Cybersecurity Is About People: Cybersecurity Insights with Jeannette Jarvis (CTA).

Show Notes

In this English-language episode of My Precious Data, cybersecurity expert Eddy Willems sits down with longtime colleague and industry veteran Jeannette Jarvis from CTA.

Eddy and Jeannette go back to the late 1990s, a time when cybersecurity was still a niche domain, long before it became a boardroom priority. Their conversation reflects not only decades of experience, but also the evolution of the industry through very different lenses.

This episode also marks a small but meaningful milestone: it’s the first time Eddy welcomes a female cybersecurity expert to the podcast, bringing a fresh and valuable perspective to the discussion.

“Cybersecurity has always been about understanding behaviour, not just technology,” says Jeannette Jarvis.

“We often focus on systems, but it’s people who make the difference between security and vulnerability,” adds Eddy Willems.

Together, they explore how the human factor, awareness, and communication have become central pillars of modern cybersecurity.

Topics discussed:

• The evolution of cybersecurity since the late 90s 
• The importance of human behaviour in security 
• Awareness, education, and communication challenges 
• Diversity and perspectives in cybersecurity 
• Lessons learned from decades in the field 

“Technology changes fast but human behaviour changes much slower. That’s where the real challenge lies.” – Jeannette Jarvis

A thoughtful, honest and engaging conversation between two experts who have witnessed and helped shape the evolution of cybersecurity over decades.

Transcript

SPEAKER_00 0:04

Welcome to My Precious Data, the podcast by Eddie Willems, where we explore the world of cybercrime and incidents affecting our society. In this series, we engage in conversations with Eddie Willems, security evangelist, globally recognized cybersecurity expert and international keynote speaker. Eddie also dives into conversations with fellow experts to share insights and explore new perspectives. Together, we highlight the latest security trends and discuss preventive measures to help avoid these kinds of problems.

SPEAKER_01 0:43

Good morning, good evening, good night, or whenever you're listening, welcome back to my precious data. Today's guest is someone I'm very happy to welcome. Not only a respected cybersecurity leader, but also a good friend I've known for many years. She plays a crucial role in bringing competitors together for a common goal sharing intelligence to stop cyber threats. Please welcome Jeanette Jarvis from the Cyber Threat Alliance. Hello, Jeanette.

SPEAKER_02 1:17

Hi Eddie, thank you for having me. Good to see you.

SPEAKER_01 1:20

No problem at all. I always, well, I was looking forward because you're the first woman in my podcast.

SPEAKER_02 1:26

Well, it's about time.

SPEAKER_01 1:27

Yeah, I know. Anyway, um, Jeanette, first of all, where yeah where are we over here? Well, yeah.

SPEAKER_02 1:35

We are in Innsbruck, Austria, of all places. It's a lovely city. We're here for the A V Comparatives and the Carroll conference.

SPEAKER_01 1:42

Exactly, exactly. Yeah, we try to record always uh yeah, yeah, at some special places like uh conferences or whatever, isn't it? So you and I go back quite a while. Do you remember how and when we first met?

SPEAKER_02 1:56

You know, Eddie, I've known you forever, for a very long time. We met either at a virus bulletin conference or iCar conference very long ago.

SPEAKER_01 2:04

I think it was a virus bulletin. Was it virus bulletin? Yeah, I think it was somewhere, I don't know, uh not sure, maybe in the US. But a very long time ago.

SPEAKER_02 2:12

Yeah.

SPEAKER_01 2:12

In the 90s.

SPEAKER_02 2:14

Yeah, my first one was 1997. You've been around a little longer than me.

SPEAKER_01 2:17

It it it it must be. It's 97, 98, something like that. Yeah, yeah. You see, well time goes fast.

SPEAKER_02 2:24

Well, and we used to uh well, and we still do for that matter, tour around whatever city we're in, whatever country we're in, we go tour around.

SPEAKER_01 2:31

True, true. So for the listeners who may not be familiar with your background, how did your journey uh into cybersecurity begin? You worked for several other security companies, I know, and you worked for something completely different as well. So tell tell us about that.

