G-9J8XZFK1NF Breaking into Cybersecurity Leadership - Breaking Into Cybersecurity

full

Breaking into Cybersecurity - Leadership - David Adeoye Abodunrin

Breaking into Cybersecurity Leadership - David Adeoye Abodunrin

David Adeoye Abodunrin on LinkedIn -

https://www.linkedin.com/in/abodunrinadeoyedavid/


Sponsored by CPF Coaching LLC - http://cpf-coaching.com


The Breaking into Cybersecurity: It’s a conversation about what they did

before, why did they pivot into cyber, what the process was they went

through Breaking Into Cybersecurity, how they keep up, and

advice/tips/tricks along the way.


The Breaking into Cybersecurity Leadership Series is an additional

series focused on cybersecurity leadership and hearing directly from

different leaders in cybersecurity (high and low) on what it takes to be

a successful leader. We focus on the skills and competencies associated

with cybersecurity leadership and tips/tricks/advice from cybersecurity

leaders.


This podcast runs on listener support and funding. Consider supporting

this podcast:


https://breaking-into-cybersecurity.captivate.fm/support


Check out our books:


Develop Your Cybersecurity Career Path: How to Break into Cybersecurity

at Any Level: https://amzn.to/3443AUI

Hack the Cybersecurity Interview: A complete interview preparation guide

for jumpstarting your cybersecurity career

https://www.amazon.com/dp/1801816638/


_________________________________________


About the hosts:  


Christophe Foulon focuses on helping to secure people and processes with

a solid understanding of the technology involved. He has over ten years

of experience as an experienced Information Security Manager and

Cybersecurity Strategist with a passion for customer service, process

improvement, and information security. He has significant experience in

optimizing the use of technology while balancing the implications to

people, processes, and information security by using a consultative

approach.


https://www.linkedin.com/in/christophefoulon/


Find out more about CPF-Coaching at https://www.cpf-coaching.com


- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity

- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/

- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity

- Linkedin:

https://www.linkedin.com/company/breaking-into-cybersecurity/

- Twitter: https://twitter.com/BreakintoCyber

- Twitch: https://www.twitch.tv/breakingintocybersecurity


Want to create live streams like this? Check out StreamYard:

https://streamyard.com/pal/d/6338015336071168

Mentioned in this episode:

Thank you to CPF Coaching for Sponsoring

Thank you to CPF Coaching for Sponsoring

Transcript
Chris:

Welcome to another episode of Breaking into Cybersecurity Leadership,

2

:

where we talk to cybersecurity leaders

about developing our next generation.

3

:

Today we have David will be

sharing his experience of getting

4

:

into cybersecurity leadership and

sharing his tips and tricks for you.

5

:

Before we get started call for everyone.

6

:

If you're seeing this,

share this with others.

7

:

'cause we do need a diverse set of leaders

as well as a diverse set of individual

8

:

contributors within the cybersecurity

environment so that we could tackle the

9

:

complex problems of today and tomorrow.

10

:

David tell us a little bit

about your background and what

11

:

got you into cybersecurity.

12

:

I.

13

:

David Adeoye Abodunrin: All right.

14

:

My joining to cybersecurity

is a very interesting one.

15

:

Having started my career in core

technology telecommunications, Pure

16

:

signaling, uh, long distance communication

stuff, antennas and all of those things.

17

:

That was the beginning after

my first degree in electronics,

18

:

computer engineering, telecoms was

my passion and my love at the time.

19

:

So went round, did external line

plans switching some routing.

20

:

So basic stuff for was

C-N-E-C-C-M-P certified.

21

:

Worked with a few organizations

in network administration

22

:

and all of those early stuff.

23

:

And somewhere at the fourth to the

fifth year in my career I began

24

:

to notice a couple of things.

25

:

There was a lot of prestige

and respect around security.

26

:

That was the days of the Cisco

CCDP certification, design,

27

:

security, professional Security

Pro CCSP, security professional.

28

:

There was a lot of respect and

prestige along those lines and just.

29

:

And excited anytime the CCSP guys came

in, they came in only once in a while

30

:

and they collected fat monies that the

c the CCMP guys weren't collecting.

31

:

anD I was like, what is going on here?

32

:

These guys and their

routers are very expensive.

33

:

tHe switches are very expensive and they

don't they don't particularly do too much.

34

:

They're just there.

35

:

Not much was but they

got paid very highly.

36

:

And so that was also about the time when

the telecoms revolution in my country

37

:

started where we moved from the pt PSTN

network to the core select technology.

38

:

I had the benefit and the advantage

of being part of that transition and

39

:

having understanding about external.

40

:

And also at the transmission centers the

long distance trans transmission centers.

41

:

I got interested in security

after an incident as a young

42

:

engineer where heads began to roll.

43

:

There was a breach in the switch, uh,

the billing platform of the night tale.

44

:

Tel is communications limited.

45

:

There was a breach in billing, and

that breach was very significant.

