Bytes, Bits & Brilliance: Career Insights and Inspiration
Through intimate and candid conversations, we explore the triumphs and challenges faced by tenured or senior level, underrepresented women and men in the Technology profession. This series unveils their stories and experiences, giving you a unique glimpse into their thought processes, challenges, and achievements.
Join us on this journey as we decode the bytes of wisdom that have helped these tech leaders and professionals overcome barriers, navigate complex challenges, contribute to a more inclusive tech landscape and emerge stronger than ever. Whether you're a newbie in the tech realm or a seasoned veteran, "Bytes of Brilliance" is your gateway to firsthand wisdom, humor, and lessons learned from the frontlines of technology and cybersecurity.
The views and opinions expressed by the host and guests are personal and not reflective of any employer.
Bytes, Bits & Brilliance: Career Insights and Inspiration
From the Classroom to Cybersecurity Adventure: Nijel Redrick's Journey
Curious about how to navigate the world of cybersecurity from a different angle?
Nigel Redrick, a seasoned Governance, Risk, and Compliance (GRC) professional, who's career started in Education as a Mathematics teacher.
For those contemplating a career in cybersecurity, Nigel provides valuable insights into aligning your professional journey with your personal interests and strengths. Through stories of his own experiences, we uncover the diverse opportunities within fields like GRC and operations, peeling back the curtain on the skills and challenges unique to GRC.
Nigel encourages us to embrace independent learning, gaining experience through volunteering or personal projects, and to embrace growth and learning as the true measures of career success.
Rounding out our conversation, we touch on the transition from education to IT and the unique skills that can be transferred between these worlds, painting a picture of a fulfilling and well-rounded career path. Join us for these insights and more, as we celebrate the journey and the lessons learned along the way.
Find us on LinkedIn:
Nijel: https://www.linkedin.com/in/nijelredrick/
Dawn: https://www.linkedin.com/in/dawnbutler1/
Hey, listeners and tech enthusiasts! 🌟 If you've been enjoying our podcast and finding value in the insights shared, we'd love your support. You can:
- Spread the word - Simply take a moment to share this podcast with your friends, family, and colleagues who might also benefit from our discussions.
- Leave a review on your favorite podcast platform. It would mean the world to us! Your feedback helps us improve and reach more listeners like you.
- If you’re in a position to support financially, consider supporting the show via the "Bytes of Kindness" Tip Jar, or Buy Me a Coffee. This podcast is a self-funded, labor of love and my way of giving back—especially to underrepresented voices in tech and cybersecurity.
Your support keeps us going and growing. Thanks for being part of this journey and our community!
Looking for mentorship? Let's talk about what you need and how I may be able to help: Mentor Moments Lightning Session
The views and opinions expressed by the host and guests are personal and not reflective of any employer.
Hello and welcome. I'm your host, dawn Butler, and I invite you to step into the world of Bites, bits and Brilliance, where we bring the mentorship directly to you and every journey we explore transcends the code. Hello, everyone, and welcome back to Bites, bits and Brilliance, and this week we have with us Nigel Reddick. Nigel, thank you so much for joining me on the podcast. I'm really looking forward to this conversation, mostly because I know you're a pretty smart guy and you've been doing a lot of teaching recently on a lot of the regulations and things like that. I mean, we're not talking about that stuff on the podcast, but I just want the audience to know that you're here.
Speaker 1:You're a techie, you know your stuff, you've been doing this for a while, and so the advice and the wisdom you're going to give is grounded in good experience. You know what I mean. So again, nigel, thank you for being here. I like to have my guests introduce themselves, because I could go to your LinkedIn and be like Nigel Reddick blah, blah, blah, blah, blah but I prefer the more personal option where you tell us what you want us to know about you before we get digging into nitty gritty details about you. So please introduce yourself.
Speaker 2:All right, Dawn. Thank you for having me First. One minor correction Nigel Redrick. However, wait a minute. You might know something about my genealogy, because when my paternal grandfather was born, his last name was Reddick. Ah, my grandfather and all the way back. So at some point my grandfather's siblings and others changed the surname.
Speaker 1:So I've been typing your name wrong for like months, because I think I even have your name in my phone without the R.
Speaker 2:Is that right? But the podcast title is the correct, the correct spelling oh, I must have had a typo somewhere.
Speaker 1:Because of my notes, I have it without the r, okay, yeah so weird okay so that part, thank you, no problem.
Speaker 2:So, um, I hail from huntsville, alabama. You know the great state of alabama. Um, I'm a graduate of how Howard University, where I studied mathematics and minored in computer science. I told y'all yeah, these days I work with a company, ibss Corporation, located in downtown Silver Spring, maryland, where I wear a few hats. I'm the director of GRC Governance, risk Management, compliance Services. We also have an apprenticeship program. I'm the director of that cybersecurity apprenticeship program.
Speaker 1:Nice.
Speaker 2:And I am the chair of our volunteer committee.
Speaker 1:I love it.
Speaker 2:Yes, that's a little bit about me.
