Embark on a captivating odyssey through the world of IT and security with Russell, who takes us from his early days of computer curiosity to becoming a maverick in the tech field. With a narrative that underscores the power of following one's passion, Russell's tale is a testament to the notion that sometimes, the best education comes from hands-on experience and a relentless drive for knowledge rather than the traditional academic route. His story is not just inspiring but serves as a beacon for anyone at a career crossroads, showcasing the transformative potential of diving into what you love, full-time.
Prepare to have your mind expanded as we tackle the once-daunting domain of risk assessment, now revolutionized by the advent of machine learning. Russell shares how natural language processing is changing the game, turning compliance document analysis from a chore into a streamlined process. This conversation is a deep dive into the evolution of skepticism into necessity within the field, and a look at how overcoming language barriers is paramount in implementing security controls internationally. It's a blend of tech talk and practical insight, perfect for anyone intrigued by the intersection of cutting-edge technology and business operations.
Lastly, we lace up our skates and draw fascinating parallels between the grit of pro athletes and tech professionals. From discussing the hustle required in both arenas to the balancing act of personal and professional life in a startup environment, this episode is a playbook for success in the fast-paced world of technology. We also touch on why investing in oneself is the ultimate safeguard in an unpredictable job market. Whether you're a startup maven or a seasoned tech veteran, this episode is packed with strategies and stories to fuel your next big move.
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Embark on a captivating odyssey through the world of IT and security with Russell, who takes us from his early days of computer curiosity to becoming a maverick in the tech field. With a narrative that underscores the power of following one's passion, Russell's tale is a testament to the notion that sometimes, the best education comes from hands-on experience and a relentless drive for knowledge rather than the traditional academic route. His story is not just inspiring but serves as a beacon for anyone at a career crossroads, showcasing the transformative potential of diving into what you love, full-time.
Prepare to have your mind expanded as we tackle the once-daunting domain of risk assessment, now revolutionized by the advent of machine learning. Russell shares how natural language processing is changing the game, turning compliance document analysis from a chore into a streamlined process. This conversation is a deep dive into the evolution of skepticism into necessity within the field, and a look at how overcoming language barriers is paramount in implementing security controls internationally. It's a blend of tech talk and practical insight, perfect for anyone intrigued by the intersection of cutting-edge technology and business operations.
Lastly, we lace up our skates and draw fascinating parallels between the grit of pro athletes and tech professionals. From discussing the hustle required in both arenas to the balancing act of personal and professional life in a startup environment, this episode is a playbook for success in the fast-paced world of technology. We also touch on why investing in oneself is the ultimate safeguard in an unpredictable job market. Whether you're a startup maven or a seasoned tech veteran, this episode is packed with strategies and stories to fuel your next big move.
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
How's it going, russell? It's great to finally get you on the podcast. I feel like we've been planning this thing for I mean what seems like at least six, seven months now at this point.
Speaker 2:Yeah, thanks, joe, glad to be here, glad we could make it happen and, yeah, excited to have a conversation.
Speaker 1:Yeah, absolutely Well, russell, why don't we start with what interested you in IT or security that brought you down this path? Right, I start everyone off there, not only to hear your story, but there's also a lot of people that are listening to this podcast that maybe want to get into IT or maybe want to get into security and maybe they're doing a career change or they don't really know how to do that right, and I feel like it's always helpful for people to hear someone else's story and maybe they can relate to your story and hear like, hey, if this guy did it, maybe it's possible for me, and that's that little spark that some people need. So what's your background with that?
Speaker 2:Well, I'd be flattered to hear if I'm inspiring anyone in that way. But regardless, I always feel like I draw from a personal curiosity and interest and I think that anybody should follow that to whatever degree and if it's IT or technology in general, definitely foster that in any way you can. So I was introduced to computers at a young age through my father who had a job in telecommunications and I think he was personally interested in the personal computer and the evolution of a processor and memory and applications. He was not into software, he wasn't writing software, but kind of a tinkerer, craftsman at heart and hobbyist, which I think I inherited largely. And I think my first foray into IT was networking between systems on a local area network for the purposes of multiplayer gaming. So I recall trying to connect to computers to play games like Doom or Doom 2. And I remember this moment where I played this game and you could see another character in the game. So normally you're playing this first person, All you see is your character's kind of like field of view and the other characters are all procedural or not procedural. At the time you know part of the game's software but not other people playing Right. And that moment of multiplayer games with a friend in the same room but on a different computer kind of just really ignited the passion for technology for me overall, and so that evolved to learning more about networking, learning more about software and computers in general and fast forward, let's say, five-ish years.