SPEAKER_02 2:47

Yeah, for sure. Well, my cybersecurity career started when I was working at Boeing. Initially, I was in tech support at Boeing. One day I read a book, uh, The Cuckoo's Egg by Clifford Stoll, and it was really compelling, true story of one guy uh trying to find attackers who broke into the system and stole some money. And uh I was really uh intrigued by the story. And then one day while working in tech support, I read the Boeing News. They had an internal newsletter back in the day. Of course, everything's online now, and I was looking at the job listings, and there was this job for uh AV, antivirus, and firewall and encryption um strategist. And I read the job and I thought I that's my job. For some reason, I knew I was gonna get the job. Yeah, so I applied. I was the only person that had applied for the job. It had been open for two months.

SPEAKER_01 3:40

Okay.

SPEAKER_02 3:40

Can you believe that? That's back in the 90s.

SPEAKER_01 3:43

Yeah, yeah, yeah. Back in the 90s, yeah.

SPEAKER_02 3:45

And uh I got the job and I started working strategy uh for Boeing. So it was great. I I got in uh really the somewhat near the beginning of viruses happening, and I gotta grow and learn with the industry. And meeting people like you and others at these events taught me and I listened and I learned, and it's it's a good idea.

SPEAKER_01 4:06

But you also worked for a couple of other companies as well. Cybersecurity companies, isn't it?

SPEAKER_02 4:09

Yeah, I left Boeing and I went uh to Microsoft. We were the customer-facing cybersecurity organization, and that was great. I left there to go specifically to uh work at vendors, uh security security vendors. So I I worked while at McAfee, we um uh created the cyber threat alliance. So I was involved with that from the day one.

SPEAKER_03 4:30

Yeah, yeah.

SPEAKER_02 4:30

Uh left there, went to Fortinet, who was also a founding member of the CTA. And and then I came over to the Cyber Threat Alliance.

SPEAKER_01 4:39

Yeah, okay, but we come back to that one later on, actually. Uh because that is another question I wanted to ask you because some people know you also as what we call the fourth amigo. Can you explain the public who the four amigos are and and tell the listeners a little bit more about it? Well, it's a little bit a strange question, I know, because yeah, you yeah, go ahead, you know.

SPEAKER_02 5:03

Well, you're one of the amigos. Yeah, I mean, there I'm the amiguette, I'm the only girl amigo, right? There's Richard from the Netherlands, uh ESAT, and um Louise from Spain from Jinn, and good old Eddie from Belgium. Uh that's me.

SPEAKER_03 5:21

Yeah.

SPEAKER_02 5:22

Um, I remember we were at the Denver uh conference and we were touring around the city, and I stopped to take a picture of you guys once and I said, Hey, my three amigos, and yeah, it just kind of stuck. And that's how it started. Yeah, you guys are my three amigos.

SPEAKER_01 5:36

Yeah, and since then we are called the uh well more or less the four amigos of uh the security industry, I think.

SPEAKER_03 5:43

Yeah.

SPEAKER_01 5:44

It's a very strange thing, but uh yeah, everybody uh yeah seems to know us like that. But coming back to well, uh the first thing, so about the Cyber Threat Alliance. So for people um hearing about it for the first time, what exactly is the Cyber Threat Alliance and and why was it created?

SPEAKER_02 6:04

Well, CTE at its core is a threat intelligence, not for profit collaborative. Um for all practical purposes, it's a cybersecurity industry ISAC. So our members share threat intelligence.

SPEAKER_01 6:16

Exactly. Yeah.

SPEAKER_02 6:17

We were founded when um some fierce competitors decided to work together to better protect their customers and the digital ecosystem by sharing uh threat intelligence. The founders were Paulo Networks, Fortinet, McAfee, and Symantec. They understood that no one has all of the intelligence. Everybody brings something unique to the table. And the CEOs acknowledge that they compete on the technology, not on the intelligence. And we need to be working better together and sharing information if we want to better protect the ecosystem.

SPEAKER_01 6:50

Indeed, yeah. Now, a lot of people which are maybe listening to this uh podcast don't know exactly why that sharing of that threat intelligence is so critical today. So can you a little bit elaborate on that one?

SPEAKER_02 7:05

Why is it important?

SPEAKER_01 7:07

Yeah, why is it important? Yes.

SPEAKER_02 7:09

Well, look, nobody has all the data, right? Despite what they market, um, we are all better and stronger when we work together. I mean, there's just no doubt about it.

SPEAKER_01 7:17

No, that's I I totally agree, actually.

SPEAKER_02 7:20

I mean, adversaries share tactics, they share techniques, they work together, they share infrastructure even.

SPEAKER_01 7:26

Yeah.

