Rock Solid Cybersecurity

Listen on Spotify Watch on YouTube

Video size:

0:09 Miko Pawlikowski

Today my guest is Gordon Rudd, the CEO at Stone Creek Coaching. My name is Miko Pawlikowski and I'll be your guide today. Gordon, how are you doing? Thank you so much for coming.

0:22 Gordon Rudd

Thank you for having me. I'm doing very well today. I appreciate you asking me to be on your podcast.

0:28 Miko Pawlikowski

Sure. Really excited for that. Very well is in short supply this day, so I've got to take that and run with it. So this little tradition that we've developed recently is that we start our guests with a word question. Your word question for today is: if you could have any animal at all, as a pet, what would it be?

0:46 Gordon Rudd

It would be a dog. I find dogs are very friendly and lovable and they definitely will take care of you. And the thing that I like about a dog is they'll tell you the character of a person they meet instantly. If my dog doesn't like you, I'm not gonna like you.

1:03 Miko Pawlikowski

Okay. Any particular dog? Hint, Hint you can use anything from an octopus to water bear to an alien. And you go for a dog. That's pretty low key.

1:15 Gordon Rudd

I had the saltwater aquarium when I was younger, that was a pain.

1:19 Miko Pawlikowski

Yeah. And then there's the petting. I guess it's much harder with a fish. Never been a big fun. Alright, great. So now that we've got that out of the way, the first thing that obviously strikes me when I was stalking you a little bit on LinkedIn preparing for this, is that there's a wealth of experience. Counting 35 years plus, there's been a lot of hats that you were wearing, right? I've seen programmer, project leader, manager, director, manager partner, VPC, kind of all the things that you can think of. Can you tell me a little bit more about the different transitions? As much as you want to go into the personal one. But from my perspective, it's very interesting to see what made you do this. Was it just like a natural progression of things, or particular events that influenced that? Would you mind telling me a bit about that?

2:14 Gordon Rudd

Sure. Well, I worked my way through college through University of Oklahoma as a Fortran programmer. Yeah, I got a job translating differential equations into Fortran statement. Yeah, that was a job in the day. Back in the day, that was a real thing. One of the professors in the college business, I was getting an undergraduate degree in finance, one of the professors in the College of Business, asked me one day after class: Why do I keep seeing you in the computer center? I told him, I was working for a math professor translating differential equations and the Fortran statements. And he asked me if I'd come to work for him. And I just transitioned into doing decision theory models and communications protocols, and that sort of thing, for the agency that he worked for. Actually were working as subcontractors for the Department of the Navy to create these communication protocols. And then when I graduated college, it was kind of a natural segue to go to work in the defense industrial base, and work as a civilian contractor through the Department of Defense. And all the little three-letter agencies that are in there, you know, that kind of thing. And I did that for a long time. I was hanging around being a programmer. And one day the project manager quit. So the boss's boss called and said: "Hey, we need you to be the project manager. We're just going to put your name in a box, and it's alright. Don't worry about it. You don't really have to do anything". So I said, "Okay, great". So, next day, I go over to the construction trailer, where the project manager is supposed to be, and all these people show up. And they've got all these projects going on all over the planet. And nobody really seemed to know what was going on. So I took an early copy, back in the day of Harvard project manager at IBM PC, and I organized all the projects and put them on a timeline and that sort of thing. And when my boss's boss saw that he's like, "Well, you're a project manager, you're no longer worried about IT thing". So I spent several years project managing pipelines, supervisory control and data acquisition systems or skated systems, automated energy management systems, that kind of thing. And I would just put the project together and the engineers and the engineers that design it, and I would stamp it out and away we go. And then, after several years of doing that, my mom found out she had cancer. So I moved back home to take care of mom. Had to get a job, ended up in healthcare. So you know, my friends always gave me a hard time, "You spent 10 years with the defense industrial base blowing stuff up. And now you're working for a very large hospital, putting things back together". It's like, "Yeah, well, it's karma. It's just a karmic experience". So I ended up in healthcare. Spent 10 years in healthcare. We were fortunate enough, while I was there, to create what was the number one telemedicine program on the planet at the time. So we actually treated more people in one month than all the telemedicine programs up to that time treated ever. So it was very successful. And then one of my, actually a former student of mine, recruited me to go to work for the Williams companies and Telsa. And I went to work for one of their organizations, actually designing their points of presence in their fiber optic network for Williams communication. And then another one of my students found out I was working there, and he recruited me to go to energy marketing and trading. So I stood up the technology support for the quantitative analytics group at Williams, and then ended up moving on through just a series of other adventures to banking and just kind of stuck with banking. I've been either working on the backend with the technology of banks, or working in banks being chief information security officer, that kind of thing. And that seven, eight years ago, something like that, I started coaching people that wanted to get into information technology, or they wanted specifically to get into information security. And I found that there's a group of technology folks out there who don't realize why they're not C-level material. You can talk to him for a few minutes. And you can understand that they don't have the social skills, they don't have the emotional IQ, if you will, to be CISO. So I started working with them through a project I created called the "CISO Mentoring Project". And then as I got on in my career, I decided I wanted to make that a full-time job. So Stone Creek Coaching was born. And now that's what I do all day. And I help people that want to become C-level executives for either Chief Information Officer, Chief Technology Officer or Chief Information Security Officer, and I try to work with them and show them how to interact with people in such a way that they can be part of a team and they can actually be functional. And I hate to sound like some of them are broke. But some folks, when you talk to them, you just know that they're just not going to go as high as their ambitions going to want them to. Unless they make a change. And that's really what I'm all about, is trying to find those folks that really want to get to the C-level. And just help them do it. You know, that kind of thing. I spend a little time talking to venture capital companies. For some reason, three or four years ago, a venture capital company started calling me and asking me about technologies and the direction technology was going, different vendors in the tech space thing. And I kind of enjoy that. Most of those conversations are very interesting. It's been a fun career. I've just kind of gone really, to be honest with you, where my heart led me or where somebody said, "Hey, you want to try this?". And I said, "Yeah, that'll be fun. Let's do that", kind of thing. It wasn't really all planned out and mapped out. It was just more about: "Well, yeah, that looks like fun. Let's do it."

8:15 Miko Pawlikowski

Well, love it. Some of the things to touch upon here, from asking you when was the last time you wrote any Fortran to, just kind of, one thing that you mentioned is that you can look at the person and see that they might not be a C-level material. But then, at the same time, you mentioned that they can develop the skills if they work on that. It sounds like it's a set of skills rather than necessarily some innate talent or something like that. Can anybody, with enough practice and enough work put in, get to the right level of the skills? Or do you need a blend of both to be successful?