Speaker 2:I was trying to write web pages for people to make money and I had an early entrepreneurial spirit, I'll say so. I was mowing lawns and washing cars, but also writing HTML and JavaScript and stuff for folks to make money. And fast forward another few years, I'm working for a large, let's say like Fortune 500 company as an IT support person or application support person. So I had managed to find a career or job, full-time job doing that, focusing on networking and application support. And my first introduction to security as a profession was after that in a deep network or deep packet inspection and intrusion detection and in a security operation center. So I think, to go back to your question again, I would suggest that you just follow your own interests and curiosity Like, why are you curious or interested in IT, Right, Is there a particular technology? And follow that thread as far as you can, Because if you're happy and you're interested in and you're doing what you like. You can probably find a way to make money doing it right.
Speaker 1:Yeah, it's a good point and it sounds like your background is actually pretty similar to my own. One of the earliest memories I have with my dad is actually sitting on his lap and I'm just typing on the keyboard not typing, I'm just pushing buttons, but it was a lot of fun for me to do that and I see something come up on the screen and it's like, oh, I'm doing something and same thing. He had a career in telecom and computers was more of a hobby that he was trying to learn and figure out and whatnot. And it's really interesting. And thinking back as well, I always had a bit of an entrepreneurial spirit, right. I was kind of always trying to look for creative ways of making money and taking myself to that next level.
Speaker 1:And when I got to college I actually didn't even study computers. I thought IT was extremely boring. I thought to myself like if I'm stuck at a desk every single day for my whole career, that sounds like a miserable career. It sounds like a miserable existence. I hope that never happens. And here I am in security and I love it. It's like how the tables have turned on me. But right before you got that first job, did you go to college? Did you study computers at all?
Speaker 2:Yeah. So I went to school for business initially to follow that kind of more general entrepreneurial avenue and I planned on using kind of my experience kind of as a freelance IT web developer, software developer, to kind of sustain that but not necessarily take it into a career. And I dropped out of school when I realized that I could probably do that full time and I first focused on Linux administration, actually primarily on Red Hat and an RHCSA certification, but I was writing software in Python and basically at some point I just did some mental math on how much money I could make this year versus spend on college and I haven't gone to school since. I often think about what I would study if I went back to school and I don't think it would be a computer science degree to this day. I think it might be nursing or something, just something that would be really interesting to learn.
Speaker 2:I think that there's one of the interesting things about the security industry is the kind of the heterogeneous nature of folks background that are in it. So you have folks who are computer science but a lot of folks come in from different angles to make security or the industry their career. Now there's obviously lots of different focus areas, and I think that one of the challenges with security is actually developing a sane curriculum. It would have been time for it to be relevant. So this is largely a problem with academia in general, but I think it's just much more difficult with technology to develop a curriculum that makes sense for someone going out into the workforce, and so that hands-on experience is just so much more relevant but also valuable to folks.
Speaker 2:And now I'm largely part of my role today is hiring. So I'm looking at I'm looking at it through a different lens, trying to find the best people to help solve certain problems, and I do look at academic history in some degree, but but it's certainly not something that can be looked at in a vacuum. I think your personal experience, motivation, intelligence and other things apart from just a degree, is really what we're looking for, and I would just say that hands-on experience and a passion for the problem is just so much more valuable than some certificate or degree, though I do certainly appreciate the first principles and the pursuit of academic excellence. We're obviously standing on a lot of shoulders that came from that.
Speaker 1:Yeah, it's a balance. I take it from the approach of let's check as many boxes as I possibly can to get through HR, because this is the thing right. The hiring manager yeah, they weigh the degree and certifications and experience properly. Where experience matters a whole lot, the certifications solidify that or say, yeah, he does probably have this experience, and the same thing with the degree to some extent, depending on where you go and the program and all that sort of stuff. But it's about getting through that HR screening. That probably doesn't exist at smaller companies, but for the majority of companies you still have to get through that checkbox. So I always recommend that people take a broad approach to this. It's not one for sure method of getting yourself in the door. It's really more about you being passionate and you diving in and you becoming more well rounded on paper at least, at least on paper and, of course, having those technical skills to back it up to really be successful and get in the door and get that job.
Speaker 2:Yeah, yeah, I feel like I kind of breeze past where I might normally kind of say what I'm up to now and kind of qualify my opinion.
