We Hack Purple Podcast Episode 8
In this episode our host
Tanya Janca (also known as
SheHacksPurple), talks to our guest
Tracie Martin,
to learn what it's like to be a Principal Security Engineer for IoT! We discussed DefendCon, what it's like to hack a SMART Bike and more!
Tracie Martin can be found here: Twitter
and here
This episode sponsored by Ubic Security!
Watch THIS episode on YouTube!
Transcript:
welcome to the we hack purple podcast
where each week we meet a different
person who has a completely different
job
in the information security industry
this week we have juliette
at caffore and she's going to tell us
what it's like to be a ceo
of a startup in the security industry
and our sponsor this week is threadfix
by denim group and basically i want to
thank you all back
i want to thank you for coming and
without further ado
here is juliette and now i'm hiding the
image
it's working okay there we are and we're
live welcome
hello thank you so much for being on the
show juliet
thanks for having me so
the show is more about my guests than it
is about me oh yeah i'm supposed to
introduce myself i'm tanya jacob purple
um so
juliet could you tell us uh your name
and also if you have a twitter handle or
a handle online that you're known by
sure um i am julia rocofor ceo and
founder
of revolution cyber and uh i'm
often on twitter as jules management
j-u-l-e-s
mgmt i love that i love that and i like
how you also
told me your job title because that was
my next question
so can you describe what your job is
because people are like ceo
so big boss and that's all they know i
know
and i literally go by chief engagement
officer rather than chief
executive officer um and and i did that
because
i i i like the idea of a flat
organization i think the title ceo
says more about someone else than it
does me
um mostly because of course i recognize
i'm an executive i don't think i need to
tell everybody that's what i do
but um at revolution cyber um
you know part of what it is that we that
we're trying to build is really a
community
around topics related to security
awareness and um user experience
um and strategic communications around
security that's awesome
i like that a lot chief engagement
officer
on internal stuff i have my title as
head nerd
well when i was at microsoft my i
printed business cards that said accept
nerd
at your service and my boss was like
this is so
true this is so true
they were right they were right but
there's but it's not bad to be a nerd
anymore so that's actually
pretty good oh yeah no no i agree i mean
we're the people that make stuff work
and so
so your company does security awareness
can you describe what that is in case
some of our audience doesn't know what
that means
yeah so i i struggle with the term
security awareness
we we we make people aware of ways to
make better decisions
but we go beyond that in that we're
communicating
on behalf of the security team with
users
in normal english in ways that they
understand
about why they should should do good
things with security
and why they should stop doing bad
things with the guard security that's
really what we do
we're we're not a training company
either we're mostly focused on
how do we reduce the risk associated
with user behavior
and we will we will build campaigns
marketing
um we'll build ambassador programs but
the idea is around engagement
how do we engage users around security
oh my gosh that's super cool i like it i
wish that so many other places that i
worked
had had something like that i know it
could be really painful
i remember as a software developer
mostly viewing the security team as the
department of no
and them coming up and telling me when i
did things that were wrong but never
explaining to me what the right things
were
just how wrong i was and think about
like when you like were a kid and your
parents just told you no with no
explanation it was kind of like because
i said so
how often were you motivated to like do
the thing they wanted you to do
so my whole premise is
why don't we treat people like either
human beings or people who can make
choices
that's that's all it is yeah like with
respect or something right
a little bit of that doesn't happen
doesn't hurt
at all so what is a day in the life
like of a chief engagement officer
um i heard that sign yes
it is you know it it no day is the same
um and what you're constantly trying to
figure out is
how to translate what the security team
knows
into something interesting and engaging
for um
for the employees so we really
act i act all day as an employee
advocate
um having security teams really consider
how people who are non-technical want to
receive information so
i spend some days doing research online
i spend a lot of time listening to you
know on security calls
i meet with a lot of vendors because
part of what my job is
is to we act as an integrator so we'll
we're partners with
know before we're partners with mimecast
we're partners with proofpoint
um and our job is to pull it all
together for the benefit of the
organization so
i spend a lot of my day trying to figure
out creatively
how to build solutions around um cyber
security
and uh policy management as well that is
awesome that's so awesome
so do you okay so
i've had a lot of people be at so i
started a company too this year and i've
had a lot of people say
you know what is what is your job like
and i say
so i get to do really fun things half
the time and the other half the time i
have to answer emails and i hate it
i don't even talk about the emails i'm
checking all day and night yes
i agree do you feel like there isn't
like a number of emails that is just
unsustainable like
how do you do it right you know
i i miss things all the time i think the
only way i do it is with my partner
chidi um she'll ping me and say
they said they need a response now and
and i'll go back and like oh my god
because you know some things come in and
you say to yourself oh that can wait
um by the time you get to 10 of those
things it's probably time you turn
around and start answering some emails
so
um i i couldn't do it without her
and then i flagged my email box um i
don't have you know the xero inbox i
can't do that i don't know how people do
it i don't do it
my email box is messy and it's full
spoken like the truth
oh my gosh i like though that you're
actually telling the truth because i
really appreciate that because sometimes
people
they're like oh yeah it's totally
glamorous all the time i'm like no it's
not
no it's not no it's not
