The Cyber Talent Series
Cybersecurity talent management is nuanced. Traditional best practices around hiring, onboarding and professional development may not translate effectively into the security domain. The best leaders in cybersecurity are particularly adept at assessing, measuring, and managing security professionals accounting for the unique nature of security teams.
Join Thomas Rogers, Co-Founder of SkillBit (Formerly MetaCTF), and co-host Phoebe DeVito, as they uncover practical tips and best practices from InfoSec leaders on how they excel at building and managing world class teams.
The Cyber Talent Series
Cyber Talent Series 19: Building by Doing and AI-Powered Security with Grant Smith
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Cybersecurity talent management is nuanced. Traditional best practices around hiring, onboarding and professional development may not translate effectively into the security domain. The best people in cybersecurity are particularly adept at assessing, measuring, and managing security professionals.
Join Thomas Rogers, Co-Founder of Skillbit, as he connects with Grant Smith, Red Team Lead at Ally and CEO & Co-Founder of Surface Security, to discuss breaking into offensive security. Grant shares how his experience leading red teams shaped his approach to mentoring talent, evaluating candidates in the age of AI-assisted interviews, and balancing technical expertise with strong people skills. He also discusses the launch of Surface Security, the evolving browser security landscape, and how AI is reshaping both phishing attacks and modern security defenses.
Welcome to the Cyber Talent series where we explore how organizations are closing skills gaps, accelerating onboarding, and building high-performance cyber teams. My name's Thomas Rogers. I'm the co-founder of Skillbit, and today I'm talking with Grant Smith. He's a red team lead at Ally and the CEO and co-founder of Surface Security. Thanks so much for coming on, Grant.
SPEAKER_00Yeah, thanks for having me, Thomas.
SPEAKER_01Cool. Could you just give a little bit more about your background? Would love to hear how you got started in cyber and what led you to where you are today.
SPEAKER_00Yeah, yeah, sure. So obviously I'm Grant. Started out in offensive security early on, uh, starting in the defense space mainly and working through internships and various job roles there before landing at the Walt Disney Company on their red team. Worked there for a few years, did some fun, cool stuff, as you can imagine, with Disney, but then moved on to a bank. So where I became a red team lead there. And then now transitioned more onto the blue team side and detection side where we're building out detections for fission attacks and dynamically detecting them rather than relying on threat intel feeds and static signatures.
SPEAKER_01So I know you did a bunch of stuff even before that, before you got into industry. You mind sharing what you did dating back to college? You went to you know a second rate university in Virginia. I've never heard of them actually. Um just kidding. Um yeah. So Grant went to Virginia Tech, which is an awesome school and awesome um cyber program. So yeah, could you share, share a little bit about what you did there? You actually did some work with Skillbit back in the day, too. So we'd love to hear more about that.
SPEAKER_00Yeah, sure. So starting off really young, I really wanted to get into security because I wanted to get around things. I like to get around things. Uh when I was a kid, we had parental controls on our family computer. Could only do like 30 minutes of screen time a day. That wasn't enough for me because I was playing Griopolis at the time and I had to build my city. And so found a way around those parental controls to add an admin user through Mac Safety Boot. And that was my first like hack. And I loved it from there. Loved playing pranks on kids in school, hacking into the lab computers through their default passwords and making the computers talk to people when they're on them. Fun stuff like that. That all kind of came to wraps though when one of our IT admins figured out what I was doing and caught on to some of the stuff that I was doing, which may have not been legal even though I was underage at the time. They kind of took me under a wing though, didn't report me to the cops or anything, and pointed me to pen testing, because I'd never heard of often security, never heard of pen testing. And they showed me what that was, gave me some resources on it, and said I could go major in cybersecurity at any of these colleges that I wanted to go to. And so I did. Uh I went to Virginia Tech, ended up down there, uh second rate university um down in Virginia, and uh loved it. Uh joined the cybersecurity club there. That's where I really started to kick things off with my learning through the different club lessons, CTFs that we do. The first CTF I did before meta CTF was named Skillbit. That was my first CTF, it was meta CTF up at U of VA. And incredible learning experience. Realized how little I actually know, but how much I love learning in that industry. And yeah, eventually started doing internships, worked with Army Cyber Command, worked with the National Security Agency and some other schools and organizations around that space. And eventually, yeah, I was I was doing some challenges for Skillbit. I was doing some challenges for various CTFs that we were running down at the school, and eventually became president of the Cyber Club down at Virginia Tech for a year right before graduating. From there, landed at the Walt Disney Company on their red team and then Ally Financial as their red team lead. And now here at Surface Security doing things on our own now.