Speaker 2:So first of all, like I founded a company a few years ago we're called VISA Trust.
Speaker 2:We're in the security industry, we focus on third party risk management and we're essentially bringing artificial intelligence and natural language processing into a product or platform that aims to help businesses understand the risk of doing business with one another, and we primarily look at the language within artifacts or documents, websites to derive information about the strength of a business's security program and whether or not it's been attested in high assurance or third party audits other places that might be relevant and get people out of the business of reading questionnaires and SOC2 reports.
Speaker 2:And founding that company, I think is kind of right along the same trajectory of entrepreneurial spirit. And also, if you start a company, you don't necessarily have to go through HR, so it might be one of the only options in some cases for me, but I found it to be very rewarding. Now we have a bunch of customers, we have an amazing team and, in the age of large language models and generative AI, I feel like we're very fortunate. There's definitely a degree of luck here being in the position that we are now trying to solve this problem with the technology. That really makes a lot of sense doing it.
Speaker 1:When did you start the company?
Speaker 2:So Paul and I, as co-founders, technically created a business entity and filed for patents for the network and the system of interacting with businesses deriving risk exchanging data in 2016. And we left our full-time jobs in 2020 to dedicate full-time to the product and the company. So, depending on how you look at it, we founded the company in 2016, but went to work, so to speak, at the company in 2020.
Speaker 1:Yeah, I asked that because LLMs and AI it's everywhere now and so it's really easy for people to kind of hop on that bandwagon. But you forming it in 2016 shows that you had that innovative idea long before people were really thinking about AI or LLMs and how it will impact their lives or anything like that, and I think you're approaching this from kind of a common sense approach, almost right. Maybe the worst part of my job is dealing with compliance standards and trying to identify risk of third parties and stuff like that. It's just terrible. I don't want to do that, but it's a part of it. I have to do it, I have to deal with it, and it sounds like you're approaching that from a new area, a new way, with involving this cutting-edge technology that's able to assist us in actually getting through it in a much more efficient way.
Speaker 2:Yeah. So the idea evolved from personal experience and you know colonize kind of mandate at a company we were working at to essentially get a grip on third-party risk and, being technical, we were addressing kind of like a largely people and process problem at the time. It still remains that way in a lot of organizations. But you have your questionnaire and you have a process of sending that to your third parties and then waiting for them to answer it and then making sense of that answer or collection of answers. But also, like you mentioned, the compliance problem of you know at the time there were less but still many, many different compliance frameworks that people might adhere to in some way or have a certificate or some artifact to prove that they did adhere to it. So the job was sending emails, reading questionnaires, reading compliance reports right, and workflow around sending emails is a problem that can be solved with kind of existing web application technology very easily. But reading documents and understanding language, referencing material from some corpus of you know known industry frameworks, mapping that to an assurance level and having it, you know, culminate into a risk assessment, you know that seemed to be rather novel, but in particular the affluence of natural language processing was clear at that time and I feel like the technology has kind of evolved, obviously, since all you need is attention or the papers that support it, and then you know, inform things like generative, pre-trained transformative models.
Speaker 2:But at the time I was dealing with anomaly detection and machine learning models in the Security Operations Center since. So, like you know, tell me, you have all you have this gigantic amount of data, network traffic data. Tell me if something is different that might be interesting for me to look at. Not just that matches some heuristic rule, right, and the promise of machine learning back then was still largely that unrealized in a business application. For that reason, a lot of people looked at it like snake oil. In 2020, even when we founded the company, a lot of people were skeptical about machine learning and artificial intelligence ability to predict or help with this process.
Speaker 2:I think, fast forward to today. It's amazing. People are like well, of course, of course, you use machine learning to query and return insights from unstructured language. It's like a business imperative to adopt this technology in those use cases. I think we're well positioned to take advantage of the core technology that we have already. On top of that, but yeah, it's been our philosophy since day one that it is, at its core, a natural language process problem. Making sense of language very quickly is the primary task as a third-party risk professional. Looking at a compliance report, what is the standard? Tell me whether this document is better than another or it substantiates the existence of a mature security program differently than another. Machine learning and large language models now are very well suited to help with that.