SPEAKER_02 7:26

You know, why are the good guys not working better together?

SPEAKER_01 7:28

Yeah, I know, and that's a little bit uh very typical in our industry, of course, because uh not a lot of industries uh are actually doing something like that. So um what kind of organizations typically participate at uh in CTA? What do they gain from it?

SPEAKER_02 7:45

Well, we currently have 38 members, they're headquartered in 13 countries around the world. Um we're we're very global, um, and we have many more in our pipeline that we're working with to join. Um but anybody that uh has cybersecurity threat intelligence that they can share, generally it's cybersecurity vendors, but there are many organizations that have strong cybersecurity groups within their own right. Um we're very excited. Um, we're about to announce some uh cool new people or cool new members uh during RSA. And um, but you know, it can be anybody from endpoint security to network uh telecoms, we have MSSP members. It really uh crosses a broad spectrum.

SPEAKER_01 8:29

It's a mixture.

SPEAKER_02 8:29

It's a mixture, yeah.

SPEAKER_01 8:31

Yeah, exactly. So uh, well, cybersecurity vendors are competitors by nature, of course. So how difficult is it to convince them uh to collaborate openly, you know?

SPEAKER_02 8:42

Is that uh we get to ask a lot, right?

SPEAKER_01 8:45

It's it's it's not easy, isn't it? No, but again, we were um founded by competitors who yeah, so they already saw that it was important for them, I suppose.

SPEAKER_02 8:56

And many of our competitors, many of our members are competitors with each other, not just those four founders. Um, you know, it isn't difficult for our members to collaborate. Um they have to come with an open mind. Um, I would encourage vendors who are not members to join. You're gonna get intelligence that you don't already have.

SPEAKER_03 9:14

Yeah, exactly.

SPEAKER_02 9:15

Your customers want you to be collaborating. When I was working at Boeing and responsible for protecting key uh platforms at Boeing, I was frustrated when my vendors weren't sharing intelligence. So it's protect, you know, it's affecting me, protecting my company.

SPEAKER_01 9:31

Exactly. Yeah, I totally agree. So, what are the biggest barriers to effective uh intelligence sharing? Is that technical, legal, or cultural?

SPEAKER_02 9:41

It's all of those. All of those. Yeah. So cultural. Um there are still vendors who feel that they're sharing their intelligence uh undercuts their business model. And that's just simply not true. You should be competing on your technology, right? Not the intelligence. Um and technical um challenges are technical and operational resources. Um in CTA's model, you need to connect to our platform and set up. That takes a little bit of time. And also I find that organizations they just have their own priorities and roadmaps that they need to factor in, in addition to working with us.

SPEAKER_03 10:21

Yeah.

SPEAKER_02 10:21

So that takes time, right? Exactly. Generally, once you're set up on our platform, um it's you know, the resources are minimal by all means, but it just takes time to get engaged.

SPEAKER_01 10:33

Okay.

SPEAKER_02 10:33

I would say also there's an economic factor.

SPEAKER_01 10:37

Oh, yeah.

SPEAKER_02 10:38

So, and then I break that into really two pieces. One is, you know, we're a nonprofit, we're a 501c6 membership association. So our entire revenue stream is based on membership fees. Um, we try to keep our fees really um minimal. We obviously we have to run a business, but we also want to make sure that we're not pricing out small and yeah, you know, I know what you mean. Um, or you know, nonprofit or uh not nonprofits, but startups.

SPEAKER_01 11:08

Exactly.

SPEAKER_02 11:09

Um and then sometimes companies don't have this in their budget. So they want to work with us, but they didn't budget for it. And so we have to uh wait a year or or what have you.

SPEAKER_03 11:22

Of course.

SPEAKER_02 11:22

But but you also mentioned legal, and I want to mention that um they're members are always not going to be sh able to share everything, right? And sometimes that's for legal concerns. They have contractual agreements with their customers or others, or maybe they're also involved in investigations and they can't share. We understand that. At CTA, you just need to share a certain amount of points to a certain amount of data to meet a weekly point average.

SPEAKER_01 11:51

Exactly. Mm-hmm. So have you ever seen a shift in in mindset over the years toward more openness and cooperation?

