From the sun-kissed landscapes of Arizona to the digital defenses of cybersecurity, Jackie's career leap is nothing short of remarkable. Her story, rich with the twists of fate that took her from the financial sector to the front lines of IT security, paints a vivid picture of how diverse backgrounds can fortify the cybersecurity industry. Tune in and get inspired by Jackie's journey, from learning the ropes of Python to tackling cyber threats with a finance-savvy perspective.
Ever wondered how cybersecurity experts think outside the box? Our chat with Jackie dives into the welcoming arms of the security community, where at places like DEF CON, unconventional thinking is the secret weapon against cyber adversaries. Discover how varied professional experiences, like Jackie's in finance, are not just useful but essential in crafting ingenious security strategies. Plus, get a glimpse into the personal growth that comes with this territory, as we explore how hobbies like podcasting and improv comedy can sharpen your professional edge.
But it's not all about the code and firewalls; we also grapple with the hefty topics of diversity and ethics in tech development. As AI and hardware evolve, the conversation turns to the crucial role of inclusivity and accountability in crafting tools that serve everyone. Before we wrap up, we give a shout-out to Cribl and tease their innovative approach to data utilization. For an episode that's as enlightening as it is entertaining, don't miss our deep dive into the interplay between cybersecurity, personal evolution, and ethical technology.
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
From the sun-kissed landscapes of Arizona to the digital defenses of cybersecurity, Jackie's career leap is nothing short of remarkable. Her story, rich with the twists of fate that took her from the financial sector to the front lines of IT security, paints a vivid picture of how diverse backgrounds can fortify the cybersecurity industry. Tune in and get inspired by Jackie's journey, from learning the ropes of Python to tackling cyber threats with a finance-savvy perspective.
Ever wondered how cybersecurity experts think outside the box? Our chat with Jackie dives into the welcoming arms of the security community, where at places like DEF CON, unconventional thinking is the secret weapon against cyber adversaries. Discover how varied professional experiences, like Jackie's in finance, are not just useful but essential in crafting ingenious security strategies. Plus, get a glimpse into the personal growth that comes with this territory, as we explore how hobbies like podcasting and improv comedy can sharpen your professional edge.
But it's not all about the code and firewalls; we also grapple with the hefty topics of diversity and ethics in tech development. As AI and hardware evolve, the conversation turns to the crucial role of inclusivity and accountability in crafting tools that serve everyone. Before we wrap up, we give a shout-out to Cribl and tease their innovative approach to data utilization. For an episode that's as enlightening as it is entertaining, don't miss our deep dive into the interplay between cybersecurity, personal evolution, and ethical technology.
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
How's it going, Jackie? It's great to get you on the podcast finally. I feel like it's been a while, but I'm really excited for our conversation today.
Speaker 2:Yeah, super happy to be here. It's beautiful out in Arizona, so it's a nice day. I'm in a good mood.
Speaker 1:Oh, I know, A good friend of mine moved to Arizona maybe a year and a half ago and now he always gives us updates like oh, it's a little bit chilly, today it's 60 degrees. You know, like man, you can leave me alone, it's negative 20 where I'm at.
Speaker 2:I grew up in New Hampshire. For the first 10 years I lived in New Hampshire I lived in a little town called Berlin, which is about 45 minutes in Canada. So I have definitely walked to school in like 10, negative 15 times a week before I empathized with you.
Speaker 1:Yeah, when I was in college actually, you know, I worked for the police department, the campus police department, and it was like negative 40. And I was one of like five or 10 people that had to actually go in as like a central personnel and which was crazy, because they had a student be an essential personnel and the police chief actually sent a squad card to my dorm to pick me up because he said that it was too unsafe for me to walk a quarter of a mile.
Speaker 2:Yeah, yeah. I believe that the thing that finally broke me was we had an ice storm in 2008 in New Hampshire that left an inch and a half of ice on everything in New Hampshire and I didn't have power for six or seven days. I lived in Manchester. I didn't live in like nowhere in New Hampshire. I lived in the biggest city in New Hampshire and I was just like this place is not inhabitable. Nobody should live here, and I literally just sold all of my stuff and moved to California. I've never been there. I didn't know anything about it. I found a roommate on a forum for motorcycles and I ride motorcycles on my way there and I was just sort of never living anywhere that does this.
Speaker 1:Wow, that is so crazy An inch and a half of ice.
Speaker 2:It was insane. I've never seen anything like that before. It was so crazy.
Speaker 1:Yeah, I would move too At that point. I would move too my gosh, but it's in Arizona today. So I'm happy. Yeah, it's very tempting to go to Arizona. My wife and I we like colder weather I wouldn't say insanely cold weather, but we prefer a good variation in the seasons and whatnot. My buddy was telling me that Flagstaff Arizona is a good mix of the seasons, and so now I'm on the mission of convincing my wife. Hey, we should go check out Flagstaff Arizona and see how it is. Now I'm on that 10-year mission.
Speaker 2:I can see snow from where I'm standing, so there's a mountain outside. I live in Tucson. There's a mountain just outside Tucson called Mountain Lemon. It actually is a ski area. You can ski for a couple months out of the year and I can see it from like. So it's less than an hour from my house to the mountain, so you can get to call by there if you really want to, you just don't have to live in it.