no um and and for more truth i'm like
wearing
partially like i'm dressed up here but
have my pajama bottoms on the bottom so
like
legitimately it is not glamorous this is
like
cute up top and then it's like bedtime
at the bottom
but it's like after nine o'clock eastern
so i figured you wouldn't judge me
yeah no i oh i guess it's kind of late
for you
well not late but yeah it's true later
yeah
are you in are you in new york no i'm
actually i'm from new york city born and
raised in brooklyn
i lived in dc for a time but just moved
to columbus ohio oh
nice very nice columbus is fun
is there a lot of nature there i heard
that there's lots of kind of beautiful
landmarky naturey things oh my god yes
so one of the things i did today
is and and what's the okay so this is a
this is one of the
glamorous or the great parts of being a
ceo i was stressed out this morning
and so i'm starting to do piyo i don't
know if you guys have heard of it it's
definitely it's like a combination of
yoga and pilates
oh my gosh sounds awesome yes it is but
it's
remarkably tough on the arms so i'm in
pain now but
um after i did that i actually drove to
a man-made beach
um and it's like it's called allen state
creek park so
it's a park and i walked around and like
started to get my creative juices going
and i just stood by the water
it was amazing that sounds wonderful
i sometimes so i have a farm on my
property so i like turn my property into
like a very small firm and so
sometimes i just like if i have a really
tense thing
happen i'm like i'm just going to go
prune tomatoes for one
hour disappear and you're able to get
out of your mind
like it's good so
at this point i am supposed to tell all
of our viewers
please click the thumbs up button if you
are enjoying the show
and i'm also supposed to tell everyone
that i published a book
called alice and bob learn application
security
and that you should check it out on
amazon and now i am done that part of
the script
it was really smooth right you could
barely tell i mean
it was like a full-on production like it
was hollywood style it was it was great
it's not it's not as good as you because
so we met at this the cyber security so
where they called the
women's cyber jitsu like yearly awards
or what was
it was oh hacker wasn't
like it was six it was something
it was a hacker six it was like yeah it
was a new event
yeah yeah and then jules was the emcee
and she had me cracking up i literally
was crying i was laughing so hard it's
like who's this woman i have to meet her
i'm gonna try to be her friend and
hopefully she'll think i'm
adorable and not creepy and it seems to
have worked
it works
okay okay so more questions okay more
questions
so it takes a certain type of person to
become a ceo and like start their own
company
and personally i think it takes some
bravery
what types of personality traits do you
think someone needs to be a good ceo
or a chief engagement officer
um huh you know i don't think the goal
post
is good because i think we can be overly
critical of ourselves
and i'll tell you whether i'm good at
this or not changes from hour to hour
sometimes minute to minute
what i'll say is you have to be willing
to take risks um you have to be a risk
taker
and it doesn't mean like these big kind
of you know
you know everything or nothing risks but
you have to be willing to take steps
without knowing what the end result is
and really stepping out without knowing
if there's anyone to catch you
um and so i feel like a good ceo
can do that while building a business
and while developing talent which is
all a juggle right it really is right
because you are
probably also the like the subject
matter expert at your company
and you are the manager of all the
people and you're trying to get the
business and you're like
everyone don't fall apart or run away
yes
yes it is you know it's so funny
that my mother um
she was like why would you leave like a
really good job to just like go and
worry if your customers are going to pay
you like why
why do that does your mom know my mom
they must know each other there's a
network
because my mother was like so you're
going to leave a good job to go
do something where you're not sure that
check is going to come in i was like no
it'll come in it will and
eventually it did there was some time
but um i just i think i'm just like made
for this whatever this crazy chaotic
process is i made for this i love it
i like i really like your attitude thank
you
so what types of like aptitudes do you
think someone would need to be a good
ceo like attention to detail
or hyper focus or being able to see the
big picture of things
the biggest one is knowing your
weaknesses
the biggest one is if you are able to
spot
and admit to admit your weaknesses then
you can hire a team we were talking
about the people you've hired
right because there are certain things
in business you want to do
certain things you don't want to do
certain things you really shouldn't even
try and do
yeah you've got to be able to admit that
to yourself early on
and then hire for that talent so one
thing i'm really really bad at
is administrative work and look i'll
i'll go ahead and say there's nothing
wrong
with with work i believe in and i
believe in like
an admin work and admins and how
wonderful they are i am one who supports
they they are gods and goddesses oh my
completely
it is the one skill set god said we will
not give this to you
you will not have sex
so i i literally rely very much on
people around me who are very process
oriented and very
um you know ocd about organization yeah
so i'm surrounded by those people and um
i have to build systems so i need things
to be automated
because i am neuro-diverse i'm i'm adhd
and gifted and
highly sensitive person like i'm a lot
happening in here
um and so i just i just admit that
that's the thing
the benefit of me is the creativity and
the ability to win business
um but it creates a lot of like an admin
headaches for the people around me
i i feel your pain so much
yeah i i think there are many more
people like us than people admit
oh yeah i also think too that because
we're women sometimes people just assume
we're good at admin
like they just they're like you're a man
of course you can just fix this window
that's broken
and i've i've had so many male friends
where they're just like you know that
when we're born they don't just like
stick
tools in our hands right like it's just
and then they're just like obviously she
knows how to do all these
obviously she likes taking notes because