46

:

So my the entire, everyone caught cold.

47

:

Everyone was very troubled

and that started, they had to

48

:

implement some security features.

49

:

In the switch.

50

:

And that began my foray and my

interests beyond traditional signaling,

51

:

beyond common channel signaling

seven systems and the common things

52

:

we do both in switching and routing.

53

:

That's apart from the traditional

network on the telco network side.

54

:

So I read up a few of the chapters in

the security professional book and.

55

:

Sensitized.

56

:

Then we had as a network administrator,

one of the clients I worked for,

57

:

we had a security breach where

someone's password was breached.

58

:

As a network, as a young network

administrator, the amount of pressure

59

:

that came with it, the user issues,

the stress and how much management

60

:

hit energy on further securing.

61

:

Those networks and those issues and

then it was amazing for the first time.

62

:

It was an rare moment for me for

the first time when I saw how

63

:

much potentially we could lose.

64

:

In that case, we didn't lose much,

but how much we could potentially

65

:

lose was a very big issue for me.

66

:

It was, I kept turning and tossing

on my bed, what if the wrong, because

67

:

that's a very small person who had.

68

:

Access to very sensitive systems.

69

:

He was the person who authorized

everything when payment is in

70

:

and it's gonna go in hundreds of

millions, he was one to go to.

71

:

So I was like, wait a minute guys,

what if something happens to this man?

72

:

And his password is compromised, is beaten

up, and his password is compromised,

73

:

and we have to, pay heavily for it.

74

:

That began my strong journey

and my strong desire to ensure

75

:

that I master cybersecurity.

76

:

So I began to, get interested, do

conferences, read more around it.

77

:

And that started the journey for me.

78

:

And of course, I also, I made a good

transition into program management,

79

:

where now implement projects and

for whatever reason, . Cybersecurity

80

:

projects started getting thrust at

me strengthening infrastructure,

81

:

toughening up infrastructure, improving

identity, uh, systems and all of that.

82

:

And then along the line, I stumbled also

into card transactions and the import

83

:

of those and the amount of fraud that

happens, or the amount of fraud that

84

:

industry up because, geometric rise in

the transaction rates on the planet.

85

:

thE internet has become the place.

86

:

You have it online.

87

:

You seldom buy.

88

:

I use my phone, the NF NFC here right

now to, to all the way from taxis.

89

:

To eating at the restaurant, to

ordering something on Amazon.

90

:

Everything is up ally but then at

this time it was still starting.

91

:

aNd so all of that energy and as I

observed the future trends and the

92

:

challenges around cards, I got more

interested in cybersecurity and I've

93

:

been on this journey in total for about.

94

:

To decades kids been there, done that.

95

:

I've worked within the ERP domain, rolled

out ERPs, rolled out infrastructure

96

:

on the technology technical side,

been here, done that and it's been

97

:

a very, pretty amazing experience.

98

:

Loads of lessons lose of very

difficult moments, uh, where you had

99

:

to answer questions of conscience.

100

:

And think about the future, when

the future has not happened.

101

:

How do you prepare for a future?

102

:

You can't see, you can't crystallize, you

don't understand the risks, uh, because

103

:

of the limitation of where you are.

104

:

So this is a major challenge.

105

:

I've also seen in my

journey over the years.

106

:

How do you prepare for volume of

transactions that suddenly balloon up

107

:

Christophe Foulon: Yeah.

108

:

Thinking about the future

is definitely important.

109

:

What, as you think about your journey

why did you decide to pivot to

110

:

become a cybersecurity leader versus

staying an individual contributor?

111

:

David Adeoye Abodunrin: I decided

on the leadership route be because

112

:

anyway, leadership was thrust at me.

113

:

In my role as a project manager, I

have been forced to, whether I like

114

:

it or not, I have to take leadership,

, from a communication standpoint,, I

115

:

had to be comfortable, for example,

with addressing the elephant in the

116

:

room having difficult conversations

that nobody was willing to have.

117

:

Collaborating with difficult stakeholders

because the success of and the

118

:

failure of the project rests on me.

119

:

Generally typically I'm in charge

of scheduling and ensuring that

120

:

things happen as at when due.

121

:

When you are in those kind of roles, you

are like the proverb proverbial dancer who

122

:

cannot look at the noise of the markets.

123

:

You got a job and everyone

depends on you as a driver to

124

:

take them from point A to point B.

125

:

Now that requires a lot of leadership,

a lot of excellence, a lot of dedication

126

:

and passion beyond being an individual.

127

:

And anyway, I enjoy their attention.

128

:

It's not very easy being a leader must

confess to you because then you are

129

:

much more aware of your own weaknesses.

130

:

And your fullness are heightened.

131

:

And indeed, your personal, uh,

private failing moments can be

132

:

easily amplified and you can

cause damage at a bigger level.

133

:

Now, awareness of those kind of

things make it very sobering and make

134

:

it difficult for one to gloss over.