Speaker 2:I hate scraping my windshield. It's one of those stupid things that you're like it's such a small thing to be like, so it's not, but it's just one of those things that it's like 7.15 in the morning and you're exhausted and you only had a cup of coffee and you're trying to get to work and you're just like I hate this, I hate everything. But then again, I've never burned my ass on a frozen windshield In Arizona. Half a year I literally have to keep a towel on my car seat so that I don't get second degree burns on my butt.
Speaker 1:So just straight out to everything. Yeah, yeah, absolutely. Well, jackie, I'm really interested in hearing about how you got an IT, what made you want to go into IT overall and then what made you want to maybe make a I guess maybe a slight switch into security and focus more on security.
Speaker 2:Yeah, so I had a really weird, like meandering career. I've dropped out of college three or four times at least.
Speaker 1:Oh geez.
Speaker 2:Yeah, so I started with psychology and dropped out because I was poor and poor to afford tuition. And I actually did a stock broker when I was 20. So I went through an interview about higher class edelides. I worked as a stock broker through the financial crisis, moved over to SVB and managed cash for companies, and so it was like I had kids and I was doing the whole like quarter-life crisis thing everybody does and like doing psychedelics and like questioning mindsets on the planet.
Speaker 2:And I got an economics and finance degree because I was working in finance and I really wanted to learn how to write Python. So I was like, well, what was the easiest way to work, how to write Python? I was like, well, I already understand economics and statistics, so maybe data science would be a good idea. It seems to be an up and coming field right now. This is like 2017. It was like you know, also, it would be applying Python to something I already understand. So I did a data science boot count and I pushed my final project in my GitHub and it's got me jumped and he said hey, I am the data science person at this sim startup and we're looking for somebody to write algorithms for like anomaly detection and user behavior analytics, are you interested?
Speaker 2:And I really thought about working in cameras security, which is weird because I was always like my mom used to drop me off at Radio Shack when she grocery shopped. So I've never had to use a computer since I was like three and I always like I don't know, it's so strange, and like I actually grew up in the military on a couple of intelligence phases, so I've always been kind of weirdly adjacent to security, those types of things. That's how I initially got into it and then I think, personally, one of the things I love about security is, well, the gender disparity isn't a good thing. The bathrooms are always clean for me and there's never a line, so like that's a good. No, no, I find more than anything, more than any industry I've worked in, security is very much a meritocracy, right, it is a hundred percent a meritocracy and it's a really interesting industry and that people don't actually need to like you, they just need to trust you. And so you have all of these crazy like neurodivergent, like not necessarily super socially adept people. But I did like it, just felt like home as soon as I went to my first like DEF CON. You know my first DEF CON was mind blowing. It was like, oh my God, these are my people Like, and it's that everybody kind of wants to solve the same problems and I've always had problems in regular industries where people think I'm crazy because I don't think the way that neurotypical people think, whereas in security people are like, oh, your brain works differently than mine.
Speaker 2:Come help me with this problem, because between the way your brain works so it just seems to be an industry that's significantly more open to like everybody brings their own special talents. Yeah, and so I ended up moving from the random elementary school in my living room during the pandemic because I have three kids. And then after that I was like you know how do I combine cybersecurity with my finance background? And they ended up becoming an industry analyst. So I covered, like Sims or XDR, all those kind of like analytical platforms for S&P slash survival research, and that was how critical found me is. They pitched the companies to me and I was like I love this.
Speaker 2:So I hate regex. It's like a beta by existence, because when I became a data scientist nobody told me that before you can write an algorithm, you have to get this like beast of assist along file into something that you can actually use, and there were no good tools for doing that at the time. So I literally spent like weeks on regex when I was a data scientist. So when I saw Kerbal I was like this is amazing. But at the time they were kind of calling it an observability pipeline, which is what it was it's great for, but I was like I don't know, I'm sorry, but he really needs a looking security the thing we see like other people know exactly how important their jobs are to security. But security people are trying to work observability.
Speaker 1:Isn't that like right?
Speaker 2:Yeah, so, but so I thought it was a very long-winded story, but I think it's important because I have not met many people in security who came here directly, right, like, we all have these like weird backgrounds and like the diversity of background is usually what makes you good in security, because when you're dealing with, say, like, a financial services client, you need to have some background in that to really understand the nature of the threats that you're dealing with.
Speaker 1:So, yeah, yeah, it's a really good point. You know I have a lot of people reaching out to me, you know, constantly asking me you know how do I get into security and that sort of thing, right, and they kind of want that you know, 12, 18 month path into security. And you know I always tell them you don't want that path because security is so stressful and it requires so much context outside of security that you just simply wouldn't get. You know, if you went straight into security, yeah, you know, like you said, right, you kind of have to know how the financial industry works, the kinds of systems that they have in place, the methods and all that to really, you know, kind of understand like, oh okay, we're going to do security this way because we have this huge compliance standard with NYDFS that just came out, that you know they're going after companies for it, right? So, like this is a hot priority item. You know we need to get through it like this rather than this other, you know, industry recognized method that we've done forever. You know.