8:55 Gordon Rudd

Anybody in technology, as you guys know very well, you're in technology, you're a lifelong learner. If you don't love learning, you better get out of what you're doing. Because you won't be able to do it for long, the tech will advance. You won't staff breaks in the store. But when it comes to soft skills relating to people and things like that, a lot of introverted folks will spend their time with the computer, because the computer gives them instant feedback. And you know, if you're writing a program, whether it's Python or Go or whatever, you hit enter and then either runs or doesn't, then you go fix it. Well, that's great, except when you have to start dealing with the lines of business and the people that run those lines of business. And the end users. You know, we've all worked in technology situations before where somebody had pop off in a meeting, "If it wasn't for the damn users, we'd have a great job". And it's like, "Well, you know, users are why we're here. That's why we exist. That's why they keep paying us money". A lot of technical folks are so comfortable working with machines that they avoid working with people. Even if they get married and have children and have friends and that sort of thing, they still focus just exclusively on the tech and on that instant feedback, right and wrong, and they don't really pay enough attention to the soft skills and interacting with people. And if you can't interact with people, you're never going to build high performance teams. And you guys know, I mean, you do conferences all the time. You know that today in tech, high performance teams are the thing. Whether it's Kubernetes, AWS, whatever you're working in, your team has to perform at a peak level. But how do you create that team? How do you make those participants more than the sum of the parts? For instance, when I created the telemedicine program in St. Francis, I went to a meeting with the C-level folks, the CEO, CFO, all the C people were there. And the CEO said, "Okay, get some people out of IT, create the department, get it go on. Give us telemedicine". And I said, "Well, we don't have those people. We don't have any technical people that do this". And the chief financial officer, who everybody in IT reported up to at the time, was just really incensed. Leaning across the table and said, "How can you say that we don't have people that will do that?". I said, "Well, they have to understand audio compression algorithms, video compression algorithms, how to marry them. They also need to understand something about working with people, because we're going to be working with real-life patients and real-life physicians.", that kind of thing. And so they discussed it a little bit. And then they said, "Well, see what you can do by picking out people. And we'll get everybody in the different subdepartments within IT to help you out". Well, my colleagues' idea of helping out was to offer up their weakest players. Or people they didn't want to put up with anyone. And so what I did was, to take those folks and put them together as a team, and get them to perform at a higher level than anybody else in the hospital. So much so, that when anything broke, everybody else in hospital would come to a member of my team and say, "Can you help me fix this?". Well, it's kind of strange that in the space of a year, they can go from being people that nobody wanted on their team, to being the "go-to" team in that whole hospital with over 7000 employees. So, I would say that paying attention to the soft skills and being able to work as a team and be a team player, and understand that and motivate individuals to perform at a higher level. I think it's a set of skills, to your earlier point, that you have to learn. You have to be able to read people, you have to be able to emote with people, you know, a lack of empathy. You've all met people that have no empathy whatsoever, and you don't really want to hang around with them. That's kind of the thing that it hinges on. Do you care about the people on your team? Do you know the names of their significant others and their children and their dogs and their cats, goldfish or whatever? Are you close enough to them to understand what motivates them, and what demotivates them. And then figure out exactly what you need to do to get your projects done and move it along at a higher level. That's really what it's all about. It's just getting the team to buy into what's going on. Look at a more specific example. Look at what Tom Brady did for the Buccaneers last year. Just go back to football, he went in, kind of reorganize the thought patterns and the way that everybody related and started communicating at a very high level. He didn't just communicate with people on offense, he communicated with everybody that would listen. And what he did, was to bring together a team of people that probably would have finished middle of the pack. And instead, they ended up winning the Super Bowl. And it wasn't even close. By the end of the season, they were the killer team in the league. And that's really what you want to do. You want to be able to bring these people along, communicate with them. Make sure everybody understands where you are, what your objectives are. And then just get out of their way. Let them go. Because once you empower people, they tend to take off and just sore on their own. Does that make sense?

14:15 Miko Pawlikowski

It does. And it really lands very close to home. I myself made the transition couple of years ago from being a tech leader to trying to help the team performing. And like you said, this kind of instant response that you get from tech, it works or it doesn't. Or satisfies or passes the test or doesn't. And then all of a sudden you're in this sea of feelings and things that are hard to measure. Performance itself of a team, it's not that easy to measure by itself. And I think that a lot of the points you touched upon, it kind of realize quickly that it's more about being like a coach and physically, making sure that the team feels good. Human beings, they enjoy hanging out together. It's probably one of the most important and difficult things at the same time.

15:11 Gordon Rudd

Every time you have a World Cup, it's not necessarily the most talented team that wins. But it's the group that plays together as a unit, so that the coach and everybody on that soccer team plays together as a team. They function very well together and they go from a lot of games they probably should have won to winning those games, and then exceeding expectations. And then the next thing you know, they catch fire, and they're in a World Cup final simply, because they all started working together as a unit, and stop being the individuals out there all trying to run around and score. To me, that was always the kind of the funny thing about soccer, everybody can score. Let's just all go score. It was a little different. But I think it's very much the same thing. It happens. We see it in sports all the time. Why can't we see that in the workplace? Why can't we see it in technology? Well, it's because we don't teach those skills, we don't stop and say, "How can we make this individual the leader of a high performance team? What can we give him or her, from a skill set point of view, that will make them successful?". It's actually not that hard, once you understand that. It's just getting the people to believe in it. I work with people all the time that will say things like, "Well, I can't do this, because bla bla bla bla bla". And when you listen to it, it's just like, if we could record this and play it back to you, you probably would never say that again. It doesn't make any sense. And maybe there's a better way to communicate that, that kind of thing. We've all been on the phone with helpdesk people that we know didn't want to be there. Crazy things, basically just to get you to hang up and try and get somebody else. Those types of things are just part of learning to deal with people.

17:09 Miko Pawlikowski

And I can see, from the examples you choose to describe that, why you would transition into this coaching and getting the satisfaction and the scale of the impact that you can make is higher. Was that the primary driver for you to start the business?