she's a woman
you're just like no i know i mean i i
remember it was the situation i was in a
room
um with my customer mail and um
uh we we gotta we were ending the call
and i was like so
what would be great is if you take the
notes and you can send them back to me i
know it
he kind of paused like wait one you're
my vendor
you're asking me to take the notes but i
said to him i'm like you're so organized
we could spend all day with me in my
scribble scrabble why don't you do it
and he he understood i mean the fact is
my customers understand that there's a
bit of crazy in here but there's also a
bit of like results oriented and
and you know high energy so i i'm not a
note taker
but there are other benefits and i have
a memory my memory is ridiculous
oh i remember that's good i have to take
notes because i don't have memory it's
like also i learned that
by taking notes in meetings i could boss
people around
and when i learned that i was like i
will take all the notes get out of my
way
and then in the notes i'm like action
item in bold adam
you said you would do this and and then
i like send it to everyone and then
a few days later i reply all i'm like
adam steve jennifer
you said you would do these things where
are they and i'm like it's in the notes
and i do that to like my boss and my
boss's boss i'd be like jim it's in the
notes i don't know what to tell you
it said you have to do it
i love that oh my god
well that's that's how my partner
bullies me she's
always just like jules did you read the
notes so i'm like oh yeah
oh let me you're right let me go
let me go look in those notes and then i
feel bad because i'm like they're right
here
just do it i know it's like oh no
i know see the power of the notes yeah
i'm on to i'm on to it now
i know but if i had a memory i mean then
i don't know i would trade
okay so i have more questions
so do you think that a ceo needs to have
technical skills and if so which
technical skills do you feel that they
need because lots of other jobs that
we're talking about they do
actually have certain technical things
they need to know but as a ceo can you
just walk around and kind of
just be like in the air do this
do that and then you're and then you
probably need to be like the best
powerpoint
person ever you like email like a boss
no no no no not email like a boss no
um see here's the thing there's a
difference between being a ceo
and a leader right yeah so if you're
going to
lead you have to be able to demonstrate
to people that you're worth following
and the way to do that is if you're
leading technical people you should have
some technical skills some
um one just just something you can point
to and say yes i've got that skill
um what what i did when i first got into
cyber security about four
uh six years ago now um i sat in the
sock
every day alongside the engineers and
the analysts and
um and and tried to understand like
what they were doing saying what the
language was
um so that and i was just trying to sell
sell the solution
but i figured in order to sell it i
needed to understand what the technical
guys were saying
and i needed to be able to speak their
language speak like they did
so that they would respect me yeah um
and and i think just over time i don't
have any certs till today
that's one of the things i've said i
want to definitely get one cert
just so i can say that i have one
um but but i i i don't think that that
it's required
i think a lot of that is a perception
management thing for me
um and just to demonstrate to myself
that i could get a sword i just
haven't done it right i don't have any
certs
and and i now make a cert
through my company i love that
so you know what i gave myself the cert
that my company because i am like well i
wrote the entire program
all three levels so i guess i'm allowed
to be this you might know
something about it yeah yeah and so wait
so
you're doing application security yeah
huh so are you familiar with secure code
warrior
oh yeah oh yeah i know them well they're
lovely humans
that's so so how do you in them kind of
fit
um so they teach sort of hands-on
gamification lessons
of how to write secure code well our
first program
from our school is like a formal lesson
with videos and you have written
assignments and there's quizzes and all
of this
and the idea is is we teach you how to
create and launch and run and measure
and improve
an application security program so from
the beginning to the end where you have
a super advanced thing it's all measured
and everything
a customer for you one of my clients
would be a great
yes i love that okay awesome but
yes i i kept seeing that but i wasn't
sure
how it fit um and like everybody says
that they have an academy and
sometimes it's really not it's just like
a video
i know i have seen some really brutally
bad courses and so when people are
seeing us with like our 4k camera in our
studio
and like we have animations that come on
and words that appear and disappear and
then
and i'm a really mean teacher so i make
you do like big assignments
oh someone someone is putting in the
chat
what no certs i'm the opposite i only
have search but no experience or degree
because i'm new to the field
well siri we're happy you're here yes
welcome and look at us we're both ceos
of startup companies and we don't have
certs so it turns out
you are even more prepared than we are
in some ways look at that
yeah but i think the thing is experience
and i think that's the biggest
hardest part um so you're doing training
and preparing people for
um you know the world of app security
and i'm doing
training on in some ways um as it
relates to
helping developers just
just want to do the thing i just want to
i i thought that once
you actually teach them what to do um
and i think it's it's about soft skills
too it's about you know
the kinds of things where you're
influencing and you know persuading and
teaching all of those things are really
good
um ways to develop the skills that you
need in addition to the search
people not not getting hired because
they don't because of search
if they typically don't know how to
prove themselves beyond the cert
right so that's the biggest issue well i
find getting that first job
the most difficult and then once you
have that first job if you've been there
a year or more
it's like the world's your oyster at
this point you're like
people have shown that i know how to do
this
i think the issue is the gatekeeping
to keep people out of the first job
there's so many
entry level you need five years which is