Speaker 1:I like the well-roundedness. There's a couple of things. You said GRC, so I don't know if you've noticed, nigel, there's this uptick in GRC as a way to get into cybersecurity, you know, versus like pen testing, red team, blue team, all that stuff, hacking like it used to be. I've been seeing that a lot recently. Like you know, this thing called grc. It's really important. You should take a look at it. Have you seen this? A little off the cuff, but have you seen anything like that happening in terms of, like, more people interest having interest in that side of things?
Speaker 2:I've seen it um, and I think it's that uptick. Is there especially the interest? I think because it's misguided, or I will say there's been misinformation. Oh so much of that there's a thought that it's easier. Uh-huh, I will admit that I don't have to know cali linux in and out, but Right. So I think you know I don't. If the IDS stops functioning, I don't have to make it operational.
Speaker 1:You don't need to know cryptography and all this stuff.
Speaker 2:Nobody knows what those things are, and I think people think that okay, well, I can go on this because it's easier. But you know, it's like you choose your easy, like you, you choose your easy, you choose your heart, right? I don't I know people who just hate grc. You know they're right, right, um. So I I don't think especially do a good job.
Speaker 2:It's not easy yeah um, I think later on we might talk about my, my past, um prior to this, but I'll just give a little snippet Now. I used to teach and people thought teaching was easy.
Speaker 1:Right.
Speaker 2:Like okay, you know, but yeah, I'll leave it at that Grass is always greener right. Right, right, yeah, but there is an uptick because people think it's the quote unquote easy way to get in.
Speaker 1:Yeah, I mean I appreciate like the alternate view of getting into cyber, because there is that other side that's non hard skilled techie, like you said cryptography, ids, all of it. I don't know that stuff either. I mean I studied it. I don't do that stuff either. I mean I studied it. I don't do it every day, right, but you're right, I was listening to a live broadcast, but it's a conference that Columbia University is having today and tomorrow and they're talking about regulatory environment and how there's so much that hasn't happened, but there's a lot out there. And then I also attended, like a security and privacy forum a few like a month or so ago, and all of the data related, data privacy related regulation and that's the type of stuff, right, I believe. Correct me if I'm wrong. That's only part of grc, right?
Speaker 2:right speaking about the compliance part right.
Speaker 1:That's why I said it's only a piece of it yeah yeah, so um, but I won't go into those nitty-gritty details. I also watched something else the other day and I actually went to ai and I was like tell me, what are the differences? You know, what's the governance, what's the the? The r is for regulatory right what are ours for risk?
Speaker 2:risk, that's.
Speaker 1:Well, the R is for risk Risk, that's right. Risk Governance risk.
Speaker 2:I prefer to say risk management. But, most commonly you will see risk, but I prefer to say risk management because in my mind. Cybersecurity is about managing risk.
Speaker 1:Yes, yeah, that's right, it is risk, jeez and seize the compliance. I'd ask it like what's the differences? What do they all cover? Proactive, reactive stuff like that. But again, that's not what we're here to talk about today. But I just want to add to Nigel's comment about it may not be as easy. It's pretty complex. There was a young lady I saw did a video the other day about having a GRC role and the number of things she talked about that she did on a daily basis. She did the same thing but for so many different things. I was like, yeah, I hope people are realizing that's a pretty complex job, so, anyways. So that was one thing I wanted to bring up from what you said. And the volunteer, the internship type stuff, how's that going so?
Speaker 2:yeah see, we have a let's talk about that going. So, yeah see, we have a super apprenticeship program first, um, we have a rather dynamic program. Um, we, the objective is to develop well-rounded cybersecurity professionals, meaning you finish the program and you're able to take on any entry level cybersecurity position whoa, yeah, yeah, anyone. Now we have to be realistic, right.
Speaker 1:Yeah.
Speaker 2:So no, you're not going to be the lead penetration tester, no, you're not going to be a security architect, right, right. But we do help to lay the foundation so that you can.
Speaker 1:Yeah.
Speaker 2:You can take on those roles one day. So that's the apprenticeship program. We pay for the certifications.
Speaker 1:Nice.
Speaker 2:Hands on training. If you can imagine. You know most of a lot of programs like plum electricians. You know where you you work with a journey worker. You know worker. Same concept.
Speaker 1:Nice program, wow. Same concept nice program, wow. So I think I'll get from you, before you know, before you and I finish today some information about that. If you don't mind, I could put it in the show notes for people. I think it'll be a really good thing for them to check out if that's yeah, yeah, I will.
Speaker 2:I will tell you, however, we had a kind of a pause on accepting new applicants because we're looking for additional funding, so so certainly, um, they, we could put things in the show notes um, yeah it'll be down the line before we um kind of kick-started because like was it 2023? I think it was brought in like 18 apprentices.
Speaker 1:So that's cute, that's a lot, yeah, and then you need you don't only need the money resources, but you need the people resources to do a program like that. Right, like employees and different volunteers. So, yes, that's a that's pretty robust, okay, nice, everyone doing their part. You know like just just a little bit that we can to to help people move along and enter into the field. So, nigel, you you said you went to Howard, you did a math major with a computer. Was it computer science or computer minor?