17:28 Gordon Rudd

Well, it was. I've always had a different way of looking at work and looking at the people that are in it, and looking at the corporate culture that surrounds it, than most people. I really have, over the years, become a student of corporate culture. And you can see a lot of corporate cultures that start out really strong, and then go wonky. And all of us that, that's a technical term: "wonky". That kind of just go south on everybody, and it just doesn't work. And it's unfair to the people. It's unfair to the folks that are in these jobs. And then lately, I've guess lately, over the last 10 years, I've seen technical people spend less and less time trying to put a good job description into HR, for whatever reason. Whether or not their boss won't approve it. The management team doesn't think you need another one of those, let's say, server administrator, but they think you'll need another security analyst. So you get a job description for a security analyst going to HR, and they're kicking out everybody that's in security. And they're saying, "We really want to Server Admin, that's really what we're looking for. Give me somebody that says they're a Server Admin", kind of thing. So we've got this disconnect in corporate America or corporations around the world for that matter. In fact, a lot of the people I work with are in the UK, France, significant number of people in France. Not that the French are broken by any means. I do work in France, South Africa, Australia, this is really a global problem. It's not just something that's indicative to America, or just the North American continent. We have to spend more time working with our HR partners to get better job description. So on the other hand, we can get better candidates so that we can find the right skill set, and put those folks in a position where they can thrive. They can survive, they can thrive, and they can be happy. It's one of those things that we all want to be happy in our job. We all want a high level of job satisfaction. But that job satisfaction is really what everybody's looking for in that high level of job satisfaction. And the only way we can get that is by working together as people to solve problems, and by being a better corporate structure to fit into. And that's really kind of interesting when you stop and think about it, that the corporate culture is going to really set the tone for everybody in it. And they're going to ignore the technology people. And no disrespect to HR or anybody else. But the old saying, "Let's shut down HR for a week and see if anybody notices. And let's turn off IT for an hour and see who gets fired". That's kind of a thing that's always going on in organizations. We can't live without the tech anymore. But we have not figured out the care and feeding of the people that are technologists, that work in it. We haven't really stopped and taken a look at the individuals and their jobs and what they do for a living, so that we can make sense of it. If you look at a Server Admin. If you and I are a Server Admin, and we're doing the normal Server Admin thing, we can take care of 17/18 servers if they're individual units. Or maybe 27, if we've got them racked up. At Google, the metric they use, is every Server Admin has 10,000 servers to take care of. Well, that's because they've got the tools to do it. They've developed those tools. And just like developing those kinds of technology tools, we need to develop the human capital, we need to develop the human tools to drive it. And that's really the thing that got me into coaching. I keep seeing this mismatch. You can read job descriptions on any platform you choose. And you look at job descriptions and you say that, "Yeah, I wish I could find that person, because they can do absolutely everything in technology. There's nothing that person can't do". There's no job on the planet. Even if your hands on one person that's running the ID shop, there's nobody that's going to have all those skills, there's just no way. So why did that even make it into a LinkedIn or an Indeed, or one of the big boards? Why did that even make it out into the wild? What's wrong with that job description? Now, is the person that gets that job going to be happy in it? Well, maybe if we happen to get lucky and match somebody to stay with the Server Admin. If we happen to find somebody that's willing to do a server admin role, that's really what we need, then we're gonna do it. Most of the time, what happens is the people looking at it from outside that want to apply for that job, are going to read the job description, and are going to want to try and fit into it. And a lot of what I coach is, if you see a bad job description, it's probably not a good organization, or somebody is not spending a lot of time on it. So you might want to do a little more homework and find out more about that company, find out more about that job to make sure that you know exactly what's going to happen when you hit the ground. Because that's really the thing. I don't know if you guys have ever done it, but I've actually gone to the job before and on day one, they basically told me that everything I thought about the job was wrong. And I was going to do something different. That's like, "Okay". I'm not sure what you think of that. But I don't think much of that. It's kind of like, okay, we just got bid on a bait and switch.

23:08 Miko Pawlikowski

Yeah, exactly. Bait and switch. That's the technical term for that. I'm curious about what the process looks like. How does one become your padawan and then eventually gets the blessing go forth and be C-level? Because a lot of the things that you mentioned, they are tricky in the respect that they make sense. It's kind of the things that everybody will agree if you tell them that. But then, when the proverbial rubber hits the proverbial road, that's where things get tricky. So how do you like really help people with the soft skills? I understand that the prerequisite is that they want to change and they want to see that. But I expect this is very different process from what we're all used to in learning technical skills. Can you tell tell me a bit more about the process? Unless that's obviously your secret sauce...

24:06 Gordon Rudd

It's not really a secret sauce. It's just really simple. The thing that I always do, and the framework that I've created, that I use, is simply starting off by getting their head right. By saying, "Why are you here? Why are you doing what you're doing? Are you happy doing it? What's good about it, what's bad about it?". And then a lot of times what I'll do after we have a series of conversations about who they are right now, and what their aspirations are, where they want to grow into, why are they asking me to coach them, that kind of thing. I may give them a skills inventory, like the Myers Briggs or True Colors, or one of those that will actually divide personality types up into basically four buckets, kind of thing, and let them see themselves. So if you're looking at these personality traits, if you're doing Myers Briggs, and they're giving you IJENS. What does that mean? It helps the individual to say, "Okay, I am introverted. I'm really not going to be the person in a social situation that's going to be walking around talking to people at a party, I'm the one that's going to be standing in the corner". Once we get the individual to get their mind right and understand who they really are. And understand what their triggers are, everybody has triggers. I've got triggers you've got triggers, Mark has triggers. There are certain things you know you can say to Mark, they're gonna light him up. And it works the other way around too. Especially with your all's relationship, then that sort of things true. Well, if you can recognize those in yourself, then you can take the intellectual leap at first before you can actually do it. And say, "I see where this is going, I understand how I feel. And I know where that normally would lead. So I'm going to choose to feel differently about that this time". And then you start making a series of decisions, you can't control the decision you've already made. Those decisions that are in the past, they're gone. You can only control the next one. So the next time that happens, you've got to make the intellectual decision, "Okay, I'm not going to go off on him. I'm not going to say that, because that Institute's three or four different exchanges, that always end up in us not talking for a while, saying evil things about each other". Just like siblings normally do. But we've all got those triggers, and we carry them into corporate America with us. So you can sit in the meeting, and you can be fine. And then somebody will say something, and just the wrong way, all of a sudden, your blood pressure's going up and your cheeks are turning red. Now you can keep from killing that individual. I want to strangle him or her. Well, if you don't understand that, and you don't understand that cue, you're very likely to just pop off and say something that's inappropriate. And it's at that point that your capital within the corporation starts to decrease, and they start to see you as a technology person. Humans, as you pointed out, our group behavior people. We want to be in groups, we want to be in tribes. But when you look at the C-level people as a tribe, to get into that tribe, they're going to have to do some normal things that we all do. They're going to have to say, "Do you fit in this group? Would I get along with you, if you were in this group? Would I enjoy working with you?". Well, if the answer to any one of those questions is: "I don't think so. That person's real hell on wheels, I don't want to deal with them". Well, you're never going to get in C-level at that organization. And if you hide behind the technology constantly, and you fail to get out in front of people, you fail to be able to communicate your message, you're going to have a problem. Think about it, you're very good at expressing yourself. You can take an idea, you can write it, you can communicate it in writing, or you can do what you're doing and communicate it by speaking to people. That's a skill. Not every technologist has that skill. Most of them, if you stood them up in front of a group of other technologists and said, "Give me a presentation on DNS". They'd be like, "I'm not doing a presentation. Well, you know, DNS, right? Yeah, I know, DNS inside and out. I've got it. I've even got three certs that say I know DNS. So why can't you give the presentation? I can't talk in front of people". That's something we got to get over, if we're going to be at the C-leve. Because they're going to expect you to not only chat with them, but to present to the board and present outside the organization. So it's those kinds of skills that we can teach the individual to help them fit in better. Help them make better decisions so that they're doing things a little different. And I've found that once a technologist wakes up, if you'll forgive the analogy, wakes up to the fact that how they act and how they behave, affects more than just them. Then all of a sudden, they start making different technology decisions. I don't necessarily mean that they're making better decisions, or that there's some magic in it. What I mean is, they're starting to make decisions that are based on the organization and the people in it, instead of just how well the tech works together. You guys all know, everybody is listening to this, I'm sure you know, people that will bolt together a bunch of technology because it seems to fit together, the tech works together. And it's really great. But the end users are suffering because it's not that user-friendly. You watch these people as they grow and develop making different technology decisions. They're starting to think about people differently. They're starting to think about their organization and their role within the organization differently. And it's at that point, that you change the corporate culture, that you get a more positive corporate culture and you stop getting the silos. You don't necessarily eliminate them, but you certainly start breaking down the walls between the different departments. So that you're not going to have IT being a standalone silo, and nobody gets to go visit them without a hall pass. You've all been in organizations out there, but you can't even get into the IT people to see them. They're behind some locked door. Well, that doesn't do anybody I hope. You need to be able to consider and be part of the organization.