Speaker 2:Yeah.
Speaker 2:Yeah, I think my job is to be able to actually underwritten. I understand the statistics that an actuary uses. You know and I can form opinions about this is the way the market is going. You know right now we're underwriting enterprise value. I actually think we're going to go to a model where we underwrite the value of the actual data that they've risked and part of that is bringing that back. And I agree like I always tell people like you're not the non security background that you bring is what's really important and I think we in the security profession to do a lot better job of building those bridges. Because I agree with you, I hate the like. Here's your 18 month old print into a tier one analyst rule. That's going to suck your soul out of you, right? Because, like, that path is not going to get you into a really cool, interesting security game. It's going to get you into a tier one socket, which is not the best way to start out in security is. A lot of times those are kind of burn assured roles. They're really stressful.
Speaker 2:Yeah, like how many you can be like. Okay, well, I come from a you know a manufacturing background, right, but I really understand the physical security aspect of manufacturing. That's an entire like subset of security that is actually desperately in need of monetization. So go go into it that way, you know, develop opinions on it, like in that I think a lot of times people are afraid to have an opinion, but that's gotten me most of the best jobs I've ever had, right Is having like a contrary opinion on something.
Speaker 1:Yeah, I feel like that's a that's a pretty common, you know, attribute of security professionals is having an opinion on something that isn't isn't the norm, isn't the expected, you know opinion and you know I. I kind of go back to like when my wife and I we were building our house and you know figuring out where we wanted the rooms and everything like that, right, she wanted to have a more open, you know, floor plan and I'm thinking to myself, well, like that makes things too easy, you know, for for a potential attacker, right. Like I'm thinking from a physical security perspective and I'm thinking like you know, oh, I don't want a wall here because I want to put a camera there so I can have a wider view of range, right, Like like all of these things.
Speaker 1:And you know, when we're finally in the house, she's like oh well, I like you know, no, like no shades on the on the window because it blocks the natural sunlight from coming in, and whatnot. Like one. We live in Chicago, so we get natural sunlight like four months of the year.
Speaker 1:And two, you know, we're just opening our windows to attackers. And she's like where do we live? Like we live in a place that has literally zero crime? Yeah, who are we protecting from you know? But like, my mind works totally different. My mind is like like no, you know, worst case scenario, we already expect them to be here, you know that sort of thing. And she has to like dial me back.
Speaker 2:Yeah, it's interesting to think about, like how we think about security because, like what you're talking about, like some of that, is such an actual security. It's so good to secure a theater and it's really interesting to think about it like a post-911 world, right, like a lot of people under. It's so crazy.
Speaker 2:I think people under 25 have never known a world without security theater, I mean you didn't use to have a lot of that, and so I think some of that is like there are things you do because they actually make you more secure, and then there are things you do because they present the illusion of security right, like she is a security theater, because, realistically, if someone wants to run straight through those parachutes with something, they can and you know I didn't so, but I it's interesting to think about that because we're in the same position and like I shouldn't say that I might not lock my doors at night. Yes, yeah.
Speaker 2:Because I think it like I've had. I've tied my car. So, for example, I used to have a convertible right. I had my caribled three weeks in South Salem that it would just tie the barry out, but I'm supposed to be kept at top and broke into it and it's like a two brand for a new convertible top. So you know what I started doing. I just didn't lock my doors.
Speaker 2:I just left my car. I locked all the time, but anything really important in the trunk is, I figured you know like, and the top never got caught again. It's interesting to think about, like what things are actually secure, what things are and I had a kid that I was reading a book the other day about also like our perception of security and how much more dangerous the roles become and actually statistically the world's become quite a bit safer, you know, and that they fit a more dangerous person than they used to be, or things like our diets.
Speaker 1:Yeah, yeah.
Speaker 2:So it's like I don't know we let their kids watch school. Yeah, there's this perception that like there's all these people out there who are going to snatch your kids, but realistically, kidnapings are like are down by more than 50% since 25 years ago. So, it's a yeah, but I mean the same thing in cybersecurity.
Speaker 2:Right, it's like people we spend all spend billions of dollars on all this AI and sophisticated detection and it's literally just some dude in your mailroom that clears from the wrong link that call. Or your your HVAC system. You're using the default password for the system that operates all on your air and somebody gets it. It's like you can sit all the time in the world and you're spending all this money on stuff, but the end of the day, it's usually the little things that you're going to get that screw you over.
Speaker 1:Yeah, you know, that reminds me of, like the Octa breach that recently, apparently recently, happened right, where you know someone just dialed into support or you know whatever it was the help desk and they got access via that. And you know, octa was infamous for having top notch security never really dealt with a breach like this before you know, or anything like that. And I think that they I think they handled it fairly well right, because I felt like I was getting the information, like I felt like I was getting the updates as they were getting them. You know, like, oh, we just found out 100% was breached. Yeah, Sorry, yeah, you know, we just learned of it. You know, not like a whatever, whatever breach that was last pass right, that like, yes, really frustrated me.