Speaker 1:Yeah, it's a fascinating area I was actually thinking about this just the other day of how complex English is as a language and then how much more complex Mandarin is and Russian and all those languages. I think about that because I remember when I was going through school, I took Spanish a couple of years in high school and then I also took a few semesters of it in college. By the time I got to college doing Spanish, I absolutely hated Spanish. I just the sentence structure just didn't make much sense to me. I think I was a bit burnt out on it, to be honest. So I switched it up and I went with German, not because I thought that it would be easier in any way or anything like that. I just needed something different.
Speaker 1:And German made a whole lot more sense to me because you have the exact same sentence structure in German as you do in English, because English is a Germanic language, right, and so that whole part of it made a lot of sense to me, and the fact that you could have an entire sentence in a block of like 26 characters.
Speaker 1:That looks like one word, and then learning how to be like oh no, there's like five words in that thing. You know it's just pronounced this way, right Learning that was a lot more fun and easier for me. But you know, looking back and looking at the different languages, they're all unique, they're all very different and complex in their own ways, and so it'll be. I think it'll be really interesting to see you know where a solution like this will go, really anything that has to look at language and make an assessment where it'll go. Once you start venturing out into other languages, you know like what's that learning curve? Like what is, what's the different sources that it has to pull from to actually learn what it needs to learn. Have you explored that at all, or are you still trying to kind of master the English side of it?
Speaker 2:Well, I think, you know, similar to kind of other other problems, it's helpful to kind of abstract and maybe identify a reasonable like single language, so to speak.
Speaker 2:So, in a lot of ways, you know, like, like mathematical notation might be, you know, recognized across different languages the product, and I think the way that we address this space is to use technologies that are strong at translating other languages to a common language that the product can then interpret.
Speaker 2:And so, for that reason, what we do is we translate from foreign languages into English always, and then we provide, you know, instantiation of controls through that.
Speaker 2:So we rely on the accuracy of translation, you know, translation models and our ability to translate to English correctly first, right, but that a similar problem exists around control frameworks and compliance, right, the there really is no unique security question or control outside of the ones that are being, you know, added, let's say, for machine learning or artificial intelligence risk. Now, it's very uncommon to see a question that hasn't been asked before, right, they're all just slightly different. They all relate to the same control, though, or set of controls, and so what we do is we translate to a risk model that recognizes those controls but then appreciates that they might exist as a control within different frameworks as well and allow you to understand okay, this is the AICPA trust services criteria for background checks, whatever the ID is, but it also maps to the ISO 27001 control for background checks and you know, nist and CSA or whatever the other frameworks are right. But again, similar to how we translate to English, we look for that control itself rather than some specific instance of that in a language or something right.
Speaker 1:Yeah, that makes sense. That probably cuts it down. You know significantly of the learning period that you have to have with that. I also focus on how it works and everything.
Speaker 2:I also focused on German as my foreign language in school for similar reasons, finding that it was just easier to learn, given its similar kind of structure. Right, and I certainly appreciate that.
Speaker 1:Going into it. I thought it was going to be a lot more difficult than it actually was, but I love going to Germany you know, have you ever been to Germany?
Speaker 2:I have not. No, no, I'd love to. I haven't been to Europe actually.
Speaker 1:Oh, really Okay, yeah, yeah. I've been to Germany too many times. I need to go to other places. I think this year I'm forcing myself to go to London and I'm using the Bears game as an excuse to go to London. So it's like see like the Bears are going, I have to have to go support the team, you know.
Speaker 2:Yeah, you know that's one thing about Chicago that I really miss is the strong kind of identity and culture of like appreciation of Chicago that was just so obvious everywhere you went. I mean, obviously it's hard to live in Chicago, so if you do live there it's probably for good reason, right, and you like it. But the sports, the sports fandom, I think, remains kind of unparalleled in a lot of ways. So are you a fan of other Chicago teams Besides the Bears?
Speaker 1:Oh yeah, yeah, Pretty much all of them. Yeah, bears, bulls, blackhawks my wife converted me several years ago from a Sox fan to a Cubs fan. You know really just about all of them and I go to a lot of games a year. You know, like I've kind of put a hold on it since I got a 10-month-old. You know I want to have too much fun without the wife because then she'll get a little jealous and whatnot. But yeah, I mean I love the sports.
