good as the information it's able to access.

For students, it's really important to stress that. That this may make them more efficient, but it doesn't eliminate their need to think critically and be able to triangulate their resources or the references and really be able to prove out and evaluate whether something is actual and factual or not.

Certifications vs Education
---

[00:33:24] Danny: Yeah, I know that's definitely a valid point, uh, Debbie, I think this country and probably the entire world has lost its ability to think critically. Unfortunately, a lot of different things, that's an excellent point. The last topic I want to get into is, you know, your background is heavily in IT, and then you went to school, you got these certifications.

So if somebody new or a transitioning professional comes in and says, Hey, should I go for certifications on X, Y, and Z vendors or going the education route? How do you answer that? Because I struggled with that when they asked me that. Do I give them really what I really think about certain things? Or do I give them helpful information?

[00:34:12] Debbi: Yeah. First of all, there are plenty of entry level jobs that don't require degrees. I started in technology without a degree. I started directly out of high school. Once I knew what I wanted to do, then I could tailor my education to provide the maximum benefit for my career. So a lot of times kids go into college, they don't really know what they want to do.

They kind of get a general education. And maybe it doesn't serve them well later in life in their chosen career field. So that could be an argument for maybe you don't jump right into a college degree, maybe you start in the workforce. You work your way through a few different disciplines and then decide what it is that you want to pursue.

I would say that with certifications too. Don't go start with the hardest certification and try to conquer that. Figure out what it is that you're interested in. Figure out how that certification is going to help you. And if you have your eyes set on a certain type of position. You'll see very clearly what certifications are needed to get that position and also what kind of background.

Then you can pursue those certifications. Then you can pursue those dream jobs for sure.

[00:35:25] Danny: Everything that you said, I definitely agree with Debbie, but I think it seems maybe our industry is giving mixed messages because entry level positions have all these high level education requirements and certifications that while it's an entry position.

But they require CISSP, which is an executive certification. It's like, how do I, how to approach that? So I think we as an industry need to definitely get better at job descriptions. And if it is entry level, then there should be technically zero experience and zero education and certification. So it's definitely a challenge, you know, moving forward.

Entry Level Position - Help Desk
---

[00:36:09] Debbi: Yeah. And one thing I would say, so one good place to start is on the help desk because a lot of times they don't require certifications. It's a great place to make internal relationships. And a lot of times when there are positions that are open, you've already created those relationships. People already know they like to work with you.

You might have a leg up as far as getting a position in the security organization because you've already done some of the work there. That's a good way to start. I absolutely agree with you that a lot of times you'll see it's an entry level position. It requires a whole lot of things. I tell people, apply anyways, because quite honestly, if it's an entry level position, it's probably going to pay like an entry level position.

The person who has a college degree and a certification and everything else is maybe not going to want to do that job. So maybe not be able to hire the person who fulfills all of those requirements. Apply anyways. They might decide they love you and you seem trainable.

[00:37:07] Danny: Yeah, no, that's great advice for sure. Yeah, just apply. You never know what happens there. Actually, there is one other last question that I was just looking at my note. What makes a great leader and what qualities should they possess based on your experience?

What Makes a Great Leader?
---

[00:37:24] Debbi: Yeah, so I would say two things there. First is communication, and part of this is being able to communicate transparently.

When you go into a meeting and your staff asks you a question and you don't have the answer, you've got to be able to say, I don't have the answer, or yeah, I did not initially agree with that decision, but here's why I'm supporting it. And also knowing who your audience is and being able to communicate in a way that is going to resonate to them.

Being able to talk to your employees about things that they care about that you know are interesting to them. Being able to talk to your budget approvers in language that they understand. Being able to talk to department head, conveying to them that you care about what they care about. Then the second quality I would say is just, you really do have to care about your people.

I had to remind myself every single day that I was there for them. I was there to make their jobs easier. I was there to remove barriers for them. I needed to look for ways to help them improve and grow. So I couldn't just ignore behavior that I didn't think was good or things that I felt were detrimental to our organization.

I needed to address those so that I could help people be better. The best version of themselves and the best cybersecurity professional that they could be. That was just something that I had to remind myself because I knew that I would slip back into, you know, I love to be head down working individually, but I needed to remind myself that I was there for them and that I needed to be helping them.

[00:38:59] Danny: Incredible, tips on leadership qualities that we all need to possess, and especially that last one. Taking care of other people, uh, as opposed to ourselves. So every, everything that you mentioned there, Debbie, resonates with me. And, uh, I'd love to work under you just because I think it's just those leaderships, qualities that make sense, but in practice, a lot of people struggle with trying to deliver that amazing conversation.

So my last question, and this is how I end the podcast, I'm a voracious reader. And it started later in life. When I was younger, I didn't read a lot. But now I'm in the middle of probably about 15 books. But what books have you recently read? And it doesn't have to be about technology or cybersecurity, just any books that you'd like to share with the audience.

Current Books
---

[00:39:52] Debbi: Yeah. Um, so you told me that you were going to ask that. It was funny because I had just started reading this book again, which is The 21 Irrefutable Laws of Leadership by John Maxwell. This is just so, it's refreshing to me, the chapters are very short, each of them has a compact message. It really talks about how leadership ability really does have an impact on your ability to grow in your career.

Or grow in anything, grow your business, grow whatever. It also talks about the law of influence. I was thinking about the fact that cybersecurity and your ability to have success in your organization is really about your ability to influence. So it's great things to learn. I read this book probably many years ago, but just as you were asking me that question, I kind of pulled it off my shelf and started reading it again because it's just such a good.

[00:40:48] Danny: Thank you for sharing that, Debbie. I'll make sure to put that in the show notes so everybody knows that the title and the authors so they can hopefully. Add it to their library. But Debbie, this has been an awesome conversation. Uh, I wish we can continue this for a couple of more hours, but that definitely want to be respectful of your time, your leadership qualities, definitely.

shine on this conversation and especially the first time I heard your presentation at the conference two, three weeks ago. But thank you for your time, for sharing your amazing career.

[00:41:24] Debbi: Yeah. Thank you for having me on your show. It was very nice to talk with you as well, Danny.