Speaker 1:Yes, where it's like oh, you know, they don't have anything. They got in, but they didn't get anything. Oh well, I got some stuff. You know, some of the stuff is unencrypted somewhere. Right, they got some stuff, but you're fine. Oh, it turns out they got everything and your master password to your, you know, to your vault. Like guys, you should have told me this six months ago.
Speaker 2:Yep, yeah, how do you handle a data breach is a lot like obviously, the kind of data that's breached is really important, but how you handle it Like I think about this going through me you know breach, and I think that's kind of like on the polar opposite end where I haven't really heard a whole lot from them and I just keep, like you know, to your point. I said well, the last pass. It's like I haven't heard anything from them, like all I've the only thing I've seen in the press from them is that they still think they can be profitable as a company and I'm like how do you know if you could be profitable? I want to cover my DNA.
Speaker 1:Right yeah.
Speaker 2:You know I so I actually wrote when I was in industry at all this a couple of years ago I wrote a paper on my paper on zero shots and that, like zero stress is still you're creating a single point of failure. And that's like it's we, it's these first pull forces of convenience and security. Right, everybody wants to be super secure, but also we can't inconvenience people, because if you inconvenience people with security measures, they finally circumvent them. So it's this constant battle of like and octasease like a great idea, right Cause it's like, oh, it's all encrypted, but again, single point of failure. And so you know it's.
Speaker 2:I see these things and I think this I assume this is most recent kind of takedown of loft bit. If you've read through any of the documents about the US it's. They're basically like, hey, the US has single points of failure all over infrastructure. The AT&T outage the other day really kind of drove that home for me, you know, because it wasn't just AT&T, because it's an AT&T downlink satellite area, it's all self providers Block. People don't realize that, like self providers don't each have a tower, it's like they kind of choose each other's and yeah. So it's a really interesting thing to think about and how we go about managing that the kind of trade off.
Speaker 2:And to me I've always said you know, security is really a culture, and so I think what we need to focus a lot more on is how to just build security practices into your culture at your company. Because I could talk smack about that now because they would pay. Personally Can't sue me, but I went from Fidelity to SBB and Fidelity is one of the most conservative financial companies that exists. Right, they're boss and base, they're super. It went here like your first day there. They're like, hey, fyi, compliance is your best friend. Like they are here to save your ass, they are not here to ruin your day and not here to make your job harder.
Speaker 2:And at SBB it was kind of like compliance. Just they had these two people running all of compliance and when I got there, like lots of the stuff they were doing, I was like I had a supervisor lessons and my supervisor didn't, and so I was like we can't do most of this stuff. But it was like a check the box in there. And security is the same way.
Speaker 2:Security compliance can go hand in hand, right, and it has to be a culture, because if it's not just baked into everything everybody at your company does and if they don't unquestioningly trust security to have their back and to ask stupid questions, to be able to send efficient emails before, like if I because a lot of times I think people make bad decisions because they're straight to ask questions.
Speaker 2:They don't want to look stupid or admit that they don't know whether it's safe to click on an email or not, right, and so maybe what we do look at a lot more is like how do we make security more accessible to non-technical people and how we just bake it into the corporate culture, and most of the time we're just like we need to make the culture in most places where we focus more on like so and this is, I have this argument of people a lot if having security policies in place Prevent you from doing your job effectively, that's probably a procedure.
Speaker 2:It should, not a policy issue. Right, like, if the policy is really prohibitive, change the policy, but usually it's the way the policy is being implemented that people have a problem with. I'm really focused on is how do we separate policy from procedure and Acknowledge that, yes, some of these things might add some more work, but we can really optimize the procedure by which we do that, so that the policy is not prohibited to your day-to-day work. If that makes sense and they think like we're not design architects for security people, so we don't think about these things, but they have to start kind of going together the same way you would design UI products To, because it's it's not just technical people that get hacked, right, oh, yes, yeah, that's, um, that's.
Speaker 1:It's an interesting balance that well, one you probably wouldn't get if you went directly into security, right. So it kind of circles back to that, yeah, but you know that that's. It's a balance that actually I'm having to deal with right now, right, where I'm trying to deploy and enhance security controls, and all in line with security policies that my architects have created, but at the same time, I need to not create something so restrictive or enforce something so restrictive within these applications that my devs can't do their work, and so I. I have to actually work, you know, very closely with the business, that, with people that are much smarter than me, that you know, or languages, right, you know like there's compliance, you know, basically everyone. So just to make sure that the organization is not just secure but that everyone in the org can do their job as they expect to do it, you know, and that they've been doing it that way, and so it's a challenging balance, for sure.
Speaker 2:Yeah, do you find it also challenging to have to tie this up here, doing till a broader corporate initiatives To keep yourself relevant.
Speaker 1:Yeah, that's. You know that. That's like, um, I guess in my most recent role, you know, that's been a more of a focus right Of of me taking more and more ownership of. I'm basically a manager or director without the title, right, like the title is engineer. But all the stuff I'm doing like my manager even say, is like, yeah, all the stuff you're doing is, you know, director level role stuff, right, like I'm managing my budget, I'm, you know, putting out, you know company wide notifications and things like that, right, all the people I'm communicating with. And it's a learning curve for sure, that is. I mean I just spent like the last four, five months trying to figure it out.