135

:

But all in all, I'm grateful for

the opportunity first to serve.

136

:

And to keep serving in leadership position

because, anyway, I always, when I talk

137

:

online, I find myself in conversations all

of a sudden taking the lead, not because

138

:

I want to demonstrate superior thoughts

or I want to show myself off, but it's

139

:

coming more from a heart of service.

140

:

A hat of help, a hat of a responsibility

that things could be better,

141

:

and that is the driving force.

142

:

Although over the years, that

has been misunderstood and people

143

:

think you want to show off.

144

:

People think you have a desire

to make others look stupid.

145

:

But no, it's just that you

just want things to be better.

146

:

Than they were and you think we

can all benefit from a better

147

:

system and with no hidden agenda.

148

:

This is what thrust me into

the leadership positions.

149

:

I found myself either in the project room

or in the technology field or even in

150

:

third leadership, that I championed a lot.

151

:

I.

152

:

Christophe Foulon: So A, as you look

to grow your leadership skills, what

153

:

in your view are the critical skills

needed for a cybersecurity leader?

154

:

I.

155

:

David Adeoye Abodunrin: That's

a very deep question right

156

:

there, . iT's multidimensional.

157

:

Chris that's very deep.

158

:

Let me say this.

159

:

fIrst of all, you must want it.

160

:

You must want it, and that is not

a skill you gather in any textbook

161

:

or a skill in any material.

162

:

It's pure personal desire when your PDI

Personal Desire index or indicator, which

163

:

is a measure of your cautions, which

is a measure of PDQ, personal desire.

164

:

. ENT when it's below a certain number

that is beyond the equilibrium of the

165

:

industry and where you are in your life.

166

:

Don't take the leadership position.

167

:

When your internal willingness versus the

industry equilibrium and the strength of

168

:

events in the environment is at a higher

level of turbulence than you can allow,

169

:

for example, as one of the factors we are

measuring within your life at that time.

170

:

Don't take that position when you,

where your desire is higher than that

171

:

equilibrium point and the higher.

172

:

To lead.

173

:

This is genuine desire, not ambition,

because there's a difference

174

:

between ambition and assistance.

175

:

I call it assistance.

176

:

The willingness to be good and to

help the willingness that everybody

177

:

trusts me to stand at this door and

the willingness to serve rather than

178

:

I want to be the most for the purposes

of advertisement and size, ego and all

179

:

of those kind of things, and somewhere

in the future of your leadership.

180

:

That metal will be tested.

181

:

You will either be converted.

182

:

A more humble leader or more

authentic leader, or you will grow

183

:

much more narcissistic or something,

and eventually your time will pass

184

:

without you having left any legacy

or you will learn the lesson.

185

:

Or nature happens to

you, whatever happens, X.

186

:

But I think that personal desire

is the place to start from.

187

:

It's even a calibrator of how

far, how well you would do.

188

:

So I don't sidetrack the conversation.

189

:

So the rule is the hire your personal

desire to lead, especially from the

190

:

positive psychologist standpoint.

191

:

The higher it is than that equilibrium

point for the industry and the

192

:

environment you are in at large, the

more your chances of success as a leader.

193

:

That's the first one.

194

:

Christophe Foulon: Can I stop you there?

195

:

Because it's, that's something

that I have not heard about.

196

:

For those that are looking to

learn more about this, where did.

197

:

Where's this where did you find this from?

198

:

Or where did you learn this so that

they could dig into this themselves.

199

:

David Adeoye Abodunrin: I do a

lot of personal introspection

200

:

and I try to find my answers.

201

:

I don't find my, not pull, of course,

I've read a lot of things, but it's

202

:

rooted in the materials of self-awareness

to be aware of your desires.

203

:

Self-belief, first of all,

self-awareness, self-belief,

204

:

self-esteem, self-acceptance and

self-promoting, and yet being selfless.

205

:

Christophe Foulon: Makes sense.

206

:

Makes sense.

207

:

Yeah.

208

:

I'm a big supporter of the north of

having your North Pole as well, to help

209

:

David Adeoye Abodunrin: yeah, exactly.

210

:

So having my north pull and then not

following the tide on the outside, but

211

:

having my north pull on the inside was the

way I arrived at this particular solution.

212

:

That my personal desire indicator based

on all of this foundations of my self

213

:

understanding and awareness of where I am.

214

:

Must be beyond a certain threshold of

the entropy or chaos of the environment.

215

:

How difficult is the leadership role?

216

:

How difficult is it to

be a leader in that time?

217

:

What are the challenges the

organization or the context is facing?

218

:

Who are the players there?

219

:

Would they be willing to give

me a chance to succeed or fail?

220

:

Is it context favorable?

221

:

If you're gonna be a leader in a place

where you don't understand the language,

222

:

maybe you should not take up the role.

223

:

Maybe you should not just to be a

leader there, you don't even understand

224

:

the language that you can't even

converse and you cannot even engineer.