ridiculous
totally ridiculous um actually so
i'm gonna just thank my client or my
sponsor again because thread fix and the
denim group are actually hiring junior
application security engineers and
junior pen testers so if anyone's
listening
go down to the denim group or thread fix
site and go to their careers page
because they're like oh do you know
anyone that's looking i'm like well i
have a podcast
and so how many and they're like we have
realistic job postings like we want to
work with
really nice people because we have to
work with them
and then we can we can teach them and
show them stuff and i'm like that's
amazing
but are they are they hiring any oh and
it's remote
oh really yeah is it beyond is it like
just
junior or can you have more experience
there's also senior ones and
intermediate ones they're hiring like
they're hiring a whole bunch of
consultants right now so
surrey on the chat you should
you should apply to um i i should go
through my emails and get the link and
then put it in the podcast notes to make
sure everyone has it because
that'd be really good yeah and i shared
it from my twitter yesterday but yeah
maybe i should share it again because
most places they're like oh we want 10
years experience so that you can be a
junior
and it's like that's impossible like do
you understand how math works
um and i mean for that reason i'm
actually working with a company
um what's her name why can't i remember
their name
luda security oh luna with katie
katie who's amazing katie missouri for
people who
yeah so yeah i mean the thing is that
the interesting thing is hiring you know
um all
non-traditional talent is a major
initiative just across the board
but i love her commitment and passion um
you know neurodiverse women lgbtq you
know really young people junior people
looking for an opportunity so there's so
if you're looking
ludo security is also going to be
looking as well i'm going to type this
just into the chat
perfect
i can't seem to type and then talk at
the same time
but like i'm trying so hard
[Laughter]
we all have different skills okay and
i'm gonna put it on the screen now so
luna's security and denim group are
hiring so now it's like on the bottom
i'm gonna put it actually a little bit
below so it's like it's not blocking
your
i'm not supposed to be able to see that
right no you're not supposed to be able
to see it it's okay
it's in um the streaming software as
opposed to in our
our private chat so like on skype it's
private between you and i and then i'm a
jerk and i'm broadcasting it to youtube
no i thought this was private
i actually usually have a script
whenever i call jules so she's used to
this
okay okay can you imagine
you're like she's my weirdest friend she
also thanks sponsors
randomly because she's just such a weird
lady
i have to thank my sponsor now i'm like
okay
keep going you're going ahead don't let
me stop you
okay so let's say someone's watching
this jules and they're like oh my gosh
i want to be a ceo like jules one day i
want to start my own company
what types of training or work
experience do you think they should try
to get so that they would have some
of the skills so that then they could be
brave enough and
and i mean brave because they're
prepared and they know what they're
doing as opposed to just being
not thinking and and um making a poor
choice and jumping in exactly
someone who makes impulsive choices yes
um
you know there is no one way
to to to become a ceo um i
found a lot of ceos have stumbled into
it
or have had validation from an external
source telling them that they should be
a ceo
um so most people don't know when
they're ready but beyond the fact that
i talked i talked i spoke at the diana
initiative and i talked about
um spaces and really focusing on
when you know that you've you've
outgrown your space
i think a lot of a lot of where we are
especially with covid and you know
um and just the remote workforce
you really can be your own boss
in this environment and i think there's
a difference though between being
a um a contractor
an independent contractor and a ceo and
the difference between the two is one is
kind of an
individual contributor role where you're
like you take projects you manage them
someone pays you you know you don't have
any um any
uh company you know who's paying your
salary doesn't come consistently
um but if you're a ceo you have to be
have leadership skills you have to be
able to communicate
you have to be able to present
information clearly
um but i think more importantly you have
to be somebody who
can um translate information between
multiple stakeholders because
as a ceo you might be talking to
investors
you know vendors customers partners
you have to be someone who feels
comfortable having those conversations
across the board
that is really good also i'm sharing uh
the link to your talk
in the chat and on the screen because i
remember that and it's awesome and so i
think people might want to see it also
i'm giving you a thumbs up which
everyone who's watching you should first
of all like give this video a thumbs up
but then you should go to the other one
like when this is over and then you
should click the thumbs up button
and then you should put jules is awesome
yes please don't even go there if you're
not going to put yours awesome right if
you're not gonna do that
you know don't even waste your time i
mean why do it
so your talk was called reclaiming your
space in cyber security speak
out and speak up oh speak out speak
up and speak often yes
here's a good one thank you and
so now you have one more thumbs up
because i was like well if i'm gonna go
get the link i might as well actually
hit the button
you're hilarious thank you
so let's say someone is like i want to
be a ceo
is there like a course that they could
take and i'm asking this because i
totally don't know the answer
and um you know i wish
that it was easier to find out the
information it really is
divided across multiple like agencies
like if you're a woman there's women
small business administration
there's uh there's a number of chambers
of commerce that focus i just
the information is really divided the
the best source of information
i have found where it's kind of joined
but
you kind of give up part of your
companies like the incubators oh yeah
definitely
cue through yeah the process and help
you to make some of the decisions that
you need in order to grow your startup
so those are like guided growth
opportunities did you do one did you go