Speaker 1:It's, you know, it's interesting, right, because my generation, I mean we, grew up with one of the greatest dynasties in basketball ever, right. So we're used to we kind of grew up being used to that like level of performance, you know, and we, you know, grew up with our baseball teams just basically forever being terrible, you know, like not even close to being competitive, you know. And then we get like these one or two years tied together where it's like, oh, we're the best, you know. And so it's always interesting being a Chicago sports fan, especially like for the Bears, you know, like the Bears is just the most frustrating, you know, topic for me, because it's just like we could be so much better if we just had, you know a different owner. You know, at this point we've changed out all the other pieces. We need to change out that owner and see what we could actually do. I have you. Have you been into sports or what's your? What's your sports city, if you have one.
Speaker 2:I, I feel like I appreciate a, an amazing game, an amazing team overall, and so I find myself kind of enjoying all sports. I was, was and remain kind of a pretty big Blackhawks fan During the time that I lived in Chicago. Would you know, kind of the same time, that they were doing really well the kind of the age of Kane and Taves and their streak. I grew up, I grew up playing all sorts of sports but but mostly played tennis and ironically, I don't really follow that much.
Speaker 2:But yeah, I think, like I love, I love watching hockey, I love watching, you know, any, any game that's like competitive and I love seeing, like you know, the, the human Kind of performance, the, the pinnacle of any kind of like hard work from an individual, the dedication, right, I mean to think about how much work goes into To becoming a professional athlete overall. So I, you know, I'll watch someone doing the mile sprint or, you know, playing table tennis or whatever, and it's just, I'm just fascinated by human accomplishment like that. But nothing beats a good yeah to Jagger goal celebration In the United Center. So so that's still my top.
Speaker 1:Those are. Those are so much fun. Like I love hockey, you know, unfortunately, like well, I guess now it's not unfortunately, but like I try to get into the season but I don't have a whole lot of time to spare, you know, so, typically, like right now is when I start to kind of get back into hockey because football is ending, so that's my, you know, my, primary sports fix right, and the bulls are terrible. So now it's like okay, I can focus more on hockey that I want to be, you know, more into. Yeah, and the closest I've ever sat at a Blackhawks game was probably like second row and I learned real quick you can't bang on the glass anymore. So that's that. That was fantastic, but you know it was.
Speaker 1:It's a great experience and seeing, you know, these, these guys, move around the ice and shoot the puck, like that. I mean the, the hand-eye coordination that you have to have, the agility, the speed, the strength, yeah, um, I mean it's just it's really impressive. Yeah, um, because you know, when I, when I grab a hockey stick and I try, and you know, shoot the puck right, like it's terrible, yeah, you know it's going like what? Maybe five miles an hour on a good day. You know for me like I can't imagine. You know the amount of hours and practice that they put into it. You know, even even just growing up, do you have?
Speaker 2:a? Do you have a similar appreciation for you know people in the security or the technology kind of space? Like I think there's a there's, you know you might see somebody and think that looks pretty easy, like I could shoot the puck like that, or is there, is there kind of like a? Is there an analogous phenomenon like that in the in IT for you, um, yeah, yeah.
Speaker 1:Yeah, yeah, absolutely. You know, I, I it's interesting, I haven't tied the two together in that way, but I do have that same reaction. You know, I, I, I talked to a lot of people on this podcast. That's probably the biggest benefit of of this podcast is networking and talking to so many different people. And you know I'm I'm constantly blown away by the expertise of my guests.
Speaker 1:You know, I was talking to someone a couple of weeks ago about quantum, quantum computing, quantum security, and they were talking about how, you know, they're using crystals to create this quantum connection and secure communications and things like that. Right, and that's, that's a level. That's, that's a level that I'll probably never reach, you know, and that is something that takes so many hours to get into and to actually like wrap your head around it and figure it out. You know, like you have to appreciate that kind of work. And then I talked to people that hack airplanes while they're on the plane. You know, like that that's a that's a totally different you know world than what I want to be on. And you know, this person goes to Defconn and it's like, hey, what, what flight are you on again, so I can make sure I don't book that flight you know like, because if this guy gets a little too bored he's going to start hacking this airplane, and I don't want to be on that.
Speaker 2:Yeah, yeah, no, I feel like that. I feel the same. You know, it's very easy. It's easy to. It's easy to kind of be inspired and then take on a challenge after being being inspired and only to realize that it's there's a lot of work ahead of you to be, you know, proficient to the same degree as that person, right? Uh, yeah, I feel like my, my position.
Speaker 1:Do you?
Speaker 2:go ahead.
Speaker 1:Oh no, no continue. I think you were going to answer my question anyways.