30:21 Miko Pawlikowski

Definitely. I'm sorry, I was laughing at the DNS, because one of my favorite Haiku is about DNS. It goes like this: "It's not DNS. It can't possibly be DNS. It was DNS". Brings so many memories. Yeah, there's so much I can relate to, what you just said. As you were talking about us realizing that in the context of where we are right now, you know, in the middle, well, hopefully towards the end now, but in a pandemic, where a lot of this interactions went online. And sure, we have video conferences now. And it's probably easier than it was in the past. But it's still tricky. And I'm wondering, how do you see this affecting people's soft skills? And do you think that's going to have like a long lasting effect, in general, on how teams will cooperate and interact?

31:22 Gordon Rudd

I believe it will. But I'm not necessarily sure that it's going to be what we think. The organization that I just came out of, we all had laptops, and when we all got sent home, it wasn't a big deal, because everybody had a laptop. Because from time to time, the ladies that had children or the men that had families would take their turn staying home with a sick kid, or they'd be going to a ballgame, out of state or something. But they would all be able to log in and do something and take care of business. So it wasn't a big deal. But as an organization, we weren't using video. There were so many people that were using zoom and teams and just using it for an audio connection and let it go. So the CEO decided, "Hey, we're video-forward, we're always going to turn on our video". And a couple weeks later, I seriously thought about sending an email and say, "The corollary to that would have been to stop wearing sweatshirts and T-shirts, and crappy clothing, when you're on these video calls, especially with clients! Put on a shirt with a collar for the love of God. Get your act together". Podcasting is its own thing. But if I'm dealing with a client, and I'm sitting there as a representative of an organization that I don't see in myself a responsibility to put my best self forward or to understand what being video-forward means. What good am I? Might be a guy that if you see his picture, like we can see your brother right now. That little icon thing that we give each other when we don't want to be seen. You see that the guy's got a suit and tie, he shaved, he's got a haircut. You see him in real life, he's got a beard that scraggly and hair tied back. He's got everything going on,. It looks like he's been in a cave for five years, you know? And it's like, why would you want to do that? You know, why wouldn't you want to put your best foot forward? And it's just those realizations that we don't take the time to tie up within an organization. Now you can tell that I'm older and have a more classic sense about this, obviously. But we should take the time to explain to, especially, to the younger ones, why it's important to wear a shirt with a collar. Why it's important to do these things. And no, I'm not talking about you, you can edit yourself to look like whatever you want.

33:52 Miko Pawlikowski

We'll fix it in post.

33:54 Gordon Rudd

Post, there you go. But doing things like that will help us, I think, to become closer because there's a certain respect in it. On the other hand, we've all been on these calls where we got to know the people's kids. I worked with a lady that had four kids, her husband and her working from home. So there was always a kid and there was two or three dogs. So there was always a dog, and a kid and maybe a cat from time to time. Every time we'd have a video conference, these things would be going on. And people would have their grandkids and that sort of thing. So from that perspective, we really got to see into people's homes, we got to see into their lives. We got to know them on a much deeper level. So part of that bonding, you're never going to be able to replace in the office, because everybody shows up and puts on a mask and plays the role that they're supposed to play in the office. We get them at home with four kids running around and two dogs and whatever and you get to see the real person, you get to know the real human that's been on the other side of that video. Which is good, because then you understand why she's always in a T-shirt, or why she's always in a sweatshirt and why they're doing these things. I remember one day being on the call with the same lady. And she said, "Just give me two minutes, I got to go change my shirt. The baby just threw up on me". And she comes back and sits down like two minutes later. And she says, "That's the fourth time I've had to do that this morning". I get that. And that's a humanizing thing. But that's not something you'd want to do with a client. That's something that you do with your co-workers to get to know each other better. And that's really what it's all about, is just trying to get to know each other better. Because look, cybersecurity, we're all a very small family. So we should all be able to band together and make some changes. We should all be able to help our HR department come up with better job descriptions. We should all be able to institute programs within our corporations to help the individuals become, not only better people, but better employees, and work with them on their pain points. We all have those pain points that, we'd really like to eliminate. And that's the kind of thing that I really like to help organizations with, is to see where things that they might think are great in their corporate culture might not be as great as they think. Give you a specific example. How many organizations do you know today that still have the big blowout Christmas parties? I mean, the big organizations used to rent out a hotel, and they'd have these giant, blowout Christmas parties with an open bar and all the orders and dinner and entertainment and all this sort of thing. They do that all the time. Well, they don't do that anymore. Well, what are they doing to replace it? How are they helping their people to interact? The people that I work with in Europe, when they take a holiday, they go away for a month or two. I mean, that's a holiday to them. To us, that's being laid off. That's different. So, you guys in Europe have a totally different philosophy. I think, a lot of times, it's much better philosophy, in my humble opinion, about trying to get to know your co-workers. I used to work with an organization that had some consultants and from SAP. Those guys literally got together every Friday afternoon. They shut all the work down, and they get together and do a little wine and cheese thing, get to know each other and then go home to their families. There was more work that got done in the three hours that we spent together on Friday afternoon, then practically the rest of the week. Because everybody stopped playing a worker row and start playing that human interaction game where, okay, what can I do to help you? How can I help you? And one of the things that I did out of that, that I actually just stole it from the guy that was in charge of consulting assignment there at that organization. He used to do this thing on Monday morning that he referred to as "calendaring up" and he'd get the whole team around the table. And all we do is you'd go around the table, and just ask what's on your calendar for the next week? And what would happen is, you know, we'd go along, two or three people would say something, then somebody would say, "I'm going to install a new router". And somebody across the table say, "No, you're not. You can't install a router until I do this". It was basically taking everything. And I don't think this was an accident, because he was taking everything, all the human capital that he'd built up with the wine and cheese parties on Friday, and then the first thing Monday morning, he was having the same team plan out their week. So they did it as a team. He rarely, if ever, gave any direction. It was just like, what's on your calendar? What are you going to be doing this week? And whatever you said you were going to be doing is okay, unless somebody needed you to do something else. And it forced you to be a part of the team. It also forced you to change your priorities to help a teammate. Think about the difference in that particular philosophy. And I don't know if it was the individuals or if it was a corporate philosophy or what, but that gentleman and his particular philosophy, is so much sounder and so much more productive than, just "Okay, we got to get it done by Thursday". Never been a fan of "got to get it done by Thursday".