225

:

Meaning beyond communication.

226

:

Communication is one thing, but

meaning is when David is able to put

227

:

the exact signal in his mind, increase

his mind, and Chris's response.

228

:

In such a manner that David knows

that what he was originally intended

229

:

to pass across has been understood.

230

:

This is basic communication engineering.

231

:

So if you don't, if you're battling

language for example, then maybe

232

:

you should humbly not take the

organization or that leadership role up.

233

:

So those are the entropy factors.

234

:

The questions the threshold points.

235

:

For example, another one for example,

is if you don't understand the culture.

236

:

Or you cannot fit it to the culture.

237

:

Culture will always eat strategy

for lunch and dinner and breakfast.

238

:

Culture will always destroy the

strongest of our good lofty idea.

239

:

So as a leader, as a cyber leader,

if you don't have the cultural

240

:

intelligence to lead in that environment,

maybe you should pursue that.

241

:

But there are complement skillset,

like cultural adaptability.

242

:

If you are culturally adaptable, you

know you are strong on the agility leg,

243

:

which is another, that being agile or

understanding agile frameworks helps

244

:

you to do when you're a cyber leader.

245

:

So it's not a doom and gloom thing.

246

:

If you notice that there's a gap between

where your personal desire index is.

247

:

And where the level of the threshold

level is, then you can bridge

248

:

the gap and yet you can lead.

249

:

So it's not, but it's to be aware

that's a gap between your personal

250

:

desire is and some of the person's

desires, mislead them your desire.

251

:

You may not be ready,

you may not be competent.

252

:

So desire is empty if it

does not pass through.

253

:

Personal desire is empty if

it does not pass through the

254

:

very lens of self discovery.

255

:

Self-awareness, self-acceptance,

then self-esteem.

256

:

And then before you now go

to self-promoting in all of

257

:

these, yet being selfless.

258

:

So that you're not full of

yourself, but you want to serve

259

:

and really solve a problem.

260

:

And if we were to choose between

Chris and I will vote for Chris if

261

:

Chris is a better candidate than I

am to help us through the bridge.

262

:

Chris knows how to swim.

263

:

I don't know how to swim.

264

:

So this organization is at the

point within their corporate

265

:

lifecycle where they are rolling

out a lot of new products.

266

:

And Chris has had experience in products

rollout and Chris understand the

267

:

cybersecurity challenges and the risks

that happen in that particular sector.

268

:

Why do I want to rob the organization?

269

:

I.

270

:

Of his expertise because I want

to earn a few dollars, or I want

271

:

to be the known guy or want to be

the one who is leading the team.

272

:

That's one thing ago.

273

:

On the day, something critical

will happen then to a paid that.

274

:

I don't know how to navigate that.

275

:

Ben, Chris is the better driver there.

276

:

Why don't I give him the leadership?

277

:

You've been in podcasting for a while

and, there's audience intelligence,

278

:

for example, that you have around

the cyber regime and cyber world.

279

:

Why don't, I want Chris to

lead the conversation because

280

:

everyone has what they're useful

for, even in cyber leadership.

281

:

Everyone has a use.

282

:

Every leader has the moment and

defined occasion of your use.

283

:

There's your ah, in leadership and

do not stay longer than those hours.

284

:

That's also a sub to council there.

285

:

Your tenure may be two years.

286

:

You may be a very strong risk

manager, or you are a strong

287

:

infrastructure deployment leader.

288

:

Because you have project management and

agile understanding, like me, and you

289

:

could actually be a strong people leader

because the team needs more confidence as

290

:

they need someone who is a CISO or a cyber

lead that understands that level of energy

291

:

and intelligence, if you get what I mean.

292

:

So at the end of the day, wisdom

is to select your location.

293

:

A moment of brilliance and know your own

leadership, DNA, and leave that ethos and

294

:

not be driven by external opportunity.

295

:

Again, that cushions personal desire

that is intelligent, so we can call

296

:

it intelligent personal desire that's

willing to be personally developed

297

:

to meet the threshold and need of the

occasion, and the willingness to leave

298

:

when the time is due, not necessarily

when the vision is loudest, when

299

:

the time is due for that occasion.

300

:

Christophe Foulon: So it, it

sounds like if I'm, if I could

301

:

paraphrase, understanding.

302

:

Your leadership abilities and your

readiness to be a leader is one of those

303

:

core critical skills in your perspective.

304

:

Are there any other critical skills.

305

:

David Adeoye Abodunrin: yes,

there is what is called kudo or

306

:

situational intelligence or awareness.

307

:

The ability to understand situations

quickly and the ability to take decisions

308

:

quickly, that will help you need it.

309

:

In cyber security leadership, you cannot

afford not to have it, but how do you get

310

:

The problem with experience is that you

gain good experience from bad experiences,

311

:

Christophe Foulon: There's

cheap experience and there's

312

:

expensive experiences.