SPEAKER_01Sweet. I mean, I think a theme for your background is just learning by doing and just figuring things out, even before you maybe necessarily like fully understood how to do something or why why to do something. How how much of that is like played into your professional career, like you know, approaching problems that you see at work. I love kind of this the hacker mentality of rather than like just figuring stuff out versus you know deliberating too much or overthinking anything.
SPEAKER_00Yeah, exactly. And that exactly. That and that's the mentality you kind of have to have if you're working in engineering in cybersecurity, if you work in even as like an entrepreneur, especially in cybersecurity, you have to be able to think on your feet and make decisions based off the info that you have and that you're able to research and figure out within a short span of time because you're always reacting to constantly changing situations, whether it's you're responding to an incident that you gotta figure out what you need to contain as fast as possible rather than figure out every single device on your network that could possibly be infected and contain it. No, you need to start with contain this and then we'll expand out from there as much as possible. And that's just an example. And yeah, as an entrepreneur, like you're doing those same things. Like I was in a business major. I don't I never managed finances before I started a company and never did any of that. And uh you kind of just have to learn about it. You gotta learn on the fly, you gotta do your research, but also still not over-research and not get too sucked up in making everything perfect. You do the best you can and you keep moving forward rather than pausing for too long and falling behind.
SPEAKER_01So when you talk to people that are trying to get into cyber now, or maybe you know, your direct reports, or you know, people that you've worked with closely that are early in their career, how does that shape the advice that you give them? Curious the types of questions you hear and what kind of advice you give people who are wanting to grow in their career but maybe aren't quite sure what to do.
SPEAKER_00Yeah, yeah. I really tell them to find an area to focus on. Security is like a broad industry. It's not just, oh, I know Active Directory or I know networking. It's cloud security now, it's AI security, there's compliance and GRC, there's so much other stuff out there that falls under security that have their own different niche roles. And if you can fill that role, most teams aren't looking for just a security person. They're looking for somebody who can fill a specific role, such as cloud security or AI security, or a red teamer that knows web apps, or any GRC person that can do their SOC2 compliance and make sure it's up to date. There's all these different roles out there that are so specific and so niche. You can find what you love, do that, become an expert in that, and then find a role that fits that rather than just be an expert at nothing but generalist at everything.
SPEAKER_01What have you learned about I guess the communication side of things within cyber, whether it's working with other teams in the organization to share, you know, things you're finding, whether it's people that you're working with directly on your team? Because I I think a lot of kind of individual contributors when they get started in their career and engineers in general, I think a lot a lot of people like to kind of be in a silo and just do the work and really enjoy that. So, what how has your perspective on communications changed?
SPEAKER_00Yeah, it it really changed when I became a lead as just an engineer or intern or red teamer. Uh, all those different roles, all I see, as you said, individual contributors. And you don't really have to worry about what's happened above you too much. You report up your findings, you report up your project, you fix that issue, report that bug, and then just handled by somebody else. You don't really have to see that unless it's like a remediation follow-up. As a lead, and as you get higher up in an organization, you start managing those handoffs from one team to another, and you start managing those relationships between teams. And specifically in red team, and that involves a lot of trust because you're coming to different orgs or different teams and saying, Hey, we're gonna go into your live production system and not take it down. Please trust us to do that. And it's hard, it's hard to do that, it's hard to convince people that. So you have to have a good track record, you have to have good relationships with other folks that they might trust already. And it's a lot of building relationships, networking, and building trust with other teams. And that's just my experience on the offensive side of things. With every other team, it's essentially the same thing, though. You have to, as a SOC manager or security automation manager, you have to have the trust of other organizations and like different teams to say, hey, let's install these agents on your machines. And we won't, we're we're not, we're not gonna mess them up, we're not gonna slow them down, but please just trust us on that. And so that that just takes trust and networking and time. It's all people skills at that point.
SPEAKER_01I think a lot of people think that when you think about a pen tester or off-sec engineer or something, they sort of skew towards the technical skills being the most important part of the equation. And I I think it obviously is important, but how would you assess that versus you know some of the things that you just talked about? And how would you kind of blend the importance of those two?