Speaker 2:I feel like the the startup founder role kind of favors, uh favors someone who's interested in learning a lot, um and uh is comfortable kind of switching, switching hats, so to speak, and letting go of, of, kind of Maybe, some pressure that's self-imposed to become the the perfect expert at one particular kind of focus area, and finding those people and and bringing them together right and and enabling them, um, so that I feel like that's kind of a unique and uh and especially rewarding challenge for me is, like you know, find finding the right people who are smarter than me, uh, to solve, to solve a problem right, yeah, that is, um, that's the challenging part at that level is finding the right people.
Speaker 1:You know, I always hear about, like, how important that is, especially when you're, when you're a small company. You know, because you, you can't, you can't spare the time of training. You know another new person every three, four, five months. You need them to be there to actually, you know, build this thing and solve these problems and really grow with the company and whatnot. You know, yeah, and that's the uh, that's a, it's a interesting, challenging problem that you don't really face.
Speaker 1:You know, outside of the startup program and you know, to an extent, I, I personally, I kind of miss that startup world. You know, because you can wear as many different hats as you want, you can try as many different things that you want. You know, like there's no one holding you back telling you no, I need you to focus on. You know this one thing, um, and it's that it's that faster pace environment, that smaller company, that that I miss. You know, like now I work at a giant company that employs over 650,000 people worldwide. I mean, I know, I know what like 10 people. You know 10, 12 people maybe at most. You know I know the people that I need to know to get my job done, but there's no way I'll ever know everyone that works at the company and there's also probably no way that I'll ever, you know, move up in the company, right? So, like it's, it's different, different problems, different challenges. Um, and it's uh, it's interesting, yeah, yeah, I mean to the same portion of the audience that might be interested in.
Speaker 2:You know, uh, re recount a personal experience getting into IT, you know, aimed at trying to guide their own search for the company, and I would say that trying to guide their own search for a career, I would say that, you know, being a being at a startup can be extremely rewarding for a lot of reasons. Um, there's obviously, there's obviously, you know, a trade off and stability between a startup and a 650,000 person company, right, uh, but the trade off also includes an opportunity to learn all sorts of things that you wouldn't, wouldn't necessarily have an opportunity to learn, but also is actually discouraged from being learned for. Responsible for, right, um, and, and yeah, I think, like, if you're the kind of, if you're the kind of, that's a good oh, I was going to say you know that that's a.
Speaker 1:That's a great point that you bring up. I didn't mean to cut you off, I apologize for that, um, but you know it's a. It's a great point that you bring up that ability to learn. You know so many different new things and I just think about my own experience when I was at a small company. You know, I had never really worked with Linux before, and at this small company our product was built on Linux. So guess what? I got really good at learning Linux and learning the ins and outs of this operating system, all from a, from a terminal. You know, we didn't even have a GUI, right, um.
Speaker 1:And then, you know, I took it a step further and I had to learn SE, linux and learn vulnerability management for Linux and use only open source software for vulnerability management, cause the company is a small business, we don't have money for Nessus or Tenable or or a QALUS. You know something like that, right, you got to figure it out with zero budget. Yeah, um, oh. And it absolutely needs to be done because we have to meet these compliance requirements for the federal government, because we're going, you know, on site and oh, did I mention you're going on site to some of these facilities that you know are in the middle of nowhere, in the middle of some mountain.
Speaker 1:You know, and you, you're alone, you can't use your cell phone, you only have to have. You know what's on a piece of paper, right, you've learned it so well. In that situation, you know, by the time, by the time I was going on site for these federal agencies, I was doing what's called like double blind or triple blind troubleshooting, where you can't see the screen, you can't get any log files, you can't get any screenshots, they can't send you the error code, they have to read it to you. And there's someone that's on the other end of the phone that doesn't know Linux, they don't know anything about the terminal and you have to learn and you have to literally spell out the commands and when, sometimes, when you say space, he types out space and not hit the space bar. You know like that's the level that you're dealing with.
Speaker 2:Reminds me of the where is, where is the any key? Uh, in response to the press, any key? But yeah, I, I, I think that one of the most salient kind of um, uh, yeah, it's when you're at a small company. You're very much close to the business problem and understanding that you know what you might be responsible for doing really impacts the company and how, I think is one of the one of the especially rewarding aspects there. It's not only that you're responsible for it or that it's different and you have to learn, but when you do it, you're accomplishing something meaningful to the business. It's much more obvious what that is right. And when you're at a much bigger company, you might have some KPIs or metrics that you're following, but those projects and things that you're doing are hard to see as valuable, right. But that trade-off translates to pressure that if you don't succeed, right, the company won't exist, right, or there's. You're definitely much more responsible for its success, right. So there's a lot of pressure, yeah, which I find very, very rewarding as well.