313

:

David Adeoye Abodunrin: Thank you.

314

:

I like that.

315

:

That's true thank you.

316

:

Thank you . So every time

someone listens to Chris Fullon a

317

:

podcast, that's good experience.

318

:

You listen to David or you subscribe

to any of the seminars that do in

319

:

cyber leadership or any, or anything

that you do, or we organize something

320

:

together and someone listens.

321

:

Good experience.

322

:

You don't want to wait

until crisis happens.

323

:

For example, I've seen cyber

leaders who don't know their,

324

:

they're excellent panicker.

325

:

I've met CISOs who are panicker.

326

:

That is their profile.

327

:

Their panic profile is on the roof.

328

:

They panic and then they panic,

and they pile budgets at panic.

329

:

So the full panela and then they get

before the executive team and their

330

:

leadership communication skills.

331

:

And futuristic skills begin to be

torn to pieces, only because the

332

:

excellent people, when there is no

tension, they can take their decisions.

333

:

But because they are good panicker

or warriors, they hip budgets

334

:

and they hip reinforce steel.

335

:

They toughen up, architectural

toughen up infrastructure, toughen

336

:

up, and management is asking.

337

:

But there's been no incidents

in the past five years.

338

:

Why do I need another server

or another thing this year?

339

:

And the guy goes that's because I'm good.

340

:

I'm doing my job.

341

:

They're like, so that means we don't

need it . And it won't be in that frame

342

:

of mind, if not for his personal panic.

343

:

But again, some amount of panic is

good for a CSO because in the school

344

:

of cyber warfare, as in real time

warfare, only the paranoid survive

345

:

so some amount of paranoia is needed.

346

:

Paranoia is needed in cybersecurity,

but at the same time, it's also very

347

:

difficult for you to be extra paranoid

when you are leading people and not

348

:

use panic to drive the bus of the road.

349

:

So panic profiling, for example.

350

:

You must understand your panic profile

from situation awareness perspective

351

:

in a situation what's going on.

352

:

What are the main things?

353

:

What's most profitable action?

354

:

Which level of panic am

I supposed to switch on?

355

:

Medium, low, or high?

356

:

How do you apportion or identify

the necessary efforts or response to

357

:

an incident in a personal profile?

358

:

So all of those internal

readiness work must be there.

359

:

Then I say that leaders must have

the full grill things, the fall.

360

:

Of leadership, mentor, coach,

facilitator, trainer, mentor, coach.

361

:

Not necessarily in that order,

if you want me to order it.

362

:

Coach, mentor, fac.

363

:

Sorry, coach, facilitator,

mentor, trainer, coach,

364

:

facilitator, mentor trainer.

365

:

Training is the last one, but many

leaders try to do training first.

366

:

Christophe Foulon: Yeah, that makes sense.

367

:

Some of the other skills that I've found

over the years to be really critical, and

368

:

maybe I'll ask you to rate yourself from

a, a scale of one to five is delegation.

369

:

How.

370

:

Would you describe delegation

and rate yourself one to five?

371

:

David Adeoye Abodunrin: On delegation,

I'll probably rate myself four.

372

:

That's because I've done

some wrong delegations.

373

:

I'm like, how did I make that mistake?

374

:

? But I read myself four on delegation,

um, because I'm blessed with

375

:

a real ability to see people.

376

:

And watch and observe without any bias

until I understand what's going on.

377

:

I've learned that over the years.

378

:

I watch people carefully and I'm very

non-judging in the beginning to ensure

379

:

that I understand what's really going

on, and I'm also sufficiently friendly.

380

:

I try to be friendly to walk across the

beach, to understand, even if I see an

381

:

external behavioral pattern calibrated by.

382

:

What is behind it?

383

:

And is this something that can be brought

up in a direct conversation or something?

384

:

We're gonna use indirect

conversations to deal with.

385

:

So on delegation, I have about

four of five in total because I

386

:

still have some hit and misses.

387

:

That's part my method.

388

:

Number one with delegation is that

there are tasks to delegate and

389

:

there are things you cannot delegate.

390

:

The wisdom to know what to

delegate, I wanna delegate is

391

:

very important for a cyber leader.

392

:

Number two.

393

:

Christophe Foulon: And yeah.

394

:

Next.

395

:

Collaboration.

396

:

How would you rate yourself

in collaboration on a scale

397

:

of one to five and why?

398

:

David Adeoye Abodunrin: Collaboration.

399

:

I read myself again, four because I've

done some bad collaborations in the past,

400

:

and I am a collaboratively shy person now.

401

:

Because I've had some bad

experiences, so I do more rigorous

402

:

interviewing the and Trustingly.

403

:

I do collaboration, intelligence coaching.

404

:

So there are people who come to me and

say, I wanna collaborate with this guy.

405

:

What do you think?

406

:

Because I have some intuitive coaching

practice I do by the side and I'll just

407

:

do an analysis, say, what do you want?