39:21 Miko Pawlikowski

I can really relate to the aspect of humanizing your colleagues and this, kind of, unexpected aspect of actually seeing a little insight through the computer window to how people are doing. And I know I'm guilty of wearing tracksuits and what feels like five years in my cave right now. So, I can relate to that too. And especially for my friends who actually have small kids and have to take care of them. Especially during the period when there was no daycare or anything. I'm really in awe of how they were able to find time for all of them. And, at the same time, remain productive. And that really gave us all opportunity to support each other on a different level. And it's weird. In many ways I feel starved of the social interaction. Just be able to walk on to someone rather than having to start a video call. At the same time, I feel like I met people in a different way, too. So yeah, definitely can relate to the aspects of what you were saying. I'm gonna take us a little bit on a different track now. I want to make sure that we talk a little bit about the cyber security. Since I've got you and for everybody who listens on to that there's a session by Gordon called "Scalable, Sustainable Cybersecurity for Any Size Organization" at the Conf42 Python. So, I guess we'll touch a little bit on that, too. But before we even get into that, how would you define cyber security in general? Because, before I met some friends in cybersecurity, it always looked to me like this magic. And you know, if you watch Hollywood movies, obviously, they just "do doo doo doo doo doo" on the keyboard and things magically happen. And then it's kind of disappointing to learn that outage or that hacked actually was because someone could take selfie, they didn't need to. Or because the default settings were public and you could actually download all the data from S3. And that was a problem. How would you define cyber security? And I'm sure you have plenty of great anecdotes. So, if you could give us one or two to illustrate what it means in practice, that would be great.