to an accelerator
i'm wondering though if that's not the
next step for me so i'm kind of in this
place where i'm like
maybe i'll one i think i'm in a position
now to put together a board of advisors
um and then really start to figure
out um if i want to get angel investors
and then you you tend to have to explain
to them
you know what you're doing in the
business it it adds accountability
yeah yeah i want to maintain control for
a while
that's my only fear with the incubator
is that you know
you kind of lose a lot of control yeah i
i also feel
like if you so our company is
bootstrapping
because i just do some consulting gigs
and then it just pays everyone for the
month and we don't
get paid a lot and that's fine and then
we just keep building the business
building the business right
and then now we have courses on so then
people are buying the courses i'm like
awesome that's helping pay everyone's
but
you know what i mean and then like
slowly but people are like you know
tanya you could go way faster
if you had investment and i'm like i
don't know
relationships commitment
that's it's like you have to you see all
the goofiness that we're doing now
you have to like run it by someone else
someone else gets to tell you whether or
not you can
can't yeah and they're like tanya you're
being goofy
they're like jules is mature she can do
what she wants tanya stop
whatever you're doing stop it
[Laughter]
exactly oh god
i know i know okay okay so i have
another question so this is a sensitive
question
okay does your job pay well
i'm not saying tell me how much you make
i'm saying
are you rolling around in money and
you're like gosh i'm getting paper cuts
there's just so much cash everywhere
that was me a few years ago no um
and not because i couldn't um mostly
because i've made a decision to invest
as much as possible in the business
so i do take home a a bi-weekly salary
um i am covered with health insurance
but i basically made a decision that it
was better that
i pay other people right i have two
daughters so it was more important that
i could
have time than to have the money because
i could have more money but then i'd
have less time
yeah so that's really one of the
decisions that i made
i've been doing the same thing except
for i haven't paid myself at
all yet just oh my god just because some
of the consulting gigs i'm like that
just goes right into my bank account
because it's not
through the company anyway right so i'm
like i can't wait so how do you handle
that so
there's one gig that i have that is i
could take it through my bank account
but i'm like should i get it paid
through the company
so there's like pros and cons to each
and i think it really depends on your
client
which is appropriate so for instance i
didn't want we hack purple to own my
book
so you do not make very much money from
a book
however you do make some money and yes
so i have gotten checks for my book
and which everyone should buy alice and
bob learn application security tell
everyone you know
um who's your publisher wiley books
oh yeah so i have the opportunity to
pitch wiley and i i can't figure out
what to pitch him
oh my gosh yes you should it'd be so
awesome what am i going to say i'm like
what what do i say
well you should write a book about how
to actually talk to adults about
security and actually convince them and
get buy-in they actually go and do it
yeah definitely and just i mean i know
i'm actually the technical editor for
another book coming out
um so i'm i'm going through the process
you know like if you want to pitch us a
book feel free and i'm like
huh what am i going to say totally
should
i already have another book ready after
this book but first i have to not want
to die
from all the work so it's a ton of work
yeah did you know you shouldn't start
your own company at the same
time that you are writing your first
book
but also when there's a pandemic around
the world and then also you decide to
turn your property into a farm
turns out like that's a lot that's not a
good idea
yeah um i'm going to go ahead and say
you shouldn't agree to be the technical
editor for a book
at the same time you're moving your
whole family to columbus at the very
same time you're taking on one of the
biggest organizations in the world for a
customer like i
promise you don't do this it's not what
you should be doing
sit quietly do one thing at a time get
it done right and then move to the next
thing yeah
oh wow seriously
yeah it's a it's a lot of work there's a
lot of it is a lot of work
so that's probably why but but i will
i'll pitch it
just so i can you know because he they
do want me to write one i just
a little nervous well i mean
you have an expertise so they probably
want it to be about that they're
probably not like we're hoping she
pitches
basket weaving they're probably hoping
you're going to talk about security
i'd love to weave in security with
something else where i'm like comparing
it to something
that's really actually i like the
comparison of how we've handled covet to
the way security is handled they're very
very similarly handled
badly
[Laughter]
yeah that's what yeah that's kind of the
thing i think
yeah anyway no comment because i'm in a
different country than you
so i'm just gonna not uh keep it i try
really hard not to comment on what other
countries do and just make fun of my own
country
i just eat my poutine and mind my own
business
are you in quebec so i moved from quebec
to british columbia so i am on
so i'm not in vancouver i'm in a place
called vancouver island
so it's the city of victoria
so if you know where seattle is there's
this little island
above it where it looks like it would be
in america because it's below the 49th
parallel
and we got it in a treaty by being
tricky
so they're america's like that's ours
and we're like no it's the capital of
british columbia and they're like
is it and then we just like rushed some
dudes down there and they just like made
a little house and we're like that's the
capital and they're like
freaking canada always goofing off and
gotta admit that they're smart that was
smart
yeah you're not sure okay well we're
sure
we'll take it we are the only country
ever to attack
america right like i don't know if you
know in the history how like i can't
remember what happened something where
like
some americans burned down one of our
buildings so a bunch of us went across
and then burned down their buildings and
then ran away because
that is also a thing we're good as
running away from danger