SPEAKER_02 11:59

Yeah, I think public-private partnerships are encouraged now, and many uh security strategies promote this. Folks are realizing that we all really need to work together to put the pieces of the puzzle together in order to better protect the ecosystem. We need to know what the adversaries are doing, we need to connect the dots, we need to share so we can be proactive and putting security controls in place to protect our customers. So, yeah.

SPEAKER_01 12:25

Okay. So um let's go to the evolving threat landscape. So, from your perspective at CTA, how has the threat landscape changed in the recent years?

SPEAKER_02 12:37

Yeah, that's uh it's changed a lot, right? Um I would say the barrier to entry has gotten lower. There's a lot of tools available online now.

SPEAKER_03 12:46

True.

SPEAKER_02 12:46

Um, and it makes uh the work of the bad guys a lot easier than it used to. Uh they um can make a lot of money, the profit remains high, so that's a motivation for them. Um I would say that thing uh organizations or company sorry. I would say that countries like North Korea, where they have forced labor camps, um uh is a big problem for us, right? There's scams and fraud um that um are hard to fight against and it's hard to stay ahead.

SPEAKER_03 13:21

True. Yeah, yeah.

SPEAKER_02 13:22

Nation states are bolder now. We see that with assault and full typhoon. Yeah. Um I don't I just don't see anything slowing down. Geopolitics, you know, isn't helping at all.

SPEAKER_01 13:32

No, no, no, no, no, indeed. Are there any types of threats that you feel which are still underestimated by organizations, you think?

SPEAKER_02 13:42

Well, I think I would focus on two things, Eddie. One is the supply chain, right? I just don't think many companies fully understand the interconnectivity of their software and then understand the impact when that service has been breached or attacked. You know, with with all this interconnectivity, you often don't even know the people involved in um in the back end and in those services and products. And um, you know, you're not vetting them. You don't often know if they're patching those services and products appropriately. Um, so I think the supply chain is a big problem, it's gonna continue to be. Um, and I know that people try to address it through S-bombs, security bill of materials, but that's very hard to keep up, right? Because files change all the time. Um I think people know the problem, but they just don't know how to deal with it, right?

SPEAKER_03 14:38

Yeah.

SPEAKER_02 14:38

Um, and some are. Um yeah. And and S bombs are really a catalog at one point in time, anyway, right?

SPEAKER_01 14:47

So yeah, I know. It's also, yeah, people well, yeah, companies should maybe use it much more than we do these days. That's right.

SPEAKER_02 14:54

I would also say the other one would be legacy software and technical debt, right? We have a lot of software out there that um is legacy, it's not being updated.

SPEAKER_01 15:03

Oh yeah, also true, yeah. Um, do you think faster sharing could have reduced the impact of some major incidents we've seen?

SPEAKER_02 15:12

You think something like Yeah, uh faster sharing could have reduced the impact of several major cyber incidents. Um but the nuance is what gets shared when and between whom determines whether sharing becomes the force multiplier for defense or just simply noise, right? I attest that many of the most damaging breaches in recent years were worsened, not by a lack of technical capability, but by delays in communication, siloed information, and just that hesitation to disclose information early to help. When sharing works well, it creates that network effect. Yeah, each participant becomes safer because everyone is contributing signals.

SPEAKER_01 15:57

Exactly.

SPEAKER_02 15:58

That's why CTA works. That's that's why sectors such uh that have strong ISACs like FSISAC, the financial industry, uh work. They're able to respond more effectively from with emerging threats. But when sharing is slow or incomplete, attackers gain the advantage, right?

SPEAKER_01 16:16

Yeah, yeah, yeah, true. Okay, let's go to the human side of the threat intelligence. Um so technology enables sharing, but trust enables collaboration. So, how do you build uh and maintain trust among CTI members?

SPEAKER_02 16:34

Yeah.

SPEAKER_01 16:35

Maybe a difficult one, I don't know.

SPEAKER_02 16:37

Well, it's a question we get asked now and again. Um, even when we first started CTA and I was in a meeting with press, and they were asking, well, how are you gonna trust each other? Well, honestly, you have to start with trust. You know, members hold each other accountable. First for sharing valuable and timely content, and second to adhere to the TLPs that's associated with that content. We have a program that's called Early Share. So um it's a program where our members share research, blogs, reports with each other, generally 24 to 72 hours before they publish it publicly. So um it all comes with TLP. Um, and that trust has never been broken in all these years. And CTA just celebrated its ninth anniversary since Bounding is a nonprofit.