408

:

Do you want a person to person

profiling or you want a business

409

:

to business, whether your business

and that business can collaborate.

410

:

And in most of the cases, nine

out of 10 times, I get it correct.

411

:

That's for others, but for me, I'm

slower because I would watch, ask

412

:

questions, understand intent, but the

key is to contract in the beginning.

413

:

That's my summary of it.

414

:

Contract what the

transmission will be like.

415

:

I.

416

:

Contract.

417

:

What the trans, what?

418

:

What is?

419

:

What is going to be the

recipient's expectation?

420

:

What is the sender's expectation?

421

:

What will be the handshake in the middle?

422

:

Design the contracting of

the collaborative efforts.

423

:

Put parameters at it.

424

:

Let it be well defined when issues

happen, they're not covered within

425

:

the framework you've set up.

426

:

Go back again and look at the framework.

427

:

This works all the time.

428

:

I've seen it work all the time.

429

:

All the time.

430

:

It works.

431

:

Christophe Foulon: Okay.

432

:

And for communication, how would

you rate yourself on a scale of one

433

:

to five for communication and why?

434

:

David Adeoye Abodunrin: I give myself

four, 4.5 over five, and that's

435

:

because I don't wanna be proud.

436

:

I have seen a lot of, I, I

understand communication at the

437

:

human engineering human fiber level.

438

:

I know I have developed, I've, because I

want to help people communicate better,

439

:

and I've seen cybersecurity leaders

stumble on communication a lot, technical

440

:

leaders generally over the years being,

having the blessing of being in many

441

:

boardrooms, even as a young engineer, just

sitting down to observe and the power of

442

:

erasing one word and putting another word.

443

:

The power of raising a sentence, the

power of changing the body language.

444

:

For example, I dunno whether you know

that technical people communicate

445

:

lower value without them knowing

just by body language and presence.

446

:

The average chief marketing officer

will always end higher than the

447

:

CTU and the CISO and every, and

they're all on the same level.

448

:

What typically happens is that.

449

:

Technical leaders are communicating

without knowing they're even

450

:

communicating body language conversations.

451

:

Watch when the CMO wants to

talk or a chief product officer,

452

:

someone that's in the csuite on the

commercial side of the business.

453

:

There's some, there is some

order, there is some practice.

454

:

aNd because I have worked

in the marketing regime.

455

:

I've worked in the core marketing

comms group, the largest one

456

:

in West Africa by the way.

457

:

I saw what goes into those things.

458

:

Technical people are sought

wire and technicality, concerned

459

:

that they don't know that we

should practice communication.

460

:

That we should literally

practice go before the mirror.

461

:

If you go, if it's a real big presentation

to a board, it's a budget presentation.

462

:

Go nitty gritty.

463

:

Ask for feedback present within your

team first, before you go for the bigger

464

:

one where you're gonna defend them.

465

:

But many Cs or CTOs or CEOs, we just

put together a slide the morning

466

:

of the presentation, they just

serve, move some things around,

467

:

and then they go there and present.

468

:

Typically there's a response.

469

:

So for communication, I read myself 4.5

over five and I also communicate better.

470

:

And lastly I have some answer.

471

:

Like I told you what is in my mind and

vice versa must come into your mind.

472

:

And we must get feedback that we

got what the other party was saying.

473

:

That is when communication has happened.

474

:

And I understand the nuances

and communication is the

475

:

biggest to adjust behavior.

476

:

Christophe Foulon: And how would you

describe the skill of influence and why

477

:

is it so important in cybersecurity?

478

:

David Adeoye Abodunrin: Influence

is very important influence.

479

:

In fact, one of the things I'm researching

now because crime as a service.

480

:

Has become big and crime as

a service will become big.

481

:

Second reason why I'm studying this,

the signs of influence and psychology

482

:

of influence in cybersecurity is

that criminal gangs are, have moved

483

:

into advanced persistent nature.

484

:

They morphed and now there's the

nature of advanced persistent rates,

485

:

and we say that organizations that

there are two kind of organizations,

486

:

those that have not been hacked, and

those that will be hacked eventually.

487

:

The other factor why influence

is important is that we

488

:

are having more energy.

489

:

And more order on the side of the

criminals and law enforcement is

490

:

trailing behind and litigation is also

trailing behind as a global trend.

491

:

So we need to begin to learn adversarial

influence strategies so that we can

492

:

go beyond just influencing our teams

to influencing the criminal behavior.

493

:

We should go to the point where we will

be able to do prescriptive analytics.

494

:

That will almost help us to know where

the crime will come from because the

495

:

tools that are gonna be available

to criminals from, I mean that's

496

:

been available since year 2020,

COVID-19 date, and that will begin.

497

:

There are people that commit

a thousand dollars a month.

498

:

They work and then you commit

a thousand dollars a month.

499

:

And they can, and 10 of them can come

together into hacking and exploring

500

:

breaches, and they're willing to commit

that kind of money for five years.