Speaker 2:Yeah, yeah, and I think that's kind of where you've.
Speaker 2:Everybody, I think, who retires in their career goes through this process, where all of a sudden you realize that like you have to think like the CEO, even if you're working in, because if you want to get something funded, if you want to get people to pay attention to it, if you want you know, if you wanted to be more than just your pet project, like it has to tie into these kind of broader company initiatives.
Speaker 2:And so I was actually talking with one of my friends about setting up like a CISO training thing at one of our corporate events that we're doing, and I said you know, I think you should do improv comedy, like do an improv comedy class, because one of the things I find is that people in security are really not that a problem speaking, and so, like you not only have to be able to understand what you're doing as a security leader, you have to be able to articulate it to vastly different audiences.
Speaker 2:Right, the way you explain what you're doing to the CFO is different than the CEO, is different than the CTO. And then you also have to be able to get up in front of people who are going to pepper you with questions and you'll answer those questions. And I like I don't think that's necessarily something that people anticipate when they go into security that when you get to a certain point in your career, all of a sudden it almost seems like all of a sudden you have to become a significantly more robust professional. And you did when you were just doing like detection response.
Speaker 1:Yeah, yeah, it's a really good point. You know, I always talk about, or I try to on this podcast, talk about the things that kind of separate you right from from other people. And the reason why I do that is because those separation, those I guess those separation points, you know make you stand out more. And when you stand out more, hopefully it's in a good way. You know you get promoted, you get the opportunities that others don't get and that you know you approach different from from. You know, let's do improv. To me, improv would be very scary. I think I'm a funny person but I'm not improv funny, you know. That would be terrifying.
Speaker 2:But anyway, just have a bunch of people and like the people position crying on stage.
Speaker 1:Right, right, but you know what one of you said. You know they struggle with public speaking, right, or speaking to other people that they don't know, or what. Right? And this was also an issue for me, you know, several years ago, before I started this podcast, and somehow I got this idea to start a podcast and I could get it out of my head. So here I am, right, like over 150 episodes in. And you know you came on here, there was no prep. It was like, hey, this person's name is Joe, he runs this podcast, you know. And then like the same thing for me, like this person's name is Jackie, she's from Cribble, this is what they do, there's no questions, you know anything like this. If you go back five years ago, the thought of this conversation taking place would have given me a lot of anxiety, but now you know it's nothing right, like we're just having a conversation.
Speaker 2:No, it did muscle and that's like. So improv was terrifying for me too, like when I first did it. The number one rule of improv is yes, and which is basically no matter what the person before you says, you have to agree with it and add to it. So, and it's actually a really good lesson for how you should live your life, because I do some crazy stuff in my life, like I love music, festivals, traveling, and I've done all kinds of crazy stuff on purpose and accidentally, because when somebody's like, hey, do you want to do this thing, I'm like, yes, and we should also do this, which would make it even more epic, right, and so that's kind of like I. So I'm in Cribble. We have my team is very small, but with people who make content. We call our own team if it will do it live, because same thing, like almost no live streams. We do Like I'm usually finishing the slides for whatever thing we're about to do as we're starting the introduction on the recording. But I think to your point, it's a muscle and it's a muscle you have to exercise.
Speaker 2:And the other thing, like the thing to figure out, is that we all, we all have this like critical interior of failure and I guess in my career I've been really fortunate that I have screwed up so badly, so publicly, a few times that I have failed in the most epic ways you can imagine. And it turns out that, like, none of your family stops loving you, none of your friends stop hanging out with you. No, they think you're like, let me be true about worthless person. So you know, you fall on your face a couple of times and you're like, oh, it's not that bad. You know this podcast wasn't the best one I ever recorded, but maybe next week's will be better. You know, like everybody in your life is, like nobody cares, and that's the kind of thing that I figured out is like the work you do is extremely important, right, having this podcast, having a resource of people who really need it, is both extremely important and extremely important at the same time. So I keep looking to figure that out. It makes life a lot easier than that.
Speaker 1:Right, yeah, you bring up a lot of really good points there. You know, with having you know, I feel like it's so important to have I don't want to call it a safe space, but you need to have a space where you can fail constantly in tech. You know, like one of my first jobs out of college, I mean I dropped a bank's database, like I didn't even know the term drop right, like I accidentally deleted this customer's database and they were a bank, and then I spent the next you know two days, right, fixing it and restoring it from logs that I didn't even know could be restored from, and you know all this sort of stuff. They didn't lose any data, they had no downtime, right, but I still dropped their production database and you know in a lot of companies on a lot of teams.
Speaker 1:That's like immediate termination. Like, okay, you don't know what the hell you're doing, like, get out of here. You know. But I was also very open in the interview. Like, hey, I don't know what the hell I'm doing. Yeah, like, I need to be taught, you know, and that was a huge learning moment. But like, and that's just one of like a hundred, you know situations that I was in at that company alone, right, and so I developed, you know, the greatest troubleshooting doc ever at that company. It's literally still in use.