41:43 Gordon Rudd

I came into cybersecurity out of IT. So I had, when I first started, a traditional IT view of it. While I was at the Williams companies, I got the assignment to be one of the top two or three people in cybersecurity and actually help them stand up the cyber security organization, the information security kind of thing. And there is a bit of a difference in information security and cybersecurity. Information security includes everything spoken, written, that sort of thing. Cybersecurity, is basically what's happening on the wire, what's happening on the internet, what's happening on your network, as it were. But in starting out that way, literally, the first day, I'm on the job that's really security at Williams, I get a call from the IBM at nine o'clock in the morning. And the agent on the other end of the phone says, "Hey, you guys are selling the Harry Potter movie that just opened in Frankfurt, Germany, across your network. And worse than that, you're sending it from your network to the IBM network", which made some sense, given the proximity those offices in city we were in. And I was like, "No kidding, really?". And he's like, "Yeah, you might want to look into that and see if you can fix it". Well, the FBI, they have for the longest time had some serious cyber talent. So I'm sitting there, trying to just hung up. Hadn't been 30 seconds, I'm trying to figure out who to call first, my boss? Who am I going to tell this to? How am I going to solve this problem? When I get a call and on the caller ID it says "IBM", and I'm like, "Oh, this might be good". So I pick up the phone and sure enough, it's IBM, you guys are traffic going across our network, you traffic in 45 megabits. And you got to remember this is in the early 00s. So 45 megabits was probably about half the bandwidth of that IBM office. You're traveling 45 megabits across our network, and it's the Harry Potter movie that's just been released. So we drill down on it and we find that because we have a big internet pipe, there is literally a data entry person who's entering invoices in the basement of the building where we were in, that thought kozar was a great idea and put it on his laptop. And because of our bandwidth, because all nominated him a super server. So he was serving the entire world soft. Now we've just gone through the thing, not the year before, where we had our own server that had a bunch of songs on it and we'd gotten the letter from the digital rights management people that said, "You know, you got to quit that, or we're gonna fine you $100,000 for every song". But since there were over 100,000 songs on that server, one of our vice presidents and our general counsel suggested that we give that up, stop doing that. We hadn't been doing that thing in a year, but apparently others in the organization didn't get the memo. So we spent probably the next 10-12 hours trying to find where that Harry Potter movie was coming from. And we did manage to find a couple of DVDs of pornography on a file server in Houston, Texas. That was is being used to actually transfer blueprints back and forth between architects and construction companies that we maintain. Because we're building pipelines and doing rightaway work and all that sort of thing. It was really kind of amazing to me, we could find that and we could turn that off. But whoever was trafficking Harry Potter had a set of skills that we hadn't seen. And this is, again, back in like, 2001, early 2001. So I started looking into why don't we have the skills. Because I think these guys are extraordinarily talented, and a lot of them were. But they really hadn't focused on cybersecurity, they hadn't focused on what would a bad actor want to do? What would a bad person want to do here? What would a thief do? That old thing of "it takes a thief to catch a thief" is probably kind of true. It's just like DNS is never the problem. And it always ends up being the problem, kind of thing. If you can figure out what the bad actor is really trying to accomplish, then you can make the organization more secure. So as I took off in cybersecurity in my career from that point, I started trying to make sure that I was always looking at the skill set of players. You can find some serious, serious talent in the hacking community. That's the thing I love about DEF CON. Well, especially DEF CON, but black hat and DEF CON kind of thing. There's some serious engineering talent there. They don't just break things because they like breaking them, which yeah, they do, by the way. But they do break things so that they can show the people that are building them where those flaws are, so that the bad actors can't shut down a pipeline. Now if you fast forward, we've gotten to a point where we had Stuxnet, however you pronounce, that come out there and was built for the specific reason of shutting down power plants. So we can take a nuclear power plant or an electric generation station, and we can melt them down. If we use this software in the right way. Well, then what happens if somebody bad gets ahold of it? What if it's no longer just one of those things that's a theoretical thing that we could do with it. But somebody weaponizes it. And then what are they going to do with it? And right now, we've got like three layers of things going on. We've got the standard script kiddies, the kids in their mom's basement doing things, and some of them are in their 30s now. We've got script kiddies in the basement doing their thing. And then we've got guys and gals that are doing hacking for a living. And one of the most fun things you can do is when you get one of those calls, that you know is trying to sell you an extended warranty on your car, or some other bizarre call. The latest one I got said they were from the FBI kind of thing. I always want to talk to those people, I love to talk to them. Because once you get on to a person, if you listen closely, you can hear other people in the background, you're talking to a call center. So the bad actors have operationalize the things they know make them a little money. So we've got romance scams coming out, we've got spam email coming out, we've got all these things that are designed to give the bad actor access to your money. And that's really all they want. They don't care about you, they just want your money. Anybody can take an identity and prop up a new identity and put some credentials with it that are serious. But getting money out of the bank account and moving it on down the line to a bank where you can take the cash out: that's a set of skills that require a lot of people and a lot of work. And how do you interrupt that. It's like a supply chain. Then we have cyber security professionals look at interrupting that supply chain. And then the third level are those people out there that we may never know, that nation states that have all the money and all the resources. When they become involved, there's a level of excellence that's kind of like going from Windows 95, to the latest version of Linux. They are so much further ahead of where everybody else is. It's unbelievable. Because they understand the value of training, they understand the value of spending money on top quality assets, that kind of thing. I'm not worried about the guy that's going to go to Las Vegas and rent the Ferrari and rent out a villa and be all showy about it, because that person is going to get caught. I'm worried about the guy that's driving around in a Subaru or a minivan and isn't really doing anything other than being a stay at home dad or a soccer mom that has a set of skills that will allow them to do things that other people may not totally understand. And they are also, almost every time, those same people are going to have social skills to the point that they can reorganize the way you think in such a manner that they can get you to click on something or take an action that's going to give them access to something that they shouldn't have. And it's at that point that you have to wonder, why am I doing this? These people are so much, they're functioning at such a higher level than we are. The bank I worked at, for instance, had something on the order of five or six hundred million bad things that would go by the firewall, and you could watch it. Okay, that's a botnet that's searching that somebody's trying to map the network. That somebody's trying to geo locate us, you know, and on and on and on. It'd be impossible today to stop all that. So what we have to do, as cybersecurity professionals, is figure out how we can make cybersecurity that team sport that we keep talking about. How we can make sure that the entire organization is involved, all the way from the chairman of the board to the janitor. Everybody's got to be involved in it, because at every step, there's an opportunity for a compromise. And that's what we're trying to do is take those compromises away, so that if a bad actor does do something untoward, we've at least got a heads up and we can say, "Let's turn that network segment off. Let's kill that core, let's take some action". And then we'd like to practice it, as cyber professionals, so that we want to reach out and turn Mark off so that he can't do any further harm. We can just say, "Okay, let's kill that now". And we can reach out, turn him off, and not let him continue the activity that that he's into. And those kinds of things are really where we're going. We're getting to a point that we've got to have every single person at least aware of the current pain point. So our threat feeds, our vulnerability assessments in our patch management programs have to interact together in a way that makes sense for us all. I think we're just kind of waking up to that. You know, I can't tell you how many organizations don't have threat intelligence, but they have scans and network and do know all the assets on their network. Okay, if you don't have threat intelligence, formal threat intelligence, not just one person that's looking on the internet every morning over coffee, you really do have threat intelligence, what's relative? Well, it's relative, it's on your network. So if you've got your assets identified, it's relevant. And then if you know where your are in your patches, you can tell whether or not it's relative. Let's take Spectre and Meltdown. Those two came out, it made a big splash, I have to go talk to the board. And the board's asking, "Well, okay, we've identified the threat. We know we're vulnerable, because we have all this information you've just given us. So what are we going to do about it?". And I'm stuck saying: "Nothing". Right now, the patch that Microsoft gives us in our test servers, makes the applications run so slow, they don't appear to be running at all. So it in effect, breaks everything. So we can patch it, but it'll break everything. Of course, the people on board are just, "Oh, we don't want to do that. That might be bad". Well, yeah. Turn off IT for an hour and see who gets fired. Come back to that. So you've got to be able to take this intelligence and disseminate it further than ever. It's got to go to more people, it's got to go up the chain and down the chain, so that the people on the lines of business understand that Spectre and Meltdown probably aren't a bad thing. Because we've got the perimeter secure and this is how we've secured it. They've got to understand the overlapping layers of security enough so that if we do miss something, and we've got to listen too, that's the other thing. We've got to listen, if somebody does come up from inside the organization and say, "Hey, what about this?". We don't just dismiss them out of hand, because they're not part of the security team. We actually listen to them and say, "Well, what if that's a real deal? What if we do have a hole there? What if this person has found something?"

53:48 Miko Pawlikowski

Yeah, I got to say like the hardware problems, that was a real kind of eye-opener for myself. Because for such a long time, we just kind of assumed that there was no real servers for attack. And then "Boom!", all of a sudden turns out wrong. And there probably will be more. And another thing that, in the recent weeks, we obviously had the colonial pipeline ransomware attack. And when you were talking about individuals having the skills that are just kind of above what every gear person suspects, I also realized, with the work of the journalists around that, that it's actually a pretty big industry right now, the ransomware stuff. And I was pretty surprised to discover that the group that did the ransom thing to actually outsource to another group installing the ransomware, and they were very public about that. And then you have this group of people and they publish statements, make a public company or something. And it looks like it's no longer these individuals proving something from the basement. It's just a business like any other and there are some pretty scary statistics about how many companies actually pay this ransoms, because they have no real other option. So do you see this kind of on the rise, just because of the overall number of systems growing. And, by definition, the system's always been behind the exploits that you can just google on the internet and someone can use that. Is that by definition a losing battle that we have with cybersecurity, that we always have these systems that will be vulnerable.