SPEAKER_00Yeah, so technical skills obviously are huge. I mean, security, having strong technical skills is important, especially for an individual contributor role, but it's not everything. I want you to be able to do these highly technical things and then be able to report out those specific findings in a way that people can understand, not just other security engineers, and even they might not fully understand it, even if they're the app owner, system owner. You have to be able to translate that to them on a technical level so that they can remediate it and also translate it for higher-ups in some sort of executive summary type manner. And finding somebody that can do both of those effectively is really hard. And so we'll do technical assessments of applicants, and they might be able to solve every machine in the lab that we give them during the assessment, but then the report is terrible because we don't understand what they did. We don't understand why they're doing it this way, how the system can be fixed, how it can be remediated. You need to be able to translate all of those both in write-in and verbally during your briefout to app owners and system owners and executives if it gets up to that point.
SPEAKER_01How much harder is AI made that evaluation? Like trying to figure out a person's skills and like what they understand and kind of all that stuff.
SPEAKER_00It's made it a little bit harder because obviously there's people using AIs in interviews and there's all these different apps to do it nowadays. But there's a cost benefit you gotta do with it. Like you can't stop everyone from using AI, and you can't detect everyone using AI. And so we use AI in the workplace now. Every organization basically is moving that route. And so it's becoming more and more okay to use it. And so I think allowing them to use it on different tasks in a manner that doesn't compromise their integrity or the integrity of the test. So whether it's just simply asking AI questions about certain things or having to write a quick script for you, like that's totally fine. Like you're gonna do that in the workplace anyways. But when we're doing like a technical interview and we see somebody clicking off to the side or like reflection in their glasses of an AI summary appearing on their screen, like that we don't fly with, and we're not gonna pick that person. And you can't catch them all, but it eventually comes out based on just how they're speaking. You can tell they're reading something. You do have to know your stuff still. But AI does help throughout the process.
SPEAKER_01And that's where I I think the assessing for the soft skills is so much more important in understanding the person holistically. And you can like you can tell if someone understands one of the labs, you know, you're talking about the labs that you all use in assessing candidates. Like if you if you ask someone to like talk you through it, they might be able to write a report or an LLM can write a report for them. But if they can't explain, or you know, you ask a couple follow-up questions, I feel like it's just like going deeper on like into more of a case study process than just a traditional like, let's check the box and sh and prove that they know, you know, they have a baseline technical capabilities. There's so much more other important stuff. And that doesn't even hit on like some of the behavioral stuff. Like, is this person curious? Are they a hard worker? Are they good to work with? A lot of those things, which you can kind of suss out in these sort of case study cyber range environments.
SPEAKER_00Yeah, exactly. And it's so easy to tell if somebody actually likes what they do, loves what they do, is interested, just based on like a few personality-based questions. Like you don't even have to dive in technically, but like if we're talking about, okay, what did you do back in school? And they're like, oh, I that was part of the cybersecurity club here, or I started the cybersecurity club here because there wasn't one, or I joined all these different CTFs when I was in school. Like you can tell that person likes what they're doing and is active in the space and really interested in expanding their skip slide.
SPEAKER_01One of the ones we asked recently was what was like what was the most interesting CTF challenge you've seen recently? Because yeah, a lot of the candidates we talk to will, you know, share how excited they are about CTFs and how how often they do them. And then you ask them what's the most interesting CTF question you've seen, and they don't have an answer. That means they probably aren't actually as active as they say they are. So interviewing such an art, just trying to dig deeper than surface level and try and understand. And it's really, I think the hardest part is actually like I don't think I ever did a virtual interview, obviously until post-COVID. And so, like, so many of the interviews before that were in person. And I think there's a lot you can pick up when you're able to do interviews in person that you it's tough to catch virtually, and yeah, people can't just like tab switch during an in-person interview. Yep. Yeah, exactly. Makes it a lot easier. So with now you've you know you've had some leadership roles. I know you're still, you know, you're earlier in your career too, but even dating back to college, like at Virginia Tech leading the cyber club. How do you think about leading in cyber? Like, what do you think are some of the most important things with regard to that?