Speaker 1:Where you know, when someone encounters a random problem, they just go look at my doc because I guarantee you I've encountered it and there's a whole section of SE Linux and before I encountered SE Linux there, I never touched it, I didn't know it existed, literally. One of my customers was a federal agency and he said, hey, we need to turn on SE Linux, you know, on this server. And I was like, okay, turn it on. What's the problem? He goes, no, it breaks everything. I was like, whoa, that's weird, you know. And then I would. That was rabbit hole for three months of knowing way more about SE Linux than I ever wanted to, you know it's, it's really interesting.
Speaker 1:And then you know you bring up the the yes and perspective from improv and I actually do that with like all of my trips. You know that I'm planning a trip to London for my first time in the fall and I'm going with a friend. I'm bringing my wife and my one year old, and you know he comes from a different background, I guess, of doing trips right, where they kind of plan everything around food and you know everything else kind of like falls into place. I guess I am the complete opposite. I am like like no, like we're going on this bus tour, we're going to get off, we're going to go have drinks here, like all of it. You know, because when I go somewhere new it's like well, let's do everything, like I'm not here to sleep, like if they're open at 4am, like let's go at 4am, Like I do not care. You know, yeah.
Speaker 1:It's the same thing I did with my Germany trip last year was, you know, every day was another adventure, like one day we were in the mountains going through castles for the entire day, walked an entire marathon. I was dead tired at the end of it. And you know, the next day was a football game. Right, like, went to the football game, did a full day of drinking. You know, I got to see my buddy not keep up. That was fantastic, you know, like the whole thing, you know it's. It's that ability to just want to keep going, you know, want to keep exploring and pushing and seeing what else is out there. I guess.
Speaker 2:Yeah, yeah, and I just kind of always done like that. I think some of it is that I grew up super sheltered, so if you were poor and I was homeless when I was 19, like I, so I never got to go anywhere. Like we went on like two trips that I can remember as a kid. So when I was finally an adult and making a lot of good money because I was working in fine ass, it was like I want to do all the things, I want to do everything, like there's no reason not to try anything because I didn't get to do anything when I was a kid and I always had like I've always had health issues, so I've also always had this kind of like my clock might be ticking faster than other people, so I need to do all the stuff you know before you know before I run out of time and health to do it.
Speaker 2:So that I just I feel like everybody's. So one of the interesting things I've also found is that, like I used to think that everybody's idea of happiness was roughly the same, and I think that as I've grown as an adult, I figured out that we're all wired completely differently. Like everybody's brain is wired differently about brings people happiness, and joy is completely different from one person to another. It's like growing up in New Hampshire. It's a lot of friends who live within 10 miles of where we graduated from high school. We were married to somebody that we went to high school and you know, they've literally never been. I have a friend who's never been west of Tennessee because they live in New.
Speaker 2:Hampshire like doesn't have a passport but they're happy and or ish and so like, if I don't know, I just think that I know I'm ADHD, I know I'm autistic, so I know that my brain has like a 40% higher need for stimulation and activity in most people's. Yeah, I'm all about like maximizing the hour line for every moment I'm awake because, like, I think that's just how ADHD brains work. Right, we're much human optimization machines.
Speaker 1:Yeah, yeah, you got to. I don't know like I'm, I don't know if I'm ADHD, but you know I find that I have to at the minimum. I have to have a goal, you know, at all times, right, and I need to be making progress towards it and I have different ways of kind of tracking that progress and whatnot. Right, because when I don't have that, I start I don't know, I like start going off the deep end, right, and I'm like no longer focused. It's very easy for me to get into that spiral, right.
Speaker 2:You don't know if you have ADHD right, right.
Speaker 1:You know, I guess I've never been tested, or whatever.
Speaker 2:I didn't get tested until like four years ago. It was crazy too, cause it's like a list of 45 things that you thought or like character flaws about yourself, and all of a sudden you find out like, oh, it's actually not that I'm human garbage, it's actually just that my brain is wired differently than other people's.
Speaker 1:Right, yeah, it's interesting, I feel like, as, as time goes on, I just figure out how, or like, different everyone is, you know, and how different everything is, you know, and how to appreciate that it's. Um, it's an interesting thing that I kind of recently went down, I guess, but you know, can we really?
Speaker 2:so it's really important with regard to AI, to understand how different people are and so to actually talk about something technical here, one of the really interesting things I've been thinking and researching a lot about is diversity as it relates to artificial intelligence and as it relates to technology in general. Um, and so any modern times that people and I'm going to go out of kind of a tangent people take of DEI as like a PR thing or like it's a moral issue and like, yes, morally we should all iron diversely and hire every candidate. But it's actually also just a technology usability issue, because if you don't want a world that's primarily built to serve mostly male, mostly white men, then you can't have mostly male, mostly white men building all of the technology and this. That sounds kind of, you know, like a political stance, but it's really not in that. So if you take the politics out of pronouns, right, and you don't like and we ignore who you know, we want to argue over whether there should be more than two pronouns. Well, guess what, in the Thai language there's like 20 something, because in the Thai language your pronoun encompasses what you were born as, what you currently identify, as is who you like to date. And so we were talking about something like generated AI.