and and we like vandalize and we're
really dumb and then
we're like aha we are the only country
to ever successfully attack america and
then not be completely pulverized
because we're so cute about it in school
oh yeah they're like that one time that
we actually attacked a country
and it didn't work out that badly
because we because we don't attack
things right we're like where canada
just pretend we're not here
that is not your country's personality
you are not the aggressor yeah at all
yeah
and it's a good way to be people ignore
us
sometimes they come visit us there's
some tourism but only for half the year
because the other half the year it's too
cold everyone dies oh they go back to
work yeah where they're from
i've been to the only place i've been to
well actually i've been to montreal and
quebec
oh yeah and i i will go ahead and tell
you
i do not like poutine i don't know why
it is that you guys eat that i don't
it's because we get so cold that we have
to have 3 500 calories in one sitting
like you want to take it and pour you
have cheese on it you got the
curds i mean yeah yeah i mean all of the
dishes from quebec are a little
confusing like there's a dish called
aspic
and it is i kid you not it is fruity
jello
with frozen vegetables inside of it and
they serve it at dinner
like they'll put it next to like a
turkey and then they'll have stuffing
and they'll
have aspic and then like and i looked at
them i'm like why are you serving jello
they're like it's not
jello it's a french canadian dish and
i'm like no dude like that's jello and
someone spilled peas in it
did you tell them that the us version
has fruit
no because like i well i was out of
dinner and trying to impress up
i was dating someone and their parents
were there
and there's all sorts of awkwardness
and i speak french but i don't i'm not
quebecois
and so it just it just didn't fly no
matter how much i tried to impress the
people
just didn't work i was like i even
learned your language and i eat poutine
and i smile and like please accept me
but eventually i was like i have to go
these taxes are killing me
taxes are 52 of your income
and quebec 52
well depending upon what tax bracket
you're in so that's before i became a
startup founder
when i used to make money
but not now they're like you can just
live for free you popper
well that's gotta be a good benefit
because the rest of it's crazy
i mean at least you get a benefit i
haven't found mine yet
yeah well we're
okay okay i'm gonna be i'm gonna pretend
i'm serious
and ask more questions what is your
favorite part about your job what is the
thing you like the best
i like you know and and
most people struggle with selling yeah i
enjoy
selling the most um 20 years in sales
right out of college so oh well oh i
just gave myself away
okay anyway i i graduated 20 years ago
so don't worry
um so legitimately i
enjoy helping people
and that they pay me to help them
yeah that's the part that i enjoy yes
and and it also makes me feel good
because
there's a defined value on what it is
that i offer
and i enjoy that part because you spend
a lot of time in life not knowing
whether people care or not when their
check clears
it makes me feel very good that they
value what i'm offering them
yeah that's what i enjoy
oh i love that i love that yeah i've
discovered i'm not good at sales
i'm really good at the top of the funnel
of marketing and then the very bottom i
just get a little nervous since that's
why i hired him
a sales guy and he's just like it's fish
in a barrel tanya you just
it's so much fun like literally the like
the top of the funnel
and i'm good at the bottom of the funnel
it's the process in between
where i need somebody to organize that
part but then i can automate it so it's
really not hard
well i am glad that you have that skill
and i'm
i don't know if the word is envious or
jealous where you're like i wish i also
had that
yes no it means it's neither one of
those things you just wish that you had
that skill
yeah so do you
feel that do you feel there's a lot of
opportunities
for someone to become a ceo of a startup
um yes and no okay so yes in that the
world is our oyster
and we can all go out and start
businesses
no in that i believe that not everybody
is suited for this
um and i believe that if if everyone was
a ceo there wouldn't be companies
because you need people to work in the
company so it's okay
um i also believe that
a lot of the market the way the market's
set up is designed to filter out people
who don't fit
a traditional you know
like a mold like the most yeah there's a
mold there's a startup mold
and people expect you to go through the
same process everybody else has gone
through
and really how quickly you can get
through those same steps is how you're
judged by the market
and unfortunately it does not do very
well for women and minorities
so so part of that is
you can but you have to accept that
you're kind of starting
with the with with the deck stacked
against you so you have to be very
clear about what you're trying to do
when you start a business
have you had people so i have had people
do this since i've started my business
where
they try to insist that i do unpaid work
for them and they tell me either it's
for exposure like this guy was telling
me i had to give free training for his
conference
because i would get exposure and i was
like oh sweetheart i'm something called
an industry influencer i have literally
10 times the number
of of followers that your little dinky
conference has
and he's like well i'll yank you off the
thing and i'm like you've been
advertising my name for weeks i'll sue
your pants off
do you want to continue this discussion
i know for a fact that if i'm connected
to something it increases viewership and
so
um i do not there are still things you
need to do
as a part of the the infosec community
to give back so i believe in that i also
believe in helping others
right but i don't believe i need the
exposure
like it's like no i no you're not asking
me to speak at your conference
because i need exposure you need the
exposure
so i i would say um
people i probably did more free things
working
at my last company than i do now i i'm
very clear that i can't afford to just
give up my time like that because i have
so little of it
so when people suggest like like oh my
god my friend okay let me tell you a
story
yeah a friend of mine from college
um she was she wanted me she sent me a
message on facebook she said
jules i want you to to appear in my um
weekly
podcast and i said okay sure