SPEAKER_01 17:30

Yeah, look at that. Okay. So do people sometimes underestimate human and relational aspect of cyber defense? What do you think?

SPEAKER_02 17:40

Likely, but they shouldn't.

SPEAKER_01 17:43

I told yeah, yeah, yeah, I know.

SPEAKER_02 17:45

It's critical, right? In fact, events like the one we're at this week are just opportunities to build trust, right? Meeting people face to face at industry events helps build that trust. It's it's really essential in the cybersecurity world. Organizations, however, right now are challenged and they're not allowing people to attend conferences or other events due to budget. I assume it's budget. And it's not allowing that relationship development that's really needed to build the trust this industry requires.

SPEAKER_01 18:15

Yeah, well, very clear. Anyway, let's go further to our next point about, well, you know, AI, of course, automation and threat intelligence. Yeah, everybody is talking about it, of course. So um AI is, of course, transforming cybersecurity on both sides. How is AI affecting threat intelligence sharing?

SPEAKER_02 18:34

Well, honestly, we don't have the answer to that yet. We really haven't seen the impact in AI.

SPEAKER_01 18:40

Maybe a little bit too early.

SPEAKER_02 18:41

Yeah, on specific threat intelligence sharing. There will be an increase in the volume as there's going to be more stuff detected, I'm assuming.

SPEAKER_03 18:50

Yeah.

SPEAKER_02 18:50

Or decrease as more is filtered out. So we're able to focus on what really matters. We're likely to be able to share fewer but higher quality IOCs. Uh, and it's uh it's going to radically change how we think about CTI, but I think it's too early to tell.

SPEAKER_01 19:08

Yeah, yeah, yeah. So do you think AI will make collaboration easier then? Or introduce new risks, maybe?

SPEAKER_02 19:15

So anything you can do with AI, our adversaries can do as well, right? AI accelerates both defenders and attackers. So it doesn't uh help, it doesn't just help with collaboration, it also helps adversaries collaborate, automate, and scale. Attackers can generate phishing campaigns tailored to specific culture or languages. Uh malware development uh can be uh partially automated. Disinformation campaigns can be coordinated with unprecedented speed. And so this means that defenders must collaborate more effectively simply to keep pace, right? Deep fakes are a huge concern. We heard a couple talks this week about uh deep fakes and their impact. And it's gonna have tremendous impact, not just on human reputation, but also on companies' bottom line.

SPEAKER_01 20:06

Yeah.

SPEAKER_02 20:07

Um, there will be new risks. We just don't know the full impact yet.

SPEAKER_01 20:11

Exactly. Yeah, yeah, yeah. Okay, let's go to our next point. Um, let you've been a strong voice for leadership and diversity in cybersecurity, in my opinion. Why is diversity so important in tackling cyber threats?

SPEAKER_02 20:27

Well, diversity isn't just a nice to have in cybersecurity, it's a core defensive capability. The more perspectives that you can bring into the room, um, the fewer blind spots your organization's gonna have, and the harder it is uh for attackers to succeed.

SPEAKER_01 20:44

Um have you ever seen progress in inclusivity within the cybersecurity community?

SPEAKER_02 20:54

Yeah, I think that we built up a a lot of progress over the years. However, I feel like we're stepping back right now, especially in the US. We're seeing um a lot of layoffs. I read an article the other day that indicated that most of the layoffs recently have affected women more than men.

SPEAKER_03 21:11

Yeah.

SPEAKER_02 21:12

Um, and then there's this big ridiculous move to remove DEI focus.

SPEAKER_01 21:18

Oh, yeah.

SPEAKER_02 21:19

And none of that makes sense by any means.

SPEAKER_01 21:22

Yeah, true. So, what advice would you give to women and under um depre underrepresented groups, you know, entering cybersecurity today? Do you have any uh well yeah, tips or advice?

SPEAKER_02 21:38

Well, entering cybersecurity today, whether you're a woman or any other underrepresented group, means stepping into a field that needs your perspective, your voice, and your leadership. The most important thing is that you don't have to fit the industry as it is, you get to shape as it as what it becomes, right? You're bringing your own value, uh Own thoughts. Um, I would suggest building a network early. Join communities like Women in Cybersecurity, Black Girls Hack, Executive Women's Forum, Women in Security. There's there's a ton of organizations you can join, or local meetups like B-Sides, conferences like Black Hat, Rise, RSA, of course, Carol, where we're at this week. These networks open doors, they provide support and they really normalize your experience. Um, they're great for building your network, but also for building that trust. I mentioned earlier. Trust is inherent in our field. And the more you can see someone and talk to them face to face, the stronger that trust is gonna be. And nowadays, too, it seems that the best way to get a job is through people you know.