Speaker 2:When we're trying to talk about canonical inferences and being able to understand text, if we don't want generated AI to only be a utility and helpful for English speaking people, then it can't just be written by English speaking people. And so another example is like English and Spanish are both romantic languages, but the way you say I love something and I have something or the same in Spanish. So this comes into play. When you're talking to a generative, like I'm putting props into gen AI. If I say, let's say, kiaro tacos, how does that generate AI know whether I'm giving it a piece of factual information? And saying I love tacos because take Kiaro tacos means I love tacos, romantically, right? Or Kiaro tacos meaning I want tacos, and that actually makes a big difference to because one of those is input and one of those is requesting help, right? If you say I want this, you may be requesting to get that thing back.
Speaker 2:So diversity another place this comes into play is hardware. So hardware is predominantly built for male frames. So when you think about something like the Apple Vision Pro, causing a lot of women and smaller framed people massive migraines, it's probably because the people who designed, built and tested that we're all skewed towards a specific population. So this is one of the things I think is really interesting to think about, in that diversity in technology is not just important because in a utopian world, that's how it would be. It's important because it's going to make, it's going to determine whether or not technology is only useful for a small group of people, and that's important, right?
Speaker 2:So the hugging face shout out. The hugging face is a nonprofit. It's super dedicated to democratizing machine learning and AI and I'm like those are things that are really passionate about, because we have a technology that has the ability to fundamentally transform the way humans live and to provide benefits that a large percentage of our population has never had before. But we can only get there if we build it so that it works for all people, right.
Speaker 1:Yeah, it's a really good point, and I've had on, like AI researchers before and I talked about this where, like, how do you ensure, right, that the AI has enough diversification of its data and how it's making its choices, and if it hurts a certain group of people or just advantages a certain group of people, or whatever it might be right, like, how do you protect against that and how do you have, potentially, I don't know, like a base set of language or a base AI model, right, that this other AI model can check itself against is like, oh, did I make the right decision here?
Speaker 1:Like that's where the people come in, I guess. But it's a really it's a fascinating area because, as humanity has evolved, we've never encountered something like this before. It's never been. It's never been a thing that anyone ever really thought about. It's never been a thing where we thought about, like, is Google serving me the right search results, right, based on I don't know where I live, or whatever, right, those things have never come up before. It's really interesting where we take it, because this will, like you said, this will really have the capability of advancing civilization as a whole. This can either go really well or it could probably go really bad.
Speaker 2:Hopefully, it goes really well.
Speaker 2:Yeah, for sure, and that's it's something that I think that I don't tend to be as much of a doomsdayer as a lot of AI people are, that they do potential. I do see the potential for things to get out of control. But also, just like a bucket of water, right, like there's just a bucket of water on it. No, but what I do? I think it's something that we need to. There's this phenomenon that I've always encountered in tech where everybody assumes that somebody else smarter than them is focused on this problem, on any problem, on any equity problem that you bring up in tech. Like I think most people always assume there's someone else who's gonna deal with that. Like because somebody smarter has already thought of that A lot of times. Like seriously, nobody's brought it up. Like there are some large technologies that have been released that people are like, oh, what about this? And oops, like I remember the it was the one of the Apple washes that was released. Like the Apple wash, the face of it was too big for like 40% of women's wrists.
Speaker 1:Yes.
Speaker 2:And actually I have comically small wrists anyway, but I haven't seen an issue with like this is not what this wash was intended to look like, right, so I really have.
Speaker 2:But yeah, I think everybody was assuming somebody else is doing this and as the world becomes more complex, that phenomenon will probably increase.
Speaker 2:So I think one of the big questions we have to have is how do you put in place checks and balances to make sure that someone actually is thinking about these things, and how do you try to control like we're also trying to make regulations at like a state and even country level, and data and technology is local. So the other thing is like there's all these different NGOs that are trying to do things. So we have to come to a place where we're coordinating these things a lot more closely so that everybody is kind of aware of the state of technology, the ideals, you know what we're working towards, cause it seems like a lot of this stuff, some of these decisions about you know, do we make it more equitable, or do we make more profits, or are being made behind closed doors. So I think there needs to be clearer expectations that for when one of these paradoxes comes up that has the potential to impact a large number of people. Those decisions aren't just being made by a small group of people, and they're being made in a public way.
Speaker 1:Yeah, I think you bring up a great point, right Is that it's very easy for us to kind of assume or think that, you know, someone has already thought of this, they're already working on this, they're already doing acts, right, which really isn't always the case, and it's probably happening a lot less than what you would expect.
Speaker 1:And the difference, right, someone may even have the same exact idea, but the difference is, if you act on it, it's actually, it's if you actually do something with it, and that's, you know, that's the important part. That's, honestly, that's what separates, you know, I would say, you know the people that you hear about. That's what separates them from everyone else is that they get an idea and then they find a way to make it work. Like, however, whatever that looks like, whatever that takes, you know, they just find a way to make it work. And I feel like, as technology professionals, we kind of like got to get out of our own heads, you know, with that, because we're so analytical by default, right, that you know we'll overthink something for years before actually moving, when it's like, hey, you should have done this, like 10 years ago.