55:38 Gordon Rudd

That's true. The average bad actor is on your network for over 270 days. Well, depending on who you listen to. Some people say 260, some 280, but let's split it there, on your network for 270 days before they actually do anything bad. They're watching and mapping and escalating privileges and, and walking themselves up to a point that they can do what they want to do kind of thing. It's unfortunate, but you're right, the bad actors are going to be able to attract more people to their side of it. Because in a worst case scenario, you may steal 10 or $15 million, and you may end up in jail for three years, or five years, if you've stolen 10s of millions of dollars. But if you steal $50 million, and you have to give up five years of your life, is that a fair trade? There's a lot of people out there who would say, "Yeah, I got a $50 million bank account in the bank nobody can touch. As soon as I get out of here, I'm gonna live the high life". Well, that's attractive to a lot of people. There's a lot of organizations out there that have operationalized it, they've made it a business. Some of them do have a balance sheet and an income statement, and a CFO, and CEO and all that sort of thing. It's kind of a scary thing, it really is scary at that level. And then you've got the other side of that, where you've got some of these folks that are bad actors that are using their skill, to do things like influence the media, or influence an election, or do something like that. And we know that's going on. I mean, despite what country you're in. The British, I think, were the first ones to say, "Hey, these people over here in this country are using Facebook to rig our election". They were really the first ones to point that out. But it was kind of a shock to everybody else in the world. It was like, "Where are the bad actors going next?" Well, if you could get your person elected, you might be able to get some very lucrative contracts, or you might be able to avoid extradition. So these bad actors that we see are going to grow in new directions that we haven't really anticipated. There are going to be things happen. You're going to have ransomware on your coffeemaker Somebody in the morning will say "Yeah, send me $1, I'm not going to let you make a cup of coffee". Your Internet of Things-monitored coffee machine, I've taken over your icebox and your coffee maker kind of things. You're going to see crazy stuff like that start happening. But the things that should worry us are the pipelines and the telecommunications and the electrical infrastructures. I don't know how many of you might have noticed, but if we take the power grid out, you're probably not going to have an internet. Your computers probably aren't going to work. So there are certain precautions that we have taken up to this point, with our utilities and different things, that we probably haven't gone far enough with. But for ransomware to be effective, you have to have a totally terrible, it's totally crap backup strategy. If you've got a great backup strategy and you're adhering to it, doesn't matter if it's towers of Hanoi first in first out or whatever. If you've got a great backup strategy, and you're actually working it and you're making sure that your backups on a periodic basis are really clean and you're scrubbing them and you're doing your homework, you're not going to have the pipeline shut down. Maybe shut down for an hour two, but that's just long enough to down the hardware, go back to bare metal and bring it back up, which you can do today with the tools we have available to us in 15 to 20 minutes. So we get down everything and rebuild it the half hour. Great, if we only had the backups. So part of that problem is us learning the skills that we need, the fundamentals that we need to say, "Okay, great. Where am I vulnerable the most?". Well, if you can't do business continuity management, if you don't have a backup strategy, or business continuity strategy, you're vulnerable. Why wouldn't a pipeline have a backup strategy that works? Why wouldn't they have a business continuity plan that includes an incident response plan so they don't sit around for three days trying to figure out that, "Oh, that phone call we got about ransomware. That was real. We really do have ransomware".

1:00:06 Miko Pawlikowski

As you're pointing out all this weak points, I was going through a mental list of movies that always picture this hackers and your blowing infrastructure. And I feel like there's an entire decade of Hollywood just be like, "Okay, yeah, so we're gonna have a hacker now". It's diehard 57. We're going to have a hacker, they're going to blow up traffic lights, and drones and stuff like that. But it's very real. And I don't know if I'm more scared about that or more scared about the other aspect that you also mentioned, the Cambridge analytical scandal. And then, we all know that the elections were influenced. And it all seems to be fine illegal, and no one's going to jail. And no one wants to cut this out of the bag here. It's kind of like open season for everybody. So that really scares me. And especially with the scale, and a regulation that you have in places like Facebook, that are easy to manipulate public opinion. That is really something that sometimes I wake up with nightmares of. And I'm not sure we have a good solution to any of that.

1:01:19 Gordon Rudd

I'm not sure we do either, to be honest about it. I see the enemy and it is us. We are our own worst enemies. In America, we used to have laws that said the TV and radio had to present down to the second opposing opinions. So just to keep it at a high level. If the republicans got five minutes on one side of an issue, the democrats got the exact same amount of time to express their opinion, whatever it may be. During the Clinton administration, he allowed that law to sunset. And from then on, it's really kind of been open season, because from that point on, the corporations that have the news media in them, began to see news as entertainment. And they created entertaining news. That's why the term "if it bleeds, it leads", everybody knows today. Because since the Clinton administration, that's been true. They want to show you all the bad things that are going on in the world. Because we're humans, we're always going to watch the car wreck, we're always going to watch that train wreck. The thing that should concern us, beyond just the ability to influence elections and whatnot, is what if we do allow these big corporations, whoever they are, to actually censor information? So there can be no dissenting opinion about anything. What happens at that point? Well, I think as a society, there's an old book called "The Best and The Brightest" that was written about the Kennedy administration in the Bay of Pigs. And the whole premise of the book is very simple. John F. Kennedy had brought together the best minds in the US, some of the best minds on the planet, to be in his cabinet. Yet, when it came time to take an action, the best minds on the planet came up with the wrong answer. That groupthink that goes on, because they cause them to come up with a bad answer, is the kind of thing that the lack of censorship will do to you. It'll give you a false idea of everything that's going on and it will trigger in you fear, uncertainty, and doubt. And once I've got you afraid, uncertain or doubtful, then I can convince you of about anything. And at that point, we lost the battle. It's one thing to rein in the technologists. But it's another thing to rein in the social engineers. And I agree with you, the cat is out of the bag. The corporations have seen the economic value of making news entertaining, so they're seeing the dollars and cents of it, there's a lot of dollars to it. So the corporations are not incentivized to stop making money, they're not going to do that. Their shareholders would be really pissed at that, "Hey, let's make 35 cents less than share next quarter". I don't think anybody who owns stock is gonna vote for that. So that just won't happen. But we're going to have to take some actions at some point worldwide, it can't just be one country or another. We're going to have to say things like, "It's wrong for corporations to censor communication in any way". You can make sure you present equal arguments or whatever, but you can't just decide that one side of an argument is correct, and just present that side. You've got to present opposing opinions to it, and let people decide. Because that's the thing that if you notice, when you get together with your friends, you all don't agree on everything. You may each have different soccer teams that you're fans of. You may have different political parties, you're fans of. You may have motorcycles, one of you may be a Ducati fan and one of you may be a Suzuki fan kind of thing. And you may have serious debates about the merits of the different motorcycles. That's what makes us human. That's what keeps us out of the weeds. Because at some point in that conversation, even if it's about motorcycles, you're going to say, "Darn, I wish my bike did that. That's a good point. That's a very good engineering enhancement". We're going to have to come back to that just as a people. I mean, yeah, we can lock things down, we can secure it. But we've got to keep power to it, we've got to keep it connected. Then we've got to use it appropriately. I do not believe that the people that created the internet completely understood what it would look like if it was misused. But we've started to see some examples of that. We're seeing terrorist groups start to put their agenda out there in ways that make what they're doing look attractive to young people. People that might be vulnerable to that message. Really? That's a good thing? We got ways to go.