Speaker 1:Yeah, there's definitely a lot of pressure with that as well. That you know you can't lose the customer. You know if they have a recommendation you kind of have to take it.
Speaker 1:You kind of have to, you know, work towards building that in and I actually, you know, I remember going on site for a federal agency for the very first time and in my preparation of going, the person that was in charge of the project beforehand they're like, they told me, they warned me, you know. They said oh, you know, they always ask for this thing and we're never going to build it in to our product, right. And they told me the background of it and everything, but they told it from our side of it. You know why we weren't going to do it and whatnot. Well, I got on site and the first thing that I asked the customer was well, tell me about why you want it.
Speaker 1:You know, like what's the story behind you getting this feature, this functionality? You know, because internally, we don't see any value in it. Right, but you obviously see a value in it, but we don't know what that is. And they told me, you know it was quite literally a life or death situation that they had encountered at this facility, and this feature functionality would provide, would have provided them with precise information of where they needed to send first responders in this situation, and without that, you know, it turned into a much bigger or deal than what it needed to be, and so they were looking for a solution and so once I got, once I got that information, once I understood that and I was able to bring it back, you know, then within a week or two we had that functionality and I was back out there, you know, updating their products so that we could get them that new functionality Right.
Speaker 1:And it's like you would never experience that at a large company. Yeah, you never. You would never experience that. There's like what? Maybe two or three roles at that company that would that would experience that.
Speaker 2:But you know, at the at a small company I'm one of a team of like 10 or 12, that any one of us could have been on site to go and experience that, you know yeah, yeah, the connection between the customer and the value and the product, that super tight feedback loop and being involved directly, as is something that I think is is just very, very rewarding at a startup and available at a startup Right.
Speaker 1:Do you ever? Do you ever miss working the nine to five, or do you just enjoy doing the startup?
Speaker 2:You know, I have, I have three kids and I've worked at large companies, right, I've worked at a few stable nine to fives, and I think that there are moments where I miss, I miss the work-life separation in a certain way, but for the most part for yeah, it's, it's, it's very infrequent that that happens, I think for me, I I even, even when I was working for those large companies, I was, I was thinking about work, I was thinking about my own professional development and learning and and the, the, the kind of personal interest being close to my, my career, led me to be working constantly anyway, right.
Speaker 2:And so now I feel like it's rewarding, because when I think about problems at work, making progress is is much more meaningfully rewarding, you know, because a lot of times you might spend, you might spend a lot of time thinking about a problem or learning something, and it's not necessarily within your role or responsibility at the company to use those skills or present new ideas, right. So it felt like that was wasted time almost in some cases. But you know, I think I think it's very rare, but sometimes, sometimes I do, you know.
Speaker 1:I do.
Speaker 2:Yeah, I do. I do recognize that, especially nowadays. You know, even before this was before kind of our time, so to speak. You know the the recognition and appreciation of employees at large companies has been has changed a lot. You know, at the end of the day, even if it's a 650,000 person company, if there's a reduction in force, you're going to find out that. You know, on Monday morning or whatever, you're going to have the pink slip right and and I do think that you know, you work to live right, and so you just just kind of remembering that across both even my, I consider this my life's work and passion, but it's still a job right, and I still have a family and I still have my health and other things to worry about outside of work.
Speaker 1:Yeah, you know I always tell people right to really protect, protect your time, protect your, protect your home time, your, your work-life balance, not because you shouldn't work hard at your job you shouldn't, you know, love your job or anything like that but because there's other things that are more important than you know. Just your job, right? Like you know, now that I have a kid, I mean it would be such a hard sell to have to go into the office, not out of convenience but out. Of. You know me being able to hear my kids' first words, seeing them take their first step. You know like being there when they wake up, being there when they get out of school, you know like that sort of stuff is so irreplaceable and I I personally I did not share that with my parents growing up, you know. And so now I get to have that and it's like, man, you'd have to pay me so much money that it's not even feasible. You know like it's. It's not and you know I always tell people to also, you know, work on your own skills and develop yourself outside of your your nine to five. You know like, literally at five, turn off your laptop, turn off the notification for those work apps and maybe study for a certification, maybe learn a new skill, maybe you know. If you haven't touched Linux, maybe pick up Linux and learn Linux, right? Yeah, the reason is you know really what you said, right, if there's layoffs, you could be one of them, and it's not personal, it's just your name came up on a list that's tied to a, to a cost to the company that they have to eliminate. And you know, no matter what you do at that company, no matter, you know what your role is. You know you, you are expendable to a certain degree. You know like, you are replaceable to an extent and the company will absolutely cut that cost because the company, at the end of the day, has to survive no matter what, and so it doesn't make much sense for you to put in 80, 90, 100 hour weeks into a nine to five. That will let you go, you know, at the drop of a hat.
