Awareness (Strength and Weaknesses)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
whether you like it or not has strengths and weaknesses nobody's perfect and that's actually good that's what makes us all unique different and special right because we have more in some area than others and that's where team building working together surrounding yourself with people that like doing the stuff that you don't like to do welcome to life of a siso I'm Dr Eric Cole your host and we'll be taking you on a journey each week on what it takes to be a siso and what are solutions that you can Implement today if you are currently a chief information security officer or if you want to be one in the future this is life of [Music] aiso welcome welcome welcome welcome you know what time it is or at least I hope you do woo it's time for life of aiso with yours truly the doctor the doctor is in the house hope you are doing awesome always appreciate you listening to my podcast for those that have been following me for a while thank you thank you thank you thank you for those that are new listeners welcome welcome and buckle up cuz I'm ready to take you on a journey we're all about about being world class I don't want you to be a good siso I don't want you to be a great siso I want you to be world class and what we're going to talk about here is something that I'm noticing more and more when I'm working with Chief information security officers and it's everybody everybody whether you like it or not has strengths and weaknesses no body's perfect and that's actually good that's what makes us all unique different and special right because we have more in some area than others and that's where team building working together surrounding yourself with people that like doing the stuff that you don't like to do however what I also see happens a lot of and it happens to me is is we sometimes lack a sense of awareness so this is one of those topics that really could apply to anybody but it's specifically important for cyber security people because the skills and things that made us really good at cyber security engineer which is where most of us started I know there's about 10% of you that started off on the business side and this still applies to you but since about 90% of my listeners for life of aiso are security Engineers that are moving up through the ranks and have made a decision to switch have made a decision that instead of continuing a technical career track they want to Pivot they want to transform they want to become some what different and pursue a strategic career track and that's really how you need to think about moving from a security engineer to a chief information security officer it is not part of the natural progression I get this all the time when I'm going in I'm talking about training people how to be a siso or I can teach you in six months what you need to do to get a job as a siso and I always always always always whether it's in person whether it's panel discussions or whether it's online there's always people that give feedback going Eric you don't get it the only way to be a siso is to be a security engineer for 12 to 15 years and then get paid so much that they have to give you the siso title because essentially they there's no other room for you to grow so they just have to give you the siso title that's the correct way of becoming a siso right no no no no no remember just because people do things and just because people say things doesn't mean it's correct that is the biggest fallacy that is the number one number two and number three reason why cisos have such a bad reputation why they have such a bad rap and why there are so many bad SOS out there is because we believe the lie people believe that to be true that is a false statement being a security engineer for 12 to 15 years and then thinking that you can just automatically put the siso title on your door and you are a siso without changing anything is a recipe for disaster it is the way to be the worst possible siso on planet Earth because a worldclass security engineer thinks acts and behaves differently than a worldclass Sayo they are two different roles two different skills two different strengths and weaknesses and here's the irony the strengths of a security engineer become the weakness of aiso and the weakness of a security engineer becomes the strength of a siso so if you are a really good security engineer your strengths are going to be off the charts and if you're doing it for 12 to 15 years your weaknesses are going to be pretty minimized because you're really good at it you are one of the best there is so you have the strengths optimized at new levels with very few weaknesses now you become a siso now it flips now all your strengths are weaknesses and all your weaknesses are strengths which means you have a ton of weaknesses and very little strengths because all of that technical knowledge is a weakness all of that having to be the smartest person in the room always having the answers are all weaknesses when you become a siso are all strengths when you're security engineer this is why people struggle so much and this is why I put together the program because if I can get you three to four years in and convince you that if you really want to be a siso the lies of society are going to head you in the wrong direction you don't want to be a security engineer for 12 years three to four maybe five is plenty and then you want to be developing at the security engineer your weaknesses where what we wanted to look like is at a three-year mark from a security engineer this is for somebody who wants to be a siso at the three-year Mark your security engineer strengths are pretty good and and your weakness is also a little here what I want to start doing years four and five being a security engine ER is I want to start strengthening those weaknesses and focusing Less on your strength so now it's starting to feel uncomfortable and weird because now you get to this fiveyear Mark and as a security engineer your weaknesses are really high and your strengths are starting to drop a little bit you're starting to feel a little off your game and that's perfect because guess what when you then become a siso now the weaknesses are strength strengths weaknesses and now you're coming