she's seen me online she sees that i
speak all the time i'm not
desperate for an opportunity she then
has her assistant send me a list of
things that i have to do to apply
to speak one of them is a
minute video that belongs to her after i
shoot it yeah no
no delete i never got it
and i mean she knows me we went to
school together but i i literally said
i'm sorry no
like i've testified before congress
twice like i
i i know what i'm worth so please no
thank you
do you feel like as a startup founder
that you have to stand up for yourself
and stand up for your company sometimes
yes
um especially with customers um if you
allow them to
customers will run you ragged and they
will
become unprofitable for you so you have
to be very careful
i'm teaching my my program managers
to push back i don't believe the
customer is
always right i believe that when they're
right
they're right but i don't believe that
they're always right and the reason why
is sometimes your company and the
customer can be misaligned
right um delivery
has a cost to your company resources
materials
and the customer may not want to pay
that that
in that in that in that um situation my
company has to be what i take into
consideration most
i can negotiate with the customer but
you have to be willing to cut very clear
lines
and so i believe with customers you're
constantly having to say
pay me or you know what you have other
options
i'm happy okay i'm okay if you walk away
and then being okay with people walking
away from you
i feel that that takes some guts
and and cocktails and cocktails yeah
so so what advice
would you give to someone if they're
like okay so this sounds awesome
i feel like this is me what did like
an actionable item that you could give
them if they're like i want to try to do
this
okay and i just i just talked about this
um today
so i believe in the three-page business
plan
yes okay so the first
page is your objectives and mission so
what are you looking to achieve with the
business
and what is your overall mission what is
the thing that will drive you
to do whatever your objectives say you
say those objectives are
page two is what are you selling
and to whom are you selling it to
those are the things that are critical
because those those determine
your message your go to market strategy
and and really how much your your your
market size is
your your likelihood of making money and
then third page
which should not be the last page but
it's actually most important there are
um your products your inventory product
services
pricing and then your financing your
funding how are you going to
to uh um to pay for the company
if you can fill in all six sections
of three pages with thoughts if it
spills onto another page
you are ready to at least begin having a
discussion about what comes next if you
cannot do that
you are not ready now i'm not saying
that some people haven't started a
company with a napkin
or they just kind of fell into it i
would say that there's enough
information out there that you don't
have to fall into it
and you get to make less mistakes so if
you're willing to spend the time to
really think it through
i think it's worth pursuing at least
initial conversations with someone who
might want to
either invest partner with you or
someone who might want to be your
customer
that's awesome that's such good advice
oh my gosh
that actually i got that advice before i
started this company
yeah that's good yes i have um
i have three professional mentors that
help kind of guide me
with my startup process and it's great
yeah are they are they also startup
founders
uh yes yeah and then one of them she's
now a venture capitalist
oh my goodness yeah yeah and one of so
one of them she's a venture capitalist
now so she's awesome sauce one of them
she
just literally like last month retired
and she's a two-time startup founder
where
both times she hit gold so she got
really nice exits both times and then
one of them he's still in the startup
but they're just doing
super amazing they just got a huge
series b
i think and he's super awesome and so
they've given me
lots of really helpful advice and like
with my last startup company because i
started a product company last year
they were all really instrumental in
convincing me to part ways with my
co-founder it's like it's okay that you
really like each other and you get along
well but like
you want this and he wants that and
before murder happens
right like you can both still be good
people you can still respect each other
and like you know what i mean but like
they're like but
but you will at some point um
and so getting mentors is so good
there's there's some stuff in the chat
so
everyone's saying yes mentors mentors so
there's a question for
you i believe what top two books would
you recommend for self
development and growth and the best book
for understanding cyber security
that's such a good question siri
okay so from my perspective
um one of the biggest so i believe
strongly in empathy
i believe that my the key to my success
all of it has been my ability to
empathize with others put myself in
their situation
so i would say simon cynic start with
why
understanding why people do things why
something's happening
the driver behind things is so critical
to making good decisions um my company
revolution cyber
our entire framework is on um
diagnosing motivations behind why people
click
right so why do people click there's
lots of reasons why people click but
understanding
why this person clicks over that person
helps you really figure out how to
mitigate
their actions and and reduce the impact
of what they're doing
so you always want to start with why and
simon sinek is is wonderful for that so
there's one
now i have a book it's like a blue
it's a really large book and it sits and
it used to sit in my office
um on top of my my cabinet and it was
called the cso
compass and the reason why i prefer
that over like it and actually you know
uh marcus carrie has some
you know tribe of hackers i love that
book too but if you're like
looking to gain like like executive
style leadership
understanding the business the cso
compass gives you a
kind of an encyclopedia of cyber
security all the terms
um all the things you need to know about
how it operates inside of an enterprise
and so i would say in addition to your
security plus your cisp all those good
stuff
you know i would definitely ask people
to take a practical look at this
book because it really is um
really comprehensive and a lot of your