Speaker 2:Yeah, yeah, I mean like, how many times does the technology come out? You're like, oh man, I had the idea for that like 10 years ago and it's like, yeah, but you didn't do anything about it. It's a issue, yeah, great, we at Adobe always assume and that's like people so many people underestimate their power, and this is the thing when I so when I came into security. Here's the thing we're all talking about how great it is to get into security from other industries. But we should acknowledge that when you do get into security, if you're new in the industry, it's really easy to feel like an imposter or feel like an outsider or feel like you're faking it because you're moving somewhere. But that goes back to what I was talking about with insecurity. I found that people don't really necessarily need to like you. They just need to trust you, and I've earned a lot more respect from my peers by being really clear on where my skills end than demonstrating those skills themselves, because I come into a room full of security engineers and these people can hack your router in four minutes with a fluke or zero. Like. I'm not that. I'm a data scientist and I only worked as a data scientist applying it to security for a little over a year, so but I know that what I lack in actual technical ability to pop your Tesla's gas door, like I made up for in my ability to communicate, so, like my superpower, is communication and translation. I can take. I can sit down with your security engineers and they can dump on me all the technical stuff that they're doing and I can take that and make it into a store. You can tell your customers. I can make it into a store. You can tell your marketing team, your sales team and so like.
Speaker 2:There's a lot of different skills required around security to make a security program successful. Like communication, like marketing, like training, like cause. There's a big difference between knowing how to do something and knowing how to teach somebody else how to do it. So I was a facilitator for a long time another communication job, right. So it's important for the knowledge that you may feel like a fish out of water if you get into security or you join a new industry, but you need to understand that, your ability to know your limits and to say, hey, I've actually never had experience with that, but it's something I'd like to learn more about. Where could I read about that? Like people will respect you 10 times more for doing that than for immediately. Well, should they get an answer, because you feel like you should have one.
Speaker 1:Yeah, I've always found there to be a lot of value when you're more honest, more open, more upfront about your own limitations. You know, because people will keep, I guess, kind of drilling you or drilling you, especially in security, in the security world. You know, as soon as you say like oh yeah, I've done this for 10 years, or I'm an expert in this, I built this, I mean in security, it's like okay, well, guess what? I understand what that is and let's talk about it. You know, like we're gonna talk about it at a level that like if you didn't build it yourself, you're not gonna know.
Speaker 1:You know, and I've been on both sides of that interviews, right when I've said you know I'm an expert in something and they just completely grill me on it. And you know, thankfully, like I've got him past it because you know what I put on my resume is the stuff that, like I have done. You know, I'm not like bluffing it. I may use words that I may like rarely use, you know, because, like you know, you don't wanna use the same like verb or adverb or whatever it is. You know, agitate to describe something right, but like when I say like hey, I built this thing, it's like. No, I actually built it, like you know, because I really don't wanna be in a situation where someone points out a point and I can't answer it at length, you know.
Speaker 2:Yeah, oh, we've all been through the experience of seeing, like an ex-co-worker's LinkedIn and seeing all the shit that we did that they're taking credit for and you're like, oh really, you made that happen, huh.
Speaker 1:Yeah.
Speaker 2:Yeah.
Speaker 1:I know. I don't remember you on that project.
Speaker 2:Yeah, yeah, and do you ever call that the George Santos effect? Now, is that? Yeah, I mean, I think that's true Like there's a lot of power in saying I don't know, like there's a lot of risk in saying it if you're the one who's supposed to know. But in a lot of circumstances you're not the person who's supposed to know and I'm, you know, like people aren't looking to you to have all the answers, they're looking to you to know where to go to find it. Yeah, and that's the kind of what your utility is, a security professional usually is. It's like I don't know everything, but I have a process that I can go through or I can quickly get to the information that I need, process it and get it back in the form we can use.
Speaker 1:Yeah, that's a key distinction there, you know, being able to say I don't know and then also following up with what I can find out. Yeah, In today's, you know, modern age, right, 2024, like, you can absolutely find something out. If you don't know it, you know, by a simple Google search you don't have to go to the library anymore and hopefully they have a book on it, right? So, like, there's no reason why you can't, you know, say that and actually follow up with it with the real information. Well, you know, Jackie, we've gone this entire time and definitely doesn't feel like 50 minutes, that's for sure. But you know, I'm I try to be very conscious of everyone's time and you know I don't want to go over because I know that we're all booked. You know, meeting after meeting. So you know, before I let you go, how about you tell my audience, you know where they could find you, where they could find Cribble, if they want to learn more and maybe they want to reach out.
Speaker 2:Yeah, absolutely. I've been on LinkedIn, so LinkedIn slash Jackie's in security Can interpret that whichever way you want to. Yeah, and Cribble. You know we love Cribbleio, or you can also follow Cribble on LinkedIn. We have a fantastic social media manager who makes a pretty high quality means. You know we didn't talk a ton about what Cribble does, which is my preference, because I think that it's a product that is much better for people to do than use. But if you have questions about moving data, making use of data, any of those things, you're more than welcome to reach out to myself or anybody else on the Cribble team.
Speaker 1:Awesome. Well, thanks everyone. I hope you enjoyed this episode.