in as a solid first year siso because we anticipated what you needed and we actually tricked the system to get you ready going in so there's a whole science behind all of this that we do in the program where people like man you put a lot of time energy and effort into it I said exactly I'm not just making this up I don't do a podcast there is so much analytics data and math behind this that it works because what I did is the same thing one thing I'm really good at are patterns so I spent a lot of time looking at patterns of okay why are some people really good cisos and others aren't and what are the commonalities what are the traits and those are all the things that we cover both in these podcasts and in our ciso CT certification but one of the first things I want to teach you if you want to be world class siso you want to be world class really in any area of your life I'm going to give you some really really good words of wisdom I'm just going to be dropping some amazing wisdom on your right here ready ready question everything there are so many things that we are taught whether it's by our parents by other people uh in the profession and things that are just standard ways of doing things that are wrong that are just dead wrong they are not correct I'll give you one of the favorite ones I see all the time practice makes perfect now you heard that one right that's the biggest sack of you know what that's total poop you know what practice does it makes permanent doesn't make perfect I give you a simple as example if I've never ever played golf and I've never taken a lesson and I have no idea what I'm doing and I take a golf club and I go out every single day and I hit two big buckets of balls and I do that every single day for six months am I going to be an amazing golfer no because I have no idea what I'm doing I'm not doing anything correctly and all I've done over that six months is cement in a really bad way to swing because I just made it permanent by doing it so much I never got help I never got expertise I never got any guidance so no you want to make sure you question everything and the first thing first first thing you have to question we have to break it we have to burn it is the idea that the longer you stay a security engineer the better you are being a siso and it's the opposite you need business you need security three to five years to me is that sweet spot if you look at the world class SOS out there today many of my good friends I don't want to name any of them because I did that and they all come back to be like dude I I we appreciate it but all of a sudden everyone started pinging them and and uh asking them for help and stuff and they're super super busy so all the world class sisters that I know of 90% of them did security for a couple of years just a couple and the other 10% came from the business side and learn security the top notch SOS out there today the ones that are the best of the best I don't know any and I know a lot of people I don't know any and I use that word very carefully but I don't know any that was security Engineers for 12 years I don't know any that were double digit security andine Now now I want to be careful I want to be careful this is my Spud Web B I don't want to defeat you if you're a security engineer for 12 years and want to become a sister you can you can you absolutely can I don't want this to be Eric saying I can't what I meant by a spud wed moment is for the longest time people would go in and say oh you can do whatever you want you could be whatever you want but there's some limitations like if you're 54 you're not going to play in the NBA you're just not going to play it's not going to happen are you're not going to play in the NBA you're not going to be slam dunk and then how many people remember Spud Webb I think he was 5'4 I might but he was small 5'4 now remember the player from Purdue was over s feet almost twice as tall as him Spud Web would go up to about here on him and guess what Spud Web played in the NBA and won the slam dunk competition so that sort of broke all these people where there's no there's not you could do anything you want even if you're 54 you can play in the NBA now right so it's amazing the power of human intuition so I don't want this to be a negative moment for you a defea of moment if you're a security engineer 10 12 15 years and you want to be a siso let's go let's go you got this I don't want to be a negative but for those of you that are starting off usually the better path is three to five years that's usually the better path and it's logical let me just explain if you've been doing something for 12 to 15 years let's just lay out a couple truths you like it I hope you like it if you don't like it why would you be doing something for 12 years that you hate that doesn't make any sense to me right so we assume that you've been doing it for 12 years you like it if you like it why do you want to change why do you want to spend all this time energy and effort starting in a new career track and learning all these new skills second if you've been doing something for 12 15 years you're probably really good put at it you probably are very skilled in your craft and if you do it for 12 to 15 years it is basically habitual it is habit you do this automatically without even realizing it now the problem is people think siso is just a title so oh you just give them a title and the great no no it's a completely different way of thinking acting and behaving it's strategic it's business it's Roi that's not what you do as a security engineer so the longer you do it the harder it becomes for you to Pivot you can but you need to recognize it's a pivot and it's a complete transformation so now we've covered all that so now you're a security engineer you're great you're doing an awesome job you take it for granted you now switch over to a siso position and you start struggling so you start digging in you start doing more of what worked on the security engineer but the more you do technical and tactical the worse it gets what you need to do in those situations what I urge all first year cisos to do is become very aware of your surroundings become very aware of responses given by people this is one thing I love doing is if depending on what level but for my one-on-one