SPEAKER_03 22:44

Yeah.

SPEAKER_02 22:45

And these are all opportunities to get to know people and they know what you can bring to the table.

SPEAKER_01 22:50

Exactly.

SPEAKER_02 22:51

I'd also suggest finding mentors and sponsors. You know, mentors will help you grow. Uh, sponsors are gonna be your advocate uh when you're not in the room, and you really need and deserve both.

SPEAKER_01 23:02

Yeah. Makes sense. So without naming names, what's one moment in your work at CTA that really showed the power of collaboration? You maybe it's also a difficult one, you know.

SPEAKER_02 23:20

I would say there's uh a couple things. One, you know, when an incident happens, there's a lot of confusion up front, there's a lot of flux. Um, what CTA is able to do is bring all of our members together and on a call and start discussing what is happening, what are you seeing, and really kind of contain um the focus to what's actually happening and remove that speculation that is inherent and when an incident first starts. Um, and then you can grasp on where you should be focusing your time and attention. Um, another thing is there's a lot of value that organizations bring to the table. CT has a program called Joint Analytic Reports where everyone brings their unique data, their unique experience and guidance to the table to address a specific issue. We've done joint analytic reports on quantum computing, on effects of Gen AI on cybersecurity, edge computing, cyber threats to the Olympics, cyber threats to non-governmental organizations, and how we can better help them, especially with the funding being cut, and more. So, you know, there's a lot of collaboration that um CTA does that better impacts the industry overall.

SPEAKER_01 24:42

Was there ever a situation where cooperation directly prevented or significantly reduced the cyber incident?

SPEAKER_02 24:50

Well, I mentioned earlier our early share program, and I think that's significant because um when our members are able to be aware of something significant that another member has discovered, um, and even maybe implement the um signal, you know, the protection measures ahead of time before it's made public, that's hugely valuable. And plus, how many times does a vendor post a new blog about something really interesting, significant, and the CEO might come to you and say, Hey, what is it? What do you know about this? Yeah. And you can say, Well, I already got it covered, we got that through CTA and we're we're all set, we're all good.

SPEAKER_01 25:27

Yeah, exactly.

SPEAKER_02 25:28

It's priceless, right?

SPEAKER_01 25:30

Yeah, that's true. Yeah. Okay. Uh some personal reflection, you know. Uh another topic. So after all these years, what still surprises you about the cybersecurity world? Is there something which um I would say two things.

SPEAKER_02 25:45

One, we're still not winning.

SPEAKER_01 25:48

Yeah.

SPEAKER_02 25:49

It seems to be sometimes really getting worse. And you know, it just is challenging. Um, social engineering, we can't seem to get ahead of the social engineering attacks.

SPEAKER_01 25:59

That's a human thing, isn't it?

SPEAKER_02 26:01

It's a human factor. And you know, look at the volume of spam, of phishing and phishing that you get, and it's only gonna get worse with AI.

SPEAKER_03 26:12

True.

SPEAKER_02 26:12

Um, so that's really gonna be a challenge.

SPEAKER_03 26:15

Yeah.

SPEAKER_02 26:15

But also, I think what surprises me still is that organizations aren't more open to sharing intelligence and working together. Their customers want it. Um, and oftentimes it's really um what's needed to get ahead of the bad guys. You know, they're still winning. We need to do a better job of working together and trying to get on top of them. Also, I would say another thing, Eddie. With the advent of venture capitalists and engagement in the cybersecurity industry where, you know, they're acquiring uh cybersecurity vendors. Um, I sometimes think that they're more concerned about making money uh and not walking the talk of doing everything they can to better protect us in the digital ecosystem. Um, and I think the focus is of switching more to, you know, yeah, to the making money.

SPEAKER_01 27:06

Yeah. That's really a good point, actually, that you brought up. Yeah. Yeah. It is frustrating.

SPEAKER_02 27:11

Now I want to say that's not all ventral companies. It's not always, no.

SPEAKER_01 27:14

But but there are I know. Yeah. So what do you believe now about cyber defense that you didn't believe earlier in your career?