501

:

Trust me, if they keep at it and

hire professionals and they're

502

:

not go into crime as a service,

they'll begin to succeed.

503

:

So how do we begin from a security

standpoint to influence criminal behavior?

504

:

What are the technologies that we.

505

:

Help us to lead them

in a certain direction.

506

:

And that's so that's an

area that's a niche area.

507

:

Adversarial influence management, where

we are able to use influence tactics so

508

:

that we will be able to cage crime, for

example, the concept of the corporate

509

:

cul-de-sac, where you actually create

vulnerabilities within your system.

510

:

wIndows is not to be doing that right now.

511

:

I think Azure has started and Amazon,

but you create, you, you create spaces

512

:

in the cloud where they, where some

data will be thrown at the guys so

513

:

that they can come at it, and then we

use that to isolate that place and use

514

:

it like a lab to study the intrusion.

515

:

And what they're trying to do

and cage all the influence.

516

:

Influence will be in the future, very

important for cybersecurity leadership

517

:

because it's a useful adversarial tool.

518

:

It'll be a useful counter

intelligence tool.

519

:

And another one is when you are

beginning to have anti forensics.

520

:

wHen criminals starts from

understanding for forensics.

521

:

They understand cyber forensics,

so they start designing the crime

522

:

with the view to be OB, oblivious

or transparent so that they're

523

:

like water or you can't even plant.

524

:

So that our forensics process and tools

can't even capture their existence.

525

:

So we need to go influence.

526

:

Because now and then they

go anti because, okay.

527

:

So we discovered that

they're anti forensic.

528

:

Okay.

529

:

Okay.

530

:

Okay.

531

:

Yep.

532

:

Can I go on.

533

:

So we discovered that they're

anti forensic, so we do new tools.

534

:

So it is anti when you catch,

when you find a new way, the

535

:

criminal fights another way.

536

:

So when you're going anti

forensic, we may begin to think

537

:

about influence engineering.

538

:

Where we begin to engineer tools and

techniques specifically deliberately

539

:

to begin to influence the behavior

of the nature of the crime and

540

:

how the criminal gangs are ring

themselves because of anti forensic.

541

:

The other thing is we would need

influence to inspire teams to do higher.

542

:

We need to challenge.

543

:

The blue teams or the internal

security teams and the red teams.

544

:

In this case, were everybody working

with us to do more because for every

545

:

single cyber security professional

there about three or four criminals

546

:

who are ready to, do an undo.

547

:

So we have to develop influence strategies

to break the human limit of our teams.

548

:

And make them superheroes and,

create bigger solutions that

549

:

will keep all of us safer.

550

:

Because our infrastructures are going

to be exposed in the coming days.

551

:

We're getting connected

in connected cities.

552

:

We're seeing water systems, and

sewage systems with just a single

553

:

line of code being breached together,

where a whole community found their

554

:

sewage going into their water.

555

:

Plan that was processed because

somebody got into a computer

556

:

system and opened a gateway.

557

:

So we need to find a way of

influencing our teams to become

558

:

far more cyber resilient and go

anti-fragile, which is the upper

559

:

limit of human response to incidents.

560

:

Christophe Foulon: Okay.

561

:

Another topic that I like to bring up.

562

:

Is the concept of networking,

but not networking like we, we

563

:

started our conversation with in

telecom, but networking with people.

564

:

Why is that such a critical

skill for cybersecurity leaders?

565

:

David Adeoye Abodunrin: Yeah,

because at which criminals are

566

:

going, again, they're networking.

567

:

There are websites now, not

even in the dark web, openly

568

:

where Windows vulnerabilities

are described and discussed.

569

:

If we don't have find ways of

positive networking, the cyber

570

:

criminals will always network

because if they make a single hit

571

:

hits, it's a big deal for everybody.

572

:

They understand the

idea of bounty sharing.

573

:

And it's a primitive way where criminals

want to rob one village, and by the

574

:

way, we are now a global village.

575

:

tHe village is strong if they're

attacking at individual times of the day.

576

:

But if they come at once, then

the village army is overwhelmed.

577

:

Now criminals are trying to

engineer that kind of, there are

578

:

hotbeds, some of them, to the point

that countries are now involved.

579

:

Are sponsoring state sponsored

cyber criminal activity,

580

:

state sponsored terrorism.

581

:

Now, we cannot just afford not to network.

582

:

In fact, regulatory organizations

both in the United States and the

583

:

United Kingdom and most of Europe.

584

:

Are now going cyber networking

as a regulatory demand.

585

:

For example, share information,

the obligation to share.

586

:

If something happens to your network,

please share because you're connected

587

:

to everybody one way or the other.

588

:

Just a memory stick in your

laptop can bring down a whole

589

:

nation's financial system.

590

:

It can bring down a old

nation's electrical system.

591

:

Please don't keep quiet.

592

:

And those are found.

593

:

So it's it's water.