clients with cisos I will actually attend board meetings with them and just sit on the sidelines and observe and one case new siso was still falling back on the security engineer and I asked him a simple question I said how many people were paying attention when you spoke like dude I'm going to make this easy for you if somebody picks up their cell phone they've lost interest if you are speaking to somebody and they pick up their cell phone and they start texting they are giving you the most overt signal on the planet that they are not interested you're not keeping their attention and W watching random stuff on social is more exciting than talking to you I know that could hit hard right if it's a date or a family member or in a business meeting with your CEO but that's the reality when I talk to people when I do Keynotes when I do uh briefings to board of directors I am scanning the room I am making eye contact if I see one person pick up their cell phone it's like okay emergency if I see two or three or four people it's like okay we are in DEFCON 5 we are losing this is not going to end well and if you've ever seen me give Keynotes or presentations or board I sometimes do what these call harsh interrupts or all of a sudden I'll just either tell a story I'll do something really strange I'll I'll either get loud or soft because what I realized is if three or four people picked up their cell phone I've lost what I'm saying they don't care about so I have two options I can either keep going and lose everyone in the room and it's waste of my time waste of their time and they'll never have me back or there's a brief moment where I can potentially pull back back and stop the plane from crashing but I have to change drastically what I'm saying and what I'm doing one of the best ways I do that is I'll stop and go okay I thought this would be of interest to you but I'm concerned that it's not so let's move right to Q&A and then I'll I'll point to somebody who picked up their phone Sally or John when you hear cyber security what are your concerns what are your issues what are the things that you worry about most and now what I did is pattern interrupt Target in a professional matter and re-engage the person that I lost but that is a skill of awareness those are the types of skills you as a ciso need to build you need to understand how to read people you need to understand when you're connecting when you're not connecting and the other thing that is so critical is you need to go in and you need to be able to go in and know what are your strengths and what are your weaknesses do you know right now what you're really good at do you know what your natural state is and you know what your weaknesses are my EA has been with me going on I believe six years we get along great because guess what my weaknesses are her strengths probably not a shocker I'm not a detailed guy I I I I sort of I'm creative I love solving problems I love helping people I love doing all that stuff but in terms of details tracking and all that stuff that's not my strength she is amazing at it she is the best in the business and it gets to the point now where I don't even touch my calendar we had to come to that agreement because I'm the type of person because I'm so focused on helping people being creative we'll be on a call and they be like Eric can you meet next Wednesday at 2 p.m. sure and my EA is like dude you didn't even look at your calender you don't even know if you're I'm like I know but I want to help the customer and I I want to solve their problem so it doesn't matter and and so I could literally be on five calls and say yep I'm free at 2 pm. on Wednesday for five different people I'm not intentional I'm not malicious that's just not my strength so now I'm like listen if you want a schedule you got to talk talk to the expert uh she can handle it that's not my forte so know your strengths and weaknesses and here is the trick know which weaknesses you need to develop and which weaknesses you can Outsource so for example if business is a weakness recommend two things learn a little business because you need to know some to be a siso but then if you're the siso and you're stronger on security and a little weaker on business I would hire a deputy siso that's stronger on business and lighter on security so you've learned the skill but then you surround yourself with somebody that offsets that potential weakness so that's something that you should be doing regular inventories on whether it's usually I do sort of weekly monthly I'm like okay just awareness check how we doing with our clients deliverables revenues where am I good at where haven't I been good at who do I need to bring in to complement or what skills do I need to learn to offset that now I'll finish up with something that's a really important thing to understand it's called your natural state everybody when they're born is given one of three natural States artist manager entrepreneur there's one of those that you like better that you're more comfortable with now here's the unfortunate reality it can't change it that that's the unfortunate reality my friends whichever one you were given when you were born that that's your natural state you can't you can get better at the others you can improve in the others but you can't fight what your natural state is and that's the problem most people do most people at this level that listening to this type of podcast in the circles that I go around want to be an entrepreneur right there's some badge of honor there's something cool and they go I'm an entrepreneur I want to be an entrepreneur and the reason why most businesses fail is because they're not they're not I'll be honest with you I like entrepreneur I understand it I have models and systems my natural state is I'm an artist I like creating I like doing this if you gave me a choice of helping a customer and solving a problem for them in making the world better versus making money my I could force it and make the money but I feel uncomfortable and I wouldn't like it but my natural state is to help people and this is where I have to be so careful of I survive myself because I'll sometimes get on our paid coaching calls where they're paying for a certain level of delivery and because I care so much about them