SPEAKER_02 27:26

I would say uh that it's hard. It's harder. It's harder than you think it is, right?

SPEAKER_01 27:32

Yeah, it's getting harder and harder, isn't it?

SPEAKER_02 27:34

Yeah, it surprises me that vendors still don't work uh together better, right? We've got to we've got to address that, honestly. Yeah.

SPEAKER_01 27:42

Yeah. Okay. Yeah. Another one, I always love this one. Uh if you were starting your career today, would you still choose cybersecurity?

SPEAKER_02 27:51

Well, gosh, I'm sure that I would. I mean, to me, you know, working and doing everything we can to um get rid of the bad guys is is compelling to me. And um I I like also the variety of work that the cybersecurity industry brings, right? I I'm someone who needs to be engaged in a lot of different activities, right? I can have a lot of balls in the air on different projects at one time, and and I need that. So it addresses kind of my needs. Um I need diversity. Um, but you know, protecting the digital ecosystem is a novel mission, and I'm proud to be part of that.

SPEAKER_01 28:33

Yeah, yeah, yeah. Me too. Okay, uh something completely different. Um, Jeanette, um, we have something what we call the one million dollar question in our podcast, a little bit the signature question on this one. Because I've most of the time I've sent okay the topics a little bit around to the the uh the person I um yeah going to interview, but I never know what you're going to ask me sometimes because there is always one question open to you to ask me. So, what are what is your question to me? Could be anything, you know.

SPEAKER_02 29:06

Can I ask you two things?

SPEAKER_01 29:07

Yes, of course.

SPEAKER_02 29:08

Okay, the first thing I want to ask you is what's the most memorable thing that you've um been excited about in all these years? You you know, you've been in cybersecurity for 30 plus years, right? 35 years.

SPEAKER_01 29:22

Most exciting about uh in a good way or in a bad way? Both. Both. Okay. Well the well, I th I think the the positive thing, or where I'm really excited about is at least that you know, companies are in driving to protect people. This is unbelievable, you know, because it's it's more than prote protect people, it's it's protecting the whole world more or less. And normally we always think at police forces, but it's not completely the case. We are doing that, the companies are doing that, so that's part of what I really like in this industry. And of course, on the other side, of course, is that uh there are so many cyber criminals, and uh yeah, the the the the amount of cyber criminals is staggering, in my opinion. And it seems that everybody is switching to uh online cybercrime, and on top of that, I uh even don't like that spies are uh working in uh the cyber business actually these days, because that's something we didn't know that we uh uh wanted to protect uh you know uh everybody for. So we we we changed from something like uh a strange kind of yeah, let us say security industry, which are we're protecting people and at least uh our uh PCs and networks against you know cyber script kiddies or whatever, and now we are protecting the world against spies and and and nation states, unbelievable. So that's what uh well yeah, those are the things which uh were surprising for me for to it to everything. Well, I hope that answers your questions. Okay, that's good.

SPEAKER_02 31:05

Okay, and question number two for you is um you and I have met up in industry events around the world and many, many countries. Um where shall the amigos what's your wish for a country that the amigos can meet up in and um that we haven't been to?

SPEAKER_01 31:23

Oh, that's a good one. Um some some oh well, maybe Hawaii or something like that. I I know it's uh one of your favorite places, I think. But go once a year? Why not why not why not Hawaii? Because it's something very far away, and I hope, yeah, that's that's that's and it's such a sunny kind of state, and yeah, I like these kind of things. Yeah, why not?

SPEAKER_02 31:45

It would certainly uh do good for the soul, exactly, yeah, yeah.

SPEAKER_01 31:50

And otherwise not well, there are so many um nice touristical places, you know. So I love to go to where it is good and where you can see a lot. That's also maybe interesting. Uh some cultural stuff could be behind it. Uh, you never know, Italy. Could be also a very nice place. I I I think uh it's always a very nice uh touristical place to go to. Yeah, the whole the the whole country actually, it's very difficult to say Rome or whatever, you know, Sicily or whatever. It's everywhere interesting, I think. Well, nice questions. So, do you think we will uh see each other soon, Jeanette, somewhere?

SPEAKER_02 32:33

Well, we'll at least see each other in Spain.