Speaker 1:for T interesting there, like when I got to like differential equations and vector analysis I have an engineering degree I was just like how did the math folk do this? So the fact that you majored in that and admired in computer science is quite amazing. But tell us what inspired you to pursue a career in tech cybersecurity, because I'm sure the story is not a direct path. But tell us how that, how did you get started?
Speaker 2:Well, I'm a career changer, Um, and maybe yeah, I used to teach mathematics um public school, um, and near the end of my tenure I recognized a need for a change. I recognize a need for a change. So what I did is I contacted a lot of my friends who were in IT Because I had an idea I wanted to get into IT. I didn't know what.
Speaker 1:Gotcha Okay.
Speaker 2:A lot of my friends who were in IT to get an idea about what they did daily. I mean literally, I'm talking to them one-on-one to like you know what do you do, right, you know after work, because you know we hang out but we really don't talk about what you do during the day. So I just, you know, kind of drilled them. You know, you, you, you get to work and do what you know from the moment to the moment you leave.
Speaker 2:I want to know, you know. I want to know, not just one day. You know your average day.
Speaker 1:Yes, because it changes.
Speaker 2:It can change. Yeah, yeah, talked to several. I talked to DBAs, sysadmins, web developers, pms. I remember one person specifically, he was a firewall engineer and after speaking to them they mentioned this thing called information security. Now I, I guess fake. It was kind of vague to me, you know. Um, because, like a lot of people these days, I find it interesting a lot of people have not heard of cyber security. I mean, that's true, a lot people have not um and as well-read as I thought I was.
Speaker 2:Information security is just not on my radar.
Speaker 1:Right.
Speaker 2:One thing they mentioned was if they could do it over, if they could change careers, at that time they would pursue information security. Now that they couldn't is because they had. They had ascended so far in their careers. Because they had ascended so far in their careers, gotcha, there would be a career change and the compensation would not be the same.
Speaker 1:for them yeah yeah, yeah.
Speaker 2:So that kind of piqued my interest and then I enrolled in school and took a couple of information security classes to see, theoretically, whether I was interested in it. And I was. So that's, that's what you know got me interested into information security.
Speaker 1:What I love about what you said is you started off like so many people do, like I think there's this thing I want to do, but I don't know anything about it. I don't know where to start. And you took the time and you asked some people what it's, what it's about, and that's. I love that story because that's the advice we give to people. You know, when they're like and I don't know how many years ago this was for you, nigel, but you know, over the years the environment has gotten larger, so the number of roles and the types of things you can do is increased. So it is a lot to take in and so it is good. I like, too, that you also enrolled and took some classes. You're like oh, I like it, I don't, which is great.
Speaker 1:It sounds to me like you gave yourself room to see, and explore and and and and figure out like I do or I don't like. And if I don't like, it's okay, because I I think a lot of times, especially maybe younger people, even though they have so much time ahead of them, they want to sort of hone into that exact thing. You know, and I mean I don't know what you saw in your, in their apprenticeships programs with, uh, with younger people. But I've sort of seen that In the Internet streets type of thing, that's the, that's the tonner of things. So, yeah, I love that. That's how you did it. And look where you are today. So how, how long have you been? How long has it been since you did that transition from teacher to practitioner? I guess?
Speaker 1:Yeah it's been 17 years. Okay, cool, nice, nice. So look at that. Two full blown careers. Like nice. I love it, okay. So then I think maybe now you've answered this what advice do you have for people who are new to this field, because you were there and looking to establish themselves?
Speaker 2:OK, my recommendation and I say this to everybody, it's advice that I received in my first role from a manager. He said you want to be a ravenous reader? Right, that's number one. Number two and this is this is what I did. I I didn't treat the profession as if I was a veteran. What I mean by that is I would arrive to work early and stay OK. Right, I didn't just work a regular 40 hour week right now. I didn't enter on my time sheet more than 40 hours unless it was necessary. But so, for example, I might work 12 hours that day. I would say working hours at work 12 hours, eight hours doing what I'm assigned, what I was assigned to do, but the other four I'm trying to learn right.
Speaker 1:Gotcha.
Speaker 2:There's anything that I wanted to know, I would reach out to colleagues and figure out ways how I could get involved. What the other advice I would give is to identify that path that you want, Because one of the things about cybersecurity and it wasn't called that back then- I know information security. One thing about it there's so many disciplines, you know. You alluded to that a few months ago.
Speaker 2:There's so many disciplines, so you really want to I don't want to say pigeonhole yourself, but you do want to kind of narrow down what it is you want to do Because there's so many, there's so many different areas that you can go into. And another thing I recommend is understand your personality and one thing that tells me about GRC I joke about it. We're like bankers. We have bankers hours right. You log in at nine, you leave, you know five, 36, something like that.
Speaker 2:However operations team, engineering team let's go to operations. You know there's some kind of situation that arises and it's time for you to log off. You have to stay. Engineering. You're trying to fix something and it depends on the urgency of what needs to be fixed, you know. Or configured, let's speak more appropriately configured, you know.