SPEAKER_00Yeah, leading cyber is similar to some other leadership roles and not similar in other ways. Like it's an interesting one because it it's such a technical field, such a fast-paced field, ever-changing. But some of the core leadership principles of delegation and care about your people. Those are the two like big ones that I've taken away. And a lot of us who are technical in the cyberspace don't like to trust other people to do the stuff that we used to do, or we think we could do better, at least for right now. And so when you get into a leadership role, you can't do everything. There's not enough time in the day to do it. You could then you're gonna burn out real quick. Finding a way to give tasks off to people that you trust and that can handle them, and even if you don't trust them right off the bat, building a way for them to learn about how to correctly do it in the way that you would do it yourself, and teaching them and mentoring them that way, that's the biggest part. So that now this you trust this person, you've given them the insight. Yes, they might get it wrong one or two times, but now after that second time, you can trust them with that task because they're doing exactly how you would do it, hopefully, or maybe even better, because they have more time to do it. And then with caring about your people, it's very straightforward for the most part. If you don't care about your people, they're gonna burn out, they're gonna not like you, they're not gonna work with you. It's tough. You gotta come in caring about your people every day, caring about them outside of work. Like they come in to work, they're not leaving their personal life out the door. It's not severance, like they're gonna they're gonna come in, and if they're having a bad week, bad month, bad day, that's gonna affect their work performance, and then that affects you. And so you gotta treat them like humans, you gotta ask them about their life in a professional way. Obviously, you don't want to dive into random stuff about their life if you don't need to, but you gotta give them time, take care of themselves, use what flexibility you have as a leader in that organization to give them the space that they might need, give them the time they might need. Or if they're really excited and they're just like, I hey, or not just excited, but they want to distract themselves with work, like, hey, I got this task that is really down your alley, like you're really interested in this, go focus on this and get your mind off whatever other thing you you might be thinking about. So it's not just like giving them time and space, it's also okay, here's this work that you really want to do rather than this really mundane work that uh you're already feeling pretty bad today, like go focus on this fun project instead.
SPEAKER_01What have you learned about feedback? Like, I'm sure it's fresh enough for you where you've been on the receiving end of feedback in you know in the workplace, which isn't always the most fun. And then you also presumably have had to deliver feedback as well.
SPEAKER_00What have you learned about how to do that? Don't be around the bush, be direct into the point. When you're giving them feedback, don't just say, okay, everything's good, everything's good until it like adds up and it's bad. Cut things off when they're starting to get bad right away, rather than waiting for it to get worse, which I hopefully won't. And also that allows them to fix that issue right away rather than they keep doing the same old thing that you don't like or is reflecting poorly on you as a leader. And yeah, it's really about just being up front with people and it people like honesty, people can tell when you're being dishonest or uh being around the bush, like just be straight up with them, don't give them any BS essentially.
SPEAKER_01I totally get that. And I I think that the last part of your prior answer when you talked about just caring about people, I think that sets up and makes the feedback thing so much easier when you have the relationship with the person so that they understand that this is coming not from like a place of you did something wrong, but from a place of like, I know there's more in there, and this wasn't, you know, the quality that we need, or you know, something like that. We had a whole episode a few weeks ago that was about like psychological safety within teams of feeling like yes, this person cares about me and is invested in my career. And so when the feedback comes, it's not, you know, oh no, the world is following. It's like, hey, this person works with me and cares about me and wants me to do my best work. So yeah, I mean, I think that that sets it up and makes it so much easier. So I want to shift a little bit. So I heard of an interview recently with Brian Chesky, the Airbnb founder, and he was talking about it was actually a very bullish position on AI and just how the future is going to be, it's it's almost gonna like cut out the pure people manager where managers are gonna be kind of player coaches where they're gonna they're gonna be doing work too, but they're also gonna be there as leaders and managers, but not just managers. I mean, you now you're running a startup, so you're obviously doing a lot while leading. And then, you know, I I assume as a red team lead, you're also it's kind of similar. You you can't just delegate everything. So, what's been your experience with leading by doing? And I guess like how much real work are you doing these days?
SPEAKER_00Yeah. Um still doing a lot of real work. So when you first started giving that quote from him, I was kind of sussed out a little bit, but I actually kind of agree with it. And so AI allows you to do more with the time that you have, and managers and leaders don't usually have a lot of that time because you're sitting through meetings, you're scheduling things, you're delegating tasks, you're organizing, you're meeting with people. Like it's there's so much going on in your day, and a lot of it is just talking to people and getting things organized. Being able to do those individual tasks, if it's able to automate some of those away in a way that is acceptable to you, then yeah, hell yeah. Like I don't know how many PowerPoint slides I've had to make. And if Claude or ChatGPT or Perplexity or whatever can make slides that are good and acceptable to me and meet the standard, then I'm gonna use it to automate doing that task so I have more time to go to my extra meeting that day or something, which obviously I'm not super excited to do it all the time, but you have to do it as a leader. And you're always fighting to have more time to do more things because the more you can get done, the more you can do as a leader, and especially as a startup, the more you can do the the faster you can grow.