SPEAKER_01 32:36

That's true. We always see each other during a virus bulletin, isn't it? I think this will continue forever, I suppose. And that's definitely one of the next ones. Uh we will see each other. Yeah, okay. So uh before leaving, I uh because this is something new we are putting up, you know, the something like uh how should I call it the rapid fire round? Yeah, yeah, and it's it's it's something new uh because people were asking me, Eddie, maybe this could be interesting because it's you know it gives me well more details about the person you are interviewing, so it gives me more another view on him or her. So let's have a look. So you just say, yeah, what comes up to you, you know.

SPEAKER_03 33:22

Okay.

SPEAKER_01 33:22

So uh oh my god, this is very not good readable uh at my paper over here. But anyway, coffee or tea?

SPEAKER_02 33:31

Oh, by far I'm a tea person.

SPEAKER_01 33:33

Yes.

SPEAKER_02 33:35

And in a from a coffee drinking Seattle area, I'm a massive tea advocate.

SPEAKER_01 33:42

Okay. Early morning meetings or late night calls.

SPEAKER_02 33:46

Oh gosh, I am an early morning person, have always been. I love the mornings, not not late night calls for me. No, thank you.

SPEAKER_01 33:56

One word that best describes the cybersecurity community today.

SPEAKER_02 34:05

Well, I would say uh I have probably two words. One passionate, right? You have to be passionate to work in this industry. You know, things are always changing. Um it's a lot of it's hard work, it's a lot of hours. You know, you gotta really care. So passionate and resilient, probably too.

SPEAKER_01 34:21

Yeah, totally agree. Uh the most underrated skill in cybersecurity.

SPEAKER_02 34:27

The most underrated skill? Curiosity.

SPEAKER_01 34:30

Ah, yeah.

SPEAKER_02 34:31

Yeah.

SPEAKER_01 34:32

Okay. Yeah. Okay. Yeah, makes sense. Okay. Collaboration or competition. That's an easy one, I think.

SPEAKER_02 34:39

Oh, is there any doubt? Collaboration, of course, of course.

SPEAKER_01 34:44

Yeah, of course. So the biggest myth about threat intelligence sharing that you lose your competitive advantage.

SPEAKER_02 34:51

That's so wrong. You don't lose your competitive advantage.

SPEAKER_01 34:55

Yeah. AI, opportunity or headache?

SPEAKER_02 35:00

Definitely opportunity that will bring headaches. How about that?

SPEAKER_01 35:03

Yeah. One thing every organization should be doing tomorrow to improve well, your security. Oh my god, there's a security alert coming up over here.

SPEAKER_02 35:20

Well, I would say the basics, right? Hard it continuing to harden your environment. If an adversary gets in, ensure they can't traverse laterally, ensure they can't exfiltrate your data, you know, just make sure your defenses are hardened and segregated and you know, separate your passwords and accounts from other data. You know, there's a lot we can do to the basics, right?

SPEAKER_01 35:43

Yeah, true. So if you weren't in cybersecurity, what you be would you be doing today instead of, you know, instead of being in cybersecurity? It's a good one, isn't it?

SPEAKER_02 35:54

Well, I always wanted to be a writer. I love to write. Um, and I think I I write better than I speak. I like to write. But also maybe a detective, because I like to kind of find the puzzles and put the pieces together. And that's a lot of what we do in cybersecurity.

SPEAKER_01 36:09

Okay. So, Detective Jeanette. Uh what keeps you motivated uh to keep doing this work?

SPEAKER_02 36:18

Well, I love the work I do. You know, I work for a great company and I love our mission. And I want the good guys to win. You know, I have grandchildren now, uh, and I want the internet to be safe for them. You know, I worry about the social media impact on future generations. And, you know, if there's anything I can do to help, I want to do so.

SPEAKER_01 36:39

Okay. Yeah. Wow, you survived. Yay, thanks. That's it, huh? Yeah. Okay, Jeanette. Really thank you so much for the conversation and for the work you do every day to bring people together to make the digital world safer. So uh I wish you a cyber safe continuation of your day. And I really look forward to seeing you again very soon.

SPEAKER_02 37:04

I look forward to seeing you again soon. Yeah. Thanks, Daddy, for having me.

SPEAKER_01 37:07

Okay, to all our listeners, thank you for tuning in to my precious data. Until next time, stay safe, stay connected, and keep your data precious.

SPEAKER_00 37:19

If you have any comments, questions, or suggestions, feel free to email us at podcast at wavci.com. For more information about lectures or keynotes, please visit wavci.com. See you next time.