1:05:57 Miko Pawlikowski

Definitely. The internet really took the homo sapiens to the next level with all the good and all the bad thing alike. And kind of equally excited and scared to see what's coming next. I guess long story short: that's cybersecurity for you.

1:06:18 Gordon Rudd

The next thing may be harder. We all do the same things. Every organization is secure in a certain way. You guys have got a router. Everywhere you go, you've got switches, you've got all the equipment. And you're probably got everything turned on. I'm sure you're logging, you're taking all your logs, and you're analyzing them and you're doing all that stuff. But at the end of the day, it's still the people that have to do that. We can't turn on the machines and just let them go. We haven't got to Skynet yet. We're not there, not into that yet. But I think if you had to put your Yoda hat on and say what's coming, I would say that the thing that we're going to see is we're going to have languages that are going to come up. We've got Python right now, it's huge in cybersecurity. Almost every security analyst has the ability to write a Python program and extract data from logs. And that's a great thing. And I think over time, you're going to see Go come up and be one of the big languages to do that same thing. Simply because it's real easy to put together. And we're going to start having what everybody euphemistically refers to as "citizen programmers". How many citizen programmers do you know that are really up on cybersecurity and how to create secure code? Or perhaps even the OWASP model, since they're probably going to take their code and put it on a web server, so everybody can see it. We've got some things that we're going to have to figure out as we go along. And yes, it is scary, but I kind of look forward to the challenge. It's like, "Alright, how can we make the world more secure? How can we keep the bad actors in place?". All comes down to literally an old Western movie, "What color's your hat today?". So we're never going to be able to keep people from doing either stupid things or illegal things. Because I think it's easier than working. It's easier than earning a buck. We might be able to convince a certain set of people that security is a real deal, and that we have to do it. And these are some good practices. So that we can create that scalable, sustainable security for every organization, even pipelines. People will watch this three year, they'll come across this three years from now, "Why do they keep talking about pipelines?

1:08:34 Miko Pawlikowski

Hopefully by then, we'll have a better stretch with no hacks. We'll see about that. All right, Gordon. So the episode has to come to an end. But before I let you off the hook, I wanted to ask you just one more question that typically brings out a value to our audience. If you were to pick a single item, it could be anything. It could be technical, it could be a practice, it could be a habit, it could be anything. But a single item that provided the highest return on investment for your career as a whole, what would you pick?

1:09:13 Gordon Rudd

Well, I would say that the highest return on investment for my career was learning and understanding that, I don't know exactly how to say it, but I taught technology for a long, long time in post-secondary education scenarios. And I find that it's that lifelong ability to learn and to be curious and to think about things other than being stuck in that box, "Okay, this is the way we do it". That has had the biggest impact on my career. Just not being afraid to get out of the norm. One of my projects was to create, or to actually purchase a supercomputer from Japan and bring it online for giant gas company. And instead of doing that, well the IT guys that I worked with at the time, all came and said, "Hey, we don't know the language it uses, a pretrial proprietary operating system that's not really Linux or Unix or Windows or anything. So we'd have to learn a whole new operating system. We don't know anything about it, we have nothing that even looks like it. We don't really want to do it". It's like, "Well, okay, I've got a $20 million budget for a project that isn't going to go anywhere without some support". So bag in this back in the early 00s. I said, "Let's create a Beowulf cluster". Everybody looked at me like I was crazy. What's a Beowulf cluster? Well, it's just a bunch of Linux servers bolted together that hack like a supercomputer. Trust me, it'll work. So we spent a couple of weeks researching it. And we got 1024 file servers, and we got them all in racks and turned them all on and created our own version of a supercomputer. And we did it for like less than $400,000 instead of 20 million. And we were still under whatever $400,000 is, but it's that ability to think out of the box. And to understand that we're just talking about hardware and software. You can make them do anything you want them to do, you've just got to figure out what the right application is and how to make it work for your organization. So that at the end of the day, your people are going to be running whatever you're building. It better look good. It better work good. I mean, how many apps do you have on your phone? I probably got a couple 100 apps somewhere. And most of them are off in the cloud, because they won't even fit on my phone, that I've tried. And I'm sure everybody that's got a smartphone or smart tablet does the same thing. They read about an app and they go try it. And it's like, "Well, I'm not going down that rabbit hole paying more money". So we've got to make things that are really efficient, that are really human-centered. That really do make the world a little better place, every time we do it. When we started doing that, then your career is going to have a high ROI. It doesn't matter what you're in. You could be in technology, science, technology, engineering, or math. You know, it's just making sure that you learn and that you're not afraid to learn and that you're not afraid to get out of the box. And you need to understand one simple thing: it is always DNS. It's always DNS. Start there.

1:12:26 Miko Pawlikowski

There we go. Opened some old wounds. Love it.

1:12:33 Gordon Rudd

I used to watch one of my favorite security people all the time we'd be in in meetings or working together in a conference room. And people would be coming through and saying, "This is broke, the firewall did it. This is broke, the firewall did it. And it's not the firewalls DNS. It's not the firewalls DNS. I can't tell you how many times I heard even say that until he finally convinced everybody. We might want to start with DNS first.

1:12:58 Miko Pawlikowski

I feel like that's a networking person's equivalent of: "Have you tried to switch it off and on again?"

1:13:08 Gordon Rudd

Let's reboot.

1:13:09 Miko Pawlikowski

All right everybody, some really good nuggets. Thank you.

1:13:14 Gordon Rudd

Thank you for having me.

1:13:16 Miko Pawlikowski

Check Gordon's company, Stone Creek Coaching, and that's where you can get more of Gordon.

Awesome tech events for

Priority access to all content

Video hallway track

Community chat

Exclusive promotions and giveaways

Terms and Conditions & Code of Conduct