Speaker 1:Fixed is good for the folks who don't know what configured is. It's good for the folks who don't know what configured is.
Speaker 2:But what I say, you know, grc side. Unless I have a whole lot of poor planning, I don't have to stay late.
Speaker 1:All right.
Speaker 2:OK, you know there's from a governance standpoint. I don't know if you plan to talk about what GRC, to all that it encompasses, but I'll just quickly say this it's a part of the question you asked From a government standpoint. You know a part of that is writing policies. So and it's back to the whole personality part I don't there's no emergency policy has to be written, right?
Speaker 2:That's true, I don't have to be late to write a policy. That's so true. The R, the r is what I say is risk management. There's no again, unless I procrastinated, there's no emergency risk response it doesn't work that way, yeah yeah, compliance wise is about evaluating compliance, so there's no urgency like that either.
Speaker 2:Right, so you find your personality. You know. If you like to be in that kind of environment where you know things are dynamic and moving every second, then that's you. But me, I prefer just a little more structure and you know things under my control.
Speaker 1:Gotcha, gotcha. That's really good advice. I didn't. I don't know if I ever considered my personality. I mean, I would take those personality like assessment, tests and stuff, and they would say that I was good, like at analysis and things like that. So I was like, oh, I think I'm in the right job Because I was an analyst, I troubleshooted, did whatever. But um, yeah, I never looked at it from the perspective of like, what do I want my work day to be? Like, you know, until many years into my career, after I had done the you know the operations and the production support, and like oh my God, this is 12, 14 hours a day.
Speaker 1:I can't do this anymore. So now I know pretty well that I don't want that, but that's really good advice to give those who are starting out. I also like what you said about oh shoot, I lost my train of thought. Oh, figuring out your path, and I think what was beautiful about that is, or that I would like people to know, and I'd like you to sort of talk about this, nigel. Like you to sort of talk about this, nigel is yes, you're figuring out your path and not necessarily pigeonholing yourself, but what I heard was is like give yourself time to sort of to focus on a piece of it, to figure out if that's something that you enjoy. Is that? Is that a good like?
Speaker 2:extraction from what you said yeah, that's, that's it, but here's a challenge with that. So I want to give a remedy. There's a challenge, but there's a remedy. The challenge is you normally don't control. You know what you can do at work, right.
Speaker 1:True.
Speaker 2:You sign an offer letter to work in this role, right to work in this role. But the advice I give to people is you either work, try your best to do it on a volunteer basis, meaning you have your regular work day, but then you ask for opportunities to kind of dabble into other areas.
Speaker 2:That's one way to do it, with an understanding that you're not getting paid to do it Correct. Yes, your payment is the learning right. Yes, if that opportunity is not available with your employer, then, especially these days, I say then, these days, with the virtual environments, you can create your own environment.
Speaker 1:So much you can do.
Speaker 2:You can be who you want to be, gotcha. Let's say that you feel pigeonholed as a GRC professional and you really want to be that pen tester. Well, build yourself a pen test lab, gotcha. Yes, yes, yeah, you want to go into vulnerability management? You can build a virtual lab. See, 17 years ago you had to have hardware and that stuff costs a lot of money. Right days, you can spin up something pretty quickly.
Speaker 1:Oh my gosh I should have my notes. Look, sometimes I have my notepad. Other times I remember I was listening, so I recorded an episode of the podcast it hasn't published yet where the person I my guest said something similar to what you just said. You know, when he started his career he had to take his computer itself home because he didn't have it. We didn't have laptops back then. It's like you're saying, so much has improved and is more accessible to everyone now, and so it makes it, if not easier, maybe simpler, to be able to test out what you want to do and what you want to be.
Speaker 1:The other thing that I want to really bring up from what you said to the audience and you've said it a few times now, nigel and it could be the teacher in you, I don't know you said the pay or the. You didn't say the pay. Whatever language you use, is the learning, the reward or whatever. That has been a theme across so many of the people I've had on the podcast. Like the learning, you know when people ask is it worth it getting into the field, like I had? I'm in a lot of Facebook groups and other groups like that for techie people and someone was like oh, I'm trying to get a degree and I was thinking is it worth it? I'm like the education and the learning is always worth it. That will always be an investment you make in yourself, right? I mean, am I wrong?
Speaker 2:or tell me what you think I mean to me to tell me what you think I mean to be to me and it could be just us.
Speaker 1:I don't know.
Speaker 2:It could be. But I tell you, when I interview people I want to determine whether or not they're lifelong learners. Gotcha, I'll tell a little teaching joke, right quick. I remember I had a couple of students and I was teaching seventh grade and this was, I don't know, I forget the first section, I can't remember what part, but they weren't doing much and I just commented. I said you know, I wish I was in your shoes. They were like why, mr Redmond? I said because you're all so happy. I said it's like you arrived so you do nothing in class, but just, but it's like you're just so happy. Clearly you've met your goal in life. You know 12 years old, right? So so my point there is they were not exhibiting the uh, that they want to be lifelong and and to grow beyond where you are Exactly.