Speaker 1:Yeah, I learned that the hard way. I wasn't, I wasn't laid off, but I was working, you know, 80 hours a week, every single week, for an entire year, to find out that I wasn't getting a raise, find out I wasn't getting a bonus, that there was no money at the end of the tunnel for me that I was told that there would be, you know, and it's like okay, this is never going to happen again. This is, this is a 40 hour work week, you know type of thing, and I'm going to develop myself on the side, I'm going to start a podcast, I'm going to start doing consulting for companies and stuff like that. You know, like having things on the side, and you know, recently I just thought of you know kind of a new slogan that makes a lot of sense is one income, is one too close to zero? Yeah, you know, like you should have these other, these other, you know things going on right to supplement other things and whatnot.
Speaker 2:Yeah, yeah, I mean, if the 40 hours you're spending outside of your 40 hour work week are are uniquely beneficial for your day job alone and that company alone, you know, you should definitely rethink how you're spending that time. I think it's. It's, it's definitely better to kind of treat those hours outside of work as maybe coincidentally, beneficial to your current job, but definitely as a personal and professional development opportunity, right? How? How is this going to look in an interview? Or my next, my next line on my resume? And is it skills that are translatable to other companies and jobs that I I foresee, as you know, ideal for my own career path? Right? So that's the cert.
Speaker 2:You know, if the cert is specific to your company and not applicable to any other technology or software or whatever, maybe think about a more broadly applicable certificate or or or something you know, right, like like Linux generally, or security, rather than those like corporate specific certificates or something. Right, I don't know how to, how to describe it. I always, I always described it as kind of the knowledge being kind of driven into a mountain of which is just more difficult to escape from if you're outside of that company. So the company being the mountain and your own specialization being deepened inside of there, in some tunnel system that you just cannot escape from. So you leave that company and you're interviewing it another and this person's like. I have no idea what technology or software or skill you're talking about, even though you spent however long learning the ins and outs of it. Right, it's not applicable here. So trying to stay valuable outside that one company.
Speaker 1:Yeah, absolutely, that's what I tell a lot of people. I feel like they view getting these different skills or certifications or whatever it is. They can easily get caught up and viewing it in terms of oh, how does this benefit my current company or my current job or anything like that? You should be thinking much more into the future, much more a brown. What if all of this ends? What if this goes wrong?
Speaker 1:You should have those other skills, you should understand the other components and maybe it tangentially makes you better at your job, maybe it does right, like for myself, I want to get into management, right, and so now I'm trying to pick up all these new skills of project management and things like that to make myself more competitive, to develop myself. And, yes, it does benefit my day job. Right, definitely benefits me there. But I'm thinking ahead. I'm trying to think towards what do I want to do next and try to build those skills up now while I can. Well, russell, unfortunately we're at the end of our time here and I mean I had a fantastic conversation. I absolutely want to have you back on. I think that this conversation went down quite a few rabbit holes that we could spend another two, three hours going through. But, russell, before I let you go, how about you tell my audience where they could find you, where they could find your company if they wanted to reach out and learn more?
Speaker 2:So visatrustcom, that's V-I-S-O-T-R-U-S-T and you can find me quite easily at Russell Sherman. And yeah, we're especially interested in bringing on folks at the company in the security B2B SaaS space. Particularly on my team, I'm looking for folks who are strong, product-minded developers and technologists in the large language model and artificial intelligence space. I really appreciate it as well. It was a great conversation. It's always amazing to meet someone else in the industry, so to speak, and find out about that background and how it might differ or be the same, because it's truly amazing how different backgrounds arrive in the same industry and security. So it was my pleasure.
Speaker 1:Yeah, definitely. It's always a fascinating conversation to hear everyone's story, so I'm glad that everyone could hear your story and probably even a little bit more of my own. Well, with that, thanks everyone. I hope you enjoyed this episode.