I basically offer additional calls it just from my heart doesn't make sense business right doesn't make sense entrepreneur I don't have the time but because that's my natural state of caring for people that's how I respond so I have to just be careful and recognize that uh artist likes to create they like to come up with new ideas they like to interact with people they like to help people managers managers are great at organizing and leading individuals now they're not good at creating a plan they're not good at coming up with ideas but if you give them a plan with an idea they will execute it down to the Precision brilliant implementers but you need to give them the plan and give them the ideas then you have entrepreneurs entrepreneurs are about building selling and making money if you give an entrepreneur a choice about helping somebody or making money they're going to make money every day of the week it's not that they're evil it's not that they're bad people that's just how they're wired they are obsessed with making money you have to figure out which one you really are not which one you wish you were not which one you want to be but which one you really are so like for me I have to when I run bigger teams and I SOS I hire really good managers to surround myself with because I could do it but that's not my natural state and then on the entrepreneurial side I basically have built models where I know how to increase valuation of a company so my specialty even though I'm an artist in cyber security that's that's sort of my natural state I love I do love building companies growing companies and making Revenue so I have models where I grow the revenue a small amount but the evaluation of the company is is a 10 or 12 multiplier because guess what what I've learned is use my natural state as an asset what do artists like to do create technology patents capturing intellectual property that's all Artistry but guess what that also increases valuation on the back end going in creating Trade Secrets unique marketing copyrights all of those things increase valuation but it's things that artists naturally do same thing with reoccurring subscriptions and things like that so what I've learned is I use the natural state of what I like to do what I love to do and I use that to create businesses that have high value so now the revenue might be upper seven lower eight figures which doesn't look impressive but because the artist and me created so much it has an 8 to 10 multiplier so now when you exit the company or sell the net worth is still going to be fairly High because of that multiplier so it's all about learning to optimize your use your strengths what does this have to do with a siso if you're a siso and your natural status entrepreneur then that's going to fit in very well with the executive team cuz most CEO Co CFO th those are all natural state entrepreneurs the good ones the bad ones aren't the good ones are so if you're natural state is entrepreneur the reality is this if you a security engineer you liked it you loved it you got into the field you did it well for three to five years there's a super high probability you're like me and your natural state as an artist which means that when you get into a sis role managing and business this are not going to be your natural state your natural state is creating new ideas creating solutions to problems so you need to surround yourself with managers to manage and help your team and business people that can help on that business side now you're still going to have to have a component of entrepreneur to talk to the executives you're still going to have to know business and learn business but like when I go into board meetings I I realize that I have to be very aware and very focused because if I'm not careful and I start getting hard questions and I start getting uncomfortable my natural state is going to be the artist where I'm going to want to come up with Solutions as opposed to the entrepreneur focusing on growing the business and revenue so once again that's where this awareness comes in so now when I'm going into these business meetings I'm highly aware that if the questions start getting hard in the corner I'm like okay Eric the artist is coming up but we need to stay entrepreneur here because I know entrepreneur I can do it I'm really good at I bought and sold multiple companies but it's not the natural state that I operate in so I just urge you to take some time this week of just understanding strengths and weaknesses understanding are you an artist which you probably are or a manager an entrepreneur and here's the thing don't lie I I have so many folks that're like you know I a really good friend and they're like oh I'm an entrepreneur I'm like you are so not an entrepreneur I'm like it's so obvious but they they're like no they they they would fight it and they struggled because you are fighting who you are Embrace who you are love who you are own who you are and then just surround yourself and turn into an asset like I do on the business side I hope you enjoyed this episode of Life of aiso look forward to seeing you next week [Music]
Info
Channel: Dr Eric Cole
Views: 559
Rating: undefined out of 5
Keywords:
Id: uyUmycgywYM
Channel Id: undefined
Length: 33min 26sec (2006 seconds)
Published: Thu Apr 25 2024
Related Videos
Cyber 101
Dr Eric Cole
623
BEING A CISO
Dr Eric Cole
1.1K
How to Find a Career You Genuinely Love
Ali Abdaal
1.7M
CISO CHALLENGE (Mindset Not Skillset)
Dr Eric Cole
503
2024 Cybersecurity Trends
IBM Technology
150K
Lessons Learned
Dr Eric Cole
510
Entry-level Cybersecurity Careers. A Dilemma.
Grant Collins
170K
Dr. Cole's Journey Part 3
Dr Eric Cole
180
Goals and Time Management
Dr Eric Cole
695
Lessons Learned
Dr Eric Cole
587
Keep Cyber Simple
Dr Eric Cole
805
C _ _ O + _ I S _ = CISO
Dr Eric Cole
551
The CISO Paradox
Dr Eric Cole
727
How the role of a CISO has changed | Cyber Work Podcast
Infosec
1.2K
SHOW UP LIKE A CISO
Dr Eric Cole
894
When Is It Too Late to Switch Your Career (to Tech, Coding, and Other Roles)?
Tiff In Tech
12K
How to Enhance Performance & Learning by Applying a Growth Mindset
Andrew Huberman
1.2M
Becoming A CISO
Dr Eric Cole
887
Why You Will FAIL In A Cyber Security Career!
Jon Good
84K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.