Speaker 1:Yeah.
Speaker 2:So, yes, you want to be a lifelong learner. Yeah, that's the key. Yeah, and if you think about our field, is protecting information so clearly. Information is important, it's valuable Right Very valuable, so it's like somebody is protecting some knowledge, so it must be valuable. So that's why you want to seek knowledge.
Speaker 1:Gotcha. Yeah, that's a good analogy, thank you. So have you experienced, through, you know, being a teacher, your tenure there and you change, you know, is that I'm going to take a different direction in all of those that, those two careers that you have now, have you experienced any setbacks or failures that you, that sort of that gave you some like really good life lessons or helped you grow, especially professionally, that you can think of?
Speaker 2:so I'll tell you the if I use the word failure, which is not the most positive word, but I'll tell you my most negative professional experience in IT. It was, I think it was in my first year I was working on this project and the in the way the organization was structured. There's an integrated team, so I wasn't working directly with my man, I was working with another manager who was not an IT professional. Ok, so I was given this task and it's a tool that I recently learned how to use. So I was not an expert, you know um, but the, that manager who was managing that project. His expectation was that job get done. So I remember I said, well, I can't get, I can't get to do it.
Speaker 2:He said, well, we paid for that tool to do what I'm asking it to do okay, I was like okay, so the lesson learned there, um was one and learning how to uh say that you don't understand something okay, okay, right, without saying you don't understand and kind of learn how to buy yourself a little time politics yeah, how to buy a little time, you know, so you can go contact, you know, go down that lifeline right, because in retrospect I really should not have been doing that, because yes it was above my pay grade. That happens, it was uh-huh, so I don't I'll call.
Speaker 2:Call it a failure because you know, but I did learn from that. You know the politics. I guess the politics right I should have. I should have voiced my I'll say my inability better. You have to buy a little more time. Yeah yeah, yeah, in retrospect I could have just said something differently and said, oh, and then contact somebody and say, hey, I need to get this done, you know, and call my manager and say, look, I'm asked to do this, and they're like, oh yeah, you're not ready for that Because, honestly, I had not been trained how to do that.
Speaker 1:But what you just described is going to happen, you know, in our career, and so look how many things you could look back on and be like gosh. I shouldn't have said that. I should have said this differently, you know. But we're still here. It's not like you. It feels at the moment like, oh, I just want to, just like you know, go away and crawl under a rock or something, but you keep going. The next day you come to work.
Speaker 2:I will say this, Dawn, and I do advise young professionals this way. You're not going to be perfect every day. Yeah that's nice, but you can't mess up every day. That is true. You can't mess up every week. So my bump in the road is not like I had all these bumps in the road when you compare my body of work to that. I weighed that bump in the road and I try to advise young professionals. That little stuff keeps coming up. It's no longer an exception.
Speaker 1:Those are signs.
Speaker 2:Yeah, that's your way of life, right Gotcha? Yeah, so we can't be that way.
Speaker 1:Yeah, no, you're right. If it's a continual trend or whatever, that's a sign you need to pay attention to that. Some kind of modification or change is needed, or you got to get some help.
Speaker 2:Yes, that's it, you know.
Speaker 1:Yeah, that, or, or change is needed, or you got to get some help. Yes, you know, yeah, that's nice. Okay, so you're a pretty wise guy, I think. Right, I mean, you taught like, look, look, maybe I'm just like in awe because I I admire teachers. I have several friends, really good friends, that are educators and I know a little bit about their jobs and what you all do is phenomenal and you wear a lot of hats as a teacher. Like you said, people think it's easy. No, it's not. So have there ever been a time I don't know whether you want to talk about in your teaching career or in information security and technology where you took an unconventional approach to something and to solve, like a problem that you came across or something like that, something that's like whoa, you know anything?
Speaker 2:Yeah, so I would say teaching, I'll use that. Okay. So in the teaching, for in the education profession. Um, not that I'm a proponent of all this standardized testing and stuff, but we would have these different standards and and we'd be given this, these uh requirements adhere to that were supposed to help support the standards, like guidelines and lessons to follow. Well, I determined just based on my you know, I'm teaching mathematics as a mathematics major- right so I'm I kind of understood a little bit about math.
Speaker 2:Um now, granted, pedagogy is different from just being a student, you know. But I just decided to kind of disregard what the standards said okay taught my students the way I felt they need to be taught, and I still accomplish the objective right, because I kind of thought things through. Yeah, I mean, I was not, I would not do anything to hurt them, but I recognize that what was what had been provided to me was not sufficient for the students. I was like that sounds like what we do in information security too, though.
Speaker 1:Like, you know, there's these standards of these best practices and guidelines and they're like do it this way for whatever, and sometimes it does require doing something a little different. You know, when you're challenged with something like, oh, maybe that way wasn't good Again. I was listening to that conference this morning and they were talking about you know, we have these rules and things and then something happens, it goes against that rule or that grain. You have to sort of reinvent or create something else and I think, as IT, it and cybersecurity professionals, that's, it's a constant cycle of that.