SPEAKER_01Yeah, I I think um, yeah, just people able to get more stuff done than than usual. And and like I said, I think it was a pr it was a pretty like pro AI case. It wasn't like, oh, security isn't gonna exist in the future or anything like that, which I've you know seen seen some of those takes too. So uh it was better than usual. Um cool. I want to pivot and go to Surface. So could you tell us a little bit about what Surface Security does? I know you you all just came out of stealth this week, so and you have an awesome pullover already with a great logo. So if for the people they can the video, so yeah, tell us about Surface.
SPEAKER_00Yeah, so Surface is a enterprise browser security platform, and it's essentially a security analyst in your browser. So it allows you to see visually and at code level detect fission attacks, along with doing a number of other things that you would do from a security perspective, anyways, in the browser. So that's data loss prevention, that's shadow AI detection and prevention, all while maintaining your data sovereignty. So just like your security analyst goes and signs an NDA, they're not going to go export all your sign logs to some third-party cloud or something. We don't do that either. So we deploy in the environment, we maintain that data sovereignty while also giving you that adaptive and dynamic detection of phishing attacks and various other data loss prevention cases.
SPEAKER_01What led you to this?
SPEAKER_00Yeah, uh it was really a gap I was seeing at every place I worked at. So when you're in offensive security, the most popular way to get in is through phishing. Still, it's a problem that just has not been solved yet. And the only way to really detect these types of attacks is to learn about the environment and build that up over time and continually learn over time. And so looking at where people are logging into, what those blogging pages look like. Because when a attacker comes in, they're gonna clone. Or make it look like it's a clone of your internal login page, which is different from the standard Microsoft login page, or your Octopage or Duo, whichever platform that you're using. So if you create static signatures, which every other provider does currently, of those different login pages that are publicly available, it's not going to cover those targeted attacks on users or targeted attacks on organizations. And so we built a ML algorithm and a platform that does that all from a browser extension from basically crowdsourcing from employees and contractors that data of where they log into, what it looks like, and able to detect cloned and impersonated logins from that. And then because we're already in the browser, we do all those different data loss prevention and shadow AI detection and attack surface mapping as well. And then one final thing that we were missing at every org I was at was maintaining that data. We don't want every login page fingerprint and every credential that they type and all that leaving our network. And so we deploy in their environment or in their cloud so that they can maintain that and control what leaves and what doesn't.
SPEAKER_01That's super interesting. I'm familiar with one other browser security startup that's grown a lot in the past few years, but I'm curious your perspective on where browser security is going. Because it's it's still new-ish. I think one of the analogies I heard with browser security is trying to make like uh an existing browser secure is like trying to trying to turn like a Toyota camera into like a sports car or something, like a race car. And it just wasn't built for that. So yeah, it's it seems like very logical that you would start from a place of security and then kind of go from there. But it seems like we're still early on in browser security. So, like, what do you where do you see this going?
SPEAKER_00Yeah, we definitely are early on. Obviously, there's some players in the market that there's other companies out there doing browser security, but they all have their niche that they get into. So whether it's just focused on security and not data loss prevention, or it's just isolation and not detecting attacks and fission and identity hacks, or it's data loss prevention and not really focused on security. And they all have their like different area. And that's okay. Like that that that's what if that's what they want to do. But be in that browser, being in the browser, why would you not do all of them? And in a better way to adapt to how AI attacks are happening right now. So whether you go to Claude right now and ask it to build a fake login page for your website and it's actually just Microsoft, and you just replace the logo there from it, or you have it build or have uh have it spin up a new like attacker in the middle type attack where it's basically like evil jinx, if you're familiar with that toolkit. All those different attacks, you can't signature them easily. There's no easy static signature that you can just plug in and do throughout. And you can't rely on threat intel feeds because somebody has to be or has to have looked at and caught that attack for it to go into the Intel feed. And so that's already too late at that point. So if you're being targeted by somebody and somebody's doing spear phishing or even if it's just a mass scale phishing attack against your organization with a targeted kit, you're not gonna detect that with the current tools out there because they all rely on things that take too long. And AI is fast, as we know. And so because we're able to put that security analyst in the browser, we're able to visually see, okay, like you still have to look like the Microsoft login page in some way. You still have to say Microsoft, you still have to say that organization's name. You still have to say please log in here or net or like enter your credentials here, or whatever the term might be. And so we're able to visually see that. And also, of course, we're able to detect at the code level different fishing techniques that are done there. And so the combination of those signals that goes into our patent pendant uh surface vision algorithm, and we're able to figure out okay, this is a fishing page, and we'll all be able to do that in like the blink of an eye and catch those attacks, even if they're targeted, even if they're brand new kits out there.