answers to questions are there
that is so good also that book is in my
wish list
the start with why yeah and i looked at
it and then
i instead um
the murderbot series which is like a
it's so good martha wills it's a sci-fi
series
and i also bought so you want to talk
about race which is so
good i i that's on my wish list so i
have to purchase that
it is so good because so like i i had
so before covid one of the last like
lunches i had was like meeting a bunch
of people and someone's mom was there
and she said a racist thing
and so but like i don't understand
subtlety
and so this book is helping me like
respond not like with the f word and
stuff
and so and it was like this person's mom
and i was like uh excuse me i don't
think so
and she's like oh it's just a thing we
say i'm like a racist thing and it was
like
everyone's quiet like you can hear a pin
drop i was like
this old lady and i was just like okay
so i can learn how to talk about race in
a way where everyone doesn't want to die
like in the whole room people aren't
like ducking out of your way
like dropping stop dropping and rolling
out of your way
yeah yeah you know the thing about it's
so funny
um these conversations about race
these days you know i think i just want
to get to a place where we don't
shame people um unless they continue to
be
a host then let's shame them but for the
most part
a lot of people don't get to talk about
race in their families and in their
lives
so when it comes up it can be quite
uncomfortable
that's really cool i feel like we just
need to find like
common ground to discuss i agree too
no f-bombs so that's why i'm reading the
book
because in my family we we do talk about
about race but we're the type that would
be very offended and then shoot our
mouths off
and so you're right that's not it's not
constructive conversation if you use the
f-bomb and so i'm learning
i'm still learning about this adulting
thing
yeah and and being a ceo does require
that
at least half the time like you got to
be an adult at some part of the day yes
definitely
definitely okay so
i have two last questions for you
and they're very tough so the first one
is do you do
fun things outside of infosec that you
want to share
is there like a hobby or a thing that
you do that you just love that you'd
like to tell us about
i used to love to travel i love to get
to know
like learn new people places and i
travel but i used to love to travel by
myself
because then i could really get deep
into cultures and things um we can't do
that now
um so i think i've lost that part of
myself
um in that way but what i also do is
now i'll drive to a place and like just
kind of explore city by myself but like
you know
socially distance and everything but i'm
now doing more driving trips
these days i like that though and also
there's
there's comments in the audience of for
me using the f-bomb
sometimes it's okay though and then for
you there's that empathy that you're
talking about
about changing things so i like that i
like that
i agree with you it's sad we can't
travel right now but understandable but
i'm really hoping that um
we you know the whole world actually
just gets organized and we just kick
kovit in the butt
so just gonna keep waiting for those two
weeks where we all just stay inside and
behave ourselves
in just two weeks that's it
i know i know okay so here's the other
extremely
difficult question so if someone wants
to get to know more about you
if someone is there like an event coming
up or are you speaking anywhere
i have listed right underneath you your
website address so i thought that was
probably a good one
yes um so i'll be speaking
um october 7th rsa
um security awareness panel nice so
is that coming up um i'm also gonna be
speaking i'm the keynote for b-side
seattle
awesome come attend
and watch me there
i i i'm you know just on twitter
mouthing off
all the time so follow me on twitter
wait wait could you say
so your internet froze for one second
could you please say your twitter handle
again
at jules management j
nice um i follow her so if you can't
find her
like just tweet at me and i'll help you
find her but i've also been tagging her
a lot so yeah awesome
awesome okay so that is all the
questions i have and so now i'm going to
do the wrap
up although i'm hoping you'll stay on so
we can chat after but
sure i want to thank you so much for
being on the wehack purple podcast
this has been great oh my gosh you're so
fun
you're fun yeah we had a good time had a
good time thank you
and um okay so i'm going to say goodbye
to you because i can be an adult and
actually say goodbye
so i'm going to disappear jules now so
everyone wave goodbye to jules
and and now um
wait no and i want to tell everyone
thank you so much for coming to the
weehack purple podcast
i really appreciate you being here um
up next week we have even more awesome
stuff for you
we have more guests and we have
a great sponsor threadfix thank you
denim group for that
and i want you to know that
we would really like it if you were to
review the podcast so
i know that this is like super selfish
of me but i would really like it if you
would give us a review
it's so that other people can find us
and it's so that i know people are
actually listening
it's really helpful for us trust me i'm
so not kidding
um so i'm gonna tell you about the next
couple episodes of all the awesome
humans that are gonna be on to help
you decide you want to be on the show so
up next week we have tracy martin
she is the founder of defend con and
she's also going to talk about basically
how to secure iot devices which is super
cool
we're going to have katie paxton fear on
the following week she's gonna talk to
us about
one being a phd which is really hard and
two
being a bug hunter and that's super cool
following week dominic west and the
following week after that we have
stephanie black
from panama she runs the woesec chapter
there and she is a cyber security
account
manager because there's all sorts of
different types of job in this field
you can go on to itunes and leave a
review
there and the week after that we have
tyrone wilson
who is another ceo and founder of a
cyber security company but his company
does something
different and i'm going to have to share
that link of where to review stuff on
the page
in a second but for now i'm going to
sign off
i'm going to ask you all really sweetly
if you will check out wehackpurple.com
and thank you so much for coming to the
show this week again
it was such a pleasure to have you
you