Speaker 2:So yeah, and I think with it in my it career because the nature of my work I think anything non-conventional maybe it's more people oriented, right, okay, it relates to governance. There's not much unconventional. I mean policy to policy to policy In terms of risk management. I'm not responsible for managing the risk. I just communicate the risk and advise on how to manage it.
Speaker 2:From my standpoint, the law, the regulation, the policy is what it is right. So I think, in that regard, being non-conventional is maybe just um, just understanding how to develop relationships and and because, unfortunately, not everybody does their job, just because it's their job, right, your expectation is, uh, you say, oh yeah, send so-and-so an email, and they're supposed to do it, and always work that way.
Speaker 1:Yes, you might need to be a little non-conventional gotcha, yes, yes, and the way that you approach the relationships. So what are we about to go back to this governance stuff? I'm not going to go there. That's a totally different conversation. We were going to go real technical just now. I was going to ask you like you have to write new policies sometimes, you know, maybe that requires something different, but anyways, because, again, our landscape's changing all the time. But anyways, I think I know the answer to this, nigel, but tell us, you've been doing this now for 17 years. How are you maintaining your passion and your curiosity for what you do every day?
Speaker 2:So, you know, I mentioned earlier, you know, being a lifelong learner, and one of the things about cybersecurity is always something new, always something new. And I have three screens here and're right there. I can't even tell you how many tabs I have open right, because you start reading something right. Yeah, keep going right. Um, I enjoy learning, right, I think that's, that's it so. I don't know that I do anything. I think it's just in me, right. Yeah, I really enjoy learning, and cybersecurity is a field that presents that opportunity.
Speaker 1:Yeah, it does.
Speaker 2:And maybe all fields do I don't know.
Speaker 1:But yeah, I just know cybersecurity interests me, I think a lot of them, do I think a lot of them, do I think a lot of them. If you want to, I think you said earlier, if you, if you want to do it well, yeah yeah, it's um, there's always something to learn.
Speaker 1:Doctors, lawyers, like being around these, because I don't know why, all of a sudden, the last few months or so, I've spent more time sort of looking at the policy side of things and regulations. I've ended up interacting or engaging with through like content with a lot of lawyers and I'm amazed, like I was like they must have a lot to learn because the law is changing all the time. You know, if you're doing regulation, the regulatory, you know landscape changing all the time, it's like whoa, they must do like what you said, nigel. After work they're spending time catching up reading and they, too, have to like keep up their education. That's part of like certification that we all do. If we have a certification, you got to keep up your education and all this stuff like that. So, yeah, I think for a lot of good feels out there, there's going to be that learning requirement going on.
Speaker 1:So let's see, you mentioned in an unconventional way that relationships is a huge part of what you do. Sometimes you've taken unconventional approaches. What you said a huge part of what you do. Sometimes you've taken unconventional approaches, what you said, and that is a little different. You know, as we started off the conversation about maybe being a pen. Well, pen test, you might have to do it too. But let's just talk soft skills, because that's what you described as a soft skill, negotiation, influencing things like that. Have you seen that change over the course of your career, like the importance of that? Do you think it has to do with your progression in your career? Maybe, I don't know. Do you understand my question? I guess?
Speaker 2:Yeah, no, I don't think it's a change. I think soft skills have been paramount and I think they will remain to be paramount, Maybe even get even more important. One of our apprentices who graduated from the program I asked well, not asked. We were talking about his experience on a particular project and I pointed out to him. I said you haven've been taught. You haven't spoken much, much about anything technical. I said you, everything you're talking about is like talking to people and how to. Oh, I've been emailed and and stuff like that.
Speaker 2:I said oh soft skills and that's one of the things we impress upon in our apprenticeship program is a soft skill nice you can't get anywhere without soft skills yeah, that's true, I mean I will. I will say this if an organization has an immediate need an immediate need because something needs to get resolved they will temporarily give you whatever you ask for to fix that problem. But as far as long term, your soft skills is what will keep you what are some of those?
Speaker 1:you think the communication, the relationship building like so?
Speaker 2:I will start with communication, and and I'll speak about communication in multiple ways, because you have verbal and non-verbal right, you have written. So all of those means communication is key. Communication is key in any relationship. What I've found is young professionals, quite often they just don't quite know how to communicate. Okay, and that can be a barrier. You know they because they can tend to frustrate somebody. No, and so one of the things I like to do is I, I advise young professionals, I say well, find out the reporting structure.
Speaker 2:You know oh yeah, you know, let you know how to communicate. Um, now, I'm not an expert. I think I'm pretty good with soft skills, but I couldn't. I don't think I could teach them because I don't recognize. I recognize the deficits, but I don't know how to create a lesson to fix the deficit. Gotcha, I can recognize a deficit in a math problem it was a cybersecurity concept but soft skills, like if you don't communicate in a verbal way, I can say you, you need some help. That's all I have for you. Well, yeah, certainly soft skills are key. We say that actually, you know, technical skills will get you through the door, but again, soft skills will sustain you.