SPEAKER_01Makes total sense. I'm curious what the user experience you'd expect is kind of like with the browser. I I know it's obviously one of the most used types of applications that exist today. So how are you thinking about that?
SPEAKER_00Hey, again, we're wearing we're wearing many hats as entrepreneurs. So from the user side, it's really quite simple. So it's a browser extension. It plugs into your browser. You don't have to go rip out and replace your browser as some of these other solutions make you do. It doesn't slow down your browser. It just plugs right in. You don't have to do anything on your end, it's just configured by your IT admin. They push it out by group policy, and then it's live. It'll check into the server that's deployed inside of your network. So there's not really that much latency unless your VPN connection is really spotty. But it's all deployed for you in your network. And then on the end user side, it's just an extension. And so unless you visit a fishing page, you're not really going to see it. Um, and when you do visit a fishing page, yeah, it's gonna pop up and block it and tell you why, and then also give that info to your admins.
SPEAKER_01Cool. So you've led red teams, you've worked on red teams, you're leading a startup, and you've worked at some big companies. So what's that been like?
SPEAKER_00Yeah, it's it's really again the wearing many hats. When you're in like a large organization, you have a lot of goals, but it's all focused on this just one thing, like just this one area of security or this one specific objective. When you're at a startup, you have so many objectives and goals, and they're all over the place, whether it's financial, marketing and sales, your grow-to-market plan, your technical side, so actually building the applications and features. You have all of that that you're managing. And it's difficult, but it it comes back to just being driven to succeed. And so um, uh if you're a large organization, if you fail one of those goals, like yes, depending on the goal, it can be bad, but it's usually not the end of the world. And it isn't as a startup either, but those goals mean a whole lot more to you as a startup. And being your startup, it means a whole lot more to you as well. And so you're just a lot more driven in a startup to get those goals completed. It's not just about your performance review anymore. It's about, okay, like, does this company fail or grow really fast? Like that that's what it comes down to.
SPEAKER_01Yeah, that's great, great way to put it. So we ask the same closing question every time. And the question is if you were starting your career in cyber today, what would you tell yourself?
SPEAKER_00Good question. I would probably tell myself to just build stuff earlier. Yeah, so like myself included, a lot of people in security want to go do those certifications uh tools and uh just follow like the perfect path. Like you see all these images online of like the perfect certification career path. You go get your EJPT, your OSCP, and your like on the offensive side or defensive side, you can your blue team level one, whatever, whatever those different certifications might be. But what really grew my career wasn't certifications. It was building things, it was breaking things, competing in CTFs, meeting people through those, joining those communities, and then just putting people around myself that are better than me, which is hard. Like I came into school at Virginia Tech and I was like, oh, I know so much because I hacked into all these computers at my high school that were very insecure. No, I didn't know anything. I I came to school and there was a kid there that could do rock chain exploits as a freshman as well, and I had no clue what the hell that was. And so like advanced binary exploitation stuff uh was way out of my league at the time. And I it really hit me like a brick wall. You kind of feel bad, you get that feeling of not knowing as much as you should, but you really got to grow from there and persevere through that. Build stuff, break stuff, have your wins, have your losses, and surround yourself by people that are better than you.
SPEAKER_01Awesome advice. Great place to close. Well, thanks again so much, Grant, for coming on. Congrats on coming out of stealth and excited to see where Surface goes in the next few months and years. Thank you. Thanks for having me, Thomas. That's a wrap for today's episode of the Cyber Talent series. If you enjoyed the combo, make sure to subscribe on Spotify. Also follow us on YouTube and subscribe there. We'll be sharing content there as well. For ongoing tips on hiring, retaining, upskilling your cyber workforce. Make sure to follow us on LinkedIn and check us out at medic.com. Thanks for tuning in. We'll see you next time.