594

:

It's the way water is to human life

or the way food is to existence.

595

:

As cybersecurity professionals,

we must network criminals are

596

:

networking and the power of

aggregation is beginning to play out.

597

:

We have no choice.

598

:

Chris, we have to network.

599

:

It'll be an anima to be a hacker.

600

:

You don't have a hacking group

or a hacking community where you

601

:

organize private hackathons and

you have hacking weekend hangouts.

602

:

You cannot be a GRC consultant

and not belong to a.

603

:

GLC group that does Friday

evening bear out, or Friday

604

:

evening, uh, sushi or dinner.

605

:

We must network and grow in

communities beyond the ordinary.

606

:

Of course the only challenge is that

communities a domic side on trust.

607

:

But the bigger problem is that trust

is not a very easy commodity to combat.

608

:

Cyber professionals are naturally

skeptical and paranoid as.

609

:

Christophe Foulon: Yes.

610

:

Yes.

611

:

That is true.

612

:

That is true.

613

:

A as we wrap up our podcast any

final advice that you would give

614

:

to future cybersecurity leaders?

615

:

David, I.

616

:

David Adeoye Abodunrin:

Yeah, the future is green.

617

:

Groom your leadership without demand.

618

:

Go for supply before.

619

:

The demand for it will come.

620

:

Meaning.

621

:

Supply yourself with knowledge.

622

:

Expose your mind.

623

:

Join networks, learn and prepare.

624

:

Your day will come.

625

:

We are in combat zone.

626

:

In cybersecurity today,

there is the traditional.

627

:

Council I would give was

the response of King David.

628

:

My possession is Christianity king

David as a young boy of about 18.

629

:

His father sent him that as the story

goes to go to the battlefront to check

630

:

his brothers up and give them some

provisions and some food and write

631

:

their his eldest brother Iab, who was

632

:

A much more stronger soldier.

633

:

And he was already known as

a war veteran, looked at him.

634

:

He said, I know your heart.

635

:

Who did you leave the ship with?

636

:

How come you are outside here and trying

to, look at the war you want to show off?

637

:

And David said to him,

is there not a course?

638

:

Many is are not a reason.

639

:

Seeing that these uncircumcised listings

are defiling the armies of Israel.

640

:

Forgive my reference to the Bible,

but that is a state we are in.

641

:

In cybersecurity, there

is a course, C-A-U-S-E.

642

:

There is a course and your day will come.

643

:

Every bit of knowledge and capacity

you grow as a professional will

644

:

eventually pay off the day of, pay off.

645

:

You won't be ready.

646

:

If you did not go to the gym every

day on the day of payoff, when your

647

:

specific type of cyber leadership, your

specific capacity will be required.

648

:

If you are not in the gym two hours a

day, three hours a day, you won't be

649

:

fit for battle, but your day will come.

650

:

Don't despair.

651

:

If you're looking for a job,

you're looking for a cybersecurity

652

:

role and engage Chris as a coach.

653

:

Subscribe to Chris's coaching program.

654

:

Engage him.

655

:

Give it 12 months, 24 months.

656

:

Let him guide you, for example, as

a cyber coach, or anyone around you,

657

:

or whoever you think, but engage

your muscles in advance because

658

:

the day of glory will still come.

659

:

Forgive me if I look

motivational or I sounded like a.

660

:

Christophe Foulon: Well, David,

thank you very much for joining us.

661

:

Really appreciate it.

662

:

And again, a reminder for those that

are listening, share with others.

663

:

'cause David said we

need a variety of people.

664

:

We need a variety of different

skills and everyone has their

665

:

skills that they can rely on.

666

:

And we, we need all sorts

of different leadership.

667

:

David, thank you very much.

668

:

David Adeoye Abodunrin:

Thanks a lot, Chris.

669

:

I appreciate thanks for having me and

thanks for the great work you're doing

670

:

in preparing leaders in the cyber realms.

671

:

We need more of you and

thank you so much for that.

About the Podcast

Show artwork for Breaking Into Cybersecurity
Breaking Into Cybersecurity
Developing cyber pros of the future!

About your host

Profile picture for Christophe Foulon

Christophe Foulon

It’s a conversation about what you did before, why did you pivot into cyber, what the process you went through Breaking Into Cybersecurity, how you keep up, and advice/tips/tricks along the way. You can also bring up topics like attraction/retention/developing the next generation of the workforce.

Cybersecurity Leaders, we would love to help develop the next generation of cybersecurity leadership. We will do us on the critical skills and competencies of leadership, and you can also bring up topics like attraction, retention, and developing the next generation of the workforce.

Let me know if you are interested and available email - breakingintocyber@gmail.com

Love Breaking into Cybersecurity? Tips help keep overhead low

Love Breaking into Cybersecurity? Tips help keep overhead low and allow us to produce more valuable content.
Tip now to support Breaking into Cybersecurity!
A
We haven’t had any Tips yet :( Maybe you could be the first!