Speaker 1:I tend to agree with that. As I've progressed in my career from the beat, from start, you know to where I am today that has more and more like and the more you work with other people and in teams and and things like that, being able to communicate all kinds of different things is important and those relationships matter because you know a bad relationship with someone can, like stop everything you're doing, exactly, exactly, and not just you know, and I'm talking about I'm not talking about your career, but just like, say, you have a change you want to put in or some kind of some policy you wrote and you need to prove that sometimes people are petty they don't like you, they're gonna exactly, exactly and
Speaker 2:and yeah and revisiting the non-commissional approach, because sometimes you can use a non-commissional approach, but if you have those soft skills, yeah somebody, they're a lot more open. Yes, yes, yes, yeah, yeah, and sometimes, look, you gotta what? Yes.
Speaker 1:Yeah, yeah, and sometimes look, you got to what they say. What's the saying? Eat crow. Yeah, like that person got on my nerves. I'm a make nice with them.
Speaker 2:That's right. That's right Because you never know what you need them, and that's what a nonverbal communication comes in. Right, you have to make sure that you're monitoring your nonverbal communication, gotcha.
Speaker 1:Yeah, it's interesting that you say that you know you can teach communication, gotcha, yeah, it's interesting that you say that you know you couldn't teach communication. I don't think I could either, but I maybe it has to be taught and I don't know. I've probably taken classes, like about communication, but I don't know. You just I guess I think we're all sort of just learn as we go. You know, um, some people are better, yeah.
Speaker 2:Like we have communication um training. It's a program, so there people can do it.
Speaker 1:I'm just saying they can train it I'm saying it's just not my thing yeah, yeah, there's definitely something I don't know. I just feel like I can, someone can train it, but practicing it, you know, it's like I told you, so you learn from the things like, oh, I shouldn't have said that that was a bad, you know, like that, all right. So, nigel, what would be the best advice? I think you might have told us, though, but anyway, what's the best advice you received? You mentioned the thing something earlier.
Speaker 2:I mentioned it, but I'll reiterate it. I mentioned that the manager told me he said because I said you know to be successful. Let me back up this is my first. This is my first year in IT. When I asked this question, I want to know what do I need to do to be great? And my manager told me to be a ravenous reader yes, ravenous reader yeah, and, and I took heed to that.
Speaker 2:That's why, like I said, I have so many tabs up I can't even count them right. And it makes sense, right, because, especially in my, in my role in grc, you know, you have, you have to read, right, you have to read. And and I just want to point out that's why people think it's easy yeah, but if you don't like to, read how easy is it going to be? It's going to kill you and you have to write.
Speaker 1:Yeah, yeah, it's funny, I think the things I did in cybersecurity was not quite GRC. There were elements of it and writing policy and standards and things. I did not enjoy it. But I remember thinking to myself and even like when I engage with the people that help with the compliance and different stuff like that, sometimes I'd be like it seems like the job is easy, but I don't know if I want to do that every day, like you know. I mean, I don't know. I've thought about it recently Like maybe that is a route to go, cause I've done the elements of it, you know, in small little chunks throughout my career but never had the role like as a GRC person. So yeah, thanks for saying the thing about the reading I like to read, but I don't know if I want to read policies and regulations in my in my spare time right, and that's the thing about it.
Speaker 2:You would you have to read, you know, from a, from hierarchy, high, high, from a hierarchy standpoint you have law, and then you have regulation, then you have policy, standard, guidelines, right, best practices, best practices. Yeah.
Speaker 1:So you have to read those things, you know yeah, I've done the reading to interpret and to implement and things like that, but not to have to ingest it to like tell people like what they should do or whatever. Okay, um, is there any? So let's turn the question just a little bit different from what you know now. Is there advice that you wish you had received when you started, that you didn't get, but you know that now. Is that my question?
Speaker 2:No, Okay, good, so advice I wish I had received.
Speaker 1:Yeah, something you know now that you wished someone had told you back then when you first started.
Speaker 2:Honestly, I would say no.
Speaker 1:No.
Speaker 2:The sun has shined on me. I can just say that.
Speaker 1:Look people on podcast listeners. You can't see that Nigel's background is the sun shining on him.
Speaker 2:I mean there's no regrets my first role. I's no regrets. Beautiful, my first role. I had a very supportive team and now, when I was transitioning, one of the things a friend of mine told me was be careful when you go into IT. A lot of people are not willing to share, yeah, to keep to themselves. It's possible I encountered that but due to my ignorance at the time, I didn't know right that they were not disclosing something, so I can't tell. But I for my, for my purpose, for my purposes, when I asked the question you got an answer.
Speaker 1:I got an answer.
Speaker 2:Nice, yeah, yeah so I do want to give. I'm trying to be this something I wish. Wish there was something, dawn, but I don't. That's okay, that's good, I hit the jackpot. I can't.
Speaker 1:You did.
Speaker 2:Yeah.
Speaker 1:And I wonder how much of that is an element of you being a transitioner, like from a totally different career into this other one. Like you probably would have learned a good bit of things in the education system as a teacher. You know interacting, engaging with young people all the time. It's just a rhetorical question, but I wonder you know that could be the maturity you had.
Speaker 2:Yeah, I tell people in my mind that the toughest three positions that I could think of frontline and military, first responders and classroom teachers. I do think my education background helped me. I'll tell a quick anecdote. I remember my first IT role. I was at my cubicle and I was working on something and had to go to the bathroom, but I just kept working, kept working. Why? Because in the classroom you can't go to the bathroom Right right. You get somebody to come watch your class.
Speaker 1:Yeah wow.
Speaker 2:So I think you know come from the environment. When you kind of have to be self-sufficient, you know, and then you're just grateful whenever you get something right. That's probably why I don't feel like.
Speaker 1:Yes, that makes sense.
Speaker 2:Yeah, I think that could be it.
Speaker 1:Yeah, yeah, and I think you probably had a little more, some maturity once coming into tech. Then maybe some other people who start out like right out of college or something like that, so yeah, okay. So I like to ask this question. It's sort of like, not about grc, not about tech, about nigel what is the most unusual or interesting job you've ever had before teaching? Let's say before teaching, because teaching is an interesting job on its own well, I started teaching outside out of college.
Speaker 2:So okay, yeah, um, so I didn't really have any interesting job. I did a couple of internships yeah in high school? Yeah, but were they?
Speaker 1:all, were they around teaching or they around science?
Speaker 2:they were engineering related. Yeah, yeah, because I'm from huntsville, alabama and oh yes, I've heard about that area and it's one study showed a few years ago that huntsville has the most phds per capita in the whole nation. So yeah, there's a big army installation there, redstone Arsenal. So I did some internships, so I wouldn't call those interesting or not or unusual. They were interesting, yes, but unusual but I do have a teaching one that's probably Okay.
Speaker 2:So, yes, I was a classroom teacher, but also I had a little television show where I was teaching mathematics. So yeah, so I would call that my mouth is wide open, y'all.
Speaker 1:Just you did.
Speaker 2:Yeah, yeah. So here in the county where I'm living I would go to the studio once a week and I'd be in there explaining mathematics problems.
Speaker 1:Yeah, yeah, I wish I had you teaching me. I mean, look, I did okay, I don't know if I knew what I was doing. Like I look at mathematicians and like how they can apply math to things and I'm just like, huh, like how they can apply math to things and I'm just like huh, I think I learned the math to learn it for what it was and not for like applications. I mean, I had to do it, obviously, engineering, you know you applied it or whatever, but it was just so conceptual, I guess, to me I never. I had a hard time bringing it down to real life application. I guess you could say but I learned it, you know, to learn it for what I needed, because I would get A's. So clearly I understood something. I just learned how to you know. But yeah, so I admire, look, I admire mathematicians, what I can say.
Speaker 2:So you taught it, so you got to know that thing really well to teach it. I think, yeah, I knew a little bit. I said new k-n-e-w. I knew those people it's funny people who know me for years. Some people still think that I teach now they haven't seen me right, so they'll. I'll get a phone call out of the blue as if I know about. I'm like no, I don't tutor anymore. Honestly, I'm not quite sure I'd be much benefit because if you don't use it, you lose it. You do lose it.
Speaker 1:Yeah and look, this is off topic too, but the math that the kids are learning today is not the math I learned.
Speaker 2:So what they're learning today is an approach and but we can talk offline about that but they learned an approach. Okay, math has not changed. I tell people this I used to tell parents this when I was teaching there is no new math. And if there is any new math, it's postdoctoral math that your child has learned anyway right right it can't be right, right, right.
Speaker 1:Okay, that's a good way to put it. Yeah, it is an approach, because the way they do long division and all that stuff, I'm like what is this like? Yeah, anyways, yeah, like you said, another topic, but, um, nigel you, thank you so much for spending time with me and the audience today. I really appreciated it. Really good nuggets of advice Always be well, you could be, but it's good to be a ravenous reader, correct?
Speaker 2:That's what You're right be a ravenous reader no-transcript.
Speaker 1:Like to share with the audience that we haven't covered, that you want them to take away with them.
Speaker 2:I would say this Just bend the universe in your favor.
Speaker 1:You can't drop that.
Speaker 2:And then like come on, that's it. That will take you. That's a whole and that will take you down. That's a whole other class.
Speaker 1:Like a whole other session. You got to give us one little bit like a bullet point under that.
Speaker 2:You're in control. That's it. You're in control.
Speaker 1:Okay, I'm going to take that with me too.
Speaker 2:I was advised to be a ravenous reader, right, being a lifelong learner. Those things I'm in control of. That, that's true. Yeah.
Speaker 1:Very true. You give me a lot to think about. Yeah, all right, thank you, nigel Audience. Thank you for listening again and goodbye everybody. Thank you for listening again and goodbye everybody. Thank you for listening to Bites, bits and Brilliance, where we seek to bridge the mentorship gap by bringing mentorship straight to you. Don't forget to connect with myself and my guests on LinkedIn, follow and subscribe, leave a review or comment